Impact
IBM Watson Speech Services Cartridge contains an SSRF flaw in the Sterling File Gateway component. An authenticated attacker can exploit this to issue arbitrary HTTP or HTTPS requests from the server, allowing them to reach internal network services, perform network scans, or use the system as a proxy for further attacks. The weakness is classified as CWE‑918, indicating the vulnerability results from improper validation of outbound request URLs. The consequence is the potential compromise of confidential internal resources and facilitation of other attack stages such as lateral movement or data exfiltration.
Affected Systems
The affected product is IBM Watson Speech Services Cartridge for the IBM Cloud Pak ecosystem. Versions from 4.0.0 through 5.3.1 are vulnerable. IBM provides a patch named 5.3.1 Patch 7 that fixes the issue, and all older releases are covered by the patch through the 5.3.1 lineage. A newer release, 5.4, also contains the fix and can be deployed as an upgrade.
Risk and Exploitability
The CVSS base score of 5.3 indicates a moderate level of severity. The EPSS score is not available, so the current estimate of exploitation probability is unknown. The vulnerability is not listed in the CISA KEV catalog. Exploitation requires an attacker to authenticate to the cartridge, suggesting that privileged credentials or a misconfigured access control could enable the SSRF. Once authenticated, the attacker can target internal services and potentially use the system to pivot into a broader network. Given the moderate score and the need for credentials, the risk is medium‑to‑high for environments where the cartridge has excessive outbound reach or where internal services are accessible.
OpenCVE Enrichment