Bad cup of Java leaves nasty taste in IBM Watson's 'AI' mouth: Five security bugs to splat in analytics gear

www.theregister.co.uk | 3/18/2019 | Staff
morica (Posted by) Level 3
Click For Photo: https://regmedia.co.uk/2015/07/13/java_78967893456.jpg

IBM has issued a security alert over five vulnerabilities in its golden boy Watson analytics system.

Big Blue has issued an update today to clean up a series of security flaws in Watson that stem from the analytics system's use of Java components. The bugs are present in installations of Watson Explorer and IBM Watson Content Analytics.

IBM - Vulnerabilities - Update - Information - Disclosure

In total, IBM says, five CVE-listed vulnerabilities are cleared up by the latest update, ranging from information disclosure flaws to remote takeover vulnerabilities.

The most serious of the five bugs is CVE-2018-2633, a flaw in Java SE, Java SE Embedded, and JRockit JNDI that can allow an attacker with local network access to remotely take control of the targeted box. While details of the flaw were not given, the exploit is said to require user interaction.

Attacks - Interaction - Person - Attacker - Vulnerability

"Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products," the CVE summary of the bug reads.

"Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit"

IBM - Notes - Flaw - Attacker - Watson

While IBM notes that while the flaw is particularly difficult for an attacker to exploit, Watson boxes are a particularly valuable target, so admins would be wise to address the bugs post-haste.

Another flaw, CVE-2018-2603, would allow an attacker to crash the targeted...
(Excerpt) Read more at: www.theregister.co.uk
Wake Up To Breaking News!
Sign In or Register to comment.

Welcome to Long Room!

Where The World Finds Its News!