home.aspx
 
. https://www.zdnet.com/article/ibm-patch-these-critical-java-openj9-java-bugs-in-watson-analytics-products/
blog article
IBM: PATCH THESE CRITICAL JAVA, OPENJ9 JAVA BUGS IN WATSON, ANALYTICS PRODUCTS
IBM has announced fixes for five flaws in Java runtime that leave multiple versions of Watson Explorer and IBM Watson Content Analytics vulnerable to various attacks. The company's product security incident response team (PSIRT) has posted an alert about the "high severity" bugs affecting various Watson analytics products, consoles, and the content analytics studio. The most severe flaw, CVE-2018-2602, was actually addressed in Oracle's January 2018 critical-patch update, and then originally patched in an update IBM released in March 2018. IBM updated the advisory throughout the year with information about fixes for additional Watson products and components. The advisory notes that the Java bug is "difficult to exploit" but allows an "unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit"."Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit. LIAM TUNG READ MORE