Summary Connect2id Nimbus JOSE+JWT is used by Watson Studio in Cloud Pak for Data. Vulnerability Details CVEID:CVE-2023-52428 DESCRIPTION: In Connect2id Nimbus JOSE+JWT before 9.37.2, an attacker can cause a denial of service (resource consumption) via a large JWE p2c header value (aka iteration count) for the PasswordBasedDecrypter (PBKDF2) component. CWE:CWE-770: Allocation of Resources Without Limits or Throttling CVSS Source: IBM X-Force CVSS Base score: 7.5 CVSS Vector:(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) Affected Products and Versions Affected Product(s)| Version(s) —|— Watson Studio on Cloud Pak for Data| 4.8.0 – 4.8.9 Watson Studio on Cloud Pak for Data| 5.1.0 – 5.2.0 Remediation/Fixes IBM strongly recommends addressing the vulnerability now by upgrading. Affected Product(s)| Version(s)| Remediation/Fix —|—|— Watson Studio on Cloud Pak for Data| 4.8.0 – 4.8.9, 5.1.0 – 5.2.0| Get the latest Watson Studio by upgrading to 5.2.0. Details here . Workarounds and Mitigations…Read More