Main Vulnerability Database SB2024082732

SB2024082732 - Insufficient verification of data authenticity in IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data

Published: August 27, 2024

Security Bulletin ID SB2024082732

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Insufficient verification of data authenticity (CVE-ID: CVE-2024-34447)

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to hostname verification is performed against a DNS-resolved IP address when endpoint identification is enabled in the BCJSSE and an SSL socket is not created with an explicit hostname. A remote attacker can bypass implemented security restrictions.

Remediation

Install update from vendor's website.

References

https://www.ibm.com/support/pages/node/7162202