Lucene search

K
ibmIBM7683273D853201795DC98B316DD2C8B7DB84C63DD2868C0F87D00A09760EDC9B
HistoryJun 17, 2018 - 1:07 p.m.

Security Bulletin: Vulnerabilities exist in Watson Explorer Analytical Components, Watson Explorer Annotation Administration Console, Watson Content Analytics, IBM Content Analytics, and OmniFind Enterprise Edition

2018-06-1713:07:24
www.ibm.com
4

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

Summary

Security vulnerabilities have been identified in IBM Watson Explorer Analytical Components, Watson Explorer Foundational Components Annotation Administration Console, IBM Watson Content Analytics, IBM Content Analytics, and OmniFind Enterprise Edition. Not all vulnerabilites affect all products and versions.

Vulnerability Details

CVEID: CVE-2016-0359**
DESCRIPTION:** IBM WebSphere Application Server is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information.
CVSS Base Score: 6.1
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/111929 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)

CVEID: CVE-2016-3092**
DESCRIPTION:** Apache Tomcat is vulnerable to a denial of service, caused by an error in the Apache Commons FileUpload component. By sending file upload requests, an attacker could exploit this vulnerability to cause the server to become unresponsive.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/114336 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID: CVE-2016-3485**
DESCRIPTION:** An unspecified vulnerability in Oracle Java SE and Java SE Embedded related to the Networking component has no confidentiality impact, low integrity impact, and no availability impact.
CVSS Base Score: 2.9
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/115273 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)

Affected Products and Versions

To see which vulnerabilities apply to your product and version, see the applicable row in the following table.

Affected Product

| Affected Versions|Applicable Vulnerabilities
—|—|—
Watson Explorer Analytical Components| 11.0.0.0 - 11.0.0.3, 11.0.1.0| CVE-2016-3092
CVE-2016-0359
CVE-2016-3485
Watson Explorer Analytical Components| 10.0.0.0 - 10.0.0.2| CVE-2016-3092
CVE-2016-0359
CVE-2016-3485
IBM Watson Explorer Foundational Components Annotation Administration Console| 11.0.0.0 - 11.0.0.3, 11.0.1.0 | CVE-2016-3092
CVE-2016-0359
CVE-2016-3485
IBM Watson Explorer Foundational Components Annotation Administration Console| 10.0.0.0 - 10.0.0.2| CVE-2016-3092
CVE-2016-0359
CVE-2016-3485
Watson Content Analytics| 3.5.0.0 - 3.5.0.3| CVE-2016-3092
CVE-2016-0359
CVE-2016-3485
IBM Content Analytics| 3.0.0.0 - 3.0.0.6| CVE-2016-3092
CVE-2016-3485
IBM OmniFind Enterprise Edition| 9.1.0.0 - 9.1.0.5| CVE-2016-3092
IBM Content Analytics| 2.2.0.0 - 2.2.0.3| CVE-2016-3092

Remediation/Fixes

For information about fixes, see the applicable row in the following table. The table reflects product names at the time the specified versions were released. To use the links to Fix Central in this table, you must first log in to the IBM Support: Fix Central site at <http://www.ibm.com/support/fixcentral/&gt;.

Affected Product Affected Versions Vulnerability Fix
Watson Explorer Analytical Components 11.0.0.0 - 11.0.0.3, 11.0.1 CVE-2016-3092
CVE-2016-0359
CVE-2016-3485 Upgrade to Watson Explorer Analytical Components Version 11.0.2. For information about this version, and links to the software and release notes, see the download document. For information about upgrading, see the upgrade procedures.
IBM Watson Explorer Foundational Components Annotation Administration Console 11.0.0.0 - 11.0.0.3, 11.0.1 CVE-2016-3092
CVE-2016-0359
CVE-2016-3485 Upgrade to Watson Explorer Foundational Components Annotation Administration Console Version 11.0.2. For information about this version, and links to the software and release notes, see the download document. For information about upgrading, see the upgrade procedures.
Watson Explorer Analytical Components 10.0.0.0 - 10.0.0.2 CVE-2016-3092
  1. If not already installed, install V10.0 Fix Pack 2 (see the Fix Pack download document).

  2. Download the package from Fix Central: interim fix 10.0.0.2-WS-WatsonExplorer-AEAnalytical-IF002 or later.

  3. To install the fix, see <http://www.ibm.com/support/docview.wss?uid=swg21996334&gt;.
    Watson Explorer Analytical Components| 10.0.0.0 - 10.0.0.2| CVE-2016-3485** **|

  4. If not already installed, install V10.0 Fix Pack 2 (see the Fix Pack download document).
    If you upgrade to Version 10.0.0.2 after you update IBM Java Runtime, your changes are lost and you must repeat the steps.

  5. Download the 32-bit (or 31-bit, if you use Linux on System z) and 64-bit packages of IBM Java Runtime, Version 7 package for your edition (Enterprise or Advanced) and operating system from Fix Central: interim fix 10.0.0.2-WS-WatsonExplorer-<Edition>Analytical-<OS>[32|31]-7SR9FP60 or later. For example, 10.0.0.2-WS-WatsonExplorer-AEAnalytical-Linux-7SR9FP60 and 10.0.0.2-WS-WatsonExplorer-AEAnalytical-Linux32-7SR9FP60.

  6. To apply the fix, follow the steps in Updating IBM Java Runtime.

  7. Rename $ES_INSTALL_ROOT/lib/activation.jar
    to activation.jar.orig
    Watson Explorer Analytical Components| 10.0.0.0 - 10.0.0.2| CVE-2016-0359****|Important: Perform these steps as a Watson Explorer Analytical Components administrative user, typically esadmin.

  8. If not already installed, install V10.0 Fix Pack 2 (see the Fix Pack download document).

  9. Download the package from Fix Central: interim fix 10.0.0.2-WS-WatsonExplorer-AEAnalytical-IF002 or later and extract the contents of the fix into a temporary directory.

  10. Stop Watson Explorer Analytical Components.

  11. Overwrite the old version of esctrl.jar with the fixed version in the $ES_INSTALL_ROOT/lib directory.

  12. Remove or rename the $ES_INSTALL_ROOT/wlp directory.

  13. Extract wlp-core-embeddable-16.0.0.3.zip in the $ES_INSTALL_ROOT directory. The wlp directory is created. For example, $ unzip wlp-core-embeddable-16.0.0.3.zip -d $ES_INSTALL_ROOT

  14. Run the fix for WebSphere Application Server Liberty profile, 16003-wlp-archive-IFPI62375.jar. For example, $ java -jar 16003-wlp-archive-IFPI62375.jar --installLocation $ES_INSTALL_ROOT/wlp

  • Note: When you run the fix, use the JVM for which the major version is same as the version that is used by Watson Explorer, and the minor version is the latest minor version. For example, Java 7.0.9.60 for Watson Explorer V10.

  • Using a text editor, set the $ES_INSTALL_ROOT/configurations/interfaces/indexservice__interface.ini classpath to be:
    classpath=es.indexservice.jar,antlr-2.7.2.jar,cloudscape/lib/derbyclient.jar,cloudscape/lib/derby.jar,an_icm.jar,es.dock.jar,oze_search.jar,wlp/dev/api/spec/com.ibm.ws.javaee.servlet.3.0_1.0.14.jar,es.rdf.jar,bcprov-jdk15-1.44.jar,fontbox-1.8.8.jar,jempbox-1.8.8.jar,pdfbox-1.8.8.jar

    • The new classpath replaces:
      classpath=es.indexservice.jar,antlr-2.7.2.jar,cloudscape/lib/derbyclient.jar,cloudscape/lib/derby.jar,an_icm.jar,es.dock.jar,oze_search.jar,wlp/dev/api/spec/com.ibm.ws.javaee.servlet.3.0_1.0.1.jar,es.rdf.jar,bcprov-jdk15-1.44.jar,fontbox-1.8.8.jar,jempbox-1.8.8.jar,pdfbox-1.8.8.jar
  • After saving the changes, restart Watson Explorer Analytical Components.
    IBM Watson Explorer Foundational Components Annotation Administration Console| 10.0 - 10.0.0.2| CVE-2016-3092|

    1. If not already installed, install V10.0 Fix Pack 2 (see the Fix Pack download document).

    2. Download the package from Fix Central: interim fix 10.0.0.2-WS-WatsonExplorer-<edition>FoundationalAAC-IF002 or later.

    3. To install the fix, see <http://www.ibm.com/support/docview.wss?uid=swg21996334&gt;.
      IBM Watson Explorer Foundational Components Annotation Administration Console| 10.0 - 10.0.0.2| CVE-2016-3485
      ** **|

    4. If not already installed, install V10.0 Fix Pack 2 (see the Fix Pack download document).
      If you upgrade to Version 10.0.0.2 after you update IBM Java Runtime, your changes are lost and you must repeat the steps.

    5. Download the 32-bit and 64-bit packages of IBM Java Runtime, Version 7 for your edition (Enterprise or Advanced) and your operating system from Fix Central: 10.0.0.2-WS-WatsonExplorer-AEFoundationallAAC-<OS>[32]-7SR9FP60or later. For example, 10.0.0.2-WS-WatsonExplorer-AEFoundationalAAC-Linux-7SR9FP60 and 10.0.0.2-WS-WatsonExplorer-AEFoundationalAAC-Linux32-7SR9FP60.

    6. To apply the fix, follow the steps in Updating IBM Java Runtime.

    7. Rename $ES_INSTALL_ROOT/lib/activation.jar
      to activation.jar.orig
      IBM Watson Explorer Foundational Components Annotation Administration Console| 10.0 - 10.0.0.2| CVE-2016-0359
      ****|Important: Perform these steps as a Watson Explorer Annotation Administration Console administrative user, typically esadmin.

    8. If not already installed, install V10.0 Fix Pack 2 (see the Fix Pack download document).

    9. Download the package from Fix Central: interim fix 10.0.0.2-WS-WatsonExplorer-<edition>FoundationalAAC-IF002 or later and extract the contents of the fix into a temporary directory.

    10. Stop Watson Explorer Annotation Administration Console.

    11. Overwrite the old version of esctrl.jar with the fixed version in the $ES_INSTALL_ROOT/lib directory.

    12. Remove or rename the $ES_INSTALL_ROOT/wlp directory.

    13. Extract wlp-core-embeddable-16.0.0.3.zip in the $ES_INSTALL_ROOT directory. The wlp directory is created. For example, $ unzip wlp-core-embeddable-16.0.0.3.zip -d $ES_INSTALL_ROOT

    14. Run the fix for WebSphere Application Server Liberty profile, 16003-wlp-archive-IFPI62375.jar. For example, $ java -jar 16003-wlp-archive-IFPI62375.jar --installLocation $ES_INSTALL_ROOT/wlp

    • Note: When you run the fix, use the JVM for which the major version is same as the version that is used by Watson Explorer, and the minor version is the latest minor version. For example, Java 7.0.9.60 for Watson Explorer V10.
  • Using a text editor, set the $ES_INSTALL_ROOT/configurations/interfaces/indexservice__interface.ini classpath to be:
    classpath=es.indexservice.jar,antlr-2.7.2.jar,cloudscape/lib/derbyclient.jar,cloudscape/lib/derby.jar,an_icm.jar,es.dock.jar,oze_search.jar,wlp/dev/api/spec/com.ibm.ws.javaee.servlet.3.0_1.0.14.jar,es.rdf.jar,bcprov-jdk15-1.44.jar,fontbox-1.8.8.jar,jempbox-1.8.8.jar,pdfbox-1.8.8.jar

    • The new classpath replaces:
      classpath=es.indexservice.jar,antlr-2.7.2.jar,cloudscape/lib/derbyclient.jar,cloudscape/lib/derby.jar,an_icm.jar,es.dock.jar,oze_search.jar,wlp/dev/api/spec/com.ibm.ws.javaee.servlet.3.0_1.0.1.jar,es.rdf.jar,bcprov-jdk15-1.44.jar,fontbox-1.8.8.jar,jempbox-1.8.8.jar,pdfbox-1.8.8.jar
  • After saving the changes, restart Annotation Administration Console.
    Watson Content Analytics| 3.5.0.0 - 3.5.0.3| CVE-2016-3092
    CVE-2016-3485
    CVE-2016-0359| Upgrade to Watson Content Analytics Version 3.5.0.4. For information about this version, and links to the software and release notes, see the download document. For information about upgrading, see the upgrade procedures.
    IBM Content Analytics| 3.0.0.0 - 3.0.0.6| CVE-2016-3092|

    1. If not already installed, install V3.0 Fix Pack 6 (see the Fix Pack download document).

    2. Download the package from Fix Central: interim fix 3.0.0.6-WT-ICA-IF002.

    3. To install the fix, see <http://www.ibm.com/support/docview.wss?uid=swg21996334&gt;.
      IBM Content Analytics| 3.0.0.0 - 3.0.0.6| CVE-2016-3485
      ** **|

    4. If not already installed, install V3.0 Fix Pack 6 (see the Fix Pack download document).
      If you upgrade to Version 3.0.0.6 after you configure IBM Java Runtime, your changes are lost and you must repeat the steps.

    5. Download the 32-bit (or 31-bit, if you use Linux on System z) and 64-bit packages of IBM Java Runtime, Version 6 for your operating system from Fix Central: interim fix 3.0.0.6-WT-ICA-<OS>[32|31]-6SR16FP35 or later. For example, 3.0.0.6-WT-ICA-Linux-6SR16FP35 and 3.0.0.6-WT-ICA-Linux32-6SR16FP35.

    6. To apply the fix, follow the steps in Updating IBM Java Runtime.

    7. Rename $ES_INSTALL_ROOT/lib/activation.jar
      to activation.jar.orig
      IBM OmniFind Enterprise Edition| 9.1 - 9.1.0.5| CVE-2016-3092| Contact IBM Support.
      IBM Content Analytics| 2.2 - 2.2.0.3| CVE-2016-3092| Contact IBM Support.

Workarounds and Mitigations

None.

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

Related for 7683273D853201795DC98B316DD2C8B7DB84C63DD2868C0F87D00A09760EDC9B