Critical Severity

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to arbitrary code execution in MS Visual Studio (CVE-2022-24765).

Share this post:

IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to vulnerable to arbitrary code execution in MS Visual Studio, caused by an uncontrolled search for the Git directory in Git (CVE-2022-24765). Git for Visual Studio is used in the base operating system of IBM Watson Speech. Please read the details for remediation below.

CVE(s): CVE-2022-24765

Affected product(s) and affected version(s):

 

Affected Product(s) Version(s)
IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data 4.0.0 – 4.5.0

 

 

 

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6610347
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/223010

More stories

Security Bulletin: IBM Cloud Pak for Business Automation is affected but not classified as vulnerable by a remote code execution in Spring Framework [CVE-2022-22965]

October 5, 2022 | Critical Severity

IBM Cloud Pak for Business Automation is affected but not classified as vulnerable to a remote code execution in Spring Framework as it does not meet all of the following criteria: 1. JDK 9 or higher, 2. Apache Tomcat as the Servlet container, 3. Packaged as WAR (in contrast to a Spring Boot executable jar), 4. Spring-webmvc or spring-webflux dependency, 5. Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and older versions. Parts of the Spring framework is used in multiple components of Cloud Pak for Business Automation to perform transaction management, database access or processing of web request. The fix includes Spring V5.3.20 and later and removes Spring from some product components. [CVE-2022-22965] ...read more


Security Bulletin: IBM HTTP Server is vulnerable to arbitrary code execution due to Expat (CVE-2022-40674)

October 5, 2022 | Critical Severity

IBM HTTP Server used by IBM WebSphere Application Server is vulnerable to arbitrary code execution due to Expat. The Expat library is used by IBM HTTP Server's WebDAV (mod_dav) support, but may also be used by third-party Apache HTTP Server modules if they have been loaded into the server by the administrator. This has been addressed. [CVE-2022-40674] ...read more


Security Bulletin: IBM Tivoli Monitoring is vulnerable to remote code execution [CVE-2022-40674]

October 4, 2022 | Critical Severity

The libexpart parser that is used by IBM Tivoli Monitoring for parsing various configuration xml files and parsing soap requests is potentially vulnerable to remote code execution [CVE-2022-40674]. ...read more