DigitalCIO
  • Home
  • Tech News
  • Market Insights
  • CIO Interviews
  • Events and Conferences
  • Opinion and Analysis
  • Resources
No Result
View All Result
DigitalCIO
  • Home
  • Tech News
  • Market Insights
  • CIO Interviews
  • Events and Conferences
  • Opinion and Analysis
  • Resources
No Result
View All Result
Digitalcio
No Result
View All Result
Home Archive

Five Vulnerabilities That Affected IBM Watson Explorer and Content Analytics

DigitalCIO Bureau by DigitalCIO Bureau
March 19, 2019
in Archive
0
74
SHARES
1.2k
VIEWS
Share on FacebookShare on Twitter

Recently, five vulnerabilities affected Watson Explorer and Content Analytics meant for IBM Watson. Read on to know more about the vulnerabilities…

Recently, five vulnerabilities affected Watson Explorer and Content Analytics meant for IBM Watson. IBM announced fixes for five flaws in Java runtime that leave multiple versions of Watson Explorer and IBM Watson Content Analytics vulnerable to various attacks.

Watson, IBM’s trademark Artificial Intelligence (AI) system, was found to be riddled with critical security vulnerabilities in its platform. The bugs were identified in the IBM Runtime Environment Java Technology Edition, which is used by Watson Explorer and Content Analytics. IBM has addressed the five vulnerabilities by providing a fix to all the affected components.

The Vulnerabilities
IBM’s Product Security Incident Response Team (PSIRT) has posted an alert about the “high severity” bugs affecting various Watson analytics products, consoles, and the content analytics studio. The most severe flaw, CVE-2018-2602, was actually addressed in Oracle’s January 2018 critical-patch update, and then originally patched in an update IBM released in March 2018. IBM updated the advisory throughout the year with information about fixes for additional Watson products and components.

The advisory notes that the Java bug is “difficult to exploit” but allows an “unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit”. “Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit.”

IBM’s PSIRT also put out an alert for a high-severity flaw affecting the IBM Decision Optimization Center, which uses the IBM SDK Java and IBM Runtime Environment Java versions 7 and 8. These are affected by two bugs.

One the two bugs, CVE-2018-12547, is a severe buffer overflow affecting the open-source Eclipse OpenJ9 Java virtual machine. It has a CVSS 3.0 base score of 9.8 out of a possible 10 and could allow a remote attacker to execute arbitrary code on the system or crash an application. “The recommended solution is to download and install the IBM Java SDK as soon as practicable,” IBM notes in its advisory, adding that there are no workarounds or mitigations.

That same OpenJ9 Java bug also affects the IBM Runtime Environment Java used in the IBM CPLEX Optimization Studio and IBM CPLEX Enterprise Server releases 12.9 and earlier. The CPLEX product updates also address a Java SE flaw, CVE-2019-2426, which Oracle patched in January, and a locally exploitable flaw in the IBM SDK, Java Technology Edition Version 8 on the AIX platform.

Other products affected by the trio of bugs include IBM SDK, Java Technology Edition, Version 7 Service Refresh 10 Fix Pack 35 and earlier releases, and IBM SDK, Java Technology Edition, Version 8 Service Refresh 5 Fix Pack 27 and earlier releases.

Each of the flaws can be patched up by getting the latest version of the Java Runtime. Admins are advised to test and install the patch as soon as possible.

Share30Tweet19
DigitalCIO Bureau

DigitalCIO Bureau

Recommended For You

Data Recovery Experts Expand their Cloud and Security Skills at VeeamON Tour India

by DigitalCIO Bureau
September 1, 2023
0
Data Recovery Experts Expand their Cloud and Security Skills at VeeamON Tour India

Veeam Software flagged off its highly anticipated VeeamON Tour India 2023 in Mumbai today, delivering a rich experience to over 600 registrants. This month-long tour comes as an...

Read more

Dell Technologies Announces Intent to Acquire Moogsoft

by DigitalCIO Bureau
August 20, 2023
0
Dell Technologies Announces Intent to Acquire Moogsoft

Dell Technologies (NYSE: DELL) announced it has signed a definitive agreement to acquire Moogsoft, an AI-driven provider of intelligent monitoring solutions that support DevOps and ITOps.This transaction will further enhance...

Read more

Government Technology Agency of Singapore concludes third HackerOne bug bounty programme

by DigitalCIO Bureau
August 20, 2023
0

GovTech Singapore resolved 33 security weaknesses and awarded global hacker community over US$30,800 for contributing to a more secure and resilient smart nation HackerOne and Singapore's Government Technology...

Read more

XProtect(R) on Amazon Web Services Now Available in AWS Marketplace

by DigitalCIO Bureau
August 20, 2023
0

Customers with a cloud-first strategy and those looking for a hybrid VMS solution can now deploy a pre-configured XProtect as an elastic solution available globally with high flexibility...

Read more

OurCrowd Pandemic Innovation Conference to host global leaders, startups and investors online

by DigitalCIO Bureau
August 20, 2023
0

June 22 forum features tech solutions to global crisis, $100m OurCrowd Pandemic Innovation Fund OurCrowd will host the OurCrowd Pandemic Innovation Conference on June 22 to explore the...

Read more
Next Post

Aditya Khullar appointed as OYO’s cyber security head

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Related News

Significance of Random Numbers in Cryptography

September 20, 2019
Pega Infuses AI into Pega Smart Dispute to Streamline Chargeback Processes

Pega Infuses AI into Pega Smart Dispute to Streamline Chargeback Processes

September 27, 2023

Reliance Jio, Guavus partner on AI-powered analytics

August 23, 2019

Browse by Category

  • Acquisition
  • Appointment
  • Archive
  • Artificial Intelligence
  • CIO Interviews
  • Cloud
  • Datacenter
  • Events and Conferences
  • Market Insights
  • News
  • Opinion and Analysis
  • Products
  • Resources
  • Security
  • Storage
  • Tech News
  • Telecom
Digitalcio

Welcome to DigitalCIO, your ultimate source for staying ahead in the ever-evolving world of technology and business.

CATEGORIES

  • Tech News
  • Market Insights
  • CIO Interviews
  • Events and Conferences
  • Opinion and Analysis
  • Resources
  • Archive

BROWSE BY TAG

Acquisition AI Amazon Web Services Appointment artificial intelligence Artificial Intelligence and Machine Learning AWS Big Data and Analytics Blockchain CISCO Cloud Cloud Computing Commvault CrowdStrike Customer Experience Cybersecurity Danny Allan Dell Technologies DigiCert Digital Transformation E-books Fortinet Gartner GenAI Generative AI IBM IDC Infographics Infosys Internet of Things (IoT) Microsoft Netskope New Relic Panel Discussion ransomware Salesforce SAP SonicWall Sophos Tenable Trend Micro Veeam Software Vertiv Webinars Whitepaper

NAVIGATION

  • Home
  • About Us
  • Advertise with Us
  • Contact Us

© 2023 digitalcio.in - All rights reserved.

No Result
View All Result
  • Home
  • Tech News
  • Market Insights
  • CIO Interviews
  • Events and Conferences
  • Opinion and Analysis
  • Resources

© 2023 digitalcio.in - All rights reserved.

Are you sure want to unlock this post?
Unlock left : 0
Are you sure want to cancel subscription?