SB2024112924 - Race condition in IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data



SB2024112924 - Race condition in IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data

Published: November 29, 2024

Security Bulletin ID SB2024112924
CSH Severity
Medium
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Remote access
Highest impact Denial of service

Breakdown by Severity

Medium 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 vulnerability.


1) Race condition (CVE-ID: CVE-2024-49353)

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data does not properly check inputs to resources that are used concurrently. A local user can exploit the race and perform a denial of service (DoS) attack.


Remediation

Install update from vendor's website.