Description
IBM Watson Speech Services Cartridge is vulnerable to Server-Side Request Forgery (SSRF) in Sterling File Gateway, due to a flaw which may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks [GHSA-rr7j-v2q5-chgv] [CVE-2026-7253]. IBM Sterling File Gateway is used in our speech runtimes. This vulnerabilitiy has been addressed. Please read the details for remediation below.
Published: 2026-06-22
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

IBM Watson Speech Services Cartridge contains an SSRF flaw in the Sterling File Gateway component. An authenticated attacker can exploit this to issue arbitrary HTTP or HTTPS requests from the server, allowing them to reach internal network services, perform network scans, or use the system as a proxy for further attacks. The weakness is classified as CWE‑918, indicating the vulnerability results from improper validation of outbound request URLs. The consequence is the potential compromise of confidential internal resources and facilitation of other attack stages such as lateral movement or data exfiltration.

Affected Systems

The affected product is IBM Watson Speech Services Cartridge for the IBM Cloud Pak ecosystem. Versions from 4.0.0 through 5.3.1 are vulnerable. IBM provides a patch named 5.3.1 Patch 7 that fixes the issue, and all older releases are covered by the patch through the 5.3.1 lineage. A newer release, 5.4, also contains the fix and can be deployed as an upgrade.

Risk and Exploitability

The CVSS base score of 5.3 indicates a moderate level of severity. The EPSS score is not available, so the current estimate of exploitation probability is unknown. The vulnerability is not listed in the CISA KEV catalog. Exploitation requires an attacker to authenticate to the cartridge, suggesting that privileged credentials or a misconfigured access control could enable the SSRF. Once authenticated, the attacker can target internal services and potentially use the system to pivot into a broader network. Given the moderate score and the need for credentials, the risk is medium‑to‑high for environments where the cartridge has excessive outbound reach or where internal services are accessible.

Generated by OpenCVE AI on June 22, 2026 at 16:51 UTC.

Remediation

Vendor Solution

Product(s)Version(s)Remediation/Fix/InstructionsIBM Watson Speech Services Cartridge5.4 The fix in v5.4  applies to all versions listed (4.0.0-5.3.1). The newest version, 5.4 can be downloaded and installed from: https://www.ibm.com/docs/en/cloud-paks/cp-data   Product(s)Version(s)Remediation/Fix/InstructionsIBM Watson Speech Services Cartridge5.3.1 Patch 7 The fix in 5.3.1 Patch 7  applies to all versions listed (4.0.0-5.3.1). The newest version of 5.3.1 with the included Patch 7 can be downloaded and installed from: https://www.ibm.com/docs/en/cloud-paks/cp-data/5.3.x


OpenCVE Recommended Actions

  • Upgrade IBM Watson Speech Services Cartridge to version 5.4, or apply the 5.3.1 Patch 7 that contains the fix. The patched releases can be downloaded from IBM’s Cloud Pak documentation site.
  • Define firewall or network segmentation rules that limit outbound traffic from the cartridge to only required destinations, reducing the attack surface for SSRF exploitation.
  • Enforce strict authentication and privileged access controls for the cartridge, ensuring only authorized users can perform operations that trigger the Sterling File Gateway component.

Generated by OpenCVE AI on June 22, 2026 at 16:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 23 Jun 2026 14:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Mon, 22 Jun 2026 15:45:00 +0000

Type Values Removed Values Added
Description IBM Watson Speech Services Cartridge is vulnerable to Server-Side Request Forgery (SSRF) in Sterling File Gateway, due to a flaw which may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks [GHSA-rr7j-v2q5-chgv] [CVE-2026-7253]. IBM Sterling File Gateway is used in our speech runtimes. This vulnerabilitiy has been addressed. Please read the details for remediation below.
Title IBM Watson Speech Services Cartridge is vulnerable to Server-Side Request Forgery (SSRF) in Sterling File Gateway
First Time appeared Ibm
Ibm ibm Watson Speech Services Cartridge
Weaknesses CWE-918
CPEs cpe:2.3:a:ibm:ibm_watson_speech_services_cartridge:*:*:*:*:*:*:*:*
Vendors & Products Ibm
Ibm ibm Watson Speech Services Cartridge
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N'}


Subscriptions

Ibm Ibm Watson Speech Services Cartridge
cve-icon MITRE

Status: PUBLISHED

Assigner: ibm

Published:

Updated: 2026-06-23T13:43:20.332Z

Reserved: 2026-04-27T22:02:11.814Z

Link: CVE-2026-7253

cve-icon Vulnrichment

Updated: 2026-06-23T13:43:14.220Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-24T20:00:09Z

Weaknesses
  • CWE-918

    Server-Side Request Forgery (SSRF)