Improper verification of cryptographic signature in IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data

Apr 4, 2023 12:00 pm Cyber Security 115

Published: 2023-04-04

Security Bulletin


This security bulletin contains one medium risk vulnerability.



1) Improper Verification of Cryptographic Signature


EUVDB-ID: #VU64685


Risk: Medium


CVSSv3.1:


CVE-ID: CVE-2022-32208


CWE-ID: CWE-347 - Improper Verification of Cryptographic Signature


Exploit availability: No


Description

The vulnerability allows a remote attacker to perform MitM attack.


The vulnerability exists due to improper handling of message verification failures when performing FTP transfers secured by krb5. A remote attacker can perform MitM attack and manipulate data.


Mitigation

Install update from vendor's website.


Vulnerable software versions

IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data : before 4.6.4


CPE2.3 External links

http://www.ibm.com/support/pages/node/6967655


Q & A


Can this vulnerability be exploited remotely?


Is there known malware, which exploits this vulnerability?




###SIDEBAR###



Support the originator by clicking the read the rest link below.
improper verification cryptographic signature watson speech services cartridge cloud
Read The Rest from the original source
cybersecurity-help.cz

Related News

Be in Touch

All Rights Reserved #1 Source for Cyber Security News, Reports and Threat Intelligence
Powered By The Internet!!!!