Bad cup of Java leaves nasty taste in IBM Watson’s ‘AI’ mouth: Five security bugs to splat in analytics gear

Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India

Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan

Credits: The Register

IBM has issued a security alert over five vulnerabilities in its golden boy Watson analytics system.

Big Blue has issued an update today to clean up a series of security flaws in Watson that stem from the analytics system’s use of Java components. The bugs are present in installations of Watson Explorer and IBM Watson Content Analytics.

In total, IBM says, five CVE-listed vulnerabilities are cleared up by the latest update, ranging from information disclosure flaws to remote takeover vulnerabilities.

The most serious of the five bugs is CVE-2018-2633, a flaw in Java SE, Java SE Embedded, and JRockit JNDI that can allow an attacker with local network access to remotely take control of the targeted box. While details of the flaw were not given, the exploit is said to require user interaction.

“Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products,” the CVE summary of the bug reads.

“Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit”

While IBM notes that while the flaw is particularly difficult for an attacker to exploit, Watson boxes are a particularly valuable target, so admins would be wise to address the bugs post-haste.

Another flaw, CVE-2018-2603, would allow an attacker to crash the targeted Watson system by initiating a denial of service attack. Unlike the remote takeover bug, this flaw can be more easily exploited by an attacker with local network access, but annoyingly Big Blue was skimpy on details of what made this so.

“Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit,” the summary reads.

“Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit.”

The remaining three flaws, CVE-2018-2579, CVE-2018-2588, and CVE-2018-2602, all relate to information disclosure flaws. All of those three would allow an attacker to potentially retrieve sensitive information from the target machine, though Big Blue held off on saying exactly how the flaws were exploited.

Each of the flaws can be patched up by getting the latest version of the Java Runtime. Admins are advised to test and install the patch as soon as possible.

www.extremehacking.org

Sadik Shaikh | Cyber Suraksha Abhiyan, Ethical Hacking Training Institute, CEHv10,CHFI,ECSAv10,CAST,ENSA, CCNA, CCNA SECURITY,MCITP,RHCE,CHECKPOINT, ASA FIREWALL,VMWARE,CLOUD,ANDROID,IPHONE,NETWORKING HARDWARE,TRAINING INSTITUTE IN PUNE, Certified Ethical Hacking,Center For Advanced Security Training in India, ceh v10 course in Pune-India, ceh certification in pune-India, ceh v10 training in Pune-India, Ethical Hacking Course in Pune-India

The post Bad cup of Java leaves nasty taste in IBM Watson’s ‘AI’ mouth: Five security bugs to splat in analytics gear appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.



from Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity https://ift.tt/2TW0fA1

Comments