Security Bulletin: IBM Sterling B2B Integrator is vulnerable to denial service (CVE-2020-36518)

Summary IBM Sterling B2B Integrator has addressed the denial service vulnerability Vulnerability Details CVEID:CVE-2020-36518 DESCRIPTION: FasterXML jackson-databind is vulnerable to a denial of service, caused by a Java StackOverflow exception. By using a large depth of nested objects, a remote...

Security Bulletin: IBM i Modernization Engine for Lifecycle Integration is vulnerable to multiple vulnerabilities

Summary There are multiple vulnerabilities in components of IBM i Modernization Engine for Lifecycle Integration as described in the Vulnerability Details section. FasterXML jackson-databind, Keycloak, and SnakeYAML are vulnerable to a denial of service CVE-2022-25857, CVE-2022-38751,...

Security Bulletin: IBM Sterling Connect:Direct for UNIX is vulnerable to denial of service due to FasterXML jackson-databind (CVE-2022-42004)

Summary IBM Sterling Connect:Direct for UNIX object store service and File Agent component are vulnerable to denial of service due to FasterXML jackson-databind. FasterXML jackson-databind has been upgraded to version 2.14.0 in IBM Sterling Connect:Direct for UNIX object store service and File...

Security Bulletin: IBM Sterling Connect:Direct for UNIX is vulnerable to denial of service due to FasterXML jackson-databind (CVE-2022-42003)

Summary IBM Sterling Connect:Direct for UNIX object store service and File Agent component are vulnerable to denial of service due to FasterXML jackson-databind. FasterXML jackson-databind has been upgraded to version 2.14.0 in IBM Sterling Connect:Direct for UNIX object store service and File...

Security Bulletin: IBM Tivoli Netcool/OMNIbus Probe and Integrations Library are affected by vulnerabilities in FasterXML jackson-databind (CVE-2022-42004, CVE-2022-42003)

Summary FasterXML jackson-databind is used by IBM Tivoli Netcool/OMNIbus Transport Module Common Integration Library and Probe for Microsoft Exchange Web Services. The latest patches include FasterXML jackson-databind 2.13.4.2 that fixes the vulnerabilities. CVE-2022-42004, CVE-2022-42003...

Security Bulletin: Vulnerabilities in IBM WebSphere Application Server Liberty, FasterXML jackson-databind, and Zlib affect IBM Spectrum Protect for Virtual Environments (CVE-2022-34165, CVE-2022-42003, CVE-2022-42004, CVE-2018-25032)

Summary IBM Spectrum Protect for Virtual Environments Data Protection for Hyper-V and Data Protection for VMware can be affected by vulnerabilities in IBM WebSphere Application Server Liberty, FasterXML jackson-databind, and Zlib. Vulnerabilities include HTTP header injection and denial of servic...

Security Bulletin: Vulnerabilities in IBM WebSphere Application Server Liberty, FasterXML jackson-databind, and Zlib affect IBM Spectrum Protect Backup-Archive Client (CVE-2022-34165, CVE-2022-42003, CVE-2022-42004, CVE-2018-25032)

Summary IBM Spectrum Protect Backup-Archive Client can be affected by vulnerabilities in IBM WebSphere Application Server Liberty, FasterXML jackson-databind, and Zlib. Vulnerabilities include HTTP header injection and denial of service, as described by the CVEs in the "Vulnerability Details"...

Security Bulletin: Vulnerabilities in IBM WebSphere Application Server Liberty, FasterXML jackson-databind, and Zlib affect IBM Spectrum Protect for Space Management Client (CVE-2022-34165, CVE-2022-42003, CVE-2022-42004, CVE-2018-25032)

Summary IBM Spectrum Protect for Space Management Client can be affected by vulnerabilities in IBM WebSphere Application Server Liberty, FasterXML jackson-databind, and Zlib. Vulnerabilities include HTTP header injection and denial of service, as described by the CVEs in the "Vulnerability Detail...

Security Bulletin: FasterXML Jackson Databind used by CICS Transaction Gateway is vulnerable to a denial of service

Summary FasterXML Jackson Databind used by CICS Transaction Gateway is vulnerable to a denial of service, caused by a Java StackOverflow exception CVE-2020-36518. CICS Transaction Gateway addressed the applicable CVE. Vulnerability Details CVEID:CVE-2020-36518 DESCRIPTION: FasterXML...

Security Bulletin: FasterXML Jackson Databind used by CICS Transaction Gateway is vulnerable to a denial of service and could provide weaker than expected security

Summary FasterXML Jackson Databind used by CICS Transaction Gateway is vulnerable to a denial of service CVE-2022-42004, CVE-2022-42003, CVE-2020-36518 and could provide weaker than expected security CVE-2020-25649. CICS Transaction Gateway addressed the applicable CVEs. Vulnerability Details...

Security Bulletin: FasterXML Jackson Databind used by CICS Transaction Gateway could provide weaker than expected security

Summary FasterXML Jackson Databind used by CICS Transaction Gateway could provide weaker than expected security, caused by not having entity expansion secured properly CVE-2020-25649. CICS Transaction Gateway addressed the applicable CVE. Vulnerability Details CVEID:CVE-2020-25649 DESCRIPTION:...

Security Bulletin: Multiple security vulnerabilities in IBM Business Automation Workflow Event Emitters

Summary IBM Business Automation Workflow event emitters for IBM Business Automation Insights package open source libraries with known vulnerabilities. Vulnerability Details CVEID:CVE-2022-25857 DESCRIPTION: Java package org.yaml:snakeyam is vulnerable to a denial of service, caused by missing to...

Security Bulletin: IBM Cloud Transformation Advisor is vulnerable to multiple vulnerabilities

Summary IBM Cloud Transformation Advisor has addressed multiple security vulnerabilities including those in Node.js, IBM WebSphere Application Server Liberty and various other libraries. Vulnerability Details CVEID:CVE-2021-2163 DESCRIPTION: An unspecified vulnerability in Java SE related to the...

Security Bulletin: IBM Cloud Transformation Advisor is vulnerable to multiple vulnerabilities

Summary IBM Cloud Transformation Advisor has addressed multiple security vulnerabilities including those in Node.js, Java SE and various other libraries. Vulnerability Details CVEID:CVE-2022-0778 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a flaw in the BNmodsqrt function...

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to FasterXML jackson-databind denial of service (CVE-2022-42003)

Summary Potential vulnerabilities in FasterXML jackson-databind which is caused by a lack of a check in the primitive value deserializers when the UNWRAPSINGLEVALUEARRAYS feature is enabled CVE-2022-42003 has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. Refer t...

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to FasterXML jackson-databind denial of service (CVE-2022-42004)

Summary Potential vulnerabilities in FasterXML jackson-databind which is caused by a lack of a check in in the BeanDeserializer.deserializeFromArray function CVE-2022-42004 has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. Refer to details for additional...

Security Bulletin: Information disclosure in FasterXML Jackson Dataformats affect IBM Operations Analytics - Log Analysis (CVE-2020-28491)

Summary FasterXML jackson-dataformat-cbor is susceptible to denial of service, caused by java.lang.OutOfMemoryError exception. Vulnerability Details CVEID:CVE-2020-28491 DESCRIPTION: FasterXML jackson-dataformats-binary is vulnerable to a denial of service, caused by an unchecked allocation of by...

Security Bulletin: IBM Sterling Connect:Direct File Agent is vulnerable to denial of service due to FasterXML jackson-databind (CVE-2022-42004)

Summary There is a vulnerability in FasterXML jackson-databind used by IBM Sterling Connect:Direct File Agent. IBM Sterling Connect:Direct File Agent has addressed the applicable CVE CVE-2022-42004. Vulnerability Details CVEID:CVE-2022-42004 DESCRIPTION: FasterXML jackson-databind is vulnerable t...

Security Bulletin: IBM Sterling Connect:Direct File Agent is vulnerable to denial of service due to FasterXML jackson-databind (CVE-2022-42003)

Summary There is a vulnerability in FasterXML jackson-databind used by IBM Sterling Connect:Direct File Agent. IBM Sterling Connect:Direct File Agent has addressed the applicable CVE CVE-2022-42003. Vulnerability Details CVEID:CVE-2022-42003 DESCRIPTION: FasterXML jackson-databind is vulnerable t...

Security Bulletin: IBM Sterling Connect:Direct File Agent is vulnerable to denial of service due to FasterXML jackson-databind

Summary There is a vulnerability in FasterXML jackson-databind used by IBM Sterling Connect:Direct File Agent. IBM Sterling Connect:Direct File Agent has addressed the applicable vulnerability. Vulnerability Details IBM X-Force ID: 217968 DESCRIPTION: FasterXML jackson-databind is vulnerable to a...