Medium Severity

Security Bulletin: Multiple vulnerabilities in jackson-databind affect IBM Platform Symphony and IBM Spectrum Symphony

Share this post:

Multiple vulnerabilities exist in the Jackson databind, core, and annotations version used by IBM Spectrum Symphony V7.2.1, V7.2.0.2, and V7.1.2, and IBM Platform Symphony V7.1.1 and V7.1 Fix Pack 1. Interim fixes that provide instructions on upgrading the Jackson databind, core, and annotations package to version 2.9.10 (which resolves these vulnerabilities) are available on IBM Fix Central.

Affected product(s) and affected version(s):

IBM Spectrum Symphony 7.2.1
IBM Spectrum Symphony 7.2.0.2
IBM Spectrum Symphony 7.1.2
IBM Platform Symphony 7.1.1
IBM Platform Symphony 7.1 Fix Pack 1

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/1106763

More stories

Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Spectrum Protect Plus (CVE-2018-0735, CVE-2018-0734, CVE-2018-5407)

Feb 14, 2020 7:00 pm EST | Medium Severity

OpenSSL vulnerabilities were discllossed by the OpenSSL Project in October and November of 2018. IBM Spectrum Protect Plus uses OpenSSL and has addressed the applicable CVEs. ...read more


Security Bulletin: Multiple Vulnerabilities in WebSphere Application Server Liberty in IBM Cloud Private VM Quickstarter

Feb 14, 2020 7:00 pm EST | Medium Severity

There are multiple vulnerabiltities in WebSphere Application Server Liberty that is shipped with IBM WebSphere Application for IBM Cloud Private VM Quickstarter. There is an information disclosure and a bypass security vulnerability in WebSphere Application Server Liberty. There is a potential information disclosure vulnerability in IBM WebSphere Application Server. There is a clickjacking vulnerability in IBM WebSphere Application Server Liberty Admin Center. There are multiple vulnerabilities in the IBM SDK, Java Technology Edition that is shipped with IBM WebSphere Application Server. ...read more