Critical Severity

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in XStream

Share this post:

IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of XStream.

CVE(s): CVE-2021-21342, CVE-2021-21350, CVE-2021-21346, CVE-2021-21349, CVE-2021-21341, CVE-2021-21345, CVE-2021-21348, CVE-2021-21344, CVE-2021-21347, CVE-2021-21343, CVE-2021-21351

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
ICP – Discovery 2.0.0-2.2.1

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6450783
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/198619
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/198627
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/198623
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/198626
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/198618
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/198622
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/198625
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/198621
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/198624
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/198620
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/198628

More stories

Security Bulletin: IBM QRadar SIEM Application Framework v1 (CentOS6) is End of Life

Dec 1, 2021 7:00 pm EST | Critical Severity

IBM QRadar SIEM's App Framework V1, based on CentOS 6, contains known vulnerabilities and is based on technologies that are no longer being supported. ...read more


Security Bulletin: Vulnerabilities in OpenSSL affect IBM Integration Bus and IBM App Connect Enterprise v11 & v12 (CVE-2021-3711)

Nov 30, 2021 7:00 pm EST | Critical Severity

Vulnerabilities in OpenSSL affect IBM Integration Bus and IBM App Connect Enterprsie. The DataDirect ODBC Drivers & Nodejs used by IBM App Connect Enterprise and IBM Integration Bus have addressed the applicable CVEs ...read more


Security Bulletin: Vulnerability in Apache Log4j may affect Cúram Social Program Management (CVE-2019-17571)

Nov 29, 2021 7:01 pm EST | Critical Severity

IBM Cúram Social Program Management uses the Apache Log4j libraries, for which there is a publicly known vulnerability. For this vulnerability, Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by improper deserialization of untrusted data in SocketServer. ...read more