High Severity

IBM Security Bulletin: Security Bulletin: IBM Event Streams is affected by jackson-databind vulnerabilities

Share this post:

IBM Event Streams has addressed the following vulnerabilities in the jackson-databind versions shipped.

CVE(s): CVE-2019-12814, CVE-2019-14439, CVE-2019-14540, CVE-2019-16335

Affected product(s) and affected version(s):

IBM Event Streams 2019.2.1 or earlier

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://supportcontent.ibm.com/support/pages/node/1079409
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/162875
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/164744
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/167354
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/167205

More stories

Security Bulletin: XStream as used by IBM QRadar SIEM is vulnerable to os command injection (CVE-2019-10173)

Nov 20, 2019 7:00 pm EST | High Severity

CVEID:   CVE-2019-10173 DESCRIPTION:   It was found that xstream API version 1.4.10 before 1.4.11 introduced a regression for a previous deserialization flaw. If the security framework has not been initialized, it may allow a remote attacker to run arbitrary shell commands when unmarshalling XML or any supported format. e.g. JSON. (regression of CVE-2013-7285)CVSS Base score: 9.8CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/164187 for the current score.CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) ...read more


Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Spectrum Protect Operations Center on AIX (CVE-2019-4473, CVE-2019-11771)

Nov 20, 2019 7:00 pm EST | High Severity

CVEID:   CVE-2019-4473 DESCRIPTION:   Multiple binaries in IBM SDK, Java Technology Edition 7, 7R, and 8 on the AIX platform use insecure absolute RPATHs, which may facilitate code injection and privilege elevation by local users. IBM X-Force ID: 163984.CVSS Base score: 8.4CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/163984 for the current score.CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) CVEID:   CVE-2019-11771 DESCRIPTION:   AIX builds of Eclipse OpenJ9 before 0.15.0 contain unused RPATHs which may facilitate code injection and privilege elevation by local users.CVSS Base score: 8.4CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/163989 for the current score.CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) ...read more


Security Bulletin: Bypass Client-Side Validation vulnerability in Cloud Pak System (CVE-2019-4240)

Nov 20, 2019 12:10 pm EST | High Severity

There is a bypass client-side validation vulnerability in IBM Cloud Pak System formerly known as IBM PureApplication System. It applies to Cloud Pak System, Software, and Service. Cloud Pak System has addressed this vulnerability. Affected product(s) and affected version(s): IBM Cloud Pak System V2.3.0 Refer to the following reference URLs for remediation and additional vulnerability ...read more