561 matches found
Security Bulletin: A security vulnerability has been identified in FasterXML jackson-databind shipped with IBM Tivoli Netcool Impact (CVE-2021-46877)
Summary FasterXML jackson-databind is shipped with IBM Tivoli Netcool Impact. Information about a security vulnerability affecting jackson-databind has been published in a security bulletin. Vulnerability Details CVEID:CVE-2021-46877 DESCRIPTION: FasterXML jackson-databind is vulnerable to a deni...
Security Bulletin: IBM Security Guardium is affected by FasterXML jackson-databind vulnerabilities (CVE-2020-25649, X-Force ID 217968)
Summary IBM Security Guardium has fixed these vulnerabilities. Vulnerability Details CVEID:CVE-2020-25649 DESCRIPTION: FasterXML Jackson Databind could provide weaker than expected security, caused by not having entity expansion secured properly. A remote attacker could exploit this vulnerability...
Security Bulletin: IBM Cognos Command Center is affected by multiple vulnerabilities
Summary There are vulnerabilities in IBM® Semeru Java™ Version 11 used by IBM Cognos Command Center. IBM Cognos Command Center 10.2.4 Fix Pack 1 IF17 has addressed the applicable CVEs by upgrading to IBM® Semeru JRE 11.0.18.0 CVE-2022-21449, CVE-2022-21434, CVE-2022-21443, CVE-2022-21624,...
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in FasterXML jackson-databind (CVE-2022-42003)
Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in FasterXML jackson-databind caused by a lack of a check in the primitive value deserializers when the UNWRAPSINGLEVALUEARRAYS feature is enabled. CVE-2022-42003. FasterXML jackson-databi...
CVE-2022-42004 -In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur
In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check-in BeanDeserializer.deserializeFromArray to prevent the use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization. Products Confirmed No...
CVE-2022-42003 - In FasterXML jackson-databind before 2.14.0-rc1, ressource exhaustion
In FasterXML jackson-databind before 2.14.0-rc1, resource exhaustion can occur because of a lack of a check-in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAPSINGLEVALUEARRAYS feature is enabled. Additional fix version in 2.13.4.1 and 2.12.17.1 Products Confirme...
Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in FasterXML jackson-databind
Summary IBM Watson Discovery Cartridge for IBM Cloud Pak for Data contains a vulnerable version of FasterXML jackson-databind. Vulnerability Details CVEID:CVE-2021-46877 DESCRIPTION: FasterXML jackson-databind is vulnerable to a denial of service, caused by a flaw when using JDK serialization for...
Security Bulletin: FasterXML jackson-databind is vulnerable to CVE-2022-42003 and CVE-2022-42004 used in IBM Maximo Application Suite
Summary IBM Maximo Application Suite uses FasterXML jackson-databind which is vulnerable to CVE-2022-42003 and CVE-2022-42004. Vulnerability Details CVEID:CVE-2022-42003 DESCRIPTION: FasterXML jackson-databind is vulnerable to a denial of service, caused by a lack of a check in the primitive valu...
Security Bulletin: IBM Security Verify Governance is vulnerable to a denial of service (CVE-2022-42004, CVE-2022-42003)
Summary IBM Security Verify Governance is vulnerable to denial of service issues within FasterXML jackson-databind, which ISVG uses to process XML. The issues were addressed by upgrading the affected package. Vulnerability Details CVEID:CVE-2022-42004 DESCRIPTION: FasterXML jackson-databind is...
Security Bulletin: IBM Security Verify Governance is vulnerable to arbitrary code execution (CVE-2020-10650)
Summary IBM Security Verify Governance is vulnerable to arbitrary code execution due to an issue in FasterXML jackson-databind, which ISVG uses for XML processing. The issue was addressed by upgrading the affected package. Vulnerability Details CVEID:CVE-2020-10650 DESCRIPTION: FasterXML...
Oracle Business Process Management Suite (Apr 2023 CPU)
The version of Oracle Business Process Management Suite installed on the remote host is affected by multiple vulnerabilities, as referenced in the April 2023 CPU advisory. Specifically: - Class org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider in Apache MINA SSHD = 2.9.1 uses Java...
Security Bulletin: IBM Security Verify Governance is vulnerable to a denial of service caused by multiple vulnerabilities.
Summary IBM Security Verify Governance is vulnerable to a denial of service caused by multiple vulnerabilities. FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system. IBM has addressed these vulnerabilites. Vulnerability Details CVEID:CVE-2019-14892...
Security Bulletin: DataPower Operations Dashboard vulnerable to multiple CVEs
Summary DataPower Operations Dashboard has addressed the following CVEs Vulnerability Details CVEID:CVE-2022-41881 DESCRIPTION: Netty is vulnerable to a denial of service, caused by a StackOverflowError in HAProxyMessageDecoder. By sending a specially-crafted message, a remote attacker could...
Security Bulletin: Multiple vulnerabilities in Open Source software used by Cloud Pak System
Summary Multiple vulnerabilities in Open Source software used by Cloud Pak System. IBM Cloud Pak System has addressed those vulnerabilities. Vulnerability Details CVEID:CVE-2015-1832 DESCRIPTION: Apache Derby could allow a remote attacker to obtain sensitive information, caused by a XML external...
K000132725: FasterXML vulnerability CVE-2022-42004
Security Advisory Description In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer.deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for...
Security Bulletin: IBM CloudPak foundational services (Events Operator) is affected by potential data integrity issue (CVE-2020-25649)
Summary The IBM Cloud Platform Common Services Events Operator is potentially vulnerable to a data integrity issue Vulnerability Details CVEID:CVE-2020-25649 DESCRIPTION: FasterXML Jackson Databind could provide weaker than expected security, caused by not having entity expansion secured properly...
Security Bulletin: FasterXML-jackson-databinds vulnerabilities affect IBM Operations Analytics Predictive Insights (CVE-2022-42004,CVE-2022-42003)
Summary FasterXML-jackson-databind is used by IBM Operations Analytics Predictive Insights REST Meditation utility tool only. If you do not have this utility installed you are not affected by this bulletin, otherwise, apply the recommended remediation fixes. Vulnerability Details...
Security Bulletin: Vulnerabilities found within Apache Storm that is used by IBM Tivoli Network Manager (ITNM) IP Edition
Summary Vulnerabilities found within Apache Storm CVE-2020-25649, CVE-2020-36518, CVE-2021-22569, CVE-2021-38153 that is used by IBM Tivoli Network Manager ITNM IP Edition Vulnerability Details CVEID:CVE-2020-25649 DESCRIPTION: FasterXML Jackson Databind could provide weaker than expected securit...
K15320518: FasterXML jackson-databind vulnerability CVE-2020-8840
Security Advisory Description In FasterXML jackson-databind 2.0.0 through 2.9.10.2, due to the lack of certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter , attackers can exploit JNDI injections to remotely execute code. FasterXML Jackson is a...
K32562850: jackson-databind vulnerabilities CVE-2019-16943 and CVE-2019-17531
Security Advisory Description CVE-2019-16943 A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled either globally or for a specific property for an externally exposed JSON endpoint and the service has the p6spy 3.8.6 jar in t...