Medium Severity

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a heap-based buffer overflow in libssh, caused by improper bounds checking.(CVE-2021-3634).

Share this post:

IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a heap-based buffer overflow in libssh, caused by improper bounds checking (CVE-2021-3634). Libssh, included in RedHat, is used in the base operating system by IBM Watson Speech. Please read the details for remediation below.

CVE(s): CVE-2021-3634

Affected product(s) and affected version(s):

 

Affected Product(s) Version(s)
IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data 4.0.0 – 4.5.0

 

 

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6610303
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/208281

More stories

Security Bulletin: A Security Vulnerability was fixed in IBM Application Gateway.

September 27, 2022 | Medium Severity

IBM Security Application Gateway is vulnerable to cross-site scripting. This has been fixed in IBM Application Gateway 22.07 ...read more


Security Bulletin: IBM WebSphere Application Server is vulnerable to Server-Side Request Forgery (CVE-2022-35282)

September 27, 2022 | Medium Severity

IBM WebSphere Application Server is vulnerable to a server-side request forgery vulnerability. This has been addressed. ...read more


Security Bulletin: Information disclosure vulnerability in IBM QRadar User Behavior Analytics (CVE-2022-36771)

September 27, 2022 | Medium Severity

Non-Admin access to some admin level information was available if users had correct paths to the information. Checks were added to authorize access even when it is not initiated from the user interface. ...read more