Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in jackson-core-2.14.2.jar

Summary IBM Watson Discovery Cartridge affected by vulnerability in jackson-core-2.14.2.jar Vulnerability Details ID:WS-2026-0003 DESCRIPTION: The non-blocking async JSON parser in jackson-core bypasses the maxNumberLength constraint default: 1000 characters defined in StreamReadConstraints. This...

Security Bulletin: IBM Maximo Application Suite - Predict Component uses jackson-core-2.18.2.jar which is vulnerable to WS-2026-0003

Summary Security Bulletin: IBM Maximo Application Suite - Predict Component uses jackson-core-2.18.2.jar which is vulnerable to WS-2026-0003. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details ID:WS-2026-0003 DESCRIPTION: The non-blocking async...

Atlassian Jira Service Management Data Center and Server 11.2.0 < 11.3.5 (JSDSERVER-16576)

The version of Atlassian Jira Service Management Data Center and Server Jira Service Desk running on the remote host is affected by a vulnerability as referenced in the JSDSERVER-16576 advisory. - jackson-core contains core low-level incremental streaming parser and generator abstractions used by...

Security Bulletin: Due to the use of Jackson Core, CICS Transaction Gateway Desktop Edition is vulnerable to a Denial of Service (DoS) vulnerability.

Summary Due to the use of Jackson Core, CICS Transaction Gateway Desktop Edition is vulnerable to a Denial of Service vulnerability. Jackson Core has been updated within CICS Transaction Gateway Desktop Edition in order to address the vulnerability. Vulnerability Details ID:WS-2026-0003...

Security Bulletin: IBM App Connect Enterprise and IBM Integration Bus for z/OS are vulnerable to a Denial of Service due to jackson-core ( WS-2026-0003 )

Summary IBM App Connect Enterprise and IBM Integration Bus for z/OS runtime and toolkit are vulnerable to a Denial of Service due to jackson-core. Vulnerability Details ID:WS-2026-0003 DESCRIPTION: The non-blocking async JSON parser in jackson-core bypasses the maxNumberLength constraint default:...

Security Bulletin: IBM SPSS Analytic Server is affected by a jackson-core async parser DoS vulnerability (WS-2026-0003)

Summary IBM SPSS Analytic Server is affected by a jackson-core async parser DoS vulnerability WS-2026-0003. This has been addressed in the remediation section. Vulnerability Details ID:WS-2026-0003 DESCRIPTION: The non-blocking async JSON parser in jackson-core bypasses the maxNumberLength...

RCE (Remote Code Execution) at com.fasterxml.jackson.core:jackson-core dependency in Crucible Server

This High severity RCE Remote Code Execution vulnerability was introduced in version 4.9.0 of Crucible Server. This RCE Remote Code Execution vulnerability, with a CVSS Score of 8.7 and a CVSS Vector of CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N allows an unauthenticated...

DoS (Denial of Service) at jackson-core dependency in Bamboo Data Center

This High severity DoS Denial of Service vulnerability was introduced in versions 12.0.0 and 12.1.0 of Bamboo Data Center. This DoS Denial of Service vulnerability, with a CVSS Score of 8.7 and a CVSS Vector of CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N allows an...

Security Bulletin: MongoDB Enterprised Advanced affected by: Denial of Service Caused by Improper JSON Parser (WS-2026-0003)

Summary There is a vulnerability in jackson-core-2.15.0.jar, jackson-core-2.18.3.jar, jackson-core-2.19.2.jar, jackson-core-2.19.4.jar used in MongoDB Enterprised Advanced for IBM, involving WS-2026-0003. The vulnerability has been addressed. Vulnerability Details ID:WS-2026-0003 DESCRIPTION: The...

Security Bulletin: IBM App Connect for Manufacturing is vulnerable to multiple vulnerabilities due to Netty and jackson-core (CVE-2026-33870, WS-2026-003)

Summary IBM App Connect for Manufacturing is vulnerable to a request smuggling attack and a Denial of Service attack due to Netty and jackson-core. Vulnerability Details CVEID:CVE-2026-33870 DESCRIPTION: Netty is an asynchronous, event-driven network application framework. In versions prior to...

Security Bulletin: There is a vulnerability in jackson-core-2.15.1.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (WS-2026-0003)

Summary There is a vulnerability in jackson-core-2.15.1.jar used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details ID:WS-2026-0003 DESCRIPTION: The non-blocking async JSON parser in jackson-core bypasses the maxNumberLength constraint default: 1000 characters...

Security Bulletin: Jackson-core Async JSON Parser Bypasses maxNumberLength Constraint Leading to DoS

Summary The non-blocking async JSON parser in jackson-core bypasses the maxNumberLength constraint default: 1000 characters defined in StreamReadConstraints. This allows an attacker to send JSON with arbitrarily long numbers through the async parser API, leading to excessive memory allocation and...

Security Bulletin: Security vulnerability has been detected in IBM Security Verify Governance Identity Manager Adapters

Summary IBM Security Verify Governance Identity Manager Adapters use jackson-core-2.12.0.jar, which is affected by vulnerability WS-2026-0003 Vulnerability Details ID:WS-2026-0003 DESCRIPTION: The non-blocking async JSON parser in jackson-core bypasses the maxNumberLength constraint default: 1000...

Security Bulletin: Maximo AI Service uses multiple third party dependencies which is vulnerable to multiple CVEs.

Summary Maximo AI Service uses mlflow-3.1.0-py3-none-any.whl, fast-xml-parser-4.5.3.tgz, nltk-3.9.1-py3-none-any.whl, tar-7.4.3.tgz, tar-7.5.9.tgz, PyJWT-2.10.1-py3-none-any.whl, pyasn1-0.6.2-py3-none-any.whl, fast-xml-parser-5.3.6.tgz, jackson-core-2.19.4.jar,...

Oracle Business Process Management Suite (12.2.1.4.0) (April 2026 CPU)

The version of Oracle Business Process Management Suite installed on the remote host is affected by a vulnerability, as referenced in the April 2026 CPU advisory: - Vulnerability in the Oracle Business Process Management Suite product of Oracle Fusion Middleware component: Document Service...

Security Bulletin: Due to use of jackson-core-2.19.4.jar, IBM Sterling Connect:Direct Web Services is affected by Denial of Service (DoS) issue.

Summary jackson-core-2.19.4.jar is used by IBM Sterling Connect:Direct Web Services WS-2026-0003. Vulnerability Details ID:WS-2026-0003 DESCRIPTION: The non-blocking async JSON parser in jackson-core bypasses the maxNumberLength constraint default: 1000 characters defined in StreamReadConstraints...

Security Bulletin: DevOps Test Performance contains a vulnerability related to use of the jackson-core library

Summary Due to use of the jackson-core library, DevOps Test Performance and Rational Performance Tester contain a potential Denial of Service DoS vulnerability. Vulnerability Details ID:WS-2026-0003 DESCRIPTION: The non-blocking async JSON parser in jackson-core bypasses the maxNumberLength...

Security Bulletin: Vulnerabilities jackson-core-2.13.5.jar affects affect IBM Spectrum Protect Plus

Summary IBM Spectrum Protect Plus can be affected by vulnerabilities in jackson-core package. Vulnerabilities include obtaining sensitive information, causing a denial of service condition, the elevation of privileges, remote execution of arbitrary code and bypassing security restrictions, as...

Security Bulletin: SPSS Collaboration and Deployment Services is affected by non-blocking (async) JSON parser in jackson-core (WS-2026-0003)

Summary SPSS Collaboration and Deployment Services is affected by non-blocking async JSON parser in jackson-core WS-2026-0003. This has been addressed in the remediation section. Vulnerability Details ID:WS-2026-0003 DESCRIPTION: The non-blocking async JSON parser in jackson-core bypasses the...

ROOT-APP-MAVEN-GHSA-2M67-WJPJ-XHG9 GHSA-2m67-wjpj-xhg9 in io.root.tools.jackson.core:jackson-core - Patched by Root

Root has patched GHSA-2m67-wjpj-xhg9 in the io.root.tools.jackson.core:jackson-core package for Root:Maven. Multiple fixed versions available...