Lucene search

K
ibmIBM620DEEE8E25F410CD7D5D914617F8424D18C6FBA60049459E6DDEF27E51FE74C
HistoryJun 12, 2019 - 11:40 p.m.

Security Bulletin: Vulnerability affects IBM Cloud Object Storage SDK Java (June 2019)

2019-06-1223:40:01
www.ibm.com
6

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

Summary

Vulnerability affects IBM Cloud Object Storage SDK Java. It has been addressed in the latest SDK Java release.

Vulnerability Details

CVE-ID: CVE-2019-12086
Description: FasterXML jackson-databind could allow a remote attacker to obtain sensitive information, caused by a Polymorphic Typing issue that occurs due to missing com.mysql.cj.jdbc.admin.MiniAdmin validation. By sending a specially-crafted JSON message, a remote attacker could exploit this vulnerability to read arbitrary local files on the server.
CVSS Base Score: 5.3
CVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/161256&gt; for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

Affected Products and Versions

CVE-ID Affected SDK Releases
CVE-2019-12086 IBM COS SDK Java releases prior to 2.5.0

Remediation/Fixes

IBM COS SDK Releases Link to Fix / Fix Availability Target
SDK Java 2.5.0

https://github.com/IBM/ibm-cos-sdk-java/tree/2.5.0

CPENameOperatorVersion
ibm cloud object storage systemeq2.5.0

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

Related for 620DEEE8E25F410CD7D5D914617F8424D18C6FBA60049459E6DDEF27E51FE74C