Critical Severity

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105 and CVE-2021-45046)

Share this post:

Vulnerabilities in Apache Log4j (CVE-2021-45105, CVE-2021-45046) impacts IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data. Several components of IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data use Apache Log4j to log diagnostic data unrelated to customer input. The fix below includes Apache Log4j 2.17.

CVE(s): CVE-2021-45105, CVE-2021-45046

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data 4.0.0 – 4.0.4
IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data  1.2.0 -1.2.1 (Cloud Pak 3.5)

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6551168
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/215647
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/215195

More stories

Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from Golang Go, libxml2, curl, expat, libgcrypt and IBM WebSphere Application Server Liberty

August 9, 2022 | Critical Severity

Multiple issues were identified in Red Hat UBI(ubi8/ubi-minimal) v8.6-x packages [Golang Go, libxml2, curl, expat ,libgcrypt and IBM WebSphere Application Server Liberty] that were shipped with IBM MQ Operator and IBM supplied MQ Advanced container images. ...read more


Security Bulletin: Vulnerabilities in Spring Framework affect IBM Cloud Pak System (CVE-2022-22965, CVE-2020-5421)

August 8, 2022 | Critical Severity

IBM Cloud Pak System is affected by a remote code execution in Spring Framework (CVE-2022-22965 and CVE-2020-5421). IBM Cloud Pak System ships with AWS component that includes it but is not used by it. The fix removes Spring from the product. This security bulletin service applies to IBM Cloud Pak System, BM Cloud Pak System Software and BM Cloud Pak System Software Suite. ...read more


Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to arbitrary code execution in MS Visual Studio (CVE-2022-24765).

August 4, 2022 | Critical Severity

IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to vulnerable to arbitrary code execution in MS Visual Studio, caused by an uncontrolled search for the Git directory in Git (CVE-2022-24765). Git for Visual Studio is used in the base operating system of IBM Watson Speech. Please read the details for remediation below. ...read more