Security Bulletin: Vulnerability in Flask-Cors affects IBM Cloud Pak for...

Vulnerability Details

Basic Information

Title	Security Bulletin: Vulnerability in Flask-Cors affects IBM Cloud Pak for Data System 1.0(CPDS 1.0)[CVE-2020-25032]
Type	ibm
Published	2025-05-03T07:31:27
Last Seen	2025-05-03T10:56:45
CVSS Score	7.5 (HIGH)

CVSS v3 Details

Attack Vector	NETWORK
Attack Complexity	LOW
Privileges Required	NONE
User Interaction	NONE
Scope	UNCHANGED
Confidentiality Impact	HIGH
Integrity Impact	NONE
Availability Impact	NONE

CVE Information

CVE IDs	CVE-2020-25032
CWE
Bulletin Family	software

Description

## Summary

The Flask-Cors package is used by IBM Cloud Pak for Data System 1.0. IBM Cloud Pak for Data System 1.0 has addressed the applicable CVE [CVE-2020-25032].

## Vulnerability Details

**CVEID:**CVE-2020-25032
**DESCRIPTION:** Flask-CORS could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing “dot dot” sequences (/../) to view arbitrary files on the system.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/187626 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

## Affected Products and Versions

Affected Product(s)| Version(s)
—|—
IBM Cloud Pak for Data System 1.0 | 1.0.0.0- 1.0.8.4

## Remediation/Fixes

**IBM strongly recommends addressing the vulnerability now by upgrading to latest version.**

## Workarounds and Mitigations

None

Impact Assessment

Base Score	7.5
Severity	HIGH

View full CVE details