IBMDEE340F3EF463F125DCD993E111BFC6D121DD6D374214786EBC7E7472A2C344FSecurity Bulletin: IBM Decision Optimization for Cloud Pak for Data is vulnerable to a weak security (CVE-2024-39689)
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
AI Score
Confidence
High
Summary
There is a weak security in Certifi python-certifi used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVE.
Vulnerability Details
CVEID:CVE-2024-39689
**DESCRIPTION:**Certifi python-certifi could provide weaker than expected security, caused by the use of GLOBALTRUST root certificate. An attacker could exploit this vulnerability to launch further attacks on the system.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/297375 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| Decision Optimization for Cloud Pak for Data | All |
Remediation/Fixes
Users are strongly encouraged to upgrade to IBM Decision Optimization for IBM Cloud Pak for Data 4.8 and subsequent releases.
Here is the detailed information on Upgrading IBM Cloud Pak for Data
Workarounds and Mitigations
None
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| ibm | cloud_pak_for_data | any | cpe:2.3:a:ibm:cloud_pak_for_data:any:*:*:*:*:*:*:* |
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
AI Score
Confidence
High