Monday, August 31, 2020

Security Bulletin: Vulnerabilities in Jackson-databind (excludes most polymorphic typing gadget attacks) affect IBM Operations Analytics Predictive Insights (CVE-2019-14060, CVE-2019-14661, CVE-2019-14662)

Aug 31, 2020 8:02 pm EDT

Categorized: Critical Severity

Share this post:

jackson-databind (excludes most polymorphic typing gadget attacks) is used by IBM Operations Analytics Predictive Insights. IBM Operations Analytics Predictive Insights has addressed the applicable CVEs. Note that the usage of Jackson Databind within IBM Operations Analytics Predictive Insights is limited to the REST Mediation utility. If you do not have this utility installed you are not affected by this bulletin, otherwise apply the recommended remediation fixes.

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
IBM Operations Analytics Predictive Insights 1.3.6

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6324685



from IBM Product Security Incident Response Team https://ift.tt/3jxuLJK

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.