Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBME7A9B10B6F9E467355770BD899B76A2F7330288B8F824A9C4EF53C1C7FF20D9B
HistoryJun 05, 2024 - 8:29 p.m.

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Apache Commons

2024-06-0520:29:30
www.ibm.com
3
ibm watson discovery
ibm cloud pak for data
apache commons
vulnerability
remote code execution
out-of-bounds write

8.3 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.7%

JSON

Summary

IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Apache Commons

Vulnerability Details

CVEID:CVE-2024-29131
**DESCRIPTION:**Apache Commons Configuration could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds write vulnerability. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 7.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/286004 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

CVEID:CVE-2024-29133
**DESCRIPTION:**Apache Commons Configuration could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds write vulnerability. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 7.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/286005 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Affected Products and Versions

Affected Product(s) Version(s)
ICP - Discovery 4.0.0 - 4.8.4

Remediation/Fixes

Upgrade to IBM Watson Discovery 4.8.5 and <https://cloud.ibm.com/docs/discovery-data?topic=discovery-data-install&gt;

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmwatson_discoveryMatch4.0.0
OR
ibmwatson_discoveryMatch4.8.4

Related

openvas 6
nessus 7
fedora 2
ibm 9
cvelist 2
atlassian 2
osv 2
cnvd 2
nvd 2
veracode 2
cgr 2
wolfi 2
github 2
cve 2
redhatcve 2
debiancve 2
redhat 1
openvas
openvas
Fedora: Security Advisory for apache-commons-configuration (FEDORA-2024-c673517dce)
2024-04-03 00:00:00
openSUSE: Security Advisory for apache (SUSE-SU-2024:1377-1)
2024-04-25 00:00:00
SUSE: Security Advisory (SUSE-SU-2024:1365-1)
2024-05-07 00:00:00
nessus
nessus
Fedora 39 : apache-commons-configuration (2024-fa7b758114)
2024-03-30 00:00:00
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : apache-commons-configuration2 (SUSE-SU-2024:1365-1)
2024-04-23 00:00:00
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : apache-commons-configuration (SUSE-SU-2024:1377-1)
2024-04-23 00:00:00
fedora
fedora
[SECURITY] Fedora 39 Update: apache-commons-configuration-2.10.1-1.fc39
2024-03-30 01:10:55
[SECURITY] Fedora 40 Update: apache-commons-configuration-2.10.1-1.fc40
2024-03-29 04:11:00
ibm
ibm
Security Bulletin: Multiple vulnerabilities reported in YAJSW service shipped in IBM WebSphere eXtreme Scale Liberty Deployment
2024-05-02 02:53:11
Security Bulletin: Apache Commons Configuration vulnerability has been identified in Apache Solr shipped with IBM Operations Analytics - Log Analysis (CVE-2024-29131,CVE-2024-29133)
2024-06-25 09:10:37
Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to a code execution vulnerability in Apache Commons Configuration ( CVE-2024-29131)
2024-06-21 14:56:02
cvelist
cvelist
CVE-2024-29131 Apache Commons Configuration: StackOverflowError adding property in AbstractListDelimiterHandler.flattenIterator()
2024-03-21 09:07:13
CVE-2024-29133 Apache Commons Configuration: StackOverflowError calling ListDelimiterHandler.flatten(Object, int) with a cyclical object tree
2024-03-21 09:05:47
atlassian
atlassian
DoS (Denial of Service) org.apache.commons:commons-configuration2 Dependency in Confluence Data Center and Server
2024-06-12 21:12:33
DoS (Denial of Service) org.apache.commons:commons-configuration2 Dependency in Confluence Data Center and Server
2024-06-12 21:13:20
osv
osv
Apache Commons Configuration: StackOverflowError adding property in AbstractListDelimiterHandler.flattenIterator()
2024-03-21 09:31:14
Apache Commons Configuration: StackOverflowError calling ListDelimiterHandler.flatten(Object, int) with a cyclical object tree
2024-03-21 09:31:14
cnvd
cnvd
Apache Commons Configuration Out-of-Bounds Write Vulnerability
2024-03-26 00:00:00
Apache Commons Configuration Out-of-Bounds Write Vulnerability (CNVD-2024-16109)
2024-03-26 00:00:00
nvd
nvd
CVE-2024-29133
2024-03-21 09:15:07
CVE-2024-29131
2024-03-21 09:15:07
veracode
veracode
Out-of-Bounds Write
2024-03-22 05:11:58
Out-of-Bounds Write
2024-03-22 06:49:33
cgr
cgr
CVE-2024-29133 vulnerabilities
2024-05-19 03:07:16
CVE-2024-29131 vulnerabilities
2024-05-19 03:07:16
wolfi
wolfi
CVE-2024-29133 vulnerabilities
2024-07-01 09:08:36
CVE-2024-29131 vulnerabilities
2024-07-01 09:08:36
github
github
Apache Commons Configuration: StackOverflowError calling ListDelimiterHandler.flatten(Object, int) with a cyclical object tree
2024-03-21 09:31:14
Apache Commons Configuration: StackOverflowError adding property in AbstractListDelimiterHandler.flattenIterator()
2024-03-21 09:31:14
cve
cve
CVE-2024-29133
2024-03-21 09:15:07
CVE-2024-29131
2024-03-21 09:15:07
redhatcve
redhatcve
CVE-2024-29133
2024-03-21 12:16:00
CVE-2024-29131
2024-03-21 12:16:07
debiancve
debiancve
CVE-2024-29131
2024-03-21 09:15:07
CVE-2024-29133
2024-03-21 09:15:07
redhat
redhat
(RHSA-2024:2945) Important: Red Hat AMQ Broker 7.12.0 release and security update
2024-05-21 14:17:10

8.3 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.7%

JSON
Related for E7A9B10B6F9E467355770BD899B76A2F7330288B8F824A9C4EF53C1C7FF20D9B
openvas6nessus7fedora2ibm9cvelist2atlassian2osv2cnvd2nvd2veracode2cgr2wolfi2github2cve2redhatcve2debiancve2redhat1