Critical Severity

Security Bulletin: IBM Security Guardium is affected by a jackson-databind vulnerability

Share this post:

IBM Security Guardium has fixed this vulnerability

CVE(s): CVE-2020-36185, CVE-2020-36181, CVE-2020-36189, CVE-2020-36188, CVE-2020-36184, CVE-2020-36180, CVE-2020-36183, CVE-2020-36179, CVE-2020-36187, CVE-2020-36186, CVE-2020-36182, CVE-2021-20190, CVE-2020-25649

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
IBM Security Guardium 11.0
IBM Security Guardium 11.1
IBM Security Guardium 11.2
IBM Security Guardium 11.3

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6455267
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/194380
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/194376
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/194384
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/194383
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/194379
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/194375
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/194378
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/194374
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/194382
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/194381
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/194377
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/195243
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/192648

More stories

Security Bulletin: Log4j remote code execution vulnerability in Apache Solr and Logstash shipped with IBM Operations Analytics – Log Analysis (CVE-2021-44228)

Jan 24, 2022 7:00 pm EST | Critical Severity

IBM Operations Analytics - Log Analysis is bundled with Apache-Solr and Logstash (Third-party components) which are affected by the "CVE-2021-44228" security vulnerability. ...read more


Security Bulletin: IBM Security Guardium Insights is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105, CVE-2021-45046)

Jan 24, 2022 7:00 pm EST | Critical Severity

IBM Security Guardium Insights uses Apache Log4j2 in its logging infrastructure. IBM Security Guardium Insights has addressed the vulnerabilities found in CVE-2021-45105 and CVE-2021-45046 by upgrading the Apache Log4j to version 2.17. ...read more


An update on the Apache Log4j 2.x vulnerabilities

Jan 24, 2022 5:32 pm EST | Critical Severity

Updated January 24, 5:32pm: IBM’s top priority remains the security of our clients and products. IBM is actively responding to the remote code execution vulnerability in the Apache Log4j 2 Java library dubbed Log4Shell (or LogJam). ...read more