Lucene search
K

89 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2023/12/21 5:25 p.m.30 views

Security Bulletin: IBM Storage Fusion may be vulnerable to denial of service due to jackson-databind, okio (CVE-2022-42003, CVE-2023-35116, CVE-2023-3635)

Summary Java libraries jackson-databind and okio are used by IBM Storage Fusion for logging. Vulnerabilities in these libraries could lead to Denial of Service as described the the CVEs listed in the "Vulnerability Details" section. Vulnerability Details CVEID:CVE-2022-42003 DESCRIPTION: FasterXM...

7.5CVSS6.7AI score0.02706EPSS
Exploits3Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/12/11 12:0 a.m.37 views

Atlassian Jira Service Management Data Center and Server 4.20.x < 4.20.27 / 5.4.x < 5.4.11 (JSDSERVER-14751)

The version of Atlassian Jira Service Management Data Center and Server Jira Service Desk running on the remote host is affected by a vulnerability as referenced in the JSDSERVER-14751 advisory. - In FasterXML jackson-databind before 2.14.0-rc1, resource exhaustion can occur because of a lack of ...

7.5CVSS6.7AI score0.02706EPSS
Exploits2References2
IBM Security Bulletins
IBM Security Bulletins
added 2023/11/20 8:1 p.m.34 views

Security Bulletin: IBM Sterling B2B Integrator affected by FasterXML Jackson-data vulnerabilities (CVE-2022-42003, CVE-2022-42004)

Summary IBM Sterling B2B Integrator uses FasterXML Jackson-databind. Vulnerability Details CVEID: CVE-2022-42004 DESCRIPTION: FasterXML jackson-databind is vulnerable to a denial of service, caused by a lack of a check in in the BeanDeserializer.deserializeFromArray function. By sending a...

7.5CVSS6.7AI score0.02706EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/10/04 10:28 a.m.39 views

Security Bulletin: IBM Jazz Reporting Service is vulnerable to CVE-2022-42003 and CVE-2022-42004 per jackson-databind dependency

Summary There are two vulnerabilities in jackson-databind used by IBM Jazz Reporting Service. IBM has addressed the relevant CVEs CVE-2022-42003, CVE-2022-42004 Vulnerability Details CVEID:CVE-2022-42004 DESCRIPTION: FasterXML jackson-databind is vulnerable to a denial of service, caused by a lac...

7.5CVSS7.6AI score0.02706EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/10/04 7:59 a.m.38 views

Security Bulletin: Multiple vulnerabilities has been identified in FasterXML jackson-databind affect IBM Engineering Lifecycle Optimization - Publishing

Summary A security vulnerability has been identified in FasterXML jackson-databind affect IBM Engineering Lifecycle Optimization - Publishing. Information about a security vulnerability affecting jackson-databind has been published in a security bulletin. Vulnerability Details CVEID:CVE-2021-4687...

7.5CVSS6.8AI score0.0486EPSS
Exploits5Affected Software1
F5 Networks
F5 Networks
added 2023/08/15 4:54 p.m.39 views

K000135852: FasterXML jackson-databind vulnerability CVE-2022-42003

Security Advisory Description In FasterXML jackson-databind before 2.14.0-rc1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAPSINGLEVALUEARRAYS feature is enabled. Additional fix version in 2.13.4.1 a...

7.5CVSS7.1AI score0.02706EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/07/24 8:43 a.m.38 views

Security Bulletin: IBM App Connect for Manufacturing is vulnerable to a denial of service due to FasterXML jackson-databind (CVE-2022-42004, CVE-2022-42003)

Summary IBM App Connect for Manufacturing is vulnerable to a denial of service due to FasterXML jackson-databind CVE-2022-42004, CVE-2022-42003 Vulnerability Details CVEID:CVE-2022-42004 DESCRIPTION: FasterXML jackson-databind is vulnerable to a denial of service, caused by a lack of a check in i...

7.5CVSS7.3AI score0.02706EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/07/21 12:39 p.m.46 views

Security Bulletin: IBM Sterling Global Mailbox is vulnerable to denial of service due to FasterXML jackson-databind (CVE-2022-42003)

Summary Security vulnerability have been Identified and addressed in FasterXML jackson-databind library shipped with IBM Sterling Global Mailbox. Vulnerability Details CVEID:CVE-2022-42003 DESCRIPTION: FasterXML jackson-databind is vulnerable to a denial of service, caused by a lack of a check in...

7.5CVSS7.6AI score0.02706EPSS
Exploits2Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/07/21 12:0 a.m.31 views

Oracle Application Testing Suite (Jul 2023 CPU)

The version of Oracle Application Testing Suite installed on the remote host is affected by multiple vulnerabilities as referenced in the July 2023 CPU advisory: - Vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager component: Load Testing for Web Apps Apach...

9.8CVSS7.2AI score0.66537EPSS
Exploits4References5
Tenable Nessus
Tenable Nessus
added 2023/07/06 12:0 a.m.345 views

Oracle Global Lifecycle Management (OPatch) (Jan 2023 CPU)

The installation of Oracle Global Lifecycle Management OPatch installed on the remote host is affected by multiple vulnerabilities as referenced in the January 2023 CPU advisory. - Vulnerability in the Oracle Global Lifecycle Management NextGen OUI Framework product of Oracle Fusion Middleware...

9.8CVSS6.6AI score0.03571EPSS
Exploits3References5
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/22 6:28 p.m.39 views

Security Bulletin: IBM Storage Protect Server is vulnerable to denial of service due to FasterXML jackson-databind (CVE-2022-42004, CVE-2022-42003)

Summary FasterXML jackson-databind is used by IBM Storage Protect Server and may be affected by this vulnerability. Vulnerability Details CVEID:CVE-2022-42004 DESCRIPTION: FasterXML jackson-databind is vulnerable to a denial of service, caused by a lack of a check in in the...

7.5CVSS7.4AI score0.02706EPSS
Exploits3Affected Software1
RedHat Linux
RedHat Linux
added 2023/06/15 3:23 p.m.62 views

Important: Red Hat Security Advisory: Red Hat Integration Camel for Spring Boot 3.18.3 Patch 2 release

Camel for Spring Boot 3.18.3 Patch 2 release and security update is now available. Red Hat Product Security has rated this update as having an impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...

9.8CVSS6.8AI score0.19653EPSS
Exploits16References18
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/31 11:38 p.m.49 views

Security Bulletin: There are several vulnerabilities in jackson-databind used by IBM Maximo Asset Management (CVE-2022-42003, CVE-2022-42004, CVE-2020-36518)

Summary There are several vulnerabilities in jackson-databind used by IBM Maximo Asset Management. Vulnerability Details CVEID:CVE-2022-42003 DESCRIPTION: FasterXML jackson-databind is vulnerable to a denial of service, caused by a lack of a check in the primitive value deserializers when the...

7.5CVSS7.8AI score0.0486EPSS
Exploits4Affected Software11
RedHat Linux
RedHat Linux
added 2023/05/18 9:54 a.m.86 views

Important: Red Hat Security Advisory: Red Hat AMQ Streams 2.4.0 release and security update

Red Hat AMQ Streams 2.4.0 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

9.8CVSS6.8AI score0.95302EPSS
Exploits17References17
Rockylinux
Rockylinux
added 2023/05/05 3:39 p.m.111 views

Satellite 6.13 Release

An update is available for libdb. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Rocky Enterprise Software Foundation Satellite is a systems management tool for...

9.8CVSS8.2AI score0.99931EPSS
Exploits65
RedHat Linux
RedHat Linux
added 2023/05/03 3:54 p.m.496 views

Important: Red Hat Security Advisory: Satellite 6.13 Release

An update is now available for Red Hat Satellite 6.13. The release contains a new version of Satellite and important security fixes for various components. Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring ...

9.8CVSS7.6AI score0.99931EPSS
Exploits66References263
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/03 2:15 p.m.50 views

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in FasterXML jackson-databind (CVE-2022-42003)

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in FasterXML jackson-databind caused by a lack of a check in the primitive value deserializers when the UNWRAPSINGLEVALUEARRAYS feature is enabled. CVE-2022-42003. FasterXML jackson-databi...

7.5CVSS7.2AI score0.02706EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/02 9:10 p.m.54 views

Security Bulletin: There are several vulnerabilities in jackson-databind used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2022-42003, CVE-2022-42004)

Summary There are several vulnerabilities in jackson-databind used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2022-42003 DESCRIPTION: FasterXML jackson-databind is vulnerable to a denial of service, caused by a lack of a check in the primitiv...

7.5CVSS7.6AI score0.02706EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/02 5:56 p.m.38 views

Security Bulletin: FasterXML jackson-databind is vulnerable to CVE-2022-42003 and CVE-2022-42004 used in IBM Maximo Application Suite

Summary IBM Maximo Application Suite uses FasterXML jackson-databind which is vulnerable to CVE-2022-42003 and CVE-2022-42004. Vulnerability Details CVEID:CVE-2022-42003 DESCRIPTION: FasterXML jackson-databind is vulnerable to a denial of service, caused by a lack of a check in the primitive valu...

7.5CVSS7.4AI score0.02706EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/20 10:35 a.m.37 views

Security Bulletin: IBM Security Verify Governance is vulnerable to a denial of service (CVE-2022-42004, CVE-2022-42003)

Summary IBM Security Verify Governance is vulnerable to denial of service issues within FasterXML jackson-databind, which ISVG uses to process XML. The issues were addressed by upgrading the affected package. Vulnerability Details CVEID:CVE-2022-42004 DESCRIPTION: FasterXML jackson-databind is...

7.5CVSS7.4AI score0.02706EPSS
Exploits3Affected Software1
Rows per page
Query Builder