IBM Support

JR61495: Vulnerability in jackson databind impacts the AWS S3 Connector.

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

 

APAR status

  • Closed as program error.

Error description

  • The following vulnerabilities are addressed in this APAR.


 CVE 2019-14379
 CVE 2019-14439
 CVE 2019-12086
 CVE 2019-12384
 CVE 2019-12814

Local fix

  • 



Problem summary


    

  • Multiple vulnerabilities in jackson-databind affects Amazon S3
Connector.

    



Problem conclusion


    

  • Made changes required to overcome the vulnerability in the
framework.

    



Temporary fix


    

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    JR61495
    • 

  • Reported component name
    WIS DATASTAGE
    • 

  • Reported component ID
    5724Q36DS
    • 

  • Reported release
    B71
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2019-09-23
    • 

  • Closed date
    2019-12-09
    • 

  • Last modified date
    2019-12-09
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    

  • Fixed component name
    WIS DATASTAGE
    • 

  • Fixed component ID
    5724Q36DS
    • 



Applicable component levels


    

  • RB50  PSY
       UP
    • 

  • RB70  PSY
       UP
    • 

  • RB71  PSY
       UP
    • 








      
              
                            

              

              [{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSVSEF","label":"IBM InfoSphere DataStage"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"LOB10","label":"Data and AI"}}]
              

                                                                    

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            02 June 2020
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback