Medium Severity

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to string injection vulnerability due to Node.js (CVE-2021-44532, CVE-2021-44532 )

Share this post:

String injection vulnerabilities in Node.js – CVE-2021-44532, CVE-2021-44532, has been identified that affects IBM Watson Assistant for IBM Cloud Pak for Data. Node.js is used as cross-platform runtime environment by IBM Watson Assistant for IBM Cloud Pak for Data. The fix includes version 12.22.9, 12.22.11. Refer to details for additional information.

CVE(s): CVE-2021-44532, CVE-2021-44533, CVE-2022-21824

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
Watson Assistant for IBM Cloud Pak for Data 4.0.0. 4.0.2, 4.0.4, 4.0.5, 4.0.6, 4.0.7

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6584189
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/216931
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/216932
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/216933

More stories

Security Bulletin: Vulnerability in the Node.js got module affects IBM Event Streams (CVE-2022-33987)

August 10, 2022 | Medium Severity

This security vulnerability affects the Node.js got module that is used by IBM Event Streams. ...read more


Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to remote access due to Go CVE-2022-29526

August 10, 2022 | Medium Severity

Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to remote access due to Go CVE-2022-29526 with details below ...read more


Security Bulletin: IBM Netezza for Cloud Pak for Data is vulnerable to injection attack due to urllib package in Python3 (CVE-2022-0391)

August 9, 2022 | Medium Severity

IBM Netezza for Cloud Pak for Data is vulnerable to injection attack due to improper input validation by the urllib.parse module from Python3. Vulnerability is addressed by upgrading Pytthon to version 3.9.7. ...read more