Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to denial of service in Google gRPC, caused by a lack of error handling in the TCP server on posix-compatible platforms [CVE-2023-4785]. Google gRPC is used in our Speech Services runtimes. This vulnerabilitiy has been addressed. Please read the details for remediation below. Vulnerability Details ** CVEID: CVE-2023-4785 DESCRIPTION: **Google gRPC is vulnerable to a denial of service, caused by a lack of error handling in the TCP server on posix-compatible platforms. By initiating a significant number of connections with the server, a remote attacker could exploit this vulnerability to cause a denial of service. CVSS Base score: 7.5 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/265913 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) Affected Products and Versions Affected Product(s)| Version(s) —|— IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data| 4.0.0 – 4.8.4 Remediation/Fixes Product(s)| Version(s) | Remediation/Fix/Instructions —|—|— IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data| 4.8.5| The fix in 4.8.5 applies to all versions listed (4.0.0-4.8.4). Version 4.8.5 can be downloaded and installed from: https://www.ibm.com/docs/en/cloud-paks/cp-data Workarounds and Mitigations…Read More