Lucene search

IBMC070B8F50866E1F0EBF8FD50CA6A2A9DF5D0BA367A4CF7FB6BEADFAC56664285

HistoryAug 22, 2024 - 12:21 a.m.

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Express.js

2024-08-2200:21:18

www.ibm.com

ibm

watson discovery

cloud pak for data

express.js

vulnerability

open redirect

remote attacker

phishing attacks

cve-2024-29041

icp - discovery

version 4.0.0 - 4.8.6

upgrade

remediation

fixes

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

6.3

Confidence

High

JSON

Summary

IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Express.js

Vulnerability Details

CVEID:CVE-2024-29041
**DESCRIPTION:**Express.js Express could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability. An attacker could exploit this vulnerability using a specially crafted URL to redirect a victim to arbitrary Web sites.
CVSS Base score: 6.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/286404 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)

Affected Products and Versions

Affected Product(s)	Version(s)
ICP - Discovery	4.0.0 - 4.8.5

Remediation/Fixes

Upgrade to IBM Watson Discovery 4.8.6/5.0.0 and <https://cloud.ibm.com/docs/discovery-data?topic=discovery-data-install>

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibmwatson_discoveryMatch4.0.0

ibmwatson_discoveryMatch4.8.6

VendorProductVersionCPE
ibmwatson_discovery4.0.0cpe:2.3:a:ibm:watson_discovery:4.0.0:*:*:*:*:*:*:*
ibmwatson_discovery4.8.6cpe:2.3:a:ibm:watson_discovery:4.8.6:*:*:*:*:*:*:*