High Severity

IBM Security Bulletin: Multiple vulnerabilities affect Watson Explorer and IBM Watson Content Analytics (CVE-2018-2579, CVE-2018-2588, CVE-2018-2602, CVE-2018-2603, CVE-2018-2633)

Share this post:

Security vulnerabilities have been identified in IBM® Runtime Environment Java™ Technology Edition that is used by Watson Explorer and IBM Watson Content Analytics.

CVE(s): CVE-2018-2579, CVE-2018-2588, CVE-2018-2602, CVE-2018-2603, CVE-2018-2633

Affected product(s) and affected version(s):

These vulnerabilities apply to the following products and versions:

Affected Product

Affected Versions Applicable Vulnerabilities
IBM Watson Explorer Deep Analytics Edition Foundational Components 12.0.0.0 CVE-2018-2579 CVE-2018-2588 CVE-2018-2602 CVE-2018-2603 CVE-2018-2633
IBM Watson Explorer Deep Analytics Edition Analytical Components 12.0.0.0 CVE-2018-2579 CVE-2018-2588 CVE-2018-2633 CVE-2018-2602 CVE-2018-2603
IBM Watson Explorer Deep Analytics Edition oneWEX 12.0.0.0 CVE-2018-2579 CVE-2018-2588 CVE-2018-2602 CVE-2018-2603 CVE-2018-2633
Affected Product Affected Versions Applicable Vulnerabilities
IBM Watson Explorer Foundational Components 11.0.0.0 – 11.0.0.3, 11.0.1,
11.0.2, 11.0.2.2
CVE-2018-2579 CVE-2018-2588 CVE-2018-2602 CVE-2018-2603 CVE-2018-2633
IBM Watson Explorer Foundational Components 10.0.0.0 – 10.0.0.4 CVE-2018-2579 CVE-2018-2588 CVE-2018-2602 CVE-2018-2603 CVE-2018-2633
IBM Watson Explorer Foundational Components 9.0.0.0 – 9.0.0.8 CVE-2018-2579 CVE-2018-2588 CVE-2018-2602 CVE-2018-2603 CVE-2018-2633
IBM Watson Explorer Foundational Components 8.2 – 8.2-6 CVE-2018-2579 CVE-2018-2588 CVE-2018-2602 CVE-2018-2603 CVE-2018-2633
Affected Product Affected Versions Applicable Vulnerabilities
IBM Watson Explorer Foundational Components Annotation Administration Console 12.0.0.0 CVE-2018-2579 CVE-2018-2588 CVE-2018-2633 CVE-2018-2602 CVE-2018-2603
IBM Watson Explorer Foundational Components Annotation Administration Console 11.0 – 11.0.0.3,
11.0.1,
11.0.2, 11.0.2.2
CVE-2018-2579 CVE-2018-2588 CVE-2018-2633 CVE-2018-2602 CVE-2018-2603
IBM Watson Explorer Foundational Components Annotation Administration Console 10.0 – 10.0.0.4 CVE-2018-2579 CVE-2018-2588 CVE-2018-2633 CVE-2018-2602 CVE-2018-2603
Watson Explorer Analytical Components 11.0.0.0 – 11.0.0.3,
11.0.1,
11.0.2, 11.0.2.2
CVE-2018-2579 CVE-2018-2588 CVE-2018-2633 CVE-2018-2602 CVE-2018-2603
Watson Explorer Analytical Components 10.0.0.0 – 10.0.0.2 CVE-2018-2579 CVE-2018-2588 CVE-2018-2633 CVE-2018-2602 CVE-2018-2603
IBM Watson Content Analytics 3.5.0.0 – 3.5.0.4 CVE-2018-2579 CVE-2018-2588 CVE-2018-2633 CVE-2018-2602 CVE-2018-2603
Affected Product Affected Versions Applicable Vulnerabilities
IBM Watson Explorer Deep Analytics Edition Content Analytics Studio 12.0.0.0 CVE-2018-2579 CVE-2018-2602 CVE-2018-2603 CVE-2018-2633
IBM Watson Explorer Content Analytics Studio 11.0 – 11.0.0.3,
11.0.1
CVE-2018-2579 CVE-2018-2602 CVE-2018-2603 CVE-2018-2633
IBM Watson Explorer Content Analytics Studio 11.0.2, 11.0.2.1,
11.0.2.2
CVE-2018-2579 CVE-2018-2602 CVE-2018-2603 CVE-2018-2633
IBM Watson Explorer Content Analytics Studio 10.0.0.0 – 10.0.0.2 CVE-2018-2602
IBM Watson Content Analytics 3.5.0.0 – 3.5.0.4 CVE-2018-2602

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg22014682
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/137833
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/137841
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/137854
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/137855
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/137885

More stories

IBM Security Bulletin: Multiple vulnerabilities in IBM HTTP Server (CVE-2019-0211 CVE-2019-0220)

Apr 23, 2019 9:02 am EDT | High Severity

There are multiple vulnerabilities in the IBM HTTP Server used by WebSphere Application Server. CVE-2019-0211 affects version 9 non-windows platforms only. CVE(s): CVE-2019-0220, CVE-2019-0211 Affected product(s) and affected version(s): These vulnerabilities affect the following version and release of IBM HTTP Server (powered by Apache) component in all editions of WebSphere Application Server and bundling products. ...read more


IBM Security Bulletin: Potential vulnerability related to Unsafe Deserialization in Apache Solr shipped with IBM Operations Analytics – Log Analysis (CVE-2019-0192)

Apr 23, 2019 9:01 am EDT | High Severity

In Solr the Config API allows to configure the JMX server via an HTTP POST request. By pointing it to a malicious RMI server, an attacker could take advantage of unsafe deserialization in Solr to trigger remote code execution on the Solr side. CVE(s): CVE-2019-0192 Affected product(s) and affected version(s):IBM Operations Analytics – Log Analysis ...read more


IBM Security Bulletin: IBM i is affected by networking BIND vulnerabilities CVE-2018-5744 CVE-2019-6465 and CVE-2018-5745.

Apr 23, 2019 9:01 am EDT | High Severity

ISC BIND is vulnerable to these security vulnerabilities. IBM i has addressed these vulnerabilities. CVE(s): CVE-2018-5745, CVE-2019-6465, CVE-2018-5744 Affected product(s) and affected version(s): Releases 7.1, 7.2 and 7.3 of IBM i are affected. Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10876698X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/157386X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/157377X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/157371 ...read more