There is a vulnerability in FasterXML jackson-databind used by IBM Sterling Connect:Direct File Agent. IBM Sterling Connect:Direct File Agent has addressed the applicable CVE.
CVEID:CVE-2018-7489
**DESCRIPTION:**FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by a deserialization flaw in the readValue method of the ObjectMapper. By sending specially crafted JSON input, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 7.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/139549 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Affected Product(s) | Version(s) |
---|---|
Sterling Connect Direct File Agent | 1.4.0.0 - 1.4.0.2_iFix007 |
Affected Product(s) | Version(s) | APAR | Remediation / First Fix |
---|---|---|---|
Sterling Connect Direct File Agent | 1.4 | IT37680 | Apply 1.4.0.2_iFix008 or later, available on Fix Central |
For unsupported versions IBM recommends upgrading to a fixed, supported version of the product. |
None