High Severity
Security Bulletin: Vulnerability in jackson-databind affect IBM Spectrum Symphony
Mar 5, 2021 7:00 pm EST
Categorized: High Severity
Share this post:
Vulnerability exist in the Jackson databind, core, and annotations version used by IBM Spectrum Symphony V7.3.1, V7.3, V7.2.1, and V7.2.0.2. Interim fixes that provide instructions on upgrading the Jackson databind, core, and annotations package to version 2.12.1 (which resolves the vulnerability) are available on IBM Fix Central.
Affected product(s) and affected version(s):
| Affected Product(s) | Version(s) |
| IBM Spectrum Symphony | 7.3.1 |
| IBM Spectrum Symphony | 7.3 |
| IBM Spectrum Symphony | 7.2.1 |
| IBM Spectrum Symphony | 7.2.0.2 |
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www.ibm.com/support/pages/node/6423757
Security Bulletin: WebSphere Application Server is vulnerable to an XML External Entity (XXE) Injection vulnerability (CVE-2021-20454)
Apr 20, 2021 8:00 pm EDT | High Severity
WebSphere Application Server is vulnerable to an XML External Entity (XXE) Injection vulnerability. This has been addressed. ...read more
Security Bulletin: Update available for OpenSSL vulnerabilities affecting IBM Watson Speech Services 1.2.1
Apr 20, 2021 8:00 pm EDT | High Severity
There is an update available for OpenSSL vulnerabilities affecting IBM Watson Speech Services 1.2.1. ...read more
Security Bulletin: WebSphere Application Server is vulnerable to an XML External Entity (XXE) Injection vulnerability (CVE-2021-20453)
Apr 19, 2021 8:01 pm EDT | High Severity
WebSphere Application Server is vulnerable to an XML External Entity (XXE) Injection vulnerability. This has been addressed. ...read more