Summary Potential vulnerability in gRPC has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge – Assistant Builder Component. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2023-33953 DESCRIPTION: gRPC is vulnerable to a denial of service, caused by hpack table accounting errors. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service. CWE:CWE-789: Memory Allocation with Excessive Size Value CVSS Source: IBM X-Force CVSS Base score: 7.5 CVSS Vector:(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) Affected Products and Versions Affected Product(s)| Version(s) —|— IBM watsonx Assistant Cartridge | 4.0 – 5.1.0 IBM watsonx Orchestrate with watsonx Assistant Cartridge – Assistant Builder Component.| 5.0 – 5.1.0 Remediation/Fixes For all affected versions, IBM strongly recommends addressing the vulnerability now by upgrading to the latest (v5.1.1 or later releases) release of IBM watsonx Assistant Cartridge which maintains backward compatibility with the versions listed above. Product Latest Version| Remediation/Fix/Instructions —|— IBM watsonx Assistant Cartridge 5.1.1| Follow instructions for Installing watsonx Assistant in Link to Release (v5.1.1 release information) https://www.ibm.com/docs/en/cloud-paks/cp-data/5.1.x IBM watsonx Orchestrate with watsonx Assistant…Read More