Published: 2023-04-04
Security Bulletin
This security bulletin contains one medium risk vulnerability.
1) Improper Verification of Cryptographic Signature
EUVDB-ID: #VU64685
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-32208
CWE-ID: CWE-347 - Improper Verification of Cryptographic Signature
Exploit availability: No
Description
The vulnerability allows a remote attacker to perform MitM attack.
The vulnerability exists due to improper handling of message verification failures when performing FTP transfers secured by krb5. A remote attacker can perform MitM attack and manipulate data.
Mitigation
Install update from vendor's website.
Vulnerable software versions
IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data : before 4.6.4
CPE2.3 External links
http://www.ibm.com/support/pages/node/6967655
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
Support the originator by clicking the read the rest link below.