CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
55.2%
IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to information exposure in OpenSSL, caused by a timing-based side channel in the RSA Decryption implementation (CVE-2022-4304). OpenSSL is included in the Base OS image used by our Speech Services… This vulnerabilitiy has been addressed. Please read the details for remediation below.
CVEID:CVE-2022-4304
**DESCRIPTION:**OpenSSL could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption implementation. By sending an overly large number of trial messages for decryption, an attacker could exploit this vulnerability to obtain sensitive information.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/246612 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data | 4.0.0 - 4.7.0 |
IBM strongly recommends addressing the vulnerability now by upgrading.
Product(s)|**Version(s)
**|Remediation/Fix/Instructions
—|—|—
IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data| 4.7.1| The fix in 4.7.1 applies to all versions listed (4.0.0-4.7.0). Version 4.7.1 can be downloaded and installed from: <https://www.ibm.com/docs/en/cloud-paks/cp-data/4.7.x>[ttps://www.ibm.com/docs/en/cloud-paks/cp-data](<https://www.ibm.com/docs/en/cloud-paks/cp-data/4.7.x>)
None
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | cloud_pak_for_security | 4.0.0 | cpe:2.3:a:ibm:cloud_pak_for_security:4.0.0:*:*:*:*:*:*:* |
ibm | cloud_pak_for_security | 4.7.0 | cpe:2.3:a:ibm:cloud_pak_for_security:4.7.0:*:*:*:*:*:*:* |
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
55.2%