Lucene search
IBMBA52B3AF65440148334C9734035B65F3CECB36A8D91122A0BF7EEA75DD6FF353HistoryDec 20, 2019 - 8:47 a.m.
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in FasterXML jackson-databind
2019-12-2008:47:33
www.ibm.com
9
0.012 Low
EPSS
Percentile
85.1%
Summary
IBM Watson Discovery for IBM Cloud Pak for Data ships with versions of FasterXML jackson-databind vulnerable to serialization gadgets.
Vulnerability Details
CVEID:CVE-2019-17267
**DESCRIPTION:**A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to net.sf.ehcache.hibernate.EhcacheJtaTransactionManagerLookup.
CVSS Base score: 7.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/168514 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| ICP - Discovery | 2.0.0-2.0.1 |
Remediation/Fixes
Upgrade to IBM Watson Discovery 2.1
Workarounds and Mitigations
None
| CPE | Name | Operator | Version |
|---|---|---|---|
| watson discovery | eq | 2.0.0 | |
| watson discovery | eq | 2.0.1 |
Related
veracode
veracode
Remote Code Execution
2019-10-08 02:07:41
github
github
Improper Input Validation in jackson-databind
2020-06-15 18:44:48
atlassian
atlassian
RCE jackson-databind
2019-11-19 20:26:41
ubuntucve
ubuntucve
CVE-2019-17267
2019-10-07 00:00:00
debiancve
debiancve
CVE-2019-17267
2019-10-07 00:15:10
cve
cve
CVE-2019-17267
2019-10-07 00:15:10
cvelist
cvelist
CVE-2019-17267
2019-10-06 23:08:53
nvd
nvd
CVE-2019-17267
2019-10-07 00:15:10
redhatcve
redhatcve
CVE-2019-17267
2020-04-06 04:58:17
osv
osv
CVE-2019-17267
2019-10-07 00:15:10
Improper Input Validation in jackson-databind
2020-06-15 18:44:48
jackson-databind - security update
2019-12-10 00:00:00
prion
prion
Design/Logic Flaw
2019-10-07 00:15:00
nessus
nessus
Debian DLA-2030-1 : jackson-databind security update
2019-12-12 00:00:00
RHEL 8 : opendaylight (Unpatched Vulnerability)
2024-06-03 00:00:00
Oracle WebLogic Server Multiple Vulnerabilities (Oct 2020 CPU)
2020-10-22 00:00:00
debian
debian
[SECURITY] [DLA 2030-1] jackson-databind security update
2019-12-10 18:54:11
openvas
openvas
Debian: Security Advisory (DLA-2030-1)
2019-12-11 00:00:00
Mageia: Security Advisory (MGASA-2021-0153)
2022-01-28 00:00:00
Ubuntu: Security Advisory (USN-4813-1)
2023-01-27 00:00:00
ibm
ibm
cloudfoundry
cloudfoundry
redhat
redhat
mageia
mageia
Updated jackson-databind packages fix security vulnerabilities
2021-03-27 17:27:02
ubuntu
ubuntu
Jackson Databind vulnerabilities
2021-03-15 00:00:00
hp
hp
HP Device Manager Security Updates
2023-10-20 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - January 2020
2020-01-14 00:00:00
Oracle Critical Patch Update Advisory - October 2020
2020-10-20 00:00:00
Oracle Critical Patch Update Advisory - July 2020
2020-07-14 00:00:00
0.012 Low
EPSS
Percentile
85.1%
Related for BA52B3AF65440148334C9734035B65F3CECB36A8D91122A0BF7EEA75DD6FF353