Security Bulletin: Vulnerability in FasterXML jackson-databind affects IBM Process Mining . CVE-2020-36518

Summary There is a vulnerability in FasterXML jackson-databind that could allow a denial of service. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2020-36518 DESCRIPTION: FasterXML...

Security Bulletin: Multiple CVEs affect IBM Integration Designer

Summary Multiple vulnerabilities found in 3rd party software used by IBM Integration Designer. IBM Integration Designer has addressed the multiple CVEs. Vulnerability Details CVEID:CVE-2020-36181 DESCRIPTION: FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on th...

Security Bulletin: IBM Cloud Pak for Multicloud Management Monitoring has applied security fixes for its use of FasterXML Jackson (CVE-2022-42003)

Summary IBM Cloud Pak for Multicloud Management Monitoring has patched its use of FasterXML Jackson due to vulnerabilities of resource exhaustion. Vulnerability Details CVEID:CVE-2022-42003 DESCRIPTION: FasterXML jackson-databind is vulnerable to a denial of service, caused by a lack of a check i...

woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks

A flaw was found in the FasterXML/woodstox package. This flaw allows an attacker to cause a denial of service DoS in its target via XML serialization. An attacker may benefit from the parser sending a malicious input that may cause a crash. This vulnerability is only relevant for users using the...

Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in FasterXML jackson-databind

Summary IBM Watson Discovery Cartridge for IBM Cloud Pak for Data contains a vulnerable version of FasterXML jackson-databind. Vulnerability Details CVEID:CVE-2020-36518 DESCRIPTION: FasterXML jackson-databind is vulnerable to a denial of service, caused by a Java StackOverflow exception. By usin...

Security Bulletin: Vulnerabilities in Spring Framework affects IBM Common Licensing's Administration And Reporting Tool (ART) and its Agent (CVE-2022-22978, 220811)

Summary Security Vulnerablities have been addressed in IBM Common Licensing. In Spring Security versions 5.5.6 and 5.6.3 and older unsupported versions, RegexRequestMatcher can easily be misconfigured to be bypassed on some servlet containers. A fix is available to address the vulnerability...

Security Bulletin: Vulnerabilities in FasterXML affects IBM Common Licensing's Administration And Reporting Tool (ART) and its Agent (CVE-2022-42003, CVE-2022-42004)

Summary Security Vulnerablities have been addressed in IBM Common Licensing. Faster-XML Jackson is a JSON to Java object conversion API CVE-2022-42003, CVE-2022-42004. A fix is available to address the vulnerability. Vulnerability Details CVEID:CVE-2022-42004 DESCRIPTION: FasterXML jackson-databi...

Security Bulletin: IBM Planning Analytics Workspace is affected by vulnerabilties

Summary IBM Planning Analytics Workspace is affected by vulnerabilities. Node.js is an open-source and cross-platform JavaScript runtime environment CVE-2022-35255, CVE-2022-35256. Node-tar is a full function tar library for node.js CVE-2018-20834. Swagger UI is used to visualize and interact wit...

woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks

A flaw was found in the FasterXML/woodstox package. This flaw allows an attacker to cause a denial of service DoS in its target via XML serialization. An attacker may benefit from the parser sending a malicious input that may cause a crash. This vulnerability is only relevant for users using the...

Security Bulletin: Content Manager Enterprise Edition is affected by a vulnerability in FasterXML jackson

Summary There is a vulnerability in FasterXML jackson used by Content Manager Enterprise Edition. Content Manager Enterprise Edition has addressed the applicable CVE. Vulnerability Details IBM X-Force ID: 217968 DESCRIPTION: FasterXML jackson-databind is vulnerable to a denial of service, caused ...

Security Bulletin: Content Manager Enterprise Edition is affected by a vulnerability in FasterXML jackson

Summary There is a vulnerability in FasterXML jackson used by Content Manager Enterprise Edition. Content Manager Enterprise Edition has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2022-42004 DESCRIPTION: FasterXML jackson-databind is vulnerable to a denial of service, caused by...

Security Bulletin: Content Manager Enterprise Edition is affected by a vulnerability in FasterXML jackson

Summary There is a vulnerability in FasterXML jackson used by Content Manager Enterprise Edition. Content Manager Enterprise Edition has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2022-42003 DESCRIPTION: FasterXML jackson-databind is vulnerable to a denial of service, caused by...

Security Bulletin: IBM Cloud Transformation Advisor is vulnerable to multiple vulnerabilities

Summary IBM Cloud Transformation Advisor has addressed several security vulnerabilities including those in Java, Node.js, IBM WebSphere Application Server Liberty and various other libraries. Vulnerability Details CVEID:CVE-2022-21628 DESCRIPTION: Java SE is vulnerable to a denial of service,...

at.molindo:esi4j (>=3.0.0 <=3.0.2), at.molindo:scrutineer (=3.0.0) +9 more potentially affected by CVE-2022-24913 via com.fasterxml.util:java-merge-sort (>=1.0.0 <=1.0.2)

com.fasterxml.util:java-merge-sort MAVEN version =1.0.0, =3.0.0, =6.5.0, =2.3.0, =0.5.3, =0.5.3, =0.9.0, =0.5.3, =0.5.3, =0.9.0, =1.0.2, =1.0.4 Source cves: CVE-2022-24913 Source advisory: SNYK:JAVA-COMFASTERXMLUTIL-3227926...

Security Bulletin: B2B API of IBM Sterling B2B Integrator is vulnerable to multiple issues due to FasterXML jackson-databind

Summary IBM Sterling B2B Integrator has addressed the security vulnerabilities in jackson-databind in B2B API. Vulnerability Details CVEID:CVE-2019-20330 DESCRIPTION: A lacking of certain net.sf.ehcache blocking in FasterXML jackson-databind has an unknown impact and attack vector. CVSS Base scor...

Security Bulletin: Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak.

Summary Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak. Apache Commons is used by IBM Robotic Process Automation as part of the Watson NLP functionality CVE-2022-42889. Connect2id Nimbus JOSE+JWT is used by IBM Robotic Process Automation as part of the...

Security Bulletin: IBM Sterling Connect:Direct Web Services is vulnerable to FasterXML jackson-databind (CVE-2022-42003)

Summary IBM Sterling Connect:Direct Web Services is vulnerable to FasterXML jackson-databind Vulnerability Details CVEID:CVE-2022-42003 DESCRIPTION: FasterXML jackson-databind is vulnerable to a denial of service, caused by a lack of a check in the primitive value deserializers when the...

Security Bulletin: IBM Sterling Connect:Direct Web Services is vulnerable to denial of service due to FasterXML jackson-databind (CVE-2022-42004)

Summary IBM Sterling Connect:Direct Web Services has addressed a denial of service vulnerability due to FasterXML jackson-databind. Vulnerability Details CVEID:CVE-2022-42004 DESCRIPTION: FasterXML jackson-databind is vulnerable to a denial of service, caused by a lack of a check in in the...

Security Bulletin: Multiple Vulnerabilities discovered in libraries used by Apache Zookeeper that is included in ITNM (CVE-2020-36518, CVE-2022-2047, CVE-2022-2048, CVE-2022-24823)

Summary Multiple vulnerabilities CVE-2020-36518; CVE-2022-2047; CVE-2022-2048; CVE-2022-24823 found in apache zookeeper used by IBM Tivoli Network Manager ITNM IP Edition. The fix contains the updated versions of corresponding libraries. Vulnerability Details CVEID:CVE-2020-36518 DESCRIPTION:...

Security Bulletin: Vulnerabilities in FasterXML affects IBM Common Licensing's Administration And Reporting Tool (ART) and its Agent (217968, CVE-2020-36518)

Summary Security Vulnerablities have been addressed in IBM Common Licensing. Faster-XML Jackson is a JSON to Java object conversion API 217968, CVE-2020-36518. A fix is available to address the vulnerability. Vulnerability Details CVEID:CVE-2020-36518 DESCRIPTION: FasterXML jackson-databind is...