There is an vulnerability(CVE-2020-36518) in in 3rd party library jackson-databind affect IBM Spectrum LSF Suite, IBM Spectrum LSF Explorer and IBM Platform Application Center,
Refer to the security bulletin(s) listed in the Remediation/Fixes section
Affected Product(s) | Version(s) |
---|---|
IBM Spectrum LSF Explorer |
10.2.0.x
(x <=12)
IBM Platform Application Center|
10.2.0.x
(x <=12)
IBM Spectrum LSF Suite|
10.2.0.x
(x <=12)
Product
|
VRMF
|
APAR
|
Remediation/First Fix
—|—|—|—
IBM Spectrum LSF Suite
IBM Platform Application Center
IBM Spectrum LSF Explorer
|
10.2.0.x
(x <=12)
|
None
|
./3.0/wlp/usr/servers/platform/apps/platform.war/WEB-INF/lib/jackson-annotations-2.10.0.jar
./3.0/wlp/usr/servers/platform/apps/platform.war/WEB-INF/lib/jackson-core-2.10.0.jar
./3.0/wlp/usr/servers/platform/apps/platform.war/WEB-INF/lib/jackson-databind-2.10.0.jar
./3.0/wlp/usr/servers/platform/apps/platform.war/WEB-INF/lib/jackson-jaxrs-base-2.10.0.jar
./3.0/wlp/usr/servers/platform/apps/platform.war/WEB-INF/lib/jackson-jaxrs-json-provider-2.10.0.jar
./3.0/wlp/usr/servers/platform/apps/platform.war/WEB-INF/lib/jackson-module-jaxb-annotations-2.10.0.jar
./3.0/wlp/usr/servers/notification/apps/notification.war/WEB-INF/lib/jackson-annotations-2.9.2.jar
./3.0/wlp/usr/servers/notification/apps/notification.war/WEB-INF/lib/jackson-core-2.9.2.jar
./3.0/wlp/usr/servers/notification/apps/notification.war/WEB-INF/lib/jackson-databind-2.9.2.jar
5. On the Application Center host, start pmc service by “pmcadmin start”.
the issue will be fixed in next fix patch release FP13 in Q2