Lucene search

K
ibmIBMB3DD0049FD7B99420B4A63E0C41797B3151DBE19CEAF6FF15A08AD1D83EE117F
HistoryJun 11, 2020 - 4:12 p.m.

Security Bulletin: IBM Event Streams is affected by jackson-databind vulnerability CVE-2019-20330

2020-06-1116:12:23
www.ibm.com
6

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

Summary

IBM Event Streams has addressed the following vulnerability

Vulnerability Details

CVEID:CVE-2019-20330
**DESCRIPTION:**A lacking of certain net.sf.ehcache blocking in FasterXML jackson-databind has an unknown impact and attack vector.
CVSS Base score: 7.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/173897 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Event Streams 2019.2.1

IBM Event Streams in IBM Cloud Pak for Integration

|

2019.2.2

IBM Event Streams in IBM Cloud Pak for Integration

|

2019.2.3

IBM Event Streams

|

2019.4.1

IBM Event Streams in IBM Cloud Pak for Integration

| 2019.4.1

Remediation/Fixes

Upgrade from IBM Event Streams 2019.2.1 to IBM Event Streams 2019.4.1 by downloading IBM Event Streams 2019.4.1 from IBM Passport Advantage.

Upgrade from IBM Event Streams 2019.4.1 to the latest Fix Pack.

Upgrade IBM Event Streams 2019.2.2, IBM Event Streams 2019.2.3 and IBM Event Streams 2019.4.1 in IBM Cloud Pak for Integration by downloading IBM Event Streams 2019.4.2 in IBM Cloud Pak for Integration 2020.2.1 from IBM Passport Advantage.

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm event streamseqany

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

Related for B3DD0049FD7B99420B4A63E0C41797B3151DBE19CEAF6FF15A08AD1D83EE117F