logo
DATABASE RESOURCES PRICING ABOUT US

Security Bulletin: FasterXML Vulnerability in Jackson-Databind Affects IBM Sterling Connect:Direct File Agent (CVE-2018-7489)

Description

## Summary There is a vulnerability in FasterXML jackson-databind used by IBM Sterling Connect:Direct File Agent. IBM Sterling Connect:Direct File Agent has addressed the applicable CVE. ## Vulnerability Details ** CVEID: **[CVE-2018-7489](<https://vulners.com/cve/CVE-2018-7489>) ** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by a deserialization flaw in the readValue method of the ObjectMapper. By sending specially crafted JSON input, an attacker could exploit this vulnerability to execute arbitrary code on the system. CVSS Base score: 7.3 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/139549](<https://exchange.xforce.ibmcloud.com/vulnerabilities/139549>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) ## Affected Products and Versions Affected Product(s)| Version(s) ---|--- Sterling Connect Direct File Agent| 1.4.0.0 - 1.4.0.2_iFix007 ## Remediation/Fixes Affected Product(s)| Version(s)| APAR| Remediation / First Fix ---|---|---|--- Sterling Connect Direct File Agent| 1.4| [IT37680](<https://www.ibm.com/support/pages/apar/IT37680> "IT37680" )| Apply [1.4.0.2_iFix008](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software&product=ibm/Other+software/Sterling+Connect%3ADirect+File+Agent&release=1.4.0.2&platform=All&function=aparId&apars=IT37680> "1.4.0.2_iFix008" ) or later, available on Fix Central For unsupported versions IBM recommends upgrading to a fixed, supported version of the product. ## Workarounds and Mitigations None ##


Affected Software


CPE Name Name Version
sterling connect:direct file agent 1.4

Related