Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of JWT Vulnerability Details CVEID:CVE-2024-31033 DESCRIPTION: An unspecified error with ignoring certain characters in jwtk JJWT (aka Java JWT) has an unknown impact and attack vector. CWE:CWE-327: Use of a Broken or Risky Cryptographic Algorithm CVSS Source: IBM X-Force CVSS Base score: 6.8 CVSS Vector:(CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N) Affected Products and Versions Affected Product(s)| Version(s) —|— IBM watsonx Orchestrate Cartridge for IBM Cloud Pak for Data| All Remediation/Fixes Upgrade to IBM watsonx Orchestrate Cartridge 5.1.1 https://www.ibm.com/docs/en/watsonx/watson-orchestrate/current?topic=installing-watsonx-orchestrate-premises Workarounds and Mitigations…Read More