Lucene search
IBMC082E280AFD5FE3767877811DD61166D2DC32C0E055717E829875D40805DD1C3HistoryDec 20, 2019 - 8:47 a.m.
Security Bulletin: Netcool Operations Insight - Cloud Native Event Analytics is affected by a FasterXML jackson-databind vulnerability (CVE-2019-14439)
2019-12-2008:47:33
www.ibm.com
14
0.001 Low
EPSS
Percentile
45.8%
Summary
Netcool Operations Insight - Cloud Native Event Analytics has addressed the following vulnerability in FasterXML jackson-databind
Vulnerability Details
CVEID:CVE-2019-14439
**DESCRIPTION:**A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2. This occurs when Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the logback jar in the classpath.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/164744 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| Netcool Operations Insight - Cloud Native Event Analytics | 1.6.0 |
Remediation/Fixes
Upgrade Operations Insight to 1.6.0.1
Workarounds and Mitigations
None
| CPE | Name | Operator | Version |
|---|---|---|---|
| netcool operations insight | eq | 1.6.0 |
Related
nvd
nvd
CVE-2019-14439
2019-07-30 11:15:11
CVE-2019-14361
2019-07-31 11:15:14
cvelist
cvelist
CVE-2019-14439
2019-07-30 10:49:43
veracode
veracode
Deserialization Of Untrusted Data
2019-07-31 06:49:30
cve
cve
CVE-2019-14439
2019-07-30 11:15:11
CVE-2019-14361
2019-07-31 11:15:14
ibm
ibm
osv
osv
Deserialization of untrusted data in FasterXML jackson-databind
2019-08-01 19:18:06
CVE-2019-14439
2019-07-30 11:15:11
jackson-databind - security update
2019-08-12 00:00:00
github
github
Deserialization of untrusted data in FasterXML jackson-databind
2019-08-01 19:18:06
debiancve
debiancve
CVE-2019-14439
2019-07-30 11:15:11
ubuntucve
ubuntucve
CVE-2019-14439
2019-07-30 00:00:00
prion
prion
Path traversal
2019-07-30 11:15:00
redhatcve
redhatcve
CVE-2019-14439
2020-04-09 10:40:14
nessus
nessus
Debian DLA-1879-1 : jackson-databind security update
2019-08-13 00:00:00
Fedora 29 : jackson-annotations / jackson-bom / jackson-core / jackson-databind (2019-fb23eccc03)
2019-09-23 00:00:00
Oracle Primavera Unifier Multiple Vulnerabilities (Oct 2019 CPU)
2019-10-21 00:00:00
openvas
openvas
Debian: Security Advisory (DLA-1879-1)
2019-08-13 00:00:00
Fedora Update for jackson-annotations FEDORA-2019-ae6a703b8f
2019-09-23 00:00:00
Fedora Update for jackson-bom FEDORA-2019-fb23eccc03
2019-09-23 00:00:00
debian
debian
[SECURITY] [DLA 1879-1] jackson-databind security update
2019-08-12 22:19:38
[SECURITY] [DSA 4542-1] jackson-databind security update
2019-10-06 08:28:37
[SECURITY] [DSA 4542-1] jackson-databind security update
2019-10-06 08:28:37
symantec
symantec
fedora
fedora
[SECURITY] Fedora 31 Update: jackson-bom-2.9.9-1.fc31
2019-09-18 00:07:22
[SECURITY] Fedora 30 Update: jackson-databind-2.9.9.3-1.fc30
2019-09-22 02:26:43
[SECURITY] Fedora 31 Update: jackson-core-2.9.9-1.fc31
2019-09-18 00:07:22
redhat
redhat
(RHSA-2020:0983) Important: Red Hat Fuse 7.6.0 security update
2020-03-26 15:40:22
mageia
mageia
Updated jackson-databind packages fix security vulnerabilities
2021-03-27 17:27:02
ubuntu
ubuntu
Jackson Databind vulnerabilities
2021-03-15 00:00:00
hp
hp
HP Device Manager Security Updates
2023-10-20 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - October 2019
2020-01-22 00:00:00
Oracle Critical Patch Update Advisory - January 2020
2020-01-14 00:00:00
Oracle Critical Patch Update Advisory - July 2020
2020-07-14 00:00:00
0.001 Low
EPSS
Percentile
45.8%
Related for C082E280AFD5FE3767877811DD61166D2DC32C0E055717E829875D40805DD1C3