Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of gRPC Vulnerability Details CVEID:CVE-2024-7246 DESCRIPTION: Google gRPC is vulnerable to a denial of service, caused by HPACK table poisoning between the proxy and the backend. By sending a specially crafted request, an attacker could exploit this vulnerability to leak other clients HTTP header keys, but not values. CWE:CWE-440: Expected Behavior Violation CVSS Source: CNA CVSS Base score: 3.7 CVSS Vector:(CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) Affected Products and Versions Affected Product(s)| Version(s) —|— ICP – Discovery| 4.0.0 – 4.8.6 ICP – Discovery| 5.0.0 – 5.0.3 Remediation/Fixes Upgrade to IBM Watson Discovery 4.8.7 or 5.1.0 and https://cloud.ibm.com/docs/discovery-data?topic=discovery-data-install Workarounds and Mitigations…Read More