Lucene search

K
ibmIBM7919E76DC5CE31A56A0E93B591BD3CB39E66143F03461956DE710B67CE8915A2
HistoryApr 14, 2020 - 1:31 p.m.

Security Bulletin: Vulnerability in FasterXML Jackson libraries affect IBM Cúram Social Program Management (CVE-2019-20330)

2020-04-1413:31:42
www.ibm.com
6

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

Summary

IBM Cúram Social Program Management uses the FasterXML Jackson libraries, for which there is a publicly known vulnerability. For this vulnerability FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.ehcache blocking.

Vulnerability Details

CVEID:CVE-2019-20330
**DESCRIPTION:**A lacking of certain net.sf.ehcache blocking in FasterXML jackson-databind has an unknown impact and attack vector.
CVSS Base score: 7.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/173897 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Affected Products and Versions

Affected Product(s) Version(s)
Curam SPM 7.0.5.0 - 7.0.9
Curam SPM 7.0.0.0 - 7.0.4.4

Remediation/Fixes

Product VRMF Remediation/First Fix
Cúram SPM

7.0.10

| Visit IBM Fix Central and upgrade to 7.0.10 or a subsequent 7.0.10 release.
Cúram SPM|

7.0.4.4

| Visit IBM Fix Central and upgrade to 7.0.4.4_iFix2 or a subsequent 7.0.4 release.

Workarounds and Mitigations

For information about all other versions, contact IBM Cúram Social Program Management customer support.

CPENameOperatorVersion
cúram social program managementeqany

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

Related for 7919E76DC5CE31A56A0E93B591BD3CB39E66143F03461956DE710B67CE8915A2