Unexpected States and Crashes in IBM Watson Speech Services Cartridge
CVE-2024-49353

7.5HIGH

Key Information:

Vendor: IBM
Status: Watson Speech Services Cartridge For IBM Cloud Pak For Data
Vendor: CVE Published:; 26 November 2024

What is CVE-2024-49353?

The IBM Watson Speech Services Cartridge, part of the IBM Cloud Pak for Data suite, features an input validation vulnerability due to improper checks on resources that are accessed concurrently. This flaw may lead to unpredictable system states, potentially resulting in service disruptions or crashes. Users of affected versions (4.0.0 to 5.0.2) should take immediate action to evaluate their systems and apply available patches as recommended by IBM to mitigate the risks associated with this vulnerability.

Affected Version(s)

Watson Speech Services Cartridge for IBM Cloud Pak for Data 4.0.0 <= 5.0.2

References

https://www.ibm.com/support/pages/node/7177065

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 26, 2024
Vulnerability Reserved
Oct 14, 2024