IBM Event Streams is potentially vulnerable to a data integrity issue
CVEID:CVE-2020-25649
**DESCRIPTION:**FasterXML Jackson Databind could provide weaker than expected security, caused by not having entity expansion secured properly. A remote attacker could exploit this vulnerability to launch XML external entity (XXE) attacks to have impact over data integrity.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/192648 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM Event Streams | 2019.2.1 |
IBM Event Streams
|
2019.4.1
IBM Event Streams
|
2019.4.2
IBM Event Streams
|
2019.4.3
IBM Event Streams in IBM Cloud Pak for Integration
| 10.0.0
IBM Event Streams in IBM Cloud Pak for Integration
| 10.1.0
IBM Event Streams in IBM Cloud Pak for Integration
| 10.2.0
Upgrade to IBM Event Streams 10.3.0 or 10.2.1 by following the upgrading and migrating documentation.
Upgrade from IBM Event Streams 2019.2.1 and 2019.4.x to the latest Fix Pack.
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm event streams | eq | 2019.4. | |
ibm event streams | eq | 10. |