High Severity

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Apache Commons Compress

Share this post:

IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Apache Commons Compress.

CVE(s): CVE-2021-35517, CVE-2021-36090

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
Watson Discovery 4.0.0-4.0.2
Watson Discovery 2.0.0-2.2.1

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6516470
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/205307
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/205310

More stories

Security Bulletin: IBM Cognos Controller 10.4.2 IF17: Apache Log4j vulnerability (CVE-2021-45105 & CVE-2021-44832)

Jan 15, 2022 7:01 pm EST | High Severity

IBM Cognos Controller is affected by security vulnerabilities. Apache Log4j is used by IBM Cognos Controller as part of its logging infrastructure. This bulletin addresses the exposure to the Apache Log4j vulnerabilities: CVE-2021-45105 and CVE-2021-44832. IBM Cognos Controller has upgraded Apache Log4j to v2.17.1. Please note that this update also addresses CVE-2021-44228 and CVE-2021-45046. ...read more


Security Bulletin: Multiple security vulnerabilities with IBM Content Navigator component in IBM Business Automation Workflow – CVE-2020-4757, PSIRT-ADV0028011, CVE-2020-4934

Jan 15, 2022 7:00 pm EST | High Severity

The embedded IBM Content Navigator, that is shipped with IBM Business Automation Workflow is vulnerable to several security vulnerabilities. ...read more


Security Bulletin: Vulnerability in Apache Log4j affects Content Collector for IBM Connections (CVE-2021-45105)

Jan 14, 2022 7:07 pm EST | High Severity

Apache Log4j open source library is used by Content Collector for IBM Connections. This bulletin describes the upgrades necessary to address the vulnerability. ...read more