Medium Severity

IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Watson Explorer, Watson Content Analytics and Watson Explorer Content Analytics Studio (CVE-2018-1890, CVE-2019-2426)

Share this post:

There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 8 and Version 7 used by Watson Explorer, Watson Content Analytics and Watson Explorer Content Analytics Studio. Watson Explorer, Watson Content Analytics and Watson Explorer Content Analytics Studio have addressed the applicable CVEs.

CVE(s): CVE-2018-1890, CVE-2019-2426

Affected product(s) and affected version(s):

These vulnerabilities apply to the following products and versions:

Affected Product

Affected Versions Applicable Vulnerabilities
IBM Watson Explorer Deep Analytics Edition Foundational Components 12.0.0.0, 12.0.1, 12.0.2 – 12.0.2.2 CVE-2018-1890 CVE-2019-2426
IBM Watson Explorer Deep Analytics Edition Analytical Components 12.0.0.0, 12.0.1, 12.0.2 – 12.0.2.2 CVE-2018-1890 CVE-2019-2426
IBM Watson Explorer Deep Analytics Edition oneWEX 12.0.0.0, 12.0.0.1, 12.0.1, 12.0.2 – 12.0.2.2 CVE-2018-1890 CVE-2019-2426
Affected Product Affected Versions Applicable Vulnerabilities
IBM Watson Explorer Foundational Components

11.0.0.0 – 11.0.0.3,
11.0.1, 11.0.2 – 11.0.2.4

CVE-2018-1890 CVE-2019-2426
IBM Watson Explorer Foundational Components 10.0.0.0 – 10.0.0.5 CVE-2018-1890 CVE-2019-2426
Affected Product Affected Versions Applicable Vulnerabilities
IBM Watson Explorer Foundational Components Annotation Administration Console 12.0.0.0, 12.0.1, 12.0.2 – 12.0.2.2 CVE-2018-1890 CVE-2019-2426
IBM Watson Explorer Foundational Components Annotation Administration Console 11.0 – 11.0.0.3,
11.0.1, 11.0.2 – 11.0.2.4
CVE-2018-1890 CVE-2019-2426
IBM Watson Explorer Foundational Components Annotation Administration Console 10.0.0.0 – 10.0.0.5 CVE-2018-1890 CVE-2019-2426
IBM Watson Explorer Analytical Components 11.0.0.0 – 11.0.0.3,
11.0.1, 11.0.2 – 11.0.2.4
CVE-2018-1890 CVE-2019-2426
IBM Watson Explorer Analytical Components 10.0.0.0 – 10.0.0.2 CVE-2018-1890 CVE-2019-2426
IBM Watson Content Analytics 3.5.0.0 – 3.5.0.4 CVE-2018-1890 CVE-2019-2426
IBM Watson Explorer Content Analytics Studio 11.0.0.0 – 11.0.0.3,
11.0.1, 11.0.2.0 – 11.0.2.2
CVE-2018-1890 CVE-2019-2426
IBM Watson Explorer Content Analytics Studio 12.0.0, 12.0.1, 12.0.2 CVE-2018-1890 CVE-2019-2426

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10956435
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/152081
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/155744

More stories

IBM Security Bulletin: IBM Security Key Lifecycle Manager stores password in clear text (CVE-2019-4566)

Sep 21, 2019 9:02 am EDT | Medium Severity

IBM Security Key Lifecycle Manager stores user credentials in plain in clear text which can be read by a local user. CVE(s): CVE-2019-4566 Affected product(s) and affected version(s): IBM Security Key Lifecycle Manager (SKLM) v3.0 – v3.0.0.2 on distributed platforms IBM Security Key Lifecycle Manager (SKLM) v3.0.1- v3.0.1.1 on distributed platforms Refer to the following ...read more


IBM Security Bulletin: Apache Commons Compress vulnerability affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2019-12402)

Sep 21, 2019 9:02 am EDT | Medium Severity

Apache Commons Compress is vulnerable to a denial of service which can affect IBM Spectrum Control (formerly IBM Tivoli Storage Productivity Center). CVE(s): CVE-2019-12402 Affected product(s) and affected version(s): Affected Product Affected Versions IBM Tivoli Storage Productivity Center 5.2.0 – 5.2.7.1 IBM Spectrum Control 5.2.8 – 5.2.17.3 IBM Spectrum Control 5.3.0 – 5.3.3 The versions ...read more


IBM Security Bulletin: Clickjacking vulnerability in WebSphere Application Server Liberty affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2019-4285)

Sep 21, 2019 9:01 am EDT | Medium Severity

There is a potential clickjacking vulnerability in IBM WebSphere Application Server Liberty Admin Center which affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center). CVE(s): CVE-2019-4285 Affected product(s) and affected version(s): Affected Product Affected Versions IBM Spectrum Control 5.2.13 – 5.2.17.3 IBM Spectrum Control 5.3.0 – 5.3.3 The versions listed above apply to all licensed ...read more