Medium Severity

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Watson Explorer and Watson Explorer Content Analytics Studio (CVE-2020-14579, CVE-2020-14578, CVE-2020-14577, CVE-2020-14621)

Share this post:

There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 8 and Version 7 used by Watson Explorer and Watson Explorer Content Analytics Studio. Watson Explorer and Watson Explorer Content Analytics Studio have addressed the applicable CVEs.

Affected product(s) and affected version(s):

Affected Product(s) Version(s) Applicable Vulnerabilities
IBM Watson Explorer Deep Analytics Edition Foundational Components 12.0.0.0, 12.0.1, 12.0.2.0 – 12.0.2.2, 12.0.3.0 – 12.0.3.4

CVE-2020-14579
CVE-2020-14578
CVE-2020-14577
CVE-2020-14621

IBM Watson Explorer Deep Analytics Edition Analytical Components 12.0.0.0, 12.0.1, 12.0.2.0 – 12.0.2.2, 12.0.3.0 – 12.0.3.4 CVE-2020-14579
CVE-2020-14578
CVE-2020-14577
CVE-2020-14621
IBM Watson Explorer Deep Analytics Edition oneWEX 12.0.0.0, 12.0.0.1, 12.0.1, 12.0.2.0 – 12.0.2.2, 12.0.3.0 – 12.0.3.4 CVE-2020-14579
CVE-2020-14578
CVE-2020-14577
CVE-2020-14621
IBM Watson Explorer
Foundational Components
11.0.0.0 – 11.0.0.3,
11.0.1,
11.0.2.0 –
11.0.2.8
CVE-2020-14579
CVE-2020-14578
CVE-2020-14577
CVE-2020-14621
IBM Watson Explorer Foundational Components 10.0.0.0 – 10.0.0.9 CVE-2020-14579
CVE-2020-14578
CVE-2020-14577
CVE-2020-14621
IBM Watson Explorer Foundational Components Annotation Administration Console

12.0.0.0, 12.0.1, 12.0.2.0 – 12.0.2.2, 12.0.3.0 – 12.0.3.4

CVE-2020-14579
CVE-2020-14578
CVE-2020-14577
CVE-2020-14621
IBM Watson Explorer Foundational Components Annotation Administration Console 11.0.0.0 – 11.0.0.3,
11.0.1,
11.0.2.0 – 11.0.2.8
CVE-2020-14579
CVE-2020-14578
CVE-2020-14577
CVE-2020-14621
IBM Watson Explorer Foundational Components Annotation Administration Console 10.0.0.0 – 10.0.0.6 CVE-2020-14579
CVE-2020-14578
CVE-2020-14577
CVE-2020-14621
IBM Watson Explorer Analytical Components 11.0.0.0 – 11.0.0.3,
11.0.1,
11.0.2.0 – 
11.0.2.8
CVE-2020-14579
CVE-2020-14578
CVE-2020-14577
CVE-2020-14621
IBM Watson Explorer Analytical Components 10.0.0.0 – 10.0.0.2 CVE-2020-14579
CVE-2020-14578
CVE-2020-14577
CVE-2020-14621
IBM Watson Explorer Content Analytics Studio 12.0.0, 12.0.1, 12.0.2, 12.0.3 CVE-2020-14579
CVE-2020-14578
CVE-2020-14577
IBM Watson Explorer Content Analytics Studio
11.0.0.0 – 11.0.0.3,
11.0.1, 11.0.2.0 – 11.0.2.2
CVE-2020-14579
CVE-2020-14578
CVE-2020-14577

 

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6372490

More stories

Security Bulletin: IBM Cloud Pak for Security is vulnerable to CVE-2021-20538 and CVE-2021-20577

May 7, 2021 8:00 pm EDT | Medium Severity

IBM Cloud Pak for Security versions 1.5.0.1 and earlier is vulnerable to the following CVEs: CVE-2021-20538, meaning that sensitive information can be obtained by the user without sufficient authorisation. CVE-2021-20577, allowing cross side scripting that can potentially lead to credentials disclosure. These are addressed in CP4S 1.6.0.0 and later versions ...read more


Security Bulletin: A security vulnerability in Node.js urijs module affects IBM Cloud Pak for Multicloud Management Infrastructure management.

May 7, 2021 8:00 pm EDT | Medium Severity

A security vulnerability in Node.js urijs module affects IBM Cloud Pak for Multicloud Management Infrastructure management. ...read more


Security Bulletin: IBM Control Desk is vulnerable to Cross-Site Scripting Vulnerability (CVE-2021-20559)

May 7, 2021 8:00 pm EDT | Medium Severity

IBM Control Desk is vulnerable to Cross-Site Scripting Vulnerability ...read more