SB2024090430 - Multiple vulnerabilities in IBM watsonx.data

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2024090430

SB2024090430 - Multiple vulnerabilities in IBM watsonx.data

Published: September 4, 2024

Security Bulletin ID SB2024090430
Severity
Medium
Patch available
YES
Number of vulnerabilities 3
Exploitation vector Remote access
Highest impact Information disclosure

Breakdown by Severity

Medium 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 3 secuirty vulnerabilities.


1) Input validation error (CVE-ID: CVE-2015-2156)

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might allow remote attackers to bypass the httpOnly flag on cookies and obtain sensitive information by leveraging improper validation of cookie name and value characters.


2) Resource management error (CVE-ID: CVE-2014-0193)

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

WebSocket08FrameDecoder in Netty 3.6.x before 3.6.9, 3.7.x before 3.7.1, 3.8.x before 3.8.2, 3.9.x before 3.9.1, and 4.0.x before 4.0.19 allows remote attackers to cause a denial of service (memory consumption) via a TextWebSocketFrame followed by a long stream of ContinuationWebSocketFrames.


3) Resource exhaustion (CVE-ID: CVE-2019-9518)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper validation of user-supplied input within the HTTP.sys driver when processing HTTP/2 requests. A remote attacker can send specially crafted HTTP packets to the affected system trigger resource exhaustion and perform a denial of service (DoS) attack.



Remediation

Install update from vendor's website.

References