Lucene search

K
ibmIBMBA52B3AF65440148334C9734035B65F3CECB36A8D91122A0BF7EEA75DD6FF353
HistoryDec 20, 2019 - 8:47 a.m.

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in FasterXML jackson-databind

2019-12-2008:47:33
www.ibm.com
12
ibm watson discovery
cloud pak for data
vulnerability
fasterxml jackson-databind
polymorphic typing
cve-2019-17267
cvss
upgrade

EPSS

0.014

Percentile

86.6%

Summary

IBM Watson Discovery for IBM Cloud Pak for Data ships with versions of FasterXML jackson-databind vulnerable to serialization gadgets.

Vulnerability Details

CVEID:CVE-2019-17267
**DESCRIPTION:**A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to net.sf.ehcache.hibernate.EhcacheJtaTransactionManagerLookup.
CVSS Base score: 7.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/168514 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Affected Products and Versions

Affected Product(s) Version(s)
ICP - Discovery 2.0.0-2.0.1

Remediation/Fixes

Upgrade to IBM Watson Discovery 2.1

Workarounds and Mitigations

None