Low Severity

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a data binding rules security weakness in Spring Framework (CVE-2022-22968)

Share this post:

IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a Spring framework data binding rules vulnerability, where case sensitive patterns for disallowedFields cause weaker than expected security (CVE-2022-22968). Spring Framework is used by some of the java components included in IBM Watson Speech. Please read the details for remediation below.

CVE(s): CVE-2022-22968

Affected product(s) and affected version(s):

 

Affected Product(s) Version(s)
IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data 4.0.0 – 4.5.0

 

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6610371
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/224374

More stories

Security Bulletin: IBM CICS TX Advanced is vulnerable to information disclosure due to IBM WebSphere Application Server Liberty (CVE-2022-22393)

September 22, 2022 | Low Severity

WebSphere Application Server Liberty is used by IBM CICS TX Advanced to provide a web based administration console. The fix removes the information disclosure vulnerability CVE-2022-22393 from Liberty. ...read more


Security Bulletin: IBM CICS TX Standard is vulnerable to information disclosure due to IBM WebSphere Application Server Liberty (CVE-2022-22393)

September 22, 2022 | Low Severity

WebSphere Application Server Liberty is used by IBM CICS TX Standard to provide a web based administration console. The fix removes the information disclosure vulnerability CVE-2022-22393 from Liberty. ...read more


Security Bulletin: An information disclosure vulnerablity in IBM WebSphere Application Server Liberty affects TXSeries for Multiplatforms

September 22, 2022 | Low Severity

TXSeries for Multiplatforms has addressed the following information disclosure vulnerability in IBM® WebSphere Application Server Liberty ...read more