Multiple vulnerabilities in IBM Watson Studio on Cloud Pak for Data
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 23 |
| CVE-ID | CVE-2023-25668 CVE-2022-25882 CVE-2022-45907 CVE-2023-25659 CVE-2023-25660 CVE-2023-25661 CVE-2023-25662 CVE-2023-25663 CVE-2023-25664 CVE-2023-25665 CVE-2023-25666 CVE-2023-25667 CVE-2023-25669 CVE-2023-25670 CVE-2023-25671 CVE-2023-25672 CVE-2023-25673 CVE-2023-25674 CVE-2023-25675 CVE-2023-25676 CVE-2023-25801 CVE-2023-27579 CVE-2023-2800 |
| CWE-ID | CWE-125 CWE-22 CWE-94 CWE-119 CWE-20 CWE-190 CWE-248 CWE-122 CWE-476 CWE-415 CWE-377 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Watson Studio on Cloud Pak for Data Other software / Other software solutions |
| Vendor | IBM Corporation |
Security Bulletin
This security bulletin contains information about 23 vulnerabilities.
1) Out-of-bounds read
EUVDB-ID: #VU73846
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-25668
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in the QuantizeAndDequantize operation. A remote attacker can trigger a heap out-of-bounds read error and read contents of memory on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsWatson Studio on Cloud Pak for Data : before 4.8.0
External linkshttp://www.ibm.com/support/pages/node/7090404
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Path traversal
EUVDB-ID: #VU75176
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-25882
CWE-ID:
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences. A remote attacker can send a specially crafted HTTP request and read arbitrary files on the system.
Request example:
http://localhost:8080/public/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/root/.ssh/id_rsa
Install update from vendor's website.
Vulnerable software versionsWatson Studio on Cloud Pak for Data : before 4.8.0
External linkshttp://www.ibm.com/support/pages/node/7090404
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Code Injection
EUVDB-ID: #VU85872
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-45907
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation within the torch.jit.annotations.parse_type_line() function. A remote attacker can send a specially crafted request and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsWatson Studio on Cloud Pak for Data : before 4.8.0
External linkshttp://www.ibm.com/support/pages/node/7090404
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Out-of-bounds read
EUVDB-ID: #VU73854
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-25659
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in DynamicStitch. A remote attacker can trigger an out-of-bounds read error and read contents of memory on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsWatson Studio on Cloud Pak for Data : before 4.8.0
External linkshttp://www.ibm.com/support/pages/node/7090404
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Buffer overflow
EUVDB-ID: #VU73853
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-25660
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in tf.raw_ops.Print. A remote attacker can pass specially crafted input to the application, trigger memory corruption and perform a denial of service (DoS) attack. MitigationInstall update from vendor's website.
Vulnerable software versionsWatson Studio on Cloud Pak for Data : before 4.8.0
External linkshttp://www.ibm.com/support/pages/node/7090404
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Input validation error
EUVDB-ID: #VU78715
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-25661
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation by the Convolution3DTranspose function. A remote user can pass specially crafted input to the application and perform a denial of service (DoS) attack on ML cloud services.
MitigationInstall update from vendor's website.
Vulnerable software versionsWatson Studio on Cloud Pak for Data : before 4.8.0
External linkshttp://www.ibm.com/support/pages/node/7090404
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Integer overflow
EUVDB-ID: #VU73852
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-25662
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to integer overflow in EditDistance. A remote attacker can pass specially crafted data to the application, trigger an integer overflow and perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsWatson Studio on Cloud Pak for Data : before 4.8.0
External linkshttp://www.ibm.com/support/pages/node/7090404
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Uncaught Exception
EUVDB-ID: #VU73851
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-25663
CWE-ID:
CWE-248 - Uncaught Exception
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a floating point exceptionin TensorArrayConcatV2. A remote attacker can pass specially crafted input to the application, trigger an unhanded exception and perform a denial of service (DoS) attack. MitigationInstall update from vendor's website.
Vulnerable software versionsWatson Studio on Cloud Pak for Data : before 4.8.0
External linkshttp://www.ibm.com/support/pages/node/7090404
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Heap-based buffer overflow
EUVDB-ID: #VU73850
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-25664
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in AvgPoolGrad. A remote attacker can pass specially crafted data to the application, trigger a heap-based buffer overflow and perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsWatson Studio on Cloud Pak for Data : before 4.8.0
External linkshttp://www.ibm.com/support/pages/node/7090404
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Uncaught Exception
EUVDB-ID: #VU73848
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-25665
CWE-ID:
CWE-248 - Uncaught Exception
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer exception in SparseSparseMaximum. A remote attacker can pass specially crafted input to the application, trigger an unhanded exception and perform a denial of service (DoS) attack. MitigationInstall update from vendor's website.
Vulnerable software versionsWatson Studio on Cloud Pak for Data : before 4.8.0
External linkshttp://www.ibm.com/support/pages/node/7090404
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Uncaught Exception
EUVDB-ID: #VU73849
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-25666
CWE-ID:
CWE-248 - Uncaught Exception
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a floating point exception in AudioSpectrogram. A remote attacker can pass specially crafted input to the application, trigger an unhanded exception and perform a denial of service (DoS) attack. MitigationInstall update from vendor's website.
Vulnerable software versionsWatson Studio on Cloud Pak for Data : before 4.8.0
External linkshttp://www.ibm.com/support/pages/node/7090404
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Buffer overflow
EUVDB-ID: #VU73847
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-25667
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error when opening multiframe gif images. A remote attacker can pass specially crafted input to the application, trigger memory corruption and perform a denial of service (DoS) attack. MitigationInstall update from vendor's website.
Vulnerable software versionsWatson Studio on Cloud Pak for Data : before 4.8.0
External linkshttp://www.ibm.com/support/pages/node/7090404
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Uncaught Exception
EUVDB-ID: #VU73845
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-25669
CWE-ID:
CWE-248 - Uncaught Exception
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a floating point exception in AvgPoolGrad with XLA. A remote attacker can pass specially crafted input to the application, trigger an unhanded exception and perform a denial of service (DoS) attack. MitigationInstall update from vendor's website.
Vulnerable software versionsWatson Studio on Cloud Pak for Data : before 4.8.0
External linkshttp://www.ibm.com/support/pages/node/7090404
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Uncaught Exception
EUVDB-ID: #VU73844
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-25670
CWE-ID:
CWE-248 - Uncaught Exception
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a floating point exception in QuantizedMatMulWithBiasAndDequantize. A remote attacker can pass specially crafted input to the application, trigger an unhanded exception and perform a denial of service (DoS) attack. MitigationInstall update from vendor's website.
Vulnerable software versionsWatson Studio on Cloud Pak for Data : before 4.8.0
External linkshttp://www.ibm.com/support/pages/node/7090404
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Buffer overflow
EUVDB-ID: #VU73843
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-25671
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in tfg-translate. A remote attacker can pass specially crafted input to the application, trigger memory corruption and perform a denial of service (DoS) attack. MitigationInstall update from vendor's website.
Vulnerable software versionsWatson Studio on Cloud Pak for Data : before 4.8.0
External linkshttp://www.ibm.com/support/pages/node/7090404
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Uncaught Exception
EUVDB-ID: #VU74030
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-25672
CWE-ID:
CWE-248 - Uncaught Exception
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer exception within the tf.raw_ops.LookupTableImportV2() function. A remote attacker can pass specially crafted input to the application, trigger an unhanded exception and perform a denial of service (DoS) attack. MitigationInstall update from vendor's website.
Vulnerable software versionsWatson Studio on Cloud Pak for Data : before 4.8.0
External linkshttp://www.ibm.com/support/pages/node/7090404
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Uncaught Exception
EUVDB-ID: #VU73842
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-25673
CWE-ID:
CWE-248 - Uncaught Exception
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a floating point exception in TensorListSplit with XLA. A remote attacker can pass specially crafted input to the application, trigger an unhanded exception and perform a denial of service (DoS) attack. MitigationInstall update from vendor's website.
Vulnerable software versionsWatson Studio on Cloud Pak for Data : before 4.8.0
External linkshttp://www.ibm.com/support/pages/node/7090404
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Uncaught Exception
EUVDB-ID: #VU73841
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-25674
CWE-ID:
CWE-248 - Uncaught Exception
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer exception in RandomShuffle with XLA enabled. A remote attacker can pass specially crafted input to the application, trigger an unhanded exception and perform a denial of service (DoS) attack. MitigationInstall update from vendor's website.
Vulnerable software versionsWatson Studio on Cloud Pak for Data : before 4.8.0
External linkshttp://www.ibm.com/support/pages/node/7090404
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Buffer overflow
EUVDB-ID: #VU73840
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-25675
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in Bincount with XLA. A remote attacker can pass specially crafted input to the application, trigger memory corruption and perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsWatson Studio on Cloud Pak for Data : before 4.8.0
External linkshttp://www.ibm.com/support/pages/node/7090404
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) NULL pointer dereference
EUVDB-ID: #VU73839
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-25676
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference on ParallelConcat with XLA. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsWatson Studio on Cloud Pak for Data : before 4.8.0
External linkshttp://www.ibm.com/support/pages/node/7090404
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Double Free
EUVDB-ID: #VU73838
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-25801
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in Fractional(Max/Avg)Pool. A remote attacker can pass specially crafted input to the application, trigger a double free error and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsWatson Studio on Cloud Pak for Data : before 4.8.0
External linkshttp://www.ibm.com/support/pages/node/7090404
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Uncaught Exception
EUVDB-ID: #VU73837
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-27579
CWE-ID:
CWE-248 - Uncaught Exception
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a floating point exception in TFLite in the iconv kernel. A remote attacker can pass specially crafted input to the application, trigger an unhanded exception and perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsWatson Studio on Cloud Pak for Data : before 4.8.0
External linkshttp://www.ibm.com/support/pages/node/7090404
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Insecure Temporary File
EUVDB-ID: #VU83354
Risk: Low
CVSSv3.1: 4.1 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-2800
CWE-ID:
CWE-377 - Insecure Temporary File
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources. A local user can trigger resource exhaustion and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsWatson Studio on Cloud Pak for Data : before 4.8.0
External linkshttp://www.ibm.com/support/pages/node/7090404
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
