Lucene search
K

561 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2023/06/21 3:15 p.m.21 views

Security Bulletin: A security vulnerability has been identified in FasterXML jackson-databind shipped with IBM Tivoli Netcool Impact (CVE-2021-46877)

Summary FasterXML jackson-databind is shipped with IBM Tivoli Netcool Impact. Information about a security vulnerability affecting jackson-databind has been published in a security bulletin. Vulnerability Details CVEID:CVE-2021-46877 DESCRIPTION: FasterXML jackson-databind is vulnerable to a deni...

7.5CVSS7.3AI score0.01124EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/13 6:26 p.m.61 views

Security Bulletin: IBM Security Guardium is affected by FasterXML jackson-databind vulnerabilities (CVE-2020-25649, X-Force ID 217968)

Summary IBM Security Guardium has fixed these vulnerabilities. Vulnerability Details CVEID:CVE-2020-25649 DESCRIPTION: FasterXML Jackson Databind could provide weaker than expected security, caused by not having entity expansion secured properly. A remote attacker could exploit this vulnerability...

7.5CVSS7.8AI score0.17611EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/04 8:23 p.m.42 views

Security Bulletin: IBM Cognos Command Center is affected by multiple vulnerabilities

Summary There are vulnerabilities in IBM® Semeru Java™ Version 11 used by IBM Cognos Command Center. IBM Cognos Command Center 10.2.4 Fix Pack 1 IF17 has addressed the applicable CVEs by upgrading to IBM® Semeru JRE 11.0.18.0 CVE-2022-21449, CVE-2022-21434, CVE-2022-21443, CVE-2022-21624,...

9.8CVSS9.3AI score0.99019EPSS
Exploits31Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/03 2:15 p.m.50 views

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in FasterXML jackson-databind (CVE-2022-42003)

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in FasterXML jackson-databind caused by a lack of a check in the primitive value deserializers when the UNWRAPSINGLEVALUEARRAYS feature is enabled. CVE-2022-42003. FasterXML jackson-databi...

7.5CVSS7.2AI score0.02824EPSS
Exploits2Affected Software1
Broadcom
Broadcom
added 2023/05/03 12:0 a.m.49 views

CVE-2022-42004 -In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur

In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check-in BeanDeserializer.deserializeFromArray to prevent the use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization. Products Confirmed No...

7.5CVSS7.6AI score0.02656EPSS
Exploits1
Broadcom
Broadcom
added 2023/05/03 12:0 a.m.44 views

CVE-2022-42003 - In FasterXML jackson-databind before 2.14.0-rc1, ressource exhaustion

In FasterXML jackson-databind before 2.14.0-rc1, resource exhaustion can occur because of a lack of a check-in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAPSINGLEVALUEARRAYS feature is enabled. Additional fix version in 2.13.4.1 and 2.12.17.1 Products Confirme...

7.5CVSS7.6AI score0.02824EPSS
Exploits2
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/02 10:13 p.m.31 views

Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in FasterXML jackson-databind

Summary IBM Watson Discovery Cartridge for IBM Cloud Pak for Data contains a vulnerable version of FasterXML jackson-databind. Vulnerability Details CVEID:CVE-2021-46877 DESCRIPTION: FasterXML jackson-databind is vulnerable to a denial of service, caused by a flaw when using JDK serialization for...

7.5CVSS7.3AI score0.01124EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/02 5:56 p.m.38 views

Security Bulletin: FasterXML jackson-databind is vulnerable to CVE-2022-42003 and CVE-2022-42004 used in IBM Maximo Application Suite

Summary IBM Maximo Application Suite uses FasterXML jackson-databind which is vulnerable to CVE-2022-42003 and CVE-2022-42004. Vulnerability Details CVEID:CVE-2022-42003 DESCRIPTION: FasterXML jackson-databind is vulnerable to a denial of service, caused by a lack of a check in the primitive valu...

7.5CVSS7.4AI score0.02824EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/20 10:35 a.m.37 views

Security Bulletin: IBM Security Verify Governance is vulnerable to a denial of service (CVE-2022-42004, CVE-2022-42003)

Summary IBM Security Verify Governance is vulnerable to denial of service issues within FasterXML jackson-databind, which ISVG uses to process XML. The issues were addressed by upgrading the affected package. Vulnerability Details CVEID:CVE-2022-42004 DESCRIPTION: FasterXML jackson-databind is...

7.5CVSS7.4AI score0.02824EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/20 10:33 a.m.29 views

Security Bulletin: IBM Security Verify Governance is vulnerable to arbitrary code execution (CVE-2020-10650)

Summary IBM Security Verify Governance is vulnerable to arbitrary code execution due to an issue in FasterXML jackson-databind, which ISVG uses for XML processing. The issue was addressed by upgrading the affected package. Vulnerability Details CVEID:CVE-2020-10650 DESCRIPTION: FasterXML...

8.1CVSS9.1AI score0.03301EPSS
Exploits1Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/04/19 12:0 a.m.40 views

Oracle Business Process Management Suite (Apr 2023 CPU)

The version of Oracle Business Process Management Suite installed on the remote host is affected by multiple vulnerabilities, as referenced in the April 2023 CPU advisory. Specifically: - Class org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider in Apache MINA SSHD = 2.9.1 uses Java...

9.8CVSS6.6AI score0.03571EPSS
Exploits4References5
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/13 10:31 a.m.37 views

Security Bulletin: IBM Security Verify Governance is vulnerable to a denial of service caused by multiple vulnerabilities.

Summary IBM Security Verify Governance is vulnerable to a denial of service caused by multiple vulnerabilities. FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system. IBM has addressed these vulnerabilites. Vulnerability Details CVEID:CVE-2019-14892...

10CVSS9.6AI score0.45205EPSS
Exploits28Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/12 6:29 p.m.41 views

Security Bulletin: DataPower Operations Dashboard vulnerable to multiple CVEs

Summary DataPower Operations Dashboard has addressed the following CVEs Vulnerability Details CVEID:CVE-2022-41881 DESCRIPTION: Netty is vulnerable to a denial of service, caused by a StackOverflowError in HAProxyMessageDecoder. By sending a specially-crafted message, a remote attacker could...

7.5CVSS7.2AI score0.02824EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/31 2:10 p.m.58 views

Security Bulletin: Multiple vulnerabilities in Open Source software used by Cloud Pak System

Summary Multiple vulnerabilities in Open Source software used by Cloud Pak System. IBM Cloud Pak System has addressed those vulnerabilities. Vulnerability Details CVEID:CVE-2015-1832 DESCRIPTION: Apache Derby could allow a remote attacker to obtain sensitive information, caused by a XML external...

9.5AI score0.42983EPSS
Exploits16Affected Software1
F5 Networks
F5 Networks
added 2023/03/22 3:23 p.m.36 views

K000132725: FasterXML vulnerability CVE-2022-42004

Security Advisory Description In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer.deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for...

7.5CVSS7AI score0.02656EPSS
Exploits1Affected Software12
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/27 8:37 p.m.34 views

Security Bulletin: IBM CloudPak foundational services (Events Operator) is affected by potential data integrity issue (CVE-2020-25649)

Summary The IBM Cloud Platform Common Services Events Operator is potentially vulnerable to a data integrity issue Vulnerability Details CVEID:CVE-2020-25649 DESCRIPTION: FasterXML Jackson Databind could provide weaker than expected security, caused by not having entity expansion secured properly...

7.5CVSS7.4AI score0.17611EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/27 3:6 p.m.49 views

Security Bulletin: FasterXML-jackson-databinds vulnerabilities affect IBM Operations Analytics Predictive Insights (CVE-2022-42004,CVE-2022-42003)

Summary FasterXML-jackson-databind is used by IBM Operations Analytics Predictive Insights REST Meditation utility tool only. If you do not have this utility installed you are not affected by this bulletin, otherwise, apply the recommended remediation fixes. Vulnerability Details...

7.5CVSS7.3AI score0.02824EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/24 6:34 a.m.45 views

Security Bulletin: Vulnerabilities found within Apache Storm that is used by IBM Tivoli Network Manager (ITNM) IP Edition

Summary Vulnerabilities found within Apache Storm CVE-2020-25649, CVE-2020-36518, CVE-2021-22569, CVE-2021-38153 that is used by IBM Tivoli Network Manager ITNM IP Edition Vulnerability Details CVEID:CVE-2020-25649 DESCRIPTION: FasterXML Jackson Databind could provide weaker than expected securit...

7.5CVSS7.2AI score0.17611EPSS
Exploits2Affected Software1
F5 Networks
F5 Networks
added 2023/02/21 7:58 p.m.60 views

K15320518: FasterXML jackson-databind vulnerability CVE-2020-8840

Security Advisory Description In FasterXML jackson-databind 2.0.0 through 2.9.10.2, due to the lack of certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter , attackers can exploit JNDI injections to remotely execute code. FasterXML Jackson is a...

9.8CVSS9.1AI score0.26587EPSS
Exploits5Affected Software12
F5 Networks
F5 Networks
added 2023/02/21 6:47 p.m.42 views

K32562850: jackson-databind vulnerabilities CVE-2019-16943 and CVE-2019-17531

Security Advisory Description CVE-2019-16943 A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled either globally or for a specific property for an externally exposed JSON endpoint and the service has the p6spy 3.8.6 jar in t...

9.8CVSS8AI score0.05329EPSS
Exploits0
Rows per page
Query Builder