Lucene search

K
ibmIBM3685B92248F5EF5F87E22332608BA77B6E0CBEC5E65184E9ED006251D92D1762
HistoryDec 19, 2019 - 3:11 p.m.

Security Bulletin: IBM Security Guardium is affected by a jackson-databind vulnerabilities

2019-12-1915:11:32
www.ibm.com
14

EPSS

0.006

Percentile

79.1%

Summary

IBM Security Guardium has addressed the following vulnerabilities.

Vulnerability Details

CVEID: CVE-2019-14379 DESCRIPTION: FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the SubTypeValidator.java. An attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base Score: 9.8
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/165286&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

Affected IBM Security Guardium

|

Affected Versions

—|—
IBM Security Guardium | 11.0

Remediation/Fixes

Product

|

VRMF

|

Remediation / First Fix

—|—|—
IBM Security Guardium | 11.0 | http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM Security&amp;product=ibm/Information+Management/InfoSphere+Guardium&amp;release=11.0&amp;platform=All&amp;function=fixId&amp;fixids=SqlGuard_11.0p12_Bundle_Nov-05-2019&amp;includeSupersedes=0&amp;source=fc

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm security guardiumeq11.0