Lucene search

IBMDA6F2C101E69E1E007A773F6926E1307F00BBE90967DC2B67B2D2E66205355A1

HistoryDec 16, 2020 - 5:52 p.m.

Security Bulletin: WebSphere Application Server Liberty vulnerabilities affect IBM Watson Text to Speech and Speech to Text (IBM Watson Speech Services for Cloud Pak for Data 1.2)

2020-12-1617:52:42

www.ibm.com

websphere application server

liberty vulnerabilities

ibm watson

text to speech

speech to text

cloud pak for data

denial of service

cve-2020-4590

ibm x-force

cvss

fix

ibm websphere liberty

EPSS

0.001

Percentile

32.8%

JSON

Summary

WebSphere Application Server Liberty vulnerabilities affect IBM Watson Text to Speech and Speech to Text (IBM Watson Speech Services for Cloud Pak for Data 1.2)

Vulnerability Details

CVEID:CVE-2020-4590
**DESCRIPTION:**IBM WebSphere Application Server Liberty 17.0.0.3 through 20.0.0.9 running oauth-2.0 or openidConnectServer-1.0 server features is vulnerable to a denial of service attack conducted by an authenticated client. IBM X-Force ID: 184650.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/184650 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

Affected Product(s)	Version(s)
IBM Watson Speech Services for Cloud Pak for Data	1.2

Remediation/Fixes

Download and install the newest deployment of IBM Watson Speech Services for Cloud Pak for Data 1.2 to your cluster. This deployment includes IBM WebSphere Liberty v20.0.0_10, or higher, which contains the latest fixes for the issues described above.

Workarounds and Mitigations

None

EPSS

0.001

Percentile

32.8%

JSON

Related for DA6F2C101E69E1E007A773F6926E1307F00BBE90967DC2B67B2D2E66205355A1