IBM Watson Speech Services Cartridge is vulnerable to Server-Side Request Forgery (SSRF) in Sterling File Gateway, due to a flaw which may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks [GHSA-rr7j-v2q5-chgv] [CVE-2026-7253]. IBM Sterling File Gateway is used in our speech runtimes. This vulnerabilitiy has been addressed. Please read the details for remediation below.
PUBLISHED5.2CWE-918
IBM Watson Speech Services Cartridge is vulnerable to Server-Side Request Forgery (SSRF) in Sterling File Gateway
Problem type
Affected products
IBM
IBM Watson Speech Services Cartridge
<= 5.3.1 - AFFECTED
References
GitHub Security Advisories
GHSA-4pm6-4pwh-f3gg
IBM Watson Speech Services Cartridge is vulnerable to Server-Side Request Forgery (SSRF) in...
https://github.com/advisories/GHSA-4pm6-4pwh-f3ggIBM Watson Speech Services Cartridge is vulnerable to Server-Side Request Forgery (SSRF) in Sterling File Gateway, due to a flaw which may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks [GHSA-rr7j-v2q5-chgv] [CVE-2026-7253]. IBM Sterling File Gateway is used in our speech runtimes. This vulnerabilitiy has been addressed. Please read the details for remediation below.
JSON source
https://cveawg.mitre.org/api/cve/CVE-2026-7253Click to expand
{
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"cveMetadata": {
"cveId": "CVE-2026-7253",
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"dateUpdated": "2026-06-22T15:21:25.434Z",
"dateReserved": "2026-04-27T22:02:11.814Z",
"datePublished": "2026-06-22T15:21:25.434Z",
"state": "PUBLISHED"
},
"containers": {
"cna": {
"providerMetadata": {
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm",
"dateUpdated": "2026-06-22T15:21:25.434Z"
},
"title": "IBM Watson Speech Services Cartridge is vulnerable to Server-Side Request Forgery (SSRF) in Sterling File Gateway",
"descriptions": [
{
"lang": "en",
"value": "IBM Watson Speech Services Cartridge is vulnerable to Server-Side Request Forgery (SSRF) in Sterling File Gateway, due to a flaw which may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks [GHSA-rr7j-v2q5-chgv] [CVE-2026-7253]. IBM Sterling File Gateway is used in our speech runtimes. This vulnerabilitiy has been addressed. Please read the details for remediation below.",
"supportingMedia": [
{
"type": "text/html",
"base64": false,
"value": "IBM Watson Speech Services Cartridge is vulnerable to Server-Side Request Forgery (SSRF) in Sterling File Gateway, due to a flaw which may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks [GHSA-rr7j-v2q5-chgv] [CVE-2026-7253]. IBM Sterling File Gateway is used in our speech runtimes. This vulnerabilitiy has been addressed. Please read the details for remediation below."
}
]
}
],
"affected": [
{
"vendor": "IBM",
"product": "IBM Watson Speech Services Cartridge",
"defaultStatus": "unaffected",
"versions": [
{
"version": "4.0.0",
"status": "affected",
"versionType": "semver",
"lessThanOrEqual": "5.3.1"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"lang": "en",
"description": "CWE-918 Server-Side request forgery (SSRF)",
"cweId": "CWE-918",
"type": "CWE"
}
]
}
],
"references": [
{
"url": "https://www.ibm.com/support/pages/node/7276994"
}
],
"metrics": [
{
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
],
"cvssV3_1": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
}
}
],
"solutions": [
{
"lang": "en",
"value": "Product(s)Version(s)Remediation/Fix/InstructionsIBM Watson Speech Services Cartridge5.4 The fix in v5.4 applies to all versions listed (4.0.0-5.3.1). The newest version, 5.4 can be downloaded and installed from:\n https://www.ibm.com/docs/en/cloud-paks/cp-data \n\n\n\n\n\n\n\n\n\n\n\n \n\nProduct(s)Version(s)Remediation/Fix/InstructionsIBM Watson Speech Services Cartridge5.3.1 Patch 7 The fix in 5.3.1 Patch 7 applies to all versions listed (4.0.0-5.3.1). The newest version of 5.3.1 with the included Patch 7 can be downloaded and installed from:\n https://www.ibm.com/docs/en/cloud-paks/cp-data/5.3.x",
"supportingMedia": [
{
"type": "text/html",
"base64": false,
"value": "<br><p></p><div><div><div><table><tbody><tr><td>Product(s)</td><td>Version(s)</td><td>Remediation/Fix/Instructions</td></tr><tr><td>IBM Watson Speech Services Cartridge</td><td>5.4 </td><td>The fix in v5.4 applies to all versions listed (4.0.0-5.3.1). The newest version, 5.4 can be downloaded and installed from:<br><a href=\"https://www.ibm.com/docs/en/cloud-paks/cp-data\" rel=\"nofollow\">https://www.ibm.com/docs/en/cloud-paks/cp-data</a></td></tr></tbody></table></div></div></div><div><div></div></div><p> </p><div><table><tbody><tr><td>Product(s)</td><td>Version(s)</td><td>Remediation/Fix/Instructions</td></tr><tr><td>IBM Watson Speech Services Cartridge</td><td>5.3.1 Patch 7 </td><td>The fix in 5.3.1 Patch 7 applies to all versions listed (4.0.0-5.3.1). The newest version of 5.3.1 with the included Patch 7 can be downloaded and installed from:<br><a href=\"https://www.ibm.com/docs/en/cloud-paks/cp-data/5.3.x\" rel=\"nofollow\">https://www.ibm.com/docs/en/cloud-paks/cp-data/5.3.x</a></td></tr></tbody></table></div>"
}
]
}
]
}
}
}