## Summary

Potential SAP NetWeaver AS for JAVA security bypass vulnerability ( CVE-2023-30744) has been identified that may affect Watson CP4D Data Stores. Refer to details for additional information.

## Vulnerability Details

** CVEID: **[CVE-2023-30744]()
** DESCRIPTION: **SAP NetWeaver AS for JAVA could allow a remote attacker to bypass security restrictions, caused by improper authorization validation. By attaching to an open interface and make use of an open naming and directory API to instantiate an object, an attacker could exploit this vulnerability to read or change the state of existing services.
CVSS Base score: 8.2
CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/254712]() for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N)

## Affected Products and Versions

Affected Product(s)| Version(s)
—|—
Watson CP4D Data Stores| All versions before 4.7.0

## Remediation/Fixes

For all affected versions, IBM strongly recommends addressing the vulnerability now by upgrading to the latest (v4.7.0 or later releases) release of IBM Watson Assistant for IBM Cloud Pak for Data which maintains backward compatibility with the versions listed above.

**Product Latest Version**| **Remediation/Fix/Instructions**
—|—
IBM Cloud Pak for Data Version 4.7.0|

Follow instructions for Installing Watson Assistant in Link to Release (v4.7.0 release information)

## Workarounds and Mitigations

None

##Read More