Jul 5, 2019 9:00 am EST
Categorized: High Severity
Share this post:
IBM Cúram Social Program Management uses the Google Guava library indirectly through Google Guice. In versions of Google Guava library before version 24.1.1, an unbounded memory allocation vulnerability enables remote attackers to conduct denial of service attacks against servers that depend on the library, and to deserialize attacker-provided data.
Affected product(s) and affected version(s):
IBM Cúram Social Program Management 22.214.171.124 – 126.96.36.199 IBM Cúram Social Program Management 188.8.131.52 – 184.108.40.206
Note: The Google Guava library was not present in version 6.1.x and earlier versions, so these versions are not vulnerable.
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10886175
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/142508