Lucene search

K
ibmIBMFB560ADAD8B8B7DC96C7D8C44896E1B02161FC3E60AF0D61C67F028B73A7B908
HistoryAug 13, 2020 - 7:42 p.m.

Security Bulletin: jackson-databind (Publicly disclosed vulnerability) found in Network Performance Insight (CVE-2020-8840)

2020-08-1319:42:14
www.ibm.com
17

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

Summary

jackson-databind (Publicly disclosed vulnerability) found in Network Performance Insight (CVE-2020-8840)

Vulnerability Details

CVEID:CVE-2020-8840
**DESCRIPTION:**An unspecified error with the lack of certain xbean-reflect/JNDI blocking in FasterXML jackson-databind has an unknown impact and attack vector.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/176241 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Network Performance Insight 1.3
IBM Network Performance Insight 1.3.1

Remediation/Fixes

Fix of this vulnerability is addressed in following interim fix releases.

  1. NPI 1.3.1
    Interim Fix Name: 1.3.1.0-TIV-NPI-IF0003
    Direct Interim Fix URL: http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FTivoli%2FNetwork+Performance+Insight&fixids=1.3.1.0-TIV-NPI-IF0003

  2. NPI 1.3
    Interim Fix Name: 1.3.0.0-TIV-NPI-IF0007
    Direct Interim Fix URL: http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FTivoli%2FNetwork+Performance+Insight&fixids=1.3.0.0-TIV-NPI-IF0007&source=SAR

Workarounds and Mitigations

None

CPENameOperatorVersion
netcool operations insighteq1.3

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

Related for FB560ADAD8B8B7DC96C7D8C44896E1B02161FC3E60AF0D61C67F028B73A7B908