High Severity

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a heap-based buffer overflow in Perl (CVE-2018-18313)

Share this post:

IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a heap-based buffer overflow in Perl, caused by a flaw in the S_grok_bslash_N function in regcomp.c (CVE-2018-18313). This could allow a remote attacker to obtain sensitive information. Perl is included in some of the operators used in IBM Watson Speech. Please read the details for remediation below.

CVE(s): CVE-2018-18313

Affected product(s) and affected version(s):

 

Affected Product(s) Version(s)
IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data 4.0.0 – 4.5.0

 

 

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6610124
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/153588

More stories

Security Bulletin: Apache log4j vulnerabilities in Spark and Zookeeper affect QRadar User Behavior Analytics(CVE-2021-4104)

August 5, 2022 | High Severity

There is a vulnerability in Apache log4j used by Spark and Zookeeper that is affecting QRadar User Behavior Analytics(UBA). This has been addressed in both dependencies and UBA has been updated to the patched versions. ...read more


Security Bulletin: Multiple vulnerabilities in Jquery-Ui, highcharts, and datatables are affecting QRadar User Behavior Analytics (CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2021-23445, CVE-2021-29489)

August 5, 2022 | High Severity

There are vulnerabilities in third party packages (JQuery-UI, Highcharts, datatables.net) affecting User Behavior Anaytics(UBA). UBA has been updated to the latest versions of these packages to address these vulnerabilities. ...read more


Security Bulletin: IBM Sterling Connect:Direct for UNIX Certified Container is affected by denial of service vulnerability in version 1.1.1k-5

August 4, 2022 | High Severity

IBM Sterling Connect:Direct for UNIX Certified Container requires openssl for LDAP support. This fix upgrades the openssl and its compnent packages to version 1.1.1k-6.el8_5 ...read more