Vulnerability CVE-2019-16943 - CERT Civis.Net

Vulnerability Name:

CVE-2019-16943 (CCN-168255)

Assigned:

2019-09-27

Published:

2019-09-27

Updated:

2022-10-29

Summary:

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.

CVSS v3 Severity:

9.8 Critical (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
8.5 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

9.8 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
8.5 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

7.5 High (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
6.5 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): None Availibility (A): None

CVSS v2 Severity:

6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

CWE-502
CWE-200

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2019-16943

Source: REDHAT
Type: Third Party Advisory
RHSA-2020:0159

Source: REDHAT
Type: Third Party Advisory
RHSA-2020:0160

Source: REDHAT
Type: Third Party Advisory
RHSA-2020:0161

Source: REDHAT
Type: Third Party Advisory
RHSA-2020:0164

Source: REDHAT
Type: Third Party Advisory
RHSA-2020:0445

Source: XF
Type: UNKNOWN
fasterxml-cve201916943-code-exec(168255)

Source: CCN
Type: jackson-databind GIT Repository
Block two more gadget types (commons-dbcp, p6spy, CVE-2019-16942 / CVE-2019-16943) #2478

Source: MISC
Type: Patch, Third Party Advisory
https://github.com/FasterXML/jackson-databind/issues/2478

Source: MLIST
Type: Mailing List, Third Party Advisory
[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities

Source: MLIST
Type: Mailing List, Third Party Advisory
[iceberg-commits] 20191028 [incubator-iceberg] branch master updated: Update Jackson to 2.10.0 for CVE-2019-16943 (#583)

Source: MLIST
Type: Mailing List, Third Party Advisory
[iceberg-issues] 20191027 [GitHub] [incubator-iceberg] rdsr commented on issue #535: Update Jackson to 2.9.10 for CVE-2019-14379

Source: MLIST
Type: Mailing List, Third Party Advisory
[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities

Source: MLIST
Type: Mailing List, Third Party Advisory
[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities

Source: MLIST
Type: Mailing List, Third Party Advisory
[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image

Source: MLIST
Type: Mailing List, Third Party Advisory
[druid-commits] 20200115 [druid] branch 0.17.0 updated: Suppress CVE-2019-20330 for htrace-core-4.0.1 (#9189) (#9191)

Source: MLIST
Type: Mailing List, Third Party Advisory
[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12

Source: MLIST
Type: Mailing List, Third Party Advisory
[debian-lts-announce] 20191002 [SECURITY] [DLA 1943-1] jackson-databind security update

Source: FEDORA
Type: Third Party Advisory
FEDORA-2019-cf87377f5f

Source: FEDORA
Type: Third Party Advisory
FEDORA-2019-b171554877

Source: MISC
Type: Exploit, Third Party Advisory
https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062

Source: BUGTRAQ
Type: Issue Tracking, Mailing List, Third Party Advisory
20191007 [SECURITY] [DSA 4542-1] jackson-databind security update

Source: CONFIRM
Type: Third Party Advisory
https://security.netapp.com/advisory/ntap-20191017-0006/

Source: DEBIAN
Type: Mailing List, Third Party Advisory
DSA-4542

Source: CCN
Type: IBM Security Bulletin 1126365 (Watson Discovery)
IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in FasterXML jackson-databind

Source: CCN
Type: IBM Security Bulletin 1137232 (Platform Symphony)
Multiple vulnerabilities in jackson-databind affect IBM Platform Symphony and IBM Spectrum Symphony

Source: CCN
Type: IBM Security Bulletin 3176397 (Spectrum Protect Plus)
Multiple vulnerabilities in FasterXML Jackson-databind affect IBM Spectrum Protect Plus (CVE-2019-16943, CVE-2019-16942, CVE-2019-17531, CVE-2019-17267, CVE-2019-14540, CVE-2019-16335, CVE-2019-14379, CVE-2019-14439)

Source: CCN
Type: IBM Security Bulletin 6209044 (Global High Availability Mailbox)
Multiple security vulnerabilities have been Identified In Jackson Databind library shipped with IBM Global Mailbox

Source: CCN
Type: IBM Security Bulletin 6209691 (Sterling B2B Integrator)
Multiple Security Vulnerabilities in Jackson-databind Affect IBM Sterling B2B Integrator

Source: CCN
Type: IBM Security Bulletin 6217807 (Security Identity Governance and Intelligence)
IBM has announced a release for IBM Security Identity Governance and Intelligence in response to security vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6243446 (Data Risk Manager)
IBM Data Risk Manager is affected by multiple vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6244618 (Cloud Pak System)
Multiple vulnerabilities in Open Source used in IBM Cloud Pak System

Source: CCN
Type: IBM Security Bulletin 6255694 (Rational Rhapsody Design Manager)
Multiple vulnerabilities affects IBM Jazz Foundation and IBM Engineering products.

Source: CCN
Type: IBM Security Bulletin 6324739 (Security Guardium Insights)
IBM Security Guardium Insights is affected by Components with known vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6496727 (Sterling B2B Integrator)
Jackson-Databind Vulnerabilities Affect the B2B API of IBM Sterling B2B Integrator

Source: CCN
Type: IBM Security Bulletin 6593435 (Process Mining)
Vulnerability in jackson-databind affects IBM Process Mining (Multiple CVEs)

Source: CCN
Type: IBM Security Bulletin 6595755 (Disconnected Log Collector)
IBM Disconnected Log Collector is vulnerable to using components with known vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6597241 (Cognos Analytics)
IBM Cognos Analytics has addressed multiple vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6828455 (z/Transaction Processing Facility)
z/Transaction Processing Facility is affected by multiple vulnerabilities in the jackson-databind, jackson-dataformat-xml, jackson-core, slf4j-ext, and cxf-core packages

Source: CCN
Type: IBM Security Bulletin 6840955 (Log Analysis)
Multiple vulnerabilities in Data-Binding for Jackson shipped with IBM Operations Analytics - Log Analysis

Source: CCN
Type: IBM Security Bulletin 6910171 (Integration Designer)
Multiple CVEs affect IBM Integration Designer

Source: CCN
Type: IBM Security Bulletin 6983482 (Security Verify Governance)
IBM Security Verify Governance is vulnerable to a denial of service caused by multiple vulnerabilities.

Source: N/A
Type: Patch, Third Party Advisory
N/A

Source: CCN
Type: Oracle CPUApr2020
Oracle Critical Patch Update Advisory - April 2020

Source: N/A
Type: Third Party Advisory
N/A

Source: CCN
Type: Oracle CPUJan2020
Oracle Critical Patch Update Advisory - January 2020

Source: MISC
Type: Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2020.html

Source: CCN
Type: Oracle CPUJul2020
Oracle Critical Patch Update Advisory - July 2020

Source: MISC
Type: Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2020.html

Source: CCN
Type: Oracle CPUOct2020
Oracle Critical Patch Update Advisory - October 2020

Source: MISC
Type: Patch, Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2020.html

Vulnerable Configuration:

Configuration 1:

cpe:/a:fasterxml:jackson-databind:*:*:*:*:*:*:*:* (Version >= 2.8.0 and < 2.8.11.5)

OR cpe:/a:fasterxml:jackson-databind:*:*:*:*:*:*:*:* (Version >= 2.6.0 and < 2.6.7.3)

OR cpe:/a:fasterxml:jackson-databind:*:*:*:*:*:*:*:* (Version >= 2.9.0 and < 2.9.10.1)

Configuration 2:

cpe:/o:debian:debian_linux:8.0:*:*:*:*:*:*:*

OR cpe:/o:debian:debian_linux:9.0:*:*:*:*:*:*:*

OR cpe:/o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Configuration 3:

cpe:/o:fedoraproject:fedora:30:*:*:*:*:*:*:*

OR cpe:/o:fedoraproject:fedora:31:*:*:*:*:*:*:*

Configuration 4:

cpe:/a:redhat:jboss_enterprise_application_platform:7.2:*:*:*:*:*:*:*

OR cpe:/a:redhat:jboss_enterprise_application_platform:7.3:*:*:*:*:*:*:*

AND

cpe:/o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*

Configuration 5:

cpe:/a:redhat:jboss_enterprise_application_platform:7.2:*:*:*:*:*:*:*

OR cpe:/a:redhat:jboss_enterprise_application_platform:7.3:*:*:*:*:*:*:*

AND

cpe:/o:redhat:enterprise_linux_server:8.0:*:*:*:*:*:*:*

Configuration 6:

cpe:/a:oracle:banking_platform:2.4.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*

OR cpe:/a:oracle:banking_platform:2.4.1:*:*:*:*:*:*:*

OR cpe:/a:oracle:primavera_gateway:16.1:*:*:*:*:*:*:*

OR cpe:/a:oracle:primavera_gateway:16.2:*:*:*:*:*:*:*

OR cpe:/a:oracle:banking_platform:2.5.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:webcenter_sites:12.2.1.3.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:jd_edwards_enterpriseone_orchestrator:9.2:*:*:*:*:*:*:*

OR cpe:/a:oracle:banking_platform:2.6.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:banking_platform:2.6.1:*:*:*:*:*:*:*

OR cpe:/a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*

OR cpe:/a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:webcenter_sites:12.2.1.4.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:global_lifecycle_management_nextgen_oui_framework:13.9.4.2.2:*:*:*:*:*:*:*

OR cpe:/a:oracle:retail_merchandising_system:15.0.3:*:*:*:*:*:*:*

OR cpe:/a:oracle:retail_merchandising_system:16.0.2:*:*:*:*:*:*:*

OR cpe:/a:oracle:retail_merchandising_system:16.0.3:*:*:*:*:*:*:*

OR cpe:/a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*

OR cpe:/a:oracle:siebel_engineering_-_installer_&_deployment:*:*:*:*:*:*:*:* (Version <= 2.20.5)

OR cpe:/a:oracle:trace_file_analyzer:12.2.0.1:*:*:*:*:*:*:*

OR cpe:/a:oracle:trace_file_analyzer:18c:*:*:*:*:*:*:*

OR cpe:/a:oracle:trace_file_analyzer:19c:*:*:*:*:*:*:*

OR cpe:/a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:banking_platform:2.7.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:banking_platform:2.7.1:*:*:*:*:*:*:*

OR cpe:/a:oracle:banking_platform:2.9.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:communications_calendar_server:8.0.0.2.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:communications_calendar_server:8.0.0.3.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*

OR cpe:/a:oracle:global_lifecycle_management_nextgen_oui_framework:12.2.1.3.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:global_lifecycle_management_nextgen_oui_framework:12.2.1.4.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:goldengate_application_adapters:19.1.0.0.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:primavera_gateway:*:*:*:*:*:*:*:* (Version >= 17.7 and <= 17.12.6)

OR cpe:/a:oracle:primavera_gateway:*:*:*:*:*:*:*:* (Version >= 18.8.0 and <= 18.8.8)

OR cpe:/a:oracle:primavera_gateway:19.12.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:communications_cloud_native_core_network_slice_selection_function:1.2.1:*:*:*:*:*:*:*

Configuration 7:

cpe:/a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*

OR cpe:/a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*

OR cpe:/a:netapp:service_level_manager:-:*:*:*:*:*:*:*

OR cpe:/a:netapp:oncommand_api_services:-:*:*:*:*:*:*:*

OR cpe:/a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:* (Version >= 7.3

OR cpe:/a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:* (Version >= 9.5

OR cpe:/a:netapp:active_iq_unified_manager:*:*:*:*:*:linux:*:* (Version >= 7.3

Configuration RedHat 1:

cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*

Configuration CCN 1:

cpe:/a:fasterxml:jackson-databind:2.0.0:-:*:*:*:*:*:*

OR cpe:/a:fasterxml:jackson-databind:2.9.10:*:*:*:*:*:*:*

AND

cpe:/a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_rhapsody_design_manager:6.0.2:*:*:*:*:*:*:*

OR cpe:/a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*

OR cpe:/a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*

OR cpe:/a:oracle:database_server:12.2.0.1:*:*:*:*:*:*:*

OR cpe:/a:oracle:banking_platform:2.4:*:*:*:*:*:*:*

OR cpe:/a:oracle:banking_platform:2.4.1:*:*:*:*:*:*:*

OR cpe:/a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:spectrum_protect_plus:10.1.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:banking_platform:2.6:*:*:*:*:*:*:*

OR cpe:/a:oracle:webcenter_sites:12.2.1.3.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:primavera_unifier:17.12:*:*:*:*:*:*:*

OR cpe:/a:oracle:spatial_and_graph:12.2.0.1:*:*:*:*:*:*:*

OR cpe:/a:oracle:banking_platform:2.6.1:*:*:*:*:*:*:*

OR cpe:/a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:platform_symphony:7.1.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:platform_symphony:7.1.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:platform_symphony:7.2.0.2:*:*:*:*:*:*:*

OR cpe:/a:oracle:database_server:18:*:*:*:*:*:*:*

OR cpe:/a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*

OR cpe:/a:oracle:jd_edwards_enterpriseone_orchestrator:9.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:sterling_b2b_integrator:6.0.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:sterling_b2b_integrator:5.2.0.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:database_server:19c:*:*:*:*:*:*:*

OR cpe:/a:oracle:spatial_and_graph:18c:*:*:*:*:*:*:*

OR cpe:/a:oracle:communications_calendar_server:8.0.0.2.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:banking_platform:2.7.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:sterling_b2b_integrator:6.0.1.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:banking_platform:2.7.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_system:2.3.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:watson_discovery:2.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:watson_discovery:2.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:platform_symphony:7.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:platform_symphony:7.2.1:*:*:*:*:*:*:*

OR cpe:/a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*

OR cpe:/a:oracle:primavera_gateway:17.12.6:*:*:*:*:*:*:*

OR cpe:/a:ibm:spectrum_protect_plus:10.1.5:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_system:2.3.1.1:*:*:*:*:*:*:*

OR cpe:/a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:primavera_gateway:18.8.8:*:*:*:*:*:*:*

OR cpe:/a:oracle:primavera_gateway:19.12.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*

OR cpe:/a:oracle:global_lifecycle_management_nextgen_oui_framework:12.2.1.3.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:global_lifecycle_management_nextgen_oui_framework:12.2.1.4.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:global_lifecycle_management_nextgen_oui_framework:13.9.4.2.2:*:*:*:*:*:*:*

OR cpe:/a:oracle:communications_calendar_server:8.0.0.3.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:banking_platform:2.9.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:webcenter_sites:12.2.1.4.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:data_risk_manager:2.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:data_risk_manager:2.0.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:data_risk_manager:2.0.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:data_risk_manager:2.0.4:*:*:*:*:*:*:*

OR cpe:/a:ibm:data_risk_manager:2.0.5:*:*:*:*:*:*:*

OR cpe:/a:ibm:data_risk_manager:2.0.6:*:*:*:*:*:*:*

OR cpe:/a:ibm:sterling_b2b_integrator:6.0.3.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:security_identity_governance_and_intelligence:5.2.6:*:*:*:*:*:*:*

OR cpe:/a:ibm:log_analysis:1.3.5.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:log_analysis:1.3.6.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:data_risk_manager:2.0.6.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:data_risk_manager:2.0.6.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:security_guardium_insights:2.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:log_analysis:1.3.6.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:sterling_b2b_integrator:6.1.0.0:*:*:*:standard:*:*:*

OR cpe:/a:ibm:integration_designer:20.0.0.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:cognos_analytics:11.2.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:cognos_analytics:11.1.7:-:*:*:*:*:*:*

OR cpe:/a:ibm:cognos_analytics:11.2.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:security_verify_governance:10.0:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:201916943	V	CVE-2019-16943	2023-06-22
oval:org.opensuse.security:def:7534	P	jackson-databind-2.13.4.2-150200.3.12.1 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:1397	P	Security update for the Linux Kernel (Live Patch 5 for SLE 15 SP3) (Important) (in QA)	2022-06-27
oval:org.opensuse.security:def:94585	P	jackson-databind-2.10.5.1-3.5.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:2955	P	jackson-databind-2.10.5.1-3.5.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:72734	P	jackson-databind-2.10.5.1-3.3.2 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:100848	P	graphviz-2.40.1-6.6.4 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:101273	P	jackson-databind-2.10.5.1-3.3.2 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:1926	P	jackson-databind-2.10.5.1-3.3.2 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:63015	P	jackson-databind-2.10.5.1-3.3.2 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:66814	P	Security update for the Linux Kernel (Important)	2021-06-08
oval:org.opensuse.security:def:66722	P	Security update for xen (Important)	2021-04-06
oval:org.opensuse.security:def:70170	P	Security update for gcc7 (Moderate)	2020-12-10
oval:org.opensuse.security:def:94135	P	jackson-databind-2.10.2-1.74 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:107514	P	jackson-databind-2.10.2-1.74 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:1867	P	jackson-databind-2.10.2-1.74 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:117072	P	jackson-databind-2.10.2-1.74 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62956	P	jackson-databind-2.10.2-1.74 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:72675	P	jackson-databind-2.10.2-1.74 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:49784	P	glibc-devel-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49838	P	jackson-databind on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:73387	P	gnome-desktop-lang on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:70065	P	imlib2-loaders on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:73505	P	jackson-databind on GA media (Moderate)	2020-12-01
oval:com.redhat.rhsa:def:20201644	P	RHSA-2020:1644: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update (Moderate)	2020-04-28
oval:com.ubuntu.disco:def:2019169430000000	V	CVE-2019-16943 on Ubuntu 19.04 (disco) - medium.	2019-10-01
oval:com.ubuntu.bionic:def:2019169430000000	V	CVE-2019-16943 on Ubuntu 18.04 LTS (bionic) - medium.	2019-10-01
oval:com.ubuntu.xenial:def:2019169430000000	V	CVE-2019-16943 on Ubuntu 16.04 LTS (xenial) - medium.	2019-10-01