Security Bulletin: IBM Sterling Connect:Direct Web Services is vulnerable to denial of service due to FasterXML jackson-databind

Summary IBM Sterling Connect:Direct Web Services FasterXML jackson-databind. A denial of service vulnerability in FasterXML jackson-databind has been addressed. Vulnerability Details IBM X-Force ID: 217968 DESCRIPTION: FasterXML jackson-databind is vulnerable to a denial of service, caused by an...

Security Bulletin: IBM Tivoli Netcool/OMNIbus Probe Integrations is affected by vulnerability in FasterXML jackson-databind

Summary IBM Tivoli Netcool/OMNIbus Probe Integrations contains a vulnerable version of FasterXML jackson-databind. Vulnerability Details IBM X-Force ID: 217968 DESCRIPTION: FasterXML jackson-databind is vulnerable to a denial of service, caused by an error when using JDK serialization to serializ...

GHSA-C27H-MCMW-48HV Deserialization of Untrusted Data in org.codehaus.jackson:jackson-mapper-asl

A series of deserialization vulnerabilities have been discovered in Codehaus 1.9.x implemented in EAP 7. This CVE fixes CVE-2017-17485, CVE-2017-7525, CVE-2017-15095, CVE-2018-5968, CVE-2018-7489, CVE-2018-1000873, CVE-2019-12086 reported for FasterXML jackson-databind by implementing a whitelist...

Deserialization of Untrusted Data in org.codehaus.jackson:jackson-mapper-asl

A series of deserialization vulnerabilities have been discovered in Codehaus 1.9.x implemented in EAP 7. This CVE fixes CVE-2017-17485, CVE-2017-7525, CVE-2017-15095, CVE-2018-5968, CVE-2018-7489, CVE-2018-1000873, CVE-2019-12086 reported for FasterXML jackson-databind by implementing a whitelist...

CVE-2020-9547

A flaw was found in jackson-databind 2.x. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

Security Bulletin: IBM Planning Analytics Workspace is affected by multiple vulnerabilities (CVE-2022-22950, XFID:217968)

Summary IBM Planning Analytics Workspace is affected by multiple vulnerabilites. Spring is used in IBM Planning Analytics Workspace in Server Side Rest APIs as an indirect dependency by MongoDB that is used to store content CVE-2022-22950. FasterXML jackson-databind is used in IBM Planning...

Security Bulletin: Multiple Security Vulnerabilities in Jackson-Databind Affects IBM Sterling B2B Integrator

Summary IBM Sterlilng B2B Integrator has addressed the security vulnerabilities. Vulnerability Details CVEID:CVE-2020-36185 DESCRIPTION: FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization between gadgets and typing...

Security Bulletin: Vulnerability in [ALL] jackson-databind - fasterxml-jackson (217968) affects IBM Watson Assistant for IBM Cloud Pak for Data.

Summary Potential vulnerabilities in in ALL jackson-databind - fasterxml-jackson217968 has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. Refer to details for additional information. Vulnerability Details IBM X-Force ID: 217968 DESCRIPTION: FasterXML...

Security Bulletin: IBM Engineering Requirements Management DOORS Next is vulnerable to XML external entity (XXE) attacks due to FasterXML Jackson Databind (CVE-2020-25649)

Summary IBM Engineering Requirements Management DOORS Next is vulnerable to CVE-2020-25649 due to FasterXML Jackson Databind. FasterXML Jackson Databind is used by IBM Engineering Requirements Management DOORS Next for data mapping between JSON and Java objects. The fix includes FasterXML Jackson...

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in FasterXML jackson-databind

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of FasterXML jackson-databind. Vulnerability Details Third Party Entry: 217968 DESCRIPTION: FasterXML jackson-databind is vulnerable to a denial of service, caused by an error when using JDK serialization to...

About the security content of Xcode 13.3

About the security content of Xcode 13.3 This document describes the security content of Xcode 13.3. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available...

Security Bulletin: IBM Maximo Asset Management is vulnerable to Multiple Jackson-Databind CVEs - February 2020

Summary Security Bulletin: IBM Maximo Asset Management is vulnerable to Multiple Jackson-Databind CVEs - February 2020 Vulnerability Details CVEID: CVE-2019-17267 DESCRIPTION: FasterXML jackson-databind could provide weaker than expected security, caused by a polymorphic typing issue in the...

Security Bulletin: IBM Cloud Private is vulnerable to FasterXML jackson-databind vulnerabilities (CVE-2020-24750)

Summary IBM Cloud Private is vulnerable to FasterXML jackson-databind vulnerabilities Vulnerability Details CVEID: CVE-2020-24750 DESCRIPTION: FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization between gadgets and...

Security Bulletin: IBM Cloud Private is vulnerable to FasterXML jackson-databind vulnerabilities (CVE-2021-20190)

Summary IBM Cloud Private is vulnerable to FasterXML jackson-databind vulnerabilities Vulnerability Details CVEID: CVE-2021-20190 DESCRIPTION: FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization between gadgets and...

Security Bulletin: IBM Cloud Private is vulnerable to FasterXML jackson-databind vulnerabilities

Summary IBM Cloud Private is vulnerable to FasterXML jackson-databind vulnerabilities Vulnerability Details CVEID: CVE-2020-36179 DESCRIPTION: FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization between gadgets and...

Security Bulletin: IBM Cloud Pak for Multicloud Management Monitoring has patched several open source dependencies

Summary IBM Cloud Pak for Multicloud Management Monitoring has patched several open source dependencies that were inadvertently missed during previous scans. Vulnerability Details CVEID: CVE-2021-21409 DESCRIPTION: Netty is vulnerable to request smuggling, caused by improper validation of request...

Unsafe Deserialization in jackson-databind

FasterXML jackson-databind 2.x before 2.9.10.8 an 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource...

Unsafe Deserialization in jackson-databind

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource...

Unsafe Deserialization in jackson-databind

FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource...

Unsafe Deserialization in jackson-databind

FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool...