High Severity

Security Bulletin: Multiple vulnerabilities in jackson-databind affect IBM Platform Symphony and IBM Spectrum Symphony

Share this post:

Multiple vulnerabilities exist in the Jackson databind, core, and annotations version used by IBM Spectrum Symphony V7.3, V7.2.1, V7.2.0.2, and V7.1.2, and IBM Platform Symphony V7.1.1 and V7.1 Fix Pack 1. Interim fixes that provide instructions on upgrading the Jackson databind, core, and annotations package to version 2.10.1 (which resolves these vulnerabilities) are available on IBM Fix Central.

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
IBM Spectrum Symphony 7.3
IBM Spectrum Symphony 7.2.1
IBM Spectrum Symphony 7.2.0.2
IBM Spectrum Symphony 7.1.2
IBM Platform Symphony 7.1.1
IBM Platform Symphony 7.1 Fix Pack 1

 

 

 

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/1137232

More stories

Security Bulletin: WebSphere Liberty susceptible to HTTP2 implementation vulnerablility.

Feb 22, 2020 7:00 pm EST | High Severity

IBM Worklight/MobileFoundation has addressed the following vulnerability. WebSphere Liberty susceptible to HTTP2 implementation vulnerablility. ...read more


Security Bulletin: Command injection vulnerabilities in IBM Spectrum Protect Plus (CVE-2020-4210, CVE-2020-4213, CVE-2020-4222, CVE-2020-4212, CVE-2020-4211)

Feb 22, 2020 7:00 pm EST | High Severity

Command injection vulnerabilities in IBM Spectrum Protect Plus could allow a remote attacker to execute arbitrary code on the system. ...read more


Security Bulletin: A security vulnerability has been identified in libjpeg-turbo shipped with PowerAI.

Feb 22, 2020 7:00 pm EST | High Severity

Vulnerability CVE-2019-2201 found in libjpeg-turbo package. ...read more