89 matches found
Security Bulletin: IBM Storage Fusion may be vulnerable to denial of service due to jackson-databind, okio (CVE-2022-42003, CVE-2023-35116, CVE-2023-3635)
Summary Java libraries jackson-databind and okio are used by IBM Storage Fusion for logging. Vulnerabilities in these libraries could lead to Denial of Service as described the the CVEs listed in the "Vulnerability Details" section. Vulnerability Details CVEID:CVE-2022-42003 DESCRIPTION: FasterXM...
Atlassian Jira Service Management Data Center and Server 4.20.x < 4.20.27 / 5.4.x < 5.4.11 (JSDSERVER-14751)
The version of Atlassian Jira Service Management Data Center and Server Jira Service Desk running on the remote host is affected by a vulnerability as referenced in the JSDSERVER-14751 advisory. - In FasterXML jackson-databind before 2.14.0-rc1, resource exhaustion can occur because of a lack of ...
Security Bulletin: IBM Sterling B2B Integrator affected by FasterXML Jackson-data vulnerabilities (CVE-2022-42003, CVE-2022-42004)
Summary IBM Sterling B2B Integrator uses FasterXML Jackson-databind. Vulnerability Details CVEID: CVE-2022-42004 DESCRIPTION: FasterXML jackson-databind is vulnerable to a denial of service, caused by a lack of a check in in the BeanDeserializer.deserializeFromArray function. By sending a...
Security Bulletin: IBM Jazz Reporting Service is vulnerable to CVE-2022-42003 and CVE-2022-42004 per jackson-databind dependency
Summary There are two vulnerabilities in jackson-databind used by IBM Jazz Reporting Service. IBM has addressed the relevant CVEs CVE-2022-42003, CVE-2022-42004 Vulnerability Details CVEID:CVE-2022-42004 DESCRIPTION: FasterXML jackson-databind is vulnerable to a denial of service, caused by a lac...
Security Bulletin: Multiple vulnerabilities has been identified in FasterXML jackson-databind affect IBM Engineering Lifecycle Optimization - Publishing
Summary A security vulnerability has been identified in FasterXML jackson-databind affect IBM Engineering Lifecycle Optimization - Publishing. Information about a security vulnerability affecting jackson-databind has been published in a security bulletin. Vulnerability Details CVEID:CVE-2021-4687...
K000135852: FasterXML jackson-databind vulnerability CVE-2022-42003
Security Advisory Description In FasterXML jackson-databind before 2.14.0-rc1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAPSINGLEVALUEARRAYS feature is enabled. Additional fix version in 2.13.4.1 a...
Security Bulletin: IBM App Connect for Manufacturing is vulnerable to a denial of service due to FasterXML jackson-databind (CVE-2022-42004, CVE-2022-42003)
Summary IBM App Connect for Manufacturing is vulnerable to a denial of service due to FasterXML jackson-databind CVE-2022-42004, CVE-2022-42003 Vulnerability Details CVEID:CVE-2022-42004 DESCRIPTION: FasterXML jackson-databind is vulnerable to a denial of service, caused by a lack of a check in i...
Security Bulletin: IBM Sterling Global Mailbox is vulnerable to denial of service due to FasterXML jackson-databind (CVE-2022-42003)
Summary Security vulnerability have been Identified and addressed in FasterXML jackson-databind library shipped with IBM Sterling Global Mailbox. Vulnerability Details CVEID:CVE-2022-42003 DESCRIPTION: FasterXML jackson-databind is vulnerable to a denial of service, caused by a lack of a check in...
Oracle Application Testing Suite (Jul 2023 CPU)
The version of Oracle Application Testing Suite installed on the remote host is affected by multiple vulnerabilities as referenced in the July 2023 CPU advisory: - Vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager component: Load Testing for Web Apps Apach...
Oracle Global Lifecycle Management (OPatch) (Jan 2023 CPU)
The installation of Oracle Global Lifecycle Management OPatch installed on the remote host is affected by multiple vulnerabilities as referenced in the January 2023 CPU advisory. - Vulnerability in the Oracle Global Lifecycle Management NextGen OUI Framework product of Oracle Fusion Middleware...
Security Bulletin: IBM Storage Protect Server is vulnerable to denial of service due to FasterXML jackson-databind (CVE-2022-42004, CVE-2022-42003)
Summary FasterXML jackson-databind is used by IBM Storage Protect Server and may be affected by this vulnerability. Vulnerability Details CVEID:CVE-2022-42004 DESCRIPTION: FasterXML jackson-databind is vulnerable to a denial of service, caused by a lack of a check in in the...
Important: Red Hat Security Advisory: Red Hat Integration Camel for Spring Boot 3.18.3 Patch 2 release
Camel for Spring Boot 3.18.3 Patch 2 release and security update is now available. Red Hat Product Security has rated this update as having an impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...
Security Bulletin: There are several vulnerabilities in jackson-databind used by IBM Maximo Asset Management (CVE-2022-42003, CVE-2022-42004, CVE-2020-36518)
Summary There are several vulnerabilities in jackson-databind used by IBM Maximo Asset Management. Vulnerability Details CVEID:CVE-2022-42003 DESCRIPTION: FasterXML jackson-databind is vulnerable to a denial of service, caused by a lack of a check in the primitive value deserializers when the...
Important: Red Hat Security Advisory: Red Hat AMQ Streams 2.4.0 release and security update
Red Hat AMQ Streams 2.4.0 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...
Satellite 6.13 Release
An update is available for libdb. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Rocky Enterprise Software Foundation Satellite is a systems management tool for...
Important: Red Hat Security Advisory: Satellite 6.13 Release
An update is now available for Red Hat Satellite 6.13. The release contains a new version of Satellite and important security fixes for various components. Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring ...
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in FasterXML jackson-databind (CVE-2022-42003)
Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in FasterXML jackson-databind caused by a lack of a check in the primitive value deserializers when the UNWRAPSINGLEVALUEARRAYS feature is enabled. CVE-2022-42003. FasterXML jackson-databi...
Security Bulletin: There are several vulnerabilities in jackson-databind used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2022-42003, CVE-2022-42004)
Summary There are several vulnerabilities in jackson-databind used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2022-42003 DESCRIPTION: FasterXML jackson-databind is vulnerable to a denial of service, caused by a lack of a check in the primitiv...
Security Bulletin: FasterXML jackson-databind is vulnerable to CVE-2022-42003 and CVE-2022-42004 used in IBM Maximo Application Suite
Summary IBM Maximo Application Suite uses FasterXML jackson-databind which is vulnerable to CVE-2022-42003 and CVE-2022-42004. Vulnerability Details CVEID:CVE-2022-42003 DESCRIPTION: FasterXML jackson-databind is vulnerable to a denial of service, caused by a lack of a check in the primitive valu...
Security Bulletin: IBM Security Verify Governance is vulnerable to a denial of service (CVE-2022-42004, CVE-2022-42003)
Summary IBM Security Verify Governance is vulnerable to denial of service issues within FasterXML jackson-databind, which ISVG uses to process XML. The issues were addressed by upgrading the affected package. Vulnerability Details CVEID:CVE-2022-42004 DESCRIPTION: FasterXML jackson-databind is...