Security Bulletin: IBM Watson Speech Services Cartridge v4.8.8 is vulnerable...

Security Bulletin: IBM Watson Speech Services Cartridge v4.8.8 is vulnerable to a security bypass in Golang Go [CVE-2024-45337]

May 2, 2025 invoker category_cve

Vulnerability Details

Basic Information

Title	Security Bulletin: IBM Watson Speech Services Cartridge v4.8.8 is vulnerable to a security bypass in Golang Go [CVE-2024-45337]
Type	ibm
Published	2025-05-01T16:56:15
Last Seen	2025-05-01T18:56:37
CVSS Score	9.1 (CRITICAL)

CVSS v3 Details

Attack Vector	NETWORK
Attack Complexity	LOW
Privileges Required	NONE
User Interaction	NONE
Scope	UNCHANGED
Confidentiality Impact	HIGH
Integrity Impact	HIGH
Availability Impact	NONE

CVE Information

CVE IDs	CVE-2024-45337
CWE
Bulletin Family	software

Description

Summary IBM Watson Speech Services Cartridge is vulnerable to an authorization bypass in Golang Go, caused by applications and libraries which misuse connection.serverAuthenticate (via callback field ServerConfig.PublicKeyCallback)…

Impact Assessment

Base Score	9.1
Severity	CRITICAL

View full CVE details