CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
AI Score
Confidence
High
IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Operator package issues. We have performed updates to the Operators used by our Speech Services. The following vulnerability has been addressed in this update. Please read the details for remediation below.
CVEID:CVE-2024-28180
**DESCRIPTION:**go-jose is vulnerable to a denial of service, caused by improper handling of highly compressed data. By sending a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti, a remote authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/285715 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L)
Affected Product(s) | Version(s) |
---|---|
IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data | 4.0.0 - 5.0.0 |
Product(s)|**Version(s)
**|Remediation/Fix/Instructions
—|—|—
IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data| 5.0.1| The fix in 5.0.1 applies to all versions listed (4.0.0-5.0.0). Version 5.0.1 can be downloaded and installed from: <https://www.ibm.com/docs/en/cloud-paks/cp-data>
None
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | ibm_watson_assistant_cartridge_for_ibm_cloud_pak_for_data | 4.0.0 | cpe:2.3:a:ibm:ibm_watson_assistant_cartridge_for_ibm_cloud_pak_for_data:4.0.0:*:*:*:*:*:*:* |
ibm | ibm_watson_assistant_cartridge_for_ibm_cloud_pak_for_data | 5.0.0 | cpe:2.3:a:ibm:ibm_watson_assistant_cartridge_for_ibm_cloud_pak_for_data:5.0.0:*:*:*:*:*:*:* |
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
AI Score
Confidence
High