High Severity

Security Bulletin: Vulnerability exists in Watson Explorer (CVE-2021-4104)

Share this post:

Log4j is used by IBM Watson Explorer to log system events for diagnostics. This bulletin provides a remediation for the vulnerability, CVE-2021-4104 by upgrading Watson Explorer and thus addressing the exposure to the log4j vulnerability.

CVE(s): CVE-2021-4104

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
IBM Watson Explorer Deep Analytics Edition Foundational Components
12.0.0.0,
12.0.1,
12.0.2.0 – 12.0.2.2,
12.0.3.0 – 12.0.3.7
IBM Watson Explorer Deep Analytics Edition Analytical Components
12.0.0.0,
12.0.1,
12.0.2.0 – 12.0.2.2,
12.0.3.0 – 12.0.3.7
IBM Watson Explorer Deep Analytics Edition oneWEX
12.0.0.0, 12.0.0.1
12.0.1,
12.0.2.0 – 12.0.2.2,
12.0.3.0 – 12.0.3.7
IBM Watson Explorer
Foundational Components
11.0.0.0 – 11.0.0.3,
11.0.1,
11.0.2.0 –
11.0.2.11
IBM Watson Explorer Analytical Components 11.0.0.0 – 11.0.0.3,
11.0.1,
11.0.2.0 – 
11.0.2.11
IBM Watson Explorer Content Analytics Studio 12.0.0, 12.0.1, 12.0.2, 12.0.3
IBM Watson Explorer Content Analytics Studio 11.0.0.0 – 11.0.0.3,
11.0.1, 11.0.2.0 – 11.0.2.2

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6527728
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/215048

More stories

Security Bulletin: IBM App Connect Enterprise & IBM Integration Bus are vulnerable to a denial of service due to zlib (CVE-2018-25032)

September 27, 2022 | High Severity

IBM App Connect Enterprise & IBM Integration Bus are vulnerable to a denial of service due to zlib. The fix includes zlib 1.2.12. ...read more



Security Bulletin: IBM PowerVM Novalink is vulnerable because IBM WebSphere Application Server Liberty vulnerable, Eclipse Paho Java client could allow a remote attacker to bypass security restrictions.

September 27, 2022 | High Severity

BM PowerVM Novalink is vulnerable because IBM WebSphere Application Server Liberty vulnerable, Eclipse Paho Java client could allow a remote attacker to bypass security restrictions, caused by the failure to check the result when connecting to an MQTT server using TLS and setting a host name verifier. By sending a specially-crafted request, an attacker could exploit this vulnerability to allow one MQTT server to impersonate another and provide the client library with incorrect information.(CVE-2019-11777) ...read more