Ibm Watson Speech Services Cartridge
Monthly
Server-Side Request Forgery in IBM Watson Speech Services Cartridge (versions 4.0.0 through 5.3.1) lets an authenticated attacker coerce the system into issuing crafted requests to internal or external hosts, enabling internal network enumeration and pivoting toward follow-on attacks. The weakness lives in the embedded IBM Sterling File Gateway component used by the speech runtimes (GHSA-rr7j-v2q5-chgv). No public exploit identified at time of analysis; EPSS is low (0.18%, 8th percentile) and CISA SSVC marks exploitation as none, so this is a patch-priority issue rather than an emergency.
Server-Side Request Forgery in IBM Watson Speech Services Cartridge (versions 4.0.0 through 5.3.1) lets an authenticated attacker coerce the system into issuing crafted requests to internal or external hosts, enabling internal network enumeration and pivoting toward follow-on attacks. The weakness lives in the embedded IBM Sterling File Gateway component used by the speech runtimes (GHSA-rr7j-v2q5-chgv). No public exploit identified at time of analysis; EPSS is low (0.18%, 8th percentile) and CISA SSVC marks exploitation as none, so this is a patch-priority issue rather than an emergency.