Medium Severity

IBM Security Bulletin: Vulnerabilities exist in Watson Explorer Analytical Components and Watson Content Analytics (CVE-2018-1901)

Share this post:

Security vulnerabilities have been identified in IBM Watson Explorer Analytical Components, Watson Explorer Foundational Components Annotation Administration Console, and IBM Watson Content Analytics.

CVE(s): CVE-2018-1901

Affected product(s) and affected version(s):

To see which vulnerabilities apply to your product and version, see the applicable row in the following table.

Affected Product

Affected Versions Applicable Vulnerabilities
IBM Watson Explorer Deep Analytics Edition oneWEX Components 12.0.0.0, 12.0.0.1 12.0.1, 12.0.2, 12.0.2.1 CVE-2018-1901
IBM Watson Explorer Deep Analytics Edition Analytical Components 12.0.0.0 12.0.1 12.0.2, 12.0.2.1 CVE-2018-1901
IBM Watson Explorer Deep Analytics Edition Annotation Administration Console 12.0.0.0 12.0.1 12.0.2, 12.0.2.1 CVE-2018-1901
IBM Watson Explorer Analytical Components

11.0.0.0 – 11.0.0.3,
11.0.1,
11.0.2.0 – 11.0.2.4, 12.0.1, 1

CVE-2018-1901
IBM Watson Explorer Foundational Components Annotation Administration Console 11.0.0.0 – 11.0.0.3,
11.0.1,
11.0.2.0 – 11.0.2.4 12.0.0 12.0.1 12.0.2, 12.0.2.1
CVE-2018-1901
IBM Watson Explorer Analytical Components 10.0.0.0 – 10.0.0.2 CVE-2018-1901
IBM Watson Explorer Foundational Components Annotation Administration Console 10.0.0.0 – 10.0.0.5 CVE-2018-1901
IBM Watson Content Analytics 3.5.0.0 – 3.5.0.4 CVE-2018-1901

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10878426
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/152530

More stories

Security Bulletin: IBM Planning Analytics Local is affected by security vulnerabilities

Dec 6, 2019 7:00 pm EST | Medium Severity

CVEID:   CVE-2019-4612 DESCRIPTION:   IBM Planning Analytics Workspace is vulnerable to malicious file upload in the My Account Portal. Attackers can make use of this weakness and upload malicious executable files into the system and it can be sent to victim for performing further attacks.CVSS Base score: 6.3CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/168523 for the current score.CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N)   CVEID:   CVE-2019-4611 DESCRIPTION:   IBM Planning Analytics is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.CVSS Base score: 5.4CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/168519 for the current score.CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)   ...read more


Security Bulletin: Vulnerability affects IBM Watson Assistant for IBM Cloud Pak for Data

Dec 6, 2019 7:00 pm EST | Medium Severity

CVEID:   CVE-2019-4428 DESCRIPTION:   IBM WDC - Watson Assistant is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.CVSS Base score: 5.4CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/162807 for the current score.CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N) ...read more


Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in FasterXML jackson-databind

Dec 6, 2019 7:00 pm EST | Medium Severity

CVEID:   CVE-2019-16335 DESCRIPTION:   A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariDataSource. This is a different vulnerability than CVE-2019-14540.CVSS Base score: 5.3CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/167205 for the current score.CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) ...read more