IBMF41988385D45F475145B048B672DF383037CD646E86362F3924DD8EEF062F9B7Security Bulletin: Vulnerability in IBM Java Runtime affects Watson Explorer (CVE-2020-14797)
3.7 Low
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
Summary
There is a vulnerability in IBM® Runtime Environment Java™ Version 8 and Version 7 used by Watson Explorer. Watson Explorer has addressed the applicable CVE.
Vulnerability Details
CVEID:CVE-2020-14797
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/190115 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM Watson Explorer Deep Analytics Edition Foundational Components |
12.0.0.0,
12.0.1,
12.0.2.0 - 12.0.2.2,
12.0.3.0 - 12.0.3.4
IBM Watson Explorer Deep Analytics Edition Analytical Components|
12.0.0.0,
12.0.1,
12.0.2.0 - 12.0.2.2,
12.0.3.0 - 12.0.3.4
IBM Watson Explorer Deep Analytics Edition oneWEX|
12.0.0.0, 12.0.0.1
12.0.1,
12.0.2.0 - 12.0.2.2,
12.0.3.0 - 12.0.3.4
IBM Watson Explorer Foundational Components| 11.0.0.0 - 11.0.0.3,
11.0.1,
11.0.2.0 - 11.0.2.8
IBM Watson Explorer Foundational Components| 10.0.0.0 - 10.0.0.9
IBM Watson Explorer Foundational Components Annotation Administration Console|
12.0.0.0, 12.0.1,
12.0.2.0 - 12.0.2.2,
12.0.3.0 - 12.0.3.4
IBM Watson Explorer Foundational Components Annotation Administration Console| 11.0 - 11.0.0.3,
11.0.1, 11.0.2.0 - 11.0.2.8
IBM Watson Explorer Foundational Components Annotation Administration Console| 10.0 - 10.0.0.6
Watson Explorer Analytical Components| 11.0 - 11.0.0.3,
11.0.1,
11.0.2.0 - 11.0.2.8
Watson Explorer Analytical Components| 10.0 - 10.0.0.2
Remediation/Fixes
| Affected Produc****t | Affected Versions | Required IBM Java Runtime | How to acquire and apply the fix |
|---|---|---|---|
| IBM Watson Explorer DAE | |||
| Foundational Components | 12.0.0.0, 12.0.1, 12.0.2 - 12.0.2.2, 12.0.3 - 12.0.3.4 | JVM 8 SR6 FP20 or later |
Upgrade to Version 12.0.3.5.
See Watson Explorer Version 12.0.3.5 Foundational Components for download information and instructions.
IBM Watson Explorer DAE
Analytical Components| 12.0.0.0, 12.0.1, 12.0.2 - 12.0.2.2, 12.0.3 - 12.0.3.4| JVM 8 SR6 FP20 or later|
Upgrade to Version 12.0.3.5.
See Watson Explorer Version 12.0.3.5 Analytical Components for download information and instructions.
IBM Watson Explorer DAE
oneWEX| 12.0.0.0, 12.0.0.1, 12.0.2 - 12.0.2.2, 12.0.3 - 12.0.3.4| JVM 8 SR6 FP20 or later|
Upgrade to Version 12.0.3.5.
See Watson Explorer Version 12.0.3.5 oneWEX for download information and instructions.
IBM Watson Explorer
Foundational Components| 11.0 - 11.0.0.3,
11.0.1,
11.0.2 -
11.0.2.8| JVM 8 SR6 FP20 or later|
Upgrade to Version 11.0.2.9.
See Watson Explorer Version 11.0.2.9 Foundational Components for download information and instructions.
IBM Watson Explorer Foundational Components| 10.0 - 10.0.0.9| JVM 8 SR6 FP20 or later|
Upgrade to Version 10.0.0.10.
See Watson Explorer Version 10.0.0.10 Foundational Components for download information and instructions.
IBM Watson Explorer Foundational Components Annotation Administration Console|
12.0.0.0, 12.0.1, 12.0.2 - 12.0.2.2, 12.0.3 - 12.0.3.4
| JVM 8 SR6 FP20 or later|
Upgrade to Version 12.0.3.5.
See Watson Explorer Version 12.0.3.5 Foundational Components for download information and instructions.
IBM Watson Explorer Foundational Components Annotation Administration Console| 11.0 - 11.0.0.3,
11.0.1,
11.0.2, 11.0.2.1 -
11.0.2.8| JVM 8 SR6 FP20 or later|
Upgrade to Version 11.0.2.9.
See Watson Explorer Version 11.0.2.9 Foundational Components for download information and instructions.
IBM Watson Explorer Foundational Components Annotation Administration Console| 10.0 - 10.0.0.6| JVM 8 SR6 FP20 or later|
- If you have not already installed, install V10.0 Fix Pack 6 (see the Fix Pack download document). If you upgrade to Version 10.0.0.6 after you update IBM Java Runtime, your changes are lost and you must repeat the steps.
- If you have not upgraded IBM Java Runtime from Version 7 to Version 8, download the 32-bit (or 31-bit, if you use Linux on System z) and 64-bit packages of IBM Java Runtime, Version 8 package for your edition (Enterprise or Advanced) and operating system from Fix Central: interim fix 10.0.0.6-WS-WatsonExplorer-<Edition>FoundationalAAC-<OS>-8SR6FP1****0(for example, 10.0.0.6-WS-WatsonExplorer-AEFoundationalAAC-Linux-8SR6FP10, which includes 64-bit version of IBM Java Runtime). Follow the steps in Updating WebSphere Liberty and IBM Java Runtime used in IBM Watson Explorer Analytical Components to upgrade IBM Java Runtime from Version 7 to Version 8.
- Download the 32-bit and 64-bit packages of IBM Java Runtime, Version 8 package for your edition (Enterprise or Advanced) and operating system from Fix Central: interim fix 10.0.0.6-WS-WatsonExplorer-<Edition>FoundationalAAC-<OS>-8SR6FP25or later (for example, 10.0.0.6-WS-WatsonExplorer-AEFoundationalAAC-Linux-8SR6FP25, which includes 64-bit version of IBM Java Runtime).
- To apply the fix, follow the steps in Updating IBM Java Runtime.
IBM Watson Explorer Analytical Components| 11.0 - 11.0.0.3,
11.0.1,
11.0.2, 11.0.2.1 -
11.0.2.8| JVM 8 SR6 FP20 or later|
Upgrade to Version 11.0.2.9.
See Watson Explorer Version 11.0.2.9 Analytical Components for download information and instructions.
IBM Watson Explorer Analytical Components| 10.0 - 10.0.0.2| JVM 8 SR6 FP20 or later|
- If you have not already installed, install V10.0 Fix Pack 2 (see the Fix Pack download document). If you upgrade to Version 10.0.0.2 after you update IBM Java Runtime, your changes are lost and you must repeat the steps.
- If you have not upgraded IBM Java Runtime from Version 7 to Version 8, download the 32-bit (or 31-bit, if you use Linux on System z) and 64-bit packages of IBM Java Runtime, Version 8 package for your edition (Enterprise or Advanced) and operating system from Fix Central: interim fix 10.0.0.2-WS-WatsonExplorer-<Edition>Analytical-<OS>[32|31]-8SR6FP10(for example, 10.0.0.2-WS-WatsonExplorer-AEAnalytical-Linux-8SR6FP10, which includes 64-bit version of IBM Java Runtime). Follow the steps in Updating WebSphere Liberty and IBM Java Runtime used in IBM Watson Explorer Analytical Components to upgrade IBM Java Runtime from Version 7 to Version 8.
- Download the 32-bit (or 31-bit, if you use Linux on System z) and 64-bit packages of IBM Java Runtime, Version 8 package for your edition (Enterprise or Advanced) and operating system from Fix Central: interim fix 10.0.0.2-WS-WatsonExplorer-<Edition>Analytical-<OS>[32|31]-8SR6FP25or later (for example, 10.0.0.2-WS-WatsonExplorer-AEAnalytical-Linux-8SR6FP25, which includes 64-bit version of IBM Java Runtime).
- To apply the fix, follow the steps in Updating IBM Java Runtime.
Workarounds and Mitigations
None
Related
3.7 Low
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N