High Severity

Security Bulletin: XStream (Publicly disclosed vulnerability)

Share this post:

Impact The vulnerability may allow a remote attacker has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream’s security framework with a whitelist limited to the minimal required types. Patches If you rely on XStream’s default blacklist of the Security Framework, you will have to use at least version 1.4.17.

CVE(s): CVE-2021-29505

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
ITNCM 6.4.2

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6483053
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/202795

More stories

Security Bulletin: Lodash versions prior to 4.17.21 vulnerability in PowerHA

Dec 8, 2021 7:01 pm EST | High Severity

Lodash versions prior to 4.17.21 caused vulnerability in PowerHA releases in service. ...read more

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Business Service Manager

Dec 8, 2021 7:01 pm EST | High Severity

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 used by IBM Tivoli Business Service Manager. Information about security vulnerabilities affecting IBM® SDK, Java™ Technology Edition has been published in a security bulletin. ...read more

Security Bulletin: WebSphere Application Server is vulnerable to a Denial of Service (CVE-2021-38951)

Dec 8, 2021 7:00 pm EST | High Severity

WebSphere Application Server is vulnerable to a Denial of Service. This has been addressed. ...read more