We use cookies to improve your experience on our site.
AVID-2026-R1555
Description
IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data denial of service (CVE-2024-49353)
Details
IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data 4.0.0 through 5.0.2 does not properly check inputs to resources that are used concurrently, which might lead to unexpected states, possibly resulting in a crash.
Reason for inclusion in AVID: CVE-2024-49353 describes a denial-of-service vulnerability in IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data, a software component used in AI pipelines to provide speech services. It impacts runtime/serving components used to build/run AI systems, representing a software supply-chain risk within AI stacks. The CVE description and CVSS data provide clear vulnerability behavior (DoS) and affected versions, supporting AI-supply-chain relevance.
References
Affected or Relevant Artifacts
- Developer: IBM
- Deployer: IBM
- Artifact Details:
| Type | Name |
|---|---|
| System | Watson Speech Services Cartridge for IBM Cloud Pak for Data |
Impact
AVID Taxonomy Categorization
- Risk domains: Security
- SEP subcategories: S0100: Software Vulnerability
- Lifecycle stages: L06: Deployment
CVSS
| Version | 3.1 |
| Vector String | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
| Base Score | 7.5 |
| Base Severity | 🔴 High |
| Attack Vector | NETWORK |
| Attack Complexity | 🟢 Low |
| Privileges Required | NONE |
| User Interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality Impact | NONE |
| Integrity Impact | NONE |
| Availability Impact | 🔴 High |
CWE
| ID | Description |
|---|---|
| CWE-362 | CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (‘Race Condition’) |
Other information
- Report Type: Advisory
- Credits:
- Date Reported: 2024-11-26
- Version: 0.3.3
- AVID Entry