Security Bulletin: IBM Cloud Transformation Advisor is vulnerable to multiple vulnerabilities found in Java

Summary There are multiple vulnerabilities in Java used by IBM Cloud Transformation Advisor CVE-2021-46877, CVE-2021-0341, CVE-2021-35515, CVE-2021-35516, CVE-2024-30172. Vulnerability Details CVEID:CVE-2021-46877 DESCRIPTION: FasterXML jackson-databind is vulnerable to a denial of service, cause...

Security Bulletin: Fasterxml jackson-databind vulnerability affect IBM Spectrum Control

Summary Fasterxml jackson-databind is vulnerable to a denial of service. This vulnerability affect IBM Spectrum Control. CVE-2023-35116. Vulnerability Details CVEID:CVE-2023-35116 DESCRIPTION: Fasterxml jackson-databind is vulnerable to a denial of service, caused by a stack-based overflow. By...

Security Bulletin: IBM Datapower Operations Dashboard could allow a a denial of service CVEID 256137

Summary FasterXML Jackson Core is used by the IBM Datapower Operations Dashboard streaming and parsing implementation. Vulnerability Details IBM X-Force ID: 256137 DESCRIPTION: FasterXML Jackson Core is vulnerable to a denial of service, caused by improper input validation by the...

Security Bulletin: IBM Sterling Connect:Direct for Microsoft Windows is vulnerable to issues due to Apache Commons Configuration and Fasterxml jackson-databind

Summary There are vulnerabilities in Apache Commons Configuration and Fasterxml jackson-databind used by Install Agent, Integrated File Agent and Integrated Web Services in IBM Sterling Connect:Direct for Microsoft Windows. IBM Sterling Connect:Direct for Microsoft Windows has addressed the...

Security Bulletin: Content Manager Enterprise Edition for March 2024 - CVE-2023-3894

Summary Content Manager Enterprise Edition is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2023-389...

RHEL 8 : opendaylight (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - jackson-databind: Serialization gadgets in classes of the ehcache package CVE-2019-17267 - A flaw was...

Security Bulletin: IBM Instana Observability is affected by multiple vulnerabilities within Instana Agent container image

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana within Instana Agent container image build 273. Vulnerability Details CVEID:CVE-2024-29857 DESCRIPTION: The Bouncy Castle Crypto Package For Java is vulnerable to a denial of service, caused by improper input...

pki-core:10.6 and pki-deps:10.6 security update

apache-commons-collections apache-commons-lang apache-commons-net bea-stax fasterxml-oss-parent 49-1 - Rebase to upstream version 49 26-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora28MassRebuild 26-5 - Fix license tag 26-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora27MassRebuild...

Advisory ROSA-SA-2024-2420

Software: jackson-databind 2.10.0 OS: ROSA Virtualization 2.1 packageevrstring: jackson-databind-2.10.0 CVE-ID: CVE-2020-35490 BDU-ID: 2022-03804 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the org.apache.commons.dbcp2.datasources.PerUserPoolDataSource component of the Jackson-databind library o...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in Fasterxml jackson-databind [CVE-2023-35116]

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in Fasterxml jackson-databind, caused by a stack-based overflow CVE-2023-35116. Fasterxml jackson-databind is used in our Speech microservices. This vulnerabilitiy has been addressed. Plea...

Injection com.fasterxml.jackson.core:jackson-databind Dependency in Crowd Data Center and Server

This High severity com.fasterxml.jackson.core:jackson-databind Dependency vulnerability was introduced in versions 5.0.0, 5.1.0, and 5.2.0 of Crowd Data Center and Server. This com.fasterxml.jackson.core:jackson-databind Dependency vulnerability, with a CVSS Score of 8.1 and a CVSS Vector of...

Fedora: Security Advisory for fasterxml-oss-parent (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 40 Update: fasterxml-oss-parent-58-2.fc40

FasterXML is the business behind the Woodstox streaming XML parser, Jackson streaming JSON parser, the Aalto non-blocking XML parser, and a growing family of utility libraries and extensions. FasterXML offers consulting services for adoption, performance tuning, and extension. This package contai...

Security Bulletin: IBM Spectrum Symphony with Fasterxml jackson-databind is vulnerable to a denial of service, caused by a stack-based overflow

Summary IBM Spectrum Symphony with Fasterxml jackson-databind is vulnerable to a denial of service, caused by a stack-based overflow Vulnerability Details CVEID:CVE-2023-35116 DESCRIPTION: Fasterxml jackson-databind is vulnerable to a denial of service, caused by a stack-based overflow. By...

Security Bulletin: IBM Sterling Connect:Direct Web Services is vulnerable to denial of service due to FasterXML jackson-databind (CVE-2023-35116)

Summary IBM Sterling Connect:Direct Web Services uses FasterXML jackson-databind. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2023-35116 DESCRIPTION: Fasterxml jackson-databind is vulnerable to a denial of service, caused by a...

The vulnerability of the Jackson-databind library in the FasterXML project allows a hacker to induce a service failure.

The vulnerability of the Jackson-databind library in the FasterXML project is related to the unlimited distribution of resources. Exploiting this vulnerability could allow a attacker to cause a service failure...

Security Bulletin: IBM Disconnected Log Collector is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. This update addresses these CVEs. Vulnerability Details CVEID:CVE-2023-35116 DESCRIPTION: Fasterxml jackson-databind is vulnerable to a denial of service, caused...

Security Bulletin: Multiple vulnerabilities fixed in IBM Security Verify Governance - Identity Manager software component

Summary Multiple security vulnerabilities have been addressed in IBM Security Verify Governance - Identity Manager software component. Vulnerability Details CVEID:CVE-2023-2976 DESCRIPTION: Google Guava could allow a local authenticated attacker to obtain sensitive information, caused by a flaw...

Atlassian Jira Service Management Data Center and Server 4.20.x < 4.20.27 / 5.4.x < 5.4.11 (JSDSERVER-14751)

The version of Atlassian Jira Service Management Data Center and Server Jira Service Desk running on the remote host is affected by a vulnerability as referenced in the JSDSERVER-14751 advisory. - In FasterXML jackson-databind before 2.14.0-rc1, resource exhaustion can occur because of a lack of ...

Security Bulletin: IBM Sterling B2B Integrator affected by FasterXML Jackson-data vulnerabilities (CVE-2022-42003, CVE-2022-42004)

Summary IBM Sterling B2B Integrator uses FasterXML Jackson-databind. Vulnerability Details CVEID: CVE-2022-42004 DESCRIPTION: FasterXML jackson-databind is vulnerable to a denial of service, caused by a lack of a check in in the BeanDeserializer.deserializeFromArray function. By sending a...