Vulnerability CVE-2019-12814 in jackson-databind affects IBM Global High Availability Mailbox
CVEID:CVE-2019-12814 DESCRIPTION: FasterXML jackson-databind could enable a remote attacker to obtain sensitive information, where the vulnerability is caused by a polymorphic typing issue. By sending a specially-crafted JSON message, an attacker could exploit the vulnerability to read arbitrary local files on the server.
CVSS Base Score: 5.9
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/162875> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N )
IBM Global High Availability Mailbox 6.0.0, 6.0.1, 6.0.2
Product Name | VRMF | FIX CENTRAL |
---|---|---|
IBM Global High Availability Mailbox | 6.0.0, 6.0.1, 6.0.2 | Upgrade to version 6.0.3 |
None