Lucene search

K
ibmIBM6FCF3A6897C9A1A085633762339E7EC8DFE631B6D2A160FA5D1ADBC3E11F92E1
HistoryDec 16, 2021 - 1:28 p.m.

Security Bulletin: Vulnerability exists in Watson Explorer (CVE-2021-44228)

2021-12-1613:28:20
www.ibm.com
203

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.975 High

EPSS

Percentile

99.9%

Summary

Log4j is used by IBM Watson Explorer to log system events for diagnostics. This bulletin provides a remediation for the vulnerability, CVE-2021-44228 by upgrading Watson Explorer and thus addressing the exposure to the log4j vulnerability.

Vulnerability Details

CVEID:CVE-2021-44228
**DESCRIPTION:**Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the failure to protect against attacker controlled LDAP and other JNDI related endpoints by JNDI features. By sending a specially crafted code string, an attacker could exploit this vulnerability to load arbitrary Java code on the server and take complete control of the system. Note: The vulnerability is also called Log4Shell or LogJam.
CVSS Base score: 10
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/214921 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Watson Explorer Deep Analytics Edition Foundational Components

12.0.0.0,

12.0.1,

12.0.2.0 - 12.0.2.2,

12.0.3.0 - 12.0.3.7

IBM Watson Explorer Deep Analytics Edition Analytical Components|

12.0.0.0,

12.0.1,

12.0.2.0 - 12.0.2.2,

12.0.3.0 - 12.0.3.7

IBM Watson Explorer Deep Analytics Edition oneWEX|

12.0.0.0, 12.0.0.1,

12.0.1,

12.0.2.0 - 12.0.2.2,

12.0.3.0 - 12.0.3.7

IBM Watson Explorer Foundational Components| 11.0.0.0 - 11.0.0.3,
11.0.1,
11.0.2.0 -
11.0.2.11
IBM Watson Explorer Analytical Components| 11.0.0.0 - 11.0.0.3,
11.0.1,
11.0.2.0 -
11.0.2.11

Remediation/Fixes

Affected Product Affected Versions How to acquire and apply the fix
IBM Watson Explorer DAE
Foundational Components

12.0.0.0,

12.0.1,

12.0.2.0 - 12.0.2.2, 12.0.3.0 - 12.0.3.7

|

Query Modifier service is affected by this vulnerability. If Query Modifier service is installed (see Installing Query Modifier), please follow the steps below.

  1. If you have not already installed, install V12.0.3.7 (see the Fix Pack download document).
  2. Download the interim fix from Fix Central: 12.0.3.7-WS-WatsonExplorer-DAEFoundational-IF001.
  3. To apply the fix, follow the steps below.
1. Stop Query Modifier service if it is running  

  * Linux: Run /etc/init.d/querymodifier stop
  * Windows: Open the Service window, choose the Query Modifier Service, and click the Stop Service button.
2. Navigate to <install_dir>/Engine/nlq
3. Rename querymodifier.jar to querymodifier.jar.bak
4. Copy the downloaded querymodifier.jar to <install_dir>/Engine/nlq
5. Run install command  

  * Linux: querymodifier-install.sh
  * Windows: querymodifier-install.ps1
6. Start Query Modifier service if you use the service   

  * Linux: Run /etc/init.d/querymodifier start
  * Windows: Open the Service window, choose the Query Modifier Service, and click the Start Service button.  

IBM Watson Explorer Deep Analytics Edition Analytical Components| 12.0.0.0, 12.0.1, 12.0.2.0 - 12.0.2.2, 12.0.3.0 - 12.0.3.7|

Natural Language Query service is affected by this vulnerability. Please follow the steps below.

  1. If you have not already installed, install V12.0.3.7 (see the Fix Pack download document).
  2. Download the interim fix from Fix Central: 12.0.3.7-WS-WatsonExplorer-DAEAnalytical-IF001.
  3. To apply the fix, follow the steps below.
1. Stop Natural Language Query service if it is running  

esadmin nlqservice.node1 stop
The service name might be such as nlqservice.node2 when using a distributed environment.
2. Navigate to <install_dir>/lib
3. Rename querymodifier.jar to querymodifier.jar.bak
4. Copy the downloaded querymodifier.jar to <install_dir>/lib
5. Start Natural Language Query service if you use the service
esadmin nlqservice.node1 start
IBM Watson Explorer Deep Analytics Edition oneWEX| 12.0.0.0, 12.0.0.1, 12.0.1, 12.0.2.0 - 12.0.2.2, 12.0.3.0 - 12.0.3.7|

Upgrade to Version 12.0.3.8.

See Watson Explorer Version 12.0.3.8 oneWEX for download information and instructions.

IBM Watson Explorer
Foundational Components| 11.0.0.0 - 11.0.0.3,
11.0.1,
11.0.2.0 -
11.0.2.11|

Query Modifier service is affected by this vulnerability. If Query Modifier service is installed (see Installing Query Modifier), please follow the steps below.

  1. If you have not already installed, install V11.0.2.11 (see the Fix Pack download document).
  2. Download the interim fix for your edition (Enterprise or Advanced) from Fix Central: 11.0.2.11-WS-WatsonExplorer-<Edition>Foundational-IF001(EE for Enterprise Edition, AE for Advanced Edition).
  3. To apply the fix, follow the steps below.
1. Stop Query Modifier service if it is running  

  * Linux: Run /etc/init.d/querymodifier stop
  * Windows: Open the Service window, choose the Query Modifier Service, and click the Stop Service button.
2. Navigate to &lt;install_dir&gt;/Engine/nlq
3. Rename querymodifier.jar to querymodifier.jar.bak
4. Copy the downloaded querymodifier.jar to &lt;install_dir&gt;/Engine/nlq
5. Run install command   

  * Linux: querymodifier-install.sh
  * Windows: querymodifier-install.ps1
6. Start Query Modifier service if you use the service   

  * Linux: Run /etc/init.d/querymodifier start
  * Windows: Open the Service window, choose the Query Modifier Service, and click the Start Service button.  

IBM Watson Explorer Analytical Components| 11.0.0.0 - 11.0.0.3,
11.0.1,
11.0.2.0 -
11.0.2.11|

Natural Language Query service is affected by this vulnerability. Please follow the steps below.

  1. If you have not already installed, install V11.0.2.11 (see the Fix Pack download document).
  2. Download the interim fix from Fix Central: 11.0.2.11-WS-WatsonExplorer-AEAnalytical-IF001.
  3. To apply the fix, follow the steps below.
1. Stop Natural Language Query service if it is running  

esadmin nlqservice.node1 stop
The service name might be such as nlqservice.node2 when using a distributed environment.
2. Navigate to <install_dir>/lib
3. Rename querymodifier.jar to querymodifier.jar.bak
4. Copy the downloaded querymodifier.jar to <install_dir>/lib
5. Start Natural Language Query service if you use the service
esadmin nlqservice.node1 start

Workarounds and Mitigations

None

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.975 High

EPSS

Percentile

99.9%

Related for 6FCF3A6897C9A1A085633762339E7EC8DFE631B6D2A160FA5D1ADBC3E11F92E1