IBM Support

Security Bulletin: A vulnerability in IBM Java Runtime affects IBM Watson Explorer Advanced Edition (CVE-2016-3426)

Created by Igets Administrator on
Published URL:
https://www.ibm.com/support/pages/node/281449
281449

Security Bulletin


Summary

There are vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 8, which is used by IBM Watson Explorer.

Vulnerability Details

CVEID: CVE-2016-3426
DESCRIPTION: An unspecified vulnerability related to the Java Cryptography Extension (JCE) component could allow a remote attacker to obtain sensitive information resulting in a partial confidentiality impact using unknown attack vectors.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/112457 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)

Affected Products and Versions

This vulnerability applies to apply to the following products and versions:

  • Watson Explorer Foundational Components version 11.0.0 through 11.0.0.3
  • Watson Explorer Foundational Components Annotation Administration Console version 11.0.0 through 11.0.0.3
  • Watson Explorer Analytical Components version 11.0.0 through 11.0.0.3

Remediation/Fixes

Follow these steps to upgrade to the required version of IBM Java Runtime.

The table reflects product names at the time the specified versions were released. To use the links to Fix Central in this table, you must first log in to the IBM Support: Fix Central site at http://www.ibm.com/support/fixcentral/.



Affected ProductAffected VersionsRequired IBM Java RuntimeHow to acquire and apply the fix
IBM Watson Explorer Foundational Components11.0.0 through 11.0.0.38.0 SR3 (8.0.3.0) or laterUpgrade Watson Explorer Foundational Components to Version 11.0.1. For information about this version, and links to the software and release notes, see the download document. For information about upgrading, see the upgrade procedures.
IBM Watson Explorer Foundational Components, Annotation Administration Console11.0.0 through 11.0.0.38.0 SR3 (8.0.3.0) or laterUpgrade Annotation Administration Console to Version 11.0.1. For information about this version, and links to the software and release notes, see the download document. For information about upgrading, see the upgrade procedures.
IBM Watson Explorer Analytical Components11.0.0 through 11.0.0.38.0 SR3 (8.0.3.0) or laterUpgrade Watson Explorer Analytical Components to Version 11.0.1. For information about this version, and links to the software and release notes, see the download document. For information about upgrading, see the upgrade procedures.

Workarounds and Mitigations

None

Get Notified about Future Security Bulletins

Subscribe to My Notifications to be notified of important product support alerts like this.

References

Complete CVSS v2 Guide
On-line Calculator v2

Complete CVSS v3 Guide
On-line Calculator v3

Off

Related Information

IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog

Change History

23 June 2016: Original version published

*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

Disclaimer

Review the IBM security bulletin disclaimer and definitions regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.

[{"Product":{"code":"SS8NLW","label":"IBM Watson Explorer"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"--","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF016","label":"Linux"},{"code":"PF033","label":"Windows"}],"Version":"11.0.0;11.0.0.1;11.0.0.2;11.0.0.3","Edition":"All Editions","Line of Business":{"code":"LOB10","label":"Data and AI"}}]

Document Information

Modified date:
17 June 2018

UID

swg21984803

Page Feedback