IBM Watson Machine Learning on Cloud Pak for Data server-side request forgery
CVE-2023-30444

7.1HIGH

Key Information:

Vendor: IBM
Status: Watson Machine Learning On Cloud Pak For Data
Vendor: CVE Published:; 27 April 2023

Summary

IBM Watson Machine Learning, part of the Cloud Pak for Data versions 4.0 and 4.5, is susceptible to a server-side request forgery (SSRF) vulnerability. This flaw potentially allows an authenticated attacker to exploit the system to send unauthorized requests, which could lead to network enumeration and may serve as a gateway for more sophisticated attacks. Ensuring timely remediation is crucial to safeguarding sensitive data and maintaining network integrity.

Affected Version(s)

Watson Machine Learning on Cloud Pak for Data 4.0, 4.5

References

https://www.ibm.com/support/pages/node/6985859

vendor-advisory

https://www.ibm.com/support/pages/node/6985859

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 27, 2023
Vulnerability Reserved
Apr 8, 2023