com.google.code.gson-gson: Deserialization of Untrusted Data in com.google.code.gson-gson

A flaw was found in gson, which is vulnerable to Deserialization of Untrusted Data via the writeReplace method in internal classes. This issue may lead to availability attacks...

Security Bulletin: Multiple Vulnerabilities in CloudPak for Watson AIOPs

Summary Multiple vulnerabilities were fixed in IBM Cloud Pak for Watson AIOps Vulnerability Details CVEID:CVE-2022-42004 DESCRIPTION: FasterXML jackson-databind is vulnerable to a denial of service, caused by a lack of a check in in the BeanDeserializer.deserializeFromArray function. By sending a...

Security Bulletin: Vulnerability in Google Gson affects watsonx.data

Summary Google Gson is vulnerable to a denial of service, caused by the deserialization of untrusted data. This can affect watsonx.data. Vulnerability Details CVEID:CVE-2022-25647 DESCRIPTION: Google Gson is vulnerable to a denial of service, caused by the deserialization of untrusted data. By...

OPENSUSE-SU-2024:12040-1 google-gson-2.8.9-3.1 on GA media

These are all security issues fixed in the google-gson-2.8.9-3.1 package on the GA media of openSUSE Tumbleweed...

Oracle Business Intelligence Enterprise Edition (OAS 7.0) (January 2024 CPU)

The version of Oracle Business Intelligence Enterprise Edition OAS 7.0.0.0 installed on the remote host is affected by multiple vulnerabilities as referenced in the January 2024 CPU advisory, including the following: - Vulnerability in the Oracle Business Intelligence Enterprise Edition product o...

Oracle Application Testing Suite DoS (October 2023 CPU)

The version of Oracle Application Testing Suite installed on the remote host is affected by a denial of service vulnerability as referenced in the October 2023 CPU advisory: - Vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager component: Load Testing for We...

Security Bulletin: Netcool Operations Insights 1.6.10 addresses multiple security vulnerabilities.

Summary Netcool Operations Insight v1.6.10 addresses multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details CVEID:CVE-2022-25647 DESCRIPTION: Google Gson is vulnerable to a denial of service, caused by the deserialization of untrusted data. By using the writeReplace...

Security Bulletin: IBM Cloud Pak for Network Automation 2.6 addresses multiple security vulnerabilities

Summary IBM Cloud Pak for Network Automation 2.6 addresses multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details CVEID:CVE-2022-25647 DESCRIPTION: Google Gson is vulnerable to a denial of service, caused by the deserialization of untrusted data. By using the...

Security Bulletin: Vulnerability in Google gson 2.2.4 libraries (CVE-2022-25647) affects IBM Operations Analytics Predictive Insights

Summary IBM Operations Analytics Predictive Insights uses Google gson libraries for serialization/deserialization of objects in REST mediation service. A security vulnerability in versions prior to gson 2.8.9. could be exploited to compromise Operations Analytics Predictive Insights services...

Security Bulletin: Vulnerability of Google Gson (gson-2.8.2.jar ) have affected APM WebSphere Application Server Agent , APM SAP NetWeaver Agent and APM WebLogic Agent

Summary APM WebSphere Application Server Agent , APM SAP NetWeaver Agent and APM WebLogic Agent is vulnerable to Google Gson gson-2.8.2.jar 217225, CVE-2022-25647. The fix/workaround includes gson-2.8.2.jar upgraded to gson-2.10.1.jar. Vulnerability Details CVEID:CVE-2022-25647 DESCRIPTION: Googl...

Security Bulletin: IBM Storage Protect is vulnerable to a denial of service attack due to Google Gson (CVE-2022-25647)

Summary IBM Spectrum Protect is uses Google Gson for object serialization and is vulnerable to this attack. Vulnerability Details CVEID:CVE-2022-25647 DESCRIPTION: Google Gson is vulnerable to a denial of service, caused by the deserialization of untrusted data. By using the writeReplace method, ...

Security Bulletin: Vulnerability from Google Gson affect IBM Operations Analytics - Log Analysis (CVE-2022-25647)

Summary Google Gson shipped with Log Analysis is vulnerable to denial of service Vulnerability Details CVEID:CVE-2022-25647 DESCRIPTION: Google Gson is vulnerable to a denial of service, caused by the deserialization of untrusted data. By using the writeReplace method, a remote attacker could...

Oracle Enterprise Manager Cloud Control (Jan 2023 CPU)

The 13.4.0.0 and 13.5.0.0 versions of Enterprise Manager Base Platform installed on the remote host are affected by a vulnerabiliy in the Application Config Console Google Gson component as referenced in the January 2023 CPU advisory. Easily exploitable vulnerability allows unauthenticated attack...

Security Bulletin: IBM Sterling B2B Integrator is vulnerable to denial of service due to Google Gson (CVE-2022-25647)

Summary IBM Sterling B2B Integrator has addressed a denial of service vulnerability in Google Gson. Vulnerability Details CVEID:CVE-2022-25647 DESCRIPTION: Google Gson is vulnerable to a denial of service, caused by the deserialization of untrusted data. By using the writeReplace method, a remote...

IBM Cognos Analytics Multiple Vulnerabilities (6841801)

The version of IBM Cognos Analytics installed on the remote host is 11.1.x prior to 11.1.7 Fix Pack 6 or 11.2.x prior to 11.2.4. It is, therefore, affected by multiple vulnerabilities, including the following: - A flaw in the JDBC driver of Apache Calcite Avatica can allow an unauthenticated,...

Dell Wyse Management Suite < 4.0 Multiple Vulnerabilities (DSA-2022-329)

The version of Dell Wyse Management Suite installed on the remote host is prior to 4.0. It is, therefore, affected by multiple vulnerabilities as referenced in the DSA-2022-329 advisory. - Cure53 DOMPurify before 2.0.17 allows mutation XSS. This occurs because a serialize-parse roundtrip does not...

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to Google Gson denial of service vulnerabilities ( CVE-2022-25647, ID217225)

Summary Potential denial of service vulnerabilities in Google gson , CVE-2022-25647, ID217225 has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. Refer to details for additional information. Vulnerability Details CVEID:CVE-2022-25647 DESCRIPTION: Google Gson is...

Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationServer operands that use the JDBC connector may be vulnerable to denial of service due to CVE-2022-25647

Summary Google Gson is used by IBM App Connect Enterprise Certified Container in the JDBC connector. IBM App Connect Enterprise Certified Container IntegrationServer operands that use the JDBC connector may be vulnerable to denial of service. This bulletin provides patch information to address th...

SUSE-SU-2022:3706-1 Security update for google-gson

This update for google-gson fixes the following issues: Fixed security issue: - CVE-2022-25647: Deserialization of Untrusted Data bsc1199064 Other non security fixes: - Build with Java = 9 in order to produce a modular jar by compiling the module-info.java sources with all other classes built wit...

Oracle Business Intelligence Publisher (Oct 2022 CPU)

The 5.9.0.0 and 6.4.0.0 versions of Oracle Business Intelligence Enterprise Edition installed on the remote host are affected by multiple vulnerabilities as referenced in the October 2022 CPU advisory. - Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware component: Core...