28 matches found
Security Bulletin: Due to the use of jackson-core, IBM webMethods BPM and IBM webMethods Integration are vulnerable to multiple vulnerabilities
Summary IBM webMethods BPM and IBM webMethods Integration are dependant on jackson-databind which is affected by a known vulnerabilities WS-2022-0468, CVE-2022-42004, CVE-2022-42003, CVE-2023-35116. This security bulletin provides guidance on addressing the vulnerability. Vulnerability Details...
Security Bulletin: IBM DataStage on Cloud Pak for Data is vulnerable to denial of service due to the FasterXML jackson-databind package (CVE-2023-35116)
Summary Jackson-databind is used by IBM DataStage on Cloud Pak for Data as part of data processing. Vulnerability Details CVEID:CVE-2023-35116 DESCRIPTION: Fasterxml jackson-databind is vulnerable to a denial of service, caused by a stack-based overflow. By persuading a victim to open a specially...
Security Bulletin: IBM DataStage on Cloud Pak for Data is vulnerable to denial of service due to the FasterXML jackson-databind package (CVE-2023-35116)
Summary Jackson-databind is used by IBM DataStage on Cloud Pak for Data as part of data processing. Vulnerability Details CVEID:CVE-2023-35116 DESCRIPTION: Fasterxml jackson-databind is vulnerable to a denial of service, caused by a stack-based overflow. By persuading a victim to open a specially...
Linux Distros Unpatched Vulnerability : CVE-2023-35116
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - jackson-databind through 2.15.2 allows attackers to cause a denial of service or other unspecified impact via a crafted object that uses cyclic dependencies...
Security Bulletin: IBM B2B Sterling Integrator is affected by Fasterxml jackson-databind vulnerability to denial of service
Summary IBM B2B Sterling Integrator is affected by Fasterxml jackson-databind vulnerability to denial of service Vulnerability Details CVEID:CVE-2023-35116 DESCRIPTION: Fasterxml jackson-databind is vulnerable to a denial of service, caused by a stack-based overflow. By persuading a victim to ope...
Moderate: Red Hat Security Advisory: Red Hat AMQ Broker 7.12.0 release and security update
Red Hat AMQ Broker 7.12.0 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...
Security Bulletin: Fasterxml jackson-databind vulnerability affect IBM Spectrum Control
Summary Fasterxml jackson-databind is vulnerable to a denial of service. This vulnerability affect IBM Spectrum Control. CVE-2023-35116. Vulnerability Details CVEID:CVE-2023-35116 DESCRIPTION: Fasterxml jackson-databind is vulnerable to a denial of service, caused by a stack-based overflow. By...
Splunk Enterprise 9.0.0 < 9.0.9, 9.1.0 < 9.1.4, 9.2.0 < 9.2.1 (SVD-2024-0718)
The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2024-0718 advisory. - jackson-databind through 2.15.2 allows attackers to cause a denial of service or other unspecified impact via a crafted objec...
RHEL 9 : jackson-databind (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - jackson-databind: denial of service via cylic dependencies CVE-2023-35116 Note that Nessus has not tested for this...
RHEL 6 : jackson-databind (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - jackson-databind: denial of service via cylic dependencies CVE-2023-35116 Note that Nessus has not tested for this...
Important: Red Hat Security Advisory: Red Hat Build of Apache Camel security update
Red Hat build of Apache Camel 4.4.0 for Spring Boot release and security update is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available fo...
RHEL 8 : jenkins and jenkins-2-plugins (RHSA-2024:0777)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0777 advisory. Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cro...
Oracle Business Intelligence Enterprise Edition (April 2024 CPU)
The version of Oracle Business Intelligence Enterprise Edition 12.2.1.4 installed on the remote host is affected by multiple vulnerabilities as referenced in the April 2024 CPU advisory, including the following: - Vulnerability in the Oracle Business Intelligence Enterprise Edition product of...
Security Bulletin: Due to the use of jackson-databind, IBM CICS Transaction Gateway for Multiplatforms is vulnerable to a denial of service (CVE-2023-35116).
Summary There is a vulnerability in jackson-databind which is shipped as part of IBM CICS Transaction Gateway for Multiplatforms. An update to IBM CICS Transaction Gateway for Multiplatforms has been released to address the vulnerability. Vulnerability Details CVEID:CVE-2023-35116 DESCRIPTION:...
Security Bulletin: IBM Sterling Connect:Direct Web Services is vulnerable to denial of service due to FasterXML jackson-databind (CVE-2023-35116)
Summary IBM Sterling Connect:Direct Web Services uses FasterXML jackson-databind. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2023-35116 DESCRIPTION: Fasterxml jackson-databind is vulnerable to a denial of service, caused by a...
Moderate: Red Hat Security Advisory: Migration Toolkit for Runtimes security, bug fix and enhancement update
Migration Toolkit for Runtimes 1.2.4 release Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...
Security Bulletin: IBM Disconnected Log Collector is vulnerable to using components with known vulnerabilities
Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. This update addresses these CVEs. Vulnerability Details CVEID:CVE-2023-35116 DESCRIPTION: Fasterxml jackson-databind is vulnerable to a denial of service, caused...
Security Bulletin: IBM Storage Fusion HCI may be vulnerable to denial of service due to jackson-databind, okio (CVE-2022-42003, CVE-2023-35116, CVE-2023-3635)
Summary Java libraries jackson-databind and okio are used by IBM Storage Fusion HCI for logging. Vulnerabilities in these libraries could lead to Denial of Service as described the the CVEs listed in the "Vulnerability Details" section. Vulnerability Details CVEID:CVE-2022-42003 DESCRIPTION:...
Security Bulletin: IBM Storage Fusion may be vulnerable to denial of service due to jackson-databind, okio (CVE-2022-42003, CVE-2023-35116, CVE-2023-3635)
Summary Java libraries jackson-databind and okio are used by IBM Storage Fusion for logging. Vulnerabilities in these libraries could lead to Denial of Service as described the the CVEs listed in the "Vulnerability Details" section. Vulnerability Details CVEID:CVE-2022-42003 DESCRIPTION: FasterXM...
Security Bulletin: IBM Jazz Reporting Service is vulnerable to a denial of service (CVE-2023-35116)
Summary The fix includes a new version of the jackson-databind runtime that resolves the specified vulnerability. Vulnerability Details CVEID:CVE-2023-35116 DESCRIPTION: Fasterxml jackson-databind is vulnerable to a denial of service, caused by a stack-based overflow. By persuading a victim to op...