Latest ibm watson knowledge catalog on-prem Vulnerabilities

IBM-7009747
IBM Watson Knowledge Catalog on-prem<=4.x
CVE-2023-28955
IBM Watson Knowledge Catalog on Cloud Pak for Data 4.0 could allow an authenticated user send a specially crafted request that could cause a denial of service. IBM X-Force ID: 251704.
IBM Watson Knowledge Catalog on Cloud Pak for Data>=4.0<4.7
IBM Watson Knowledge Catalog on-prem<=4.x
CVE-2023-32695
socket.io parser is a socket.io encoder and decoder written in JavaScript complying with version 5 of socket.io-protocol. A specially crafted Socket.IO packet can trigger an uncaught exception on the ...
Socket Socket.io-parser>=3.4.0<3.4.3
Socket Socket.io-parser>=4.0.4<4.2.3
IBM Watson Knowledge Catalog on-prem<=4.x
CVE-2023-20883
In Spring Boot versions 3.0.0 - 3.0.6, 2.7.0 - 2.7.11, 2.6.0 - 2.6.14, 2.5.0 - 2.5.14 and older unsupported versions, there is potential for a denial-of-service (DoS) attack if Spring MVC is used toge...
maven/org.springframework.boot:spring-boot-autoconfigure<2.5.15
maven/org.springframework.boot:spring-boot-autoconfigure>=2.6.0<2.6.15
maven/org.springframework.boot:spring-boot-autoconfigure>=2.7.0<2.7.12
maven/org.springframework.boot:spring-boot-autoconfigure>=3.0.0<3.0.7
redhat/spring-boot<3.0.7
redhat/spring-boot<2.7.12
and 7 more
CVE-2023-32681
### Impact Since Requests v2.3.0, Requests has been vulnerable to potentially leaking `Proxy-Authorization` headers to destination servers, specifically during redirects to an HTTPS origin. This is a...
Python Requests>=2.3.0<2.31.0
Fedoraproject Fedora=37
IBM Watson Knowledge Catalog on-prem<=4.x
CVE-2023-30861
When all of the following conditions are met, a response containing data intended for one client may be cached and subsequently sent by a proxy to other clients. If the proxy also caches `Set-Cookie` ...
Palletsprojects Flask<2.2.5
Palletsprojects Flask>=2.3.0<2.3.2
debian/flask<=1.0.2-3
IBM Watson Knowledge Catalog on-prem<=4.x
pip/flask<2.2.5
pip/flask>=2.3.0<2.3.2
and 2 more
CVE-2023-28959
An Improper Check or Handling of Exceptional Conditions vulnerability in packet processing of Juniper Networks Junos OS on QFX10002 allows an unauthenticated, adjacent attacker on the local broadcast ...
Juniper JUNOS<19.1
Juniper JUNOS=19.1
Juniper JUNOS=19.1-r1
Juniper JUNOS=19.1-r1-s1
Juniper JUNOS=19.1-r1-s2
Juniper JUNOS=19.1-r1-s3
and 117 more
CVE-2023-20863
A flaw was found in Spring Framework. Certain versions of Spring Framework's Expression Language were not restricting the size of Spring Expressions. This could allow an attacker to craft a malicious ...
VMware Spring Framework>=5.2.0<5.2.24
VMware Spring Framework>=5.3.0<5.3.27
VMware Spring Framework>=6.0.0<6.0.8
IBM Watson Knowledge Catalog on-prem<=4.x
redhat/spring framework<6.0.8
redhat/spring framework<5.3.27
and 4 more
CVE-2023-0842
xml2js could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution. By sending a specially-crafted request, an attacker could exploit this vulnerability to e...
IBM Watson Knowledge Catalog on-prem<=4.x
IBM Watson Knowledge Catalog on-prem=0.4.23
npm/xml2js<0.5.0
=0.4.23
IBM-6980959
IBM Watson Knowledge Catalog on-prem<=4.x
CVE-2023-28708
Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by the missing of secure attribute in some configurations for JSESSIONID Cookie when using the RemoteIpFilter. By sn...
Apache Tomcat>=8.5.0<8.5.86
Apache Tomcat>9.0.0<9.0.72
Apache Tomcat>10.1.0<10.1.6
Apache Tomcat=11.0.0-milestone1
Apache Tomcat=11.0.0-milestone2
IBM Watson Knowledge Catalog on-prem<=4.x
and 4 more
CVE-2023-20861
A flaw found was found in Spring Framework. This flaw allows a malicious user to use a specially crafted SpEL expression that causes a denial of service (DoS).
redhat/jenkins<0:2.401.1.1686649641-3.el8
redhat/jenkins<0:2.401.1.1686680404-3.el8
redhat/ovirt-dependencies<0:4.5.3-1.el8e
VMware Spring Framework<=5.2.22
VMware Spring Framework>=5.3.0<=5.3.25
VMware Spring Framework>=6.0.0<=6.0.6
and 6 more
CVE-2023-20860
Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using "**" as a pattern in Spring Security configuration with the mvcRequestMatcher creates a mismatch in pattern matching between Spri...
maven/org.springframework:spring>=5.3.0<5.3.26
maven/org.springframework:spring>=6.0.0<6.0.7
redhat/jenkins<0:2.401.1.1686831596-3.el8
redhat/jenkins<0:2.401.1.1686649641-3.el8
redhat/jenkins<0:2.401.1.1686680404-3.el8
redhat/jenkins<0:2.401.1.1685677065-1.el8
and 8 more
CVE-2023-1108
Undertow: infinite loop in sslconduit during close
redhat/eap7-undertow<0:2.2.22-1.SP3_redhat_00002.1.el8ea
redhat/eap7-wildfly<0:7.4.9-6.GA_redhat_00004.1.el8ea
redhat/eap7-undertow<0:2.2.23-1.SP2_redhat_00001.1.el8ea
redhat/eap7-undertow-jastow<0:2.0.14-1.Final_redhat_00001.1.el8ea
redhat/eap7-undertow<0:2.2.22-1.SP3_redhat_00002.1.el9ea
redhat/eap7-wildfly<0:7.4.9-6.GA_redhat_00004.1.el9ea
and 54 more
CVE-2023-0482
In RESTEasy the insecure File.createTempFile() is used in the DataSourceProvider, FileProvider and Mime4JWorkaround classes which creates temp files with insecure permissions that could be read by a l...
IBM Watson Knowledge Catalog on-prem<=4.x
Redhat Resteasy<4.7.8
redhat/eap7-resteasy<0:3.15.5-1.Final_redhat_00001.1.el8ea
redhat/eap7-resteasy<0:3.15.5-1.Final_redhat_00001.1.el9ea
redhat/eap7-resteasy<0:3.15.5-1.Final_redhat_00001.1.el7ea
redhat/rh-sso7-keycloak<0:18.0.7-1.redhat_00001.1.el7
and 2 more
IBM-6890729
IBM Watson Knowledge Catalog on-prem<=4.5.x
CVE-2022-41731
IBM Watson Knowledge Catalog on Cloud Pak for Data 4.5.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, mod...
IBM Watson Knowledge Catalog on-prem<=4.5.x
IBM Watson Knowledge Catalog on Cloud Pak for Data=4.5.0
Redhat Openshift
CVE-2023-0286
X.400 address type confusion in X.509 GeneralName
redhat/jbcs-httpd24-openssl<1:1.1.1k-14.el8
redhat/jbcs-httpd24-openssl<1:1.1.1k-14.el7
redhat/openssl<0:1.0.1e-61.el6_10
redhat/openssl<1:1.0.2k-26.el7_9
redhat/edk2<0:20220126gitbb1bba3d77-4.el8
redhat/openssl<1:1.1.1k-9.el8_7
and 40 more
CVE-2022-45787
Unproper laxist permissions on the temporary files used by MIME4J TempFileStorageProvider may lead to information disclosure to other local users. This issue affects Apache James MIME4J version 0.8.8 ...
redhat/eap7-activemq-artemis-native<1:1.0.2-3.redhat_00004.1.el8ea
redhat/eap7-apache-mime4j<0:0.8.9-1.redhat_00001.1.el8ea
redhat/eap7-artemis-native<1:1.0.2-4.redhat_00004.1.el8ea
redhat/eap7-artemis-wildfly-integration<0:1.0.7-1.redhat_00001.1.el8ea
redhat/eap7-infinispan<0:11.0.17-1.Final_redhat_00001.1.el8ea
redhat/eap7-ironjacamar<0:1.5.11-1.Final_redhat_00001.1.el8ea
and 61 more
CVE-2022-4492
A flaw was found in undertow. The undertow client is not checking the server identity the server certificate presents in HTTPS connections. This is a compulsory step ( that should at least be performe...
redhat/eap7-undertow<0:2.2.23-1.SP2_redhat_00001.1.el8ea
redhat/eap7-undertow-jastow<0:2.0.14-1.Final_redhat_00001.1.el8ea
redhat/eap7-undertow<0:2.2.23-1.SP2_redhat_00001.1.el9ea
redhat/eap7-undertow-jastow<0:2.0.14-1.Final_redhat_00001.1.el9ea
redhat/eap7-undertow<0:2.2.23-1.SP2_redhat_00001.1.el7ea
redhat/eap7-undertow-jastow<0:2.0.14-1.Final_redhat_00001.1.el7ea
and 14 more
CVE-2022-46364
A SSRF vulnerability in parsing the href attribute of XOP:Include in MTOM requests in versions of Apache CXF before 3.5.5 and 3.4.10 allows an attacker to perform SSRF style attacks on webservices tha...
redhat/Apache CXF<3.5.5
redhat/Apache CXF<3.4.10
redhat/eap7-apache-cxf<0:3.4.10-1.redhat_00001.1.el8ea
redhat/eap7-apache-cxf<0:3.4.10-1.redhat_00001.1.el9ea
redhat/eap7-apache-cxf<0:3.4.10-1.redhat_00001.1.el7ea
redhat/rh-sso7-keycloak<0:18.0.6-1.redhat_00001.1.el7
and 5 more
CVE-2022-1259
A flaw was found in Undertow where a potential security issue in flow control handling by browser over HTTP/2 may potentially cause overhead or DOS in the server. The highest impact of this vulnerabil...
redhat/eap7-undertow<0:2.2.19-1.SP2_redhat_00001.1.el8ea
redhat/eap7-undertow<0:2.2.19-1.SP2_redhat_00001.1.el9ea
redhat/eap7-undertow<0:2.2.19-1.SP2_redhat_00001.1.el7ea
IBM Watson Knowledge Catalog on-prem<=4.x
Redhat Build Of Quarkus
Redhat Integration Camel K
and 12 more

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203