IBM Watson Discovery for IBM Cloud Pak for Data has a vulnerable version of FasterXML jackson-databind. A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects.
CVEID:CVE-2019-20330
**DESCRIPTION:**A lacking of certain net.sf.ehcache blocking in FasterXML jackson-databind has an unknown impact and attack vector.
CVSS Base score: 7.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/173897 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Affected Product(s) | Version(s) |
---|---|
ICP - Discovery | 2.0.0-2.1.1 |
Upgrade to IBM Watson Discovery 2.1.2
<https://www.ibm.com/support/knowledgecenter/SSQNUZ_2.5.0/cpd/svc/watson/discovery-install.html>
None
CPE | Name | Operator | Version |
---|---|---|---|
watson discovery | eq | 2.0.0 | |
watson discovery | eq | 2.1.1 |