Lucene search
K

80 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/02/05 11:26 a.m.7 views

Security Bulletin: Due to the use of jackson-core, IBM webMethods BPM and IBM webMethods Integration are vulnerable to multiple vulnerabilities

Summary IBM webMethods BPM and IBM webMethods Integration are dependant on jackson-databind which is affected by a known vulnerabilities WS-2022-0468, CVE-2022-42004, CVE-2022-42003, CVE-2023-35116. This security bulletin provides guidance on addressing the vulnerability. Vulnerability Details...

7.5CVSS6.7AI score0.02824EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/27 6:51 a.m.9 views

Security Bulletin: IBM Engineering Lifecycle Management - Jazz Foundation is impacted by vulnerabilities in FasterXML jackson-databind

Summary Vulnerabilities have been identified in FasterXML jackson-databind, which is used in IBM Engineering Lifecycle Management - Jazz Foundation. Vulnerability Details CVEID:CVE-2022-42003 DESCRIPTION: In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, resource exhaustion ca...

7.5CVSS7.3AI score0.17611EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/12 10:45 a.m.25 views

Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to quartz-jobs 2.3.2 and below was discovered to contain a code injection vulnerability in the component.

Summary Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to quartz-jobs 2.3.2 and below was discovered to contain a code injection vulnerability in the component. Vulnerability Details CVEID:CVE-2022-42004 DESCRIPTION: FasterXML jackson-databind is vulnerable to a denial o...

7.5CVSS6.9AI score0.02824EPSS
Exploits3Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/03/10 12:0 a.m.16 views

Amazon Linux 2 : aws-kinesis-agent (ALAS-2025-2788)

The version of aws-kinesis-agent installed on the remote host is prior to 2.0.10-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2788 advisory. In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in...

7.5CVSS6.5AI score0.02656EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2025/03/07 12:0 a.m.20 views

Amazon Linux 2023 : aws-kinesis-agent (ALAS2023-2025-889)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-889 advisory. In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer.deserializeFromArray to prevent use of deeply nested arrays. An application is...

7.5CVSS6.3AI score0.02656EPSS
Exploits1References4
Amazon
Amazon
added 2025/03/06 12:0 a.m.4 views

Important: aws-kinesis-agent

Issue Overview: In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer.deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization...

7.5CVSS8AI score0.02656EPSS
Exploits1
Amazon
Amazon
added 2025/03/06 12:0 a.m.9 views

Important: aws-kinesis-agent

Issue Overview: In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer.deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization...

7.5CVSS8AI score0.02656EPSS
Exploits1
Amazon
Amazon
added 2025/03/06 12:0 a.m.9 views

Important: aws-kinesis-agent

Issue Overview: In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer.deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization...

7.5CVSS7.7AI score0.02656EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2022-42004

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer.deserializeFromArray to prevent use ...

7.5CVSS6.5AI score0.02656EPSS
Exploits1References3
Amazon
Amazon
added 2025/01/09 12:0 a.m.10 views

Important: jackson-databind

Issue Overview: In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer.deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization...

7.5CVSS7.7AI score0.02656EPSS
Exploits1
Amazon
Amazon
added 2025/01/09 12:0 a.m.6 views

Important: jackson-databind

Issue Overview: In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer.deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization...

7.5CVSS8AI score0.02656EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2025/01/09 12:0 a.m.15 views

Amazon Linux 2023 : jackson-databind (ALAS2023-2025-798)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-798 advisory. In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer.deserializeFromArray to prevent use of deeply nested arrays. An application is...

7.5CVSS6.3AI score0.02656EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2024/12/11 12:0 a.m.22 views

Oracle Siebel Server <= 23.5 (July 2023 CPU)

The versions of Oracle Siebel CRM installed on the remote host are affected by multiple vulnerabilities as referenced in the July 2023 CPU advisory. - Vulnerability in the Siebel CRM product of Oracle Siebel CRM component: EAI JSON-java. Supported versions that are affected are 23.5 and prior...

9.8CVSS6.5AI score0.52458EPSS
Exploits12References14
Tenable Nessus
Tenable Nessus
added 2024/11/15 12:0 a.m.17 views

Fedora 38 : fasterxml-oss-parent / jackson-annotations / jackson-bom / etc (2022-6aa833b95f)

The remote Fedora 38 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2022-6aa833b95f advisory. Rebase Jackson packages to the latest upstream version 2.14.1 Tenable has extracted the preceding description block directly from the Fedora securit...

7.5CVSS6.5AI score0.02824EPSS
Exploits3References3
IBM Security Bulletins
IBM Security Bulletins
added 2024/09/09 5:29 a.m.28 views

Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to denial of service due to FasterXML jackson-databind (CVE-2022-42004, CVE-2022-42003)

Summary IBM Sterling Partner Engagement Manager uses FasterXML jackson-databind. Vulnerability Details CVEID:CVE-2022-38751 DESCRIPTION: SnakeYAML is vulnerable to a denial of service, caused by a stack-overflow in parsing YAML files. By persuading a victim to open a specially crafted file, a...

7.5CVSS6.9AI score0.02824EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/08/14 3:36 p.m.43 views

Security Bulletin: Vulnerability in jackson-databind affects watsonx.data

Summary FasterXML jackson-databind is vulnerable to a denial of service, caused by a Java StackOverflow exception and other causes Vulnerability Details CVEID:CVE-2020-36518 DESCRIPTION: FasterXML jackson-databind is vulnerable to a denial of service, caused by a Java StackOverflow exception. By...

7.5CVSS7.6AI score0.17611EPSS
Exploits5Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.25 views

RHEL 8 : jboss-on (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - jackson-databind: use of deeply nested arrays CVE-2022-42004 - jackson-databind 2.10.x through 2.12.x...

7.5CVSS8.4AI score0.02824EPSS
Exploits4References3
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.26 views

RHEL 9 : jboss-on (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - jackson-databind: use of deeply nested arrays CVE-2022-42004 - In FasterXML jackson-databind before...

7.5CVSS8.4AI score0.02824EPSS
Exploits3References2
Tenable Nessus
Tenable Nessus
added 2024/04/28 12:0 a.m.38 views

RHEL 8 : OpenShift Developer Tools and Services for OCP 4.12 (RHSA-2023:1064)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:1064 advisory. Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cro...

9.9CVSS6.9AI score0.03571EPSS
Exploits4References33
OpenVAS
OpenVAS
added 2024/03/18 12:0 a.m.39 views

Mageia: Security Advisory (MGASA-2024-0069)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS8.2AI score0.0486EPSS
Exploits4References11
Rows per page
Query Builder