IBM Support

Security Bulletin: A vulnerability exists in Watson Explorer Analytical Components, Watson Explorer Annotation Administration Console, Watson Content Analytics, and IBM Content Analytics

Created by Igets Administrator on
Published URL:
https://www.ibm.com/support/pages/node/287933
287933

Security Bulletin


Summary

A security vulnerability has been identified in IBM Watson Explorer Analytical Components, IBM Watson Explorer Foundational Components Annotation Administration Console, IBM Watson Content Analytics, and IBM Content Analytics.

Vulnerability Details

CVEID: CVE-2016-5597


DESCRIPTION: An unspecified vulnerability in Oracle Java SE and Java SE Embedded related to the Networking component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors.
CVSS Base Score: 5.9
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/118071 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)

Affected Products and Versions

To see which vulnerabilities apply to your product and version, see the applicable row in the following table.

Affected Product

Affected Versions
Watson Explorer Analytical Components11.0.0.0 - 11.0.0.3, 11.0.1
IBM Watson Explorer Foundational Components Annotation Administration Console11.0.0.0 - 11.0.0.3, 11.0.1
Watson Explorer Analytical Components10.0.0.0 - 10.0.0.2
IBM Watson Explorer Foundational Components Annotation Administration Console10.0.0.0 - 10.0.0.2
Watson Content Analytics3.5.0.0 - 3.5.0.4
IBM Content Analytics3.0.0.0 - 3.0.0.6

Remediation/Fixes

For information about fixes, see the applicable row in the following table. The table reflects product names at the time the specified versions were released. To use the links to Fix Central in this table, you must first log in to the IBM Support: Fix Central site at http://www.ibm.com/support/fixcentral/.

Affected ProductAffected VersionsFix
Watson Explorer Analytical Components11.0.0.0 - 11.0.0.3, 11.0.1Upgrade to Watson Explorer Analytical Components Version 11.0.2. For information about this version, and links to the software and release notes, see the download document. For information about upgrading, see the upgrade procedures.
IBM Watson Explorer Foundational Components Annotation Administration Console11.0.0.0 - 11.0.0.3, 11.0.1


Upgrade to Watson Explorer Foundational Components Annotation Administration Console Version 11.0.2. For information about this version, and links to the software and release notes, see the download document. For information about upgrading, see the upgrade procedures.
Watson Explorer Analytical Components10.0.0.0 - 10.0.0.2
  1. If not already installed, install V10.0 Fix Pack 2 (see the Fix Pack download document).
    If you upgrade to Version 10.0.0.2 after you update IBM Java Runtime, your changes are lost and you must repeat the steps.
  2. Download the 32-bit (or 31-bit, if you use Linux on System z) and 64-bit packages of IBM Java Runtime, Version 7 package for your edition (Enterprise or Advanced) and operating system from Fix Central: interim fix 10.0.0.2-WS-WatsonExplorer-<Edition>Analytical-<OS>[32|31]-7SR9FP60 or later. For example, 10.0.0.2-WS-WatsonExplorer-AEAnalytical-Linux-7SR9FP60 and 10.0.0.2-WS-WatsonExplorer-AEAnalytical-Linux32-7SR9FP60.
  3. To apply the fix, follow the steps in Updating IBM Java Runtime.
  4. Rename $ES_INSTALL_ROOT/lib/activation.jar
    to activation.jar.orig
IBM Watson Explorer Foundational Components Annotation Administration Console10.0.0.0 - 10.0.0.2
  1. If not already installed, install V10.0 Fix Pack 2 (see the Fix Pack download document).
    If you upgrade to Version 10.0.0.2 after you update IBM Java Runtime, your changes are lost and you must repeat the steps.
  2. Download the 32-bit and 64-bit packages of IBM Java Runtime, Version 7 for your edition (Enterprise or Advanced) and your operating system from Fix Central: 10.0.0.2-WS-WatsonExplorer-AEFoundationallAAC-<OS>[32]-7SR9FP60 or later. For example, 10.0.0.2-WS-WatsonExplorer-AEFoundationalAAC-Linux-7SR9FP60 and 10.0.0.2-WS-WatsonExplorer-AEFoundationalAAC-Linux32-7SR9FP60.
  3. To apply the fix, follow the steps in Updating IBM Java Runtime.
  4. Rename $ES_INSTALL_ROOT/lib/activation.jar
    to activation.jar.orig
Watson Content Analytics3.5.0.0 - 3.5.0.4
  1. If not already installed, install V3.5 Fix Pack 4 (see the Fix Pack download document).
    If you upgrade to Version 3.5.0.4 after you update IBM Java Runtime, your changes are lost and you must repeat the steps.
  2. Download the 32-bit (or 31-bit, if you use Linux on System z) and 64-bit packages of IBM Java Runtime, Version 7 package for your operating system from Fix Central: interim fix 3.5.0.4-WT-WCA-<OS>[32|31]-7SR9FP60 or later. For example, 3.5.0.4-WT-WCA-Linux-7SR9FP60 and 3.5.0.4-WT-WCA-Linux32-7SR9FP60.
  3. To apply the fix, follow the steps in Updating IBM Java Runtime.
  4. Rename $ES_INSTALL_ROOT/lib/activation.jar
    to activation.jar.orig
IBM Content Analytics3.0.0.0 - 3.0.0.6
  1. If not already installed, install V3.0 Fix Pack 6 (see the Fix Pack download document).
    If you upgrade to Version 3.0.0.6 after you configure IBM Java Runtime, your changes are lost and you must repeat the steps.
  2. Download the 32-bit (or 31-bit, if you use Linux on System z) and 64-bit packages of IBM Java Runtime, Version 6 for your operating system from Fix Central: interim fix 3.0.0.6-WT-ICA-<OS>[32|31]-6SR16FP35 or later. For example, 3.0.0.6-WT-ICA-Linux-6SR16FP35 and 3.0.0.6-WT-ICA-Linux32-6SR16FP35.
  3. To apply the fix, follow the steps in Updating IBM Java Runtime.
  4. Rename $ES_INSTALL_ROOT/lib/activation.jar
    to activation.jar.orig

Get Notified about Future Security Bulletins

References

Off

Change History

20 December 2016: Original version published

*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

Disclaimer

Review the IBM security bulletin disclaimer and definitions regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.

[{"Product":{"code":"SS8NLW","label":"IBM Watson Explorer"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"--","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF016","label":"Linux"},{"code":"PF033","label":"Windows"}],"Version":"10.0.0;11.0.0;11.0.1","Edition":"All Editions","Line of Business":{"code":"LOB10","label":"Data and AI"}},{"Product":{"code":"SS5RWK","label":"Content Analytics with Enterprise Search"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":" ","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF016","label":"Linux"},{"code":"PF033","label":"Windows"}],"Version":"3.5;3.0","Edition":"All Editions","Line of Business":{"code":"LOB10","label":"Data and AI"}}]

Product Synonym

WEX AC ICA WCA

Document Information

Modified date:
17 June 2018

UID

swg21996061