Lucene search

K
ibmIBM91B181A3765BA5AC59622A34045F89215C7475BB60CF9A06E6B6723BC1B78729
HistoryOct 07, 2020 - 4:01 p.m.

Security Bulletin: IBM Security Guardium is affected by a jackson-databind vulnerability

2020-10-0716:01:27
www.ibm.com
18

EPSS

0.001

Percentile

45.6%

Summary

IBM Security Guardium has addressed the following vulnerability

Vulnerability Details

CVEID:CVE-2019-14439
**DESCRIPTION:**A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2. This occurs when Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the logback jar in the classpath.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/164744 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Security Guardium 11.0

Remediation/Fixes

Workarounds and Mitigations

Product

|

VRMF

|

Remediation / First Fix

β€”|β€”|β€”
IBM Security Guardium| 11.0| http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Secur…

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm security guardiumeq11.0