SB2025021044 - Multiple vulnerabilities in IBM watsonx.data

Security Bulletin ID SB2025021044

Severity

Medium

Patch available

YES

Number of vulnerabilities 2

Exploitation vector Remote access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Arbitrary file upload (CVE-ID: CVE-2023-50386)

The vulnerability allows a remote user to compromise vulnerable system.

The vulnerability exists due to Solr ConfigSets accepts Java ".jar" and ".class" files to be uploaded through the ConfigSets API. Such files can be later included into a backup and executed during the restore procedure. When backing up Solr Collections, these configSet files would be saved to disk when using the LocalFileSystemRepository (the default for backups). If the backup was saved to a directory that Solr uses in its ClassPath/ClassLoaders, then the jar and class files would be available to use with any ConfigSet, trusted or untrusted. As a result, a remote user with backup permissions can include malicious files into the backup and execute arbitrary code on the system, when files are restored from the backup.

2) Information disclosure (CVE-ID: CVE-2023-50298)

The vulnerability allows a remote user to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the application. A remote user can gain unauthorized access to ZooKeeper credentials via Streaming Expressions

Remediation

Install update from vendor's website.

References

https://www.ibm.com/support/pages/node/7182788