Security Bulletin
Summary
Security vulnerabilities were fixed in the IBM Security Access Manager appliance in the jackson-databind utilities.
Vulnerability Details
CVEID: CVE-2019-20330
DESCRIPTION: A lacking of certain net.sf.ehcache blocking in FasterXML jackson-databind has an unknown impact and attack vector.
CVSS Base score: 7.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/173897 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Affected Products and Versions
Affected Product(s) | Version(s) |
ISAM | 9.0 |
Remediation/Fixes
Product | VRMF | Apar | Remediation/First Fix |
IBM Security Access Manager Appliance | 9.0.7.0 | IJ22059 |
For the docker image after authentication to dockerhub.com you can download the image by using the command: docker pull store/ibmcorp/isam:9.0.7.1_IF2
Workarounds and Mitigations
None
Get Notified about Future Security Bulletins
References
Change History
29 Jan 2020: Initial Publication
*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.
Disclaimer
Review the IBM security bulletin disclaimer and definitions regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.
Document Location
Worldwide
Was this topic helpful?
Document Information
Modified date:
28 January 2020
UID
ibm11284616