IBM Support

Security Bulletin: Vulnerability exists in Watson Explorer (CVE-2021-44228)

Security Bulletin


Summary

Log4j is used by IBM Watson Explorer to log system events for diagnostics. This bulletin provides a remediation for the vulnerability, CVE-2021-44228 by upgrading Watson Explorer and thus addressing the exposure to the log4j vulnerability.

Vulnerability Details

CVEID:   CVE-2021-44228
DESCRIPTION:   Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the failure to protect against attacker controlled LDAP and other JNDI related endpoints by JNDI features. By sending a specially crafted code string, an attacker could exploit this vulnerability to load arbitrary Java code on the server and take complete control of the system. Note: The vulnerability is also called Log4Shell or LogJam.
CVSS Base score: 10
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/214921 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)

Affected Products and Versions

Affected Product(s)Version(s)
IBM Watson Explorer Deep Analytics Edition Foundational Components
12.0.0.0,
12.0.1,
12.0.2.0 - 12.0.2.2,
12.0.3.0 - 12.0.3.7
IBM Watson Explorer Deep Analytics Edition Analytical Components
12.0.0.0,
12.0.1,
12.0.2.0 - 12.0.2.2,
12.0.3.0 - 12.0.3.7
IBM Watson Explorer Deep Analytics Edition oneWEX
12.0.0.0, 12.0.0.1,
12.0.1,
12.0.2.0 - 12.0.2.2,
12.0.3.0 - 12.0.3.7
IBM Watson Explorer Foundational Components11.0.0.0 - 11.0.0.3,
11.0.1,
11.0.2.0 -
11.0.2.11
IBM Watson Explorer Analytical Components11.0.0.0 - 11.0.0.3,
11.0.1,
11.0.2.0 - 
11.0.2.11

Remediation/Fixes

Affected ProductAffected VersionsHow to acquire and apply the fix
IBM Watson Explorer DAE
Foundational Components
12.0.0.0,
12.0.1,
12.0.2.0 - 12.0.2.2, 12.0.3.0 - 12.0.3.7

Query Modifier service is affected by this vulnerability. If Query Modifier service is installed (see Installing Query Modifier), please follow the steps below.

  1. If you have not already installed, install V12.0.3.7 (see the Fix Pack download document).
  2. Download the interim fix from Fix Central: 12.0.3.7-WS-WatsonExplorer-DAEFoundational-IF001.
  3. To apply the fix, follow the steps below.
    1. Stop Query Modifier service if it is running
      • Linux: Run /etc/init.d/querymodifier stop
      • Windows: Open the Service window, choose the Query Modifier Service, and click the Stop Service button.
    2. Navigate to <install_dir>/Engine/nlq
    3. Rename querymodifier.jar to querymodifier.jar.bak
    4. Copy the downloaded querymodifier.jar to <install_dir>/Engine/nlq
    5. Run install command
      • Linux: querymodifier-install.sh
      • Windows: querymodifier-install.ps1
    6. Start Query Modifier service if you use the service
      • Linux: Run /etc/init.d/querymodifier start
      • Windows: Open the Service window, choose the Query Modifier Service, and click the Start Service button.
IBM Watson Explorer Deep Analytics Edition Analytical Components12.0.0.0, 12.0.1, 12.0.2.0 - 12.0.2.2, 12.0.3.0 - 12.0.3.7

Natural Language Query service is affected by this vulnerability. Please follow the steps below.

  1. If you have not already installed, install V12.0.3.7 (see the Fix Pack download document).
  2. Download the interim fix from Fix Central: 12.0.3.7-WS-WatsonExplorer-DAEAnalytical-IF001.
  3. To apply the fix, follow the steps below.
    1. Stop Natural Language Query service if it is running
          esadmin nlqservice.node1 stop
          The service name might be such as nlqservice.node2 when using a distributed environment.
    2. Navigate to <install_dir>/lib
    3. Rename querymodifier.jar to querymodifier.jar.bak
    4. Copy the downloaded querymodifier.jar to <install_dir>/lib
    5. Start Natural Language Query service if you use the service
          esadmin nlqservice.node1 start
IBM Watson Explorer Deep Analytics Edition oneWEX12.0.0.0, 12.0.0.1, 12.0.1, 12.0.2.0 - 12.0.2.2, 12.0.3.0 - 12.0.3.7

Upgrade to Version 12.0.3.8.

See Watson Explorer Version 12.0.3.8 oneWEX for download information and instructions.

IBM Watson Explorer
Foundational Components
11.0.0.0 - 11.0.0.3,
11.0.1,
11.0.2.0 -
11.0.2.11

Query Modifier service is affected by this vulnerability. If Query Modifier service is installed (see Installing Query Modifier), please follow the steps below.

  1. If you have not already installed, install V11.0.2.11 (see the Fix Pack download document).
  2. Download the interim fix for your edition (Enterprise or Advanced) from Fix Central: 11.0.2.11-WS-WatsonExplorer-<Edition>Foundational-IF001 (EE for Enterprise Edition, AE for Advanced Edition).
  3. To apply the fix, follow the steps below.
    1. Stop Query Modifier service if it is running
      • Linux: Run /etc/init.d/querymodifier stop
      • Windows: Open the Service window, choose the Query Modifier Service, and click the Stop Service button.
    2. Navigate to <install_dir>/Engine/nlq
    3. Rename querymodifier.jar to querymodifier.jar.bak
    4. Copy the downloaded querymodifier.jar to <install_dir>/Engine/nlq
    5. Run install command
      • Linux: querymodifier-install.sh
      • Windows: querymodifier-install.ps1
    6. Start Query Modifier service if you use the service
      • Linux: Run /etc/init.d/querymodifier start
      • Windows: Open the Service window, choose the Query Modifier Service, and click the Start Service button.
IBM Watson Explorer Analytical Components11.0.0.0 - 11.0.0.3,
11.0.1,
11.0.2.0 - 
11.0.2.11

Natural Language Query service is affected by this vulnerability. Please follow the steps below.

  1. If you have not already installed, install V11.0.2.11 (see the Fix Pack download document).
  2. Download the interim fix from Fix Central: 11.0.2.11-WS-WatsonExplorer-AEAnalytical-IF001.
  3. To apply the fix, follow the steps below.
    1. Stop Natural Language Query service if it is running
          esadmin nlqservice.node1 stop
          The service name might be such as nlqservice.node2 when using a distributed environment.
    2. Navigate to <install_dir>/lib
    3. Rename querymodifier.jar to querymodifier.jar.bak
    4. Copy the downloaded querymodifier.jar to <install_dir>/lib
    5. Start Natural Language Query service if you use the service
          esadmin nlqservice.node1 start

Workarounds and Mitigations

None

Get Notified about Future Security Bulletins

References

Off

Acknowledgement

Change History

14 Dec 2021: Initial Publication

*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

Disclaimer

According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.

Document Location

Worldwide

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SS8NLW","label":"Watson Explorer"},"Component":"","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF016","label":"Linux"},{"code":"PF033","label":"Windows"}],"Version":"11.0.0, 11.0.1, 11.0.2, 12.0.0, 12.0.1, 12.0.2, 12.0.3","Edition":"","Line of Business":{"code":"LOB10","label":"Data and AI"}}]

Document Information

Modified date:
16 December 2021

UID

ibm16525826