Deserialization com.fasterxml.jackson.core:jackson-databind in Jira Software Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 8.20.0, 9.4.0, 9.5.0, 9.6.0, 9.7.0, 9.8.0, 9.9.0, 9.10.0, and 9.11.0 of Jira Software Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

Security Bulletin: Vulnerability CVE-2023-35116 affects CICS Transaction Gateway for Multiplatforms and CICS Transaction Gateway Desktop Edition.

Summary Vulnerability CVE-2023-35116 affects CICS Transaction Gateway for Multiplatforms and CICS Transaction Gateway Desktop Edition. This fix addresses this vulnerability. Vulnerability Details CVEID:CVE-2023-35116 DESCRIPTION: Fasterxml jackson-databind is vulnerable to a denial of service,...

FasterXML Vulnerability in Jira Service Management Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 4.20.0, 5.4.0, 5.5.1, 5.6.0, 5.7.0, 5.8.0, 5.9.0, and 5.10.0 of Jira Service Management Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

FasterXML Vulnerability in Jira Service Management Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 4.20.0, 5.4.0, 5.5.1, 5.6.0, 5.7.0, 5.8.0, 5.9.0, and 5.10.0 of Jira Service Management Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

Security Bulletin: FasterXML jackson-databind vulnerabilites impact IBM Sterling Order Management

Summary Various FasterXML jackson-databind vulnerabilites include the following: could allow a remote attacker to execute arbitrary code on the system, could provide weaker than expected security, could allow a remote attacker to obtain sensitive information, could be vulnerable to a denial of...

FasterXML Vulnerability in Bitbucket Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 7.17.0, 7.21.0, 8.7.0, 8.8.0, 8.9.0, 8.10.0, 8.11.0, 8.12.0, and 8.13.0 of Bitbucket Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

FasterXML Vulnerability in Bamboo Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 9.1.0, 9.2.1, and 9.3.0 of Bamboo Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an...

FasterXML Vulnerability in Bamboo Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 9.1.0, 9.2.1, and 9.3.0 of Bamboo Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an...

FasterXML Vulnerability in Bitbucket Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 7.17.0, 7.21.0, 8.7.0, 8.8.0, 8.9.0, 8.10.0, 8.11.0, 8.12.0, and 8.13.0 of Bitbucket Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

Security Bulletin: IBM Security Verify Governance is affected by multiple vulnerabilities

Summary IBM Security Verify Governance uses various components, such as IBM Java, and Dojo. Security vulnerabilities in multiple components have been addressed in the IBM Security Verify Governance update. Vulnerability Details CVEID:CVE-2021-22569 DESCRIPTION: Google Protocol Buffer protobuf-jav...

Security Bulletin: Multiple vulnerabilities has been identified in FasterXML jackson-databind affect IBM Engineering Lifecycle Optimization - Publishing

Summary A security vulnerability has been identified in FasterXML jackson-databind affect IBM Engineering Lifecycle Optimization - Publishing. Information about a security vulnerability affecting jackson-databind has been published in a security bulletin. Vulnerability Details CVEID:CVE-2021-4687...

Security Bulletin: IBM Tivoli Netcool Impact is vulnerable to denial of service due to FasterXML jackson-core (PRISMA-2023-0067)

Summary FasterXML jackson-core is shipped with IBM Tivoli Netcool Impact as part of it's backend infrastructure. Information about a security vulnerability affecting FasterXML jackson-core has been published in a security bulletin. Vulnerability Details IBM X-Force ID: 256137 DESCRIPTION: FasterX...

The vulnerability of the Jackson-databind library in the FasterXML project, related to the restoration of unreliable data in memory, allows a attacker to cause a service failure.

The vulnerability of the Jackson-databind library in the FasterXML project is related to the restoration of unreliable data in memory. Exploiting this vulnerability could allow a malicious actor to cause service failures...

The vulnerability of the Jackson-databind library in the FasterXML project, related to the restoration of unreliable data in memory, allows a attacker to cause a service failure.

The vulnerability of the Jackson-databind library in the FasterXML project is related to the restoration of unreliable data in memory. Exploiting this vulnerability can allow an attacker to cause a service failure...

Security Bulletin: A vulnerability in FasterXML Jackson Core may affect IBM Robotic Process Automation and result in an application crash (IBM X-Force ID: 256137).

Summary There is a vulnerability in FasterXML Jackson Core used by IBM Robotic Process Automation as part of Watson NLP, which may result in an application crash IBM X-Force ID: 256137. This bulletin identifies the security fixes to apply to address this vulnerability. Vulnerability Details IBM...

K000135852: FasterXML jackson-databind vulnerability CVE-2022-42003

Security Advisory Description In FasterXML jackson-databind before 2.14.0-rc1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAPSINGLEVALUEARRAYS feature is enabled. Additional fix version in 2.13.4.1 a...

Security Bulletin: Security Vulnerabilities in JRE and Java packages affect IBM Voice Gateway

Summary Security Vulnerabilities in JRE and Java packages affect IBM Voice Gateway Vulnerability Details CVEID:CVE-2022-40609 DESCRIPTION: IBM SDK, Java Technology Edition 7.1.5.18 and 8.0.8.0 could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserializati...

Security Bulletin: Multiple vulnerabilities found on thirdparty libraries used by IBM® MobileFirst Platform

Summary There are multiple vulnerabilities in open source libraries used by IBM MobileFirst Platform Foundation. They are addressed in this update. Vulnerability Details CVEID:CVE-2022-45688 DESCRIPTION: Hutool is vulnerable to a denial of service, caused by stack-based buffer overflow. By...

FasterXML Jackson Buffer Error Vulnerability

FasterXML Jackson is a data manipulation tool for Java from FasterXML USA. A security vulnerability exists in FasterXML Jackson-dataformats-text, which stems from vulnerability to denial-of-service DOS attacks when parsing TOML data...

Security Bulletin: IBM OpenPages for IBM Cloud Pak for Data is Vulnerable to FasterXML jackson-databind [CVE-2022-42003, CVE-2022-42004]

Summary FasterXML jackson-databind is used by IBM OpenPages for IBM Cloud Pak for Data. Several vulnerabilities in this component have been addressed. Vulnerability Details CVEID:CVE-2022-42003 DESCRIPTION: FasterXML jackson-databind is vulnerable to a denial of service, caused by a lack of a che...