Vulnerability Name:

CVE-2022-42004 (CCN-237660)

Assigned:2022-08-20
Published:2022-08-20
Updated:2022-12-02
Summary:FasterXML jackson-databind is vulnerable to a denial of service, caused by a lack of a check in in the BeanDeserializer._deserializeFromArray function. By sending a specially-crafted request using deeply nested arrays, a local attacker could exploit this vulnerability to exhaust all available resources.
CVSS v3 Severity:7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
6.2 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
5.4 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
CVSS v2 Severity:4.9 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2022-42004

Source: CCN
Type: Google Security Research Issue 50490
jackson-databind:ObjectReader2Fuzzer: Security exception in com.fasterxml.jackson.databind.deser.BeanDeserializer._deserializeFromArray

Source: cve@mitre.org
Type: Exploit, Issue Tracking, Mailing List, Patch, Third Party Advisory
cve@mitre.org

Source: XF
Type: UNKNOWN
fasterxml-cve202242004-dos(237660)

Source: cve@mitre.org
Type: Patch, Third Party Advisory
cve@mitre.org

Source: CCN
Type: jackson-databind GIT Repository
Add check in BeanDeserializer._deserializeFromArray() to prevent use of deeply nested arrays #3582

Source: cve@mitre.org
Type: Exploit, Issue Tracking, Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Mailing List, Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Third Party Advisory
cve@mitre.org

Source: CCN
Type: IBM Security Bulletin 6830297 (Answer Retrieval for Watson Discovery)
Multiple vulnerabilities present in IBM Answer Retrieval for Watson Discovery versions 2.8 and earlier

Source: CCN
Type: IBM Security Bulletin 6831339 (Voice Gateway)
Multiple Vulnerabilities in java packages affect IBM Voice Gateway

Source: CCN
Type: IBM Security Bulletin 6831799 (Cloud Transformation Advisor)
IBM Cloud Transformation Advisor is vulnerable to multiple vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6832732 (Cloud Pak for Automation)
Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for October 2022

Source: CCN
Type: IBM Security Bulletin 6838821 (Sterling Connect:Direct File Agent)
IBM Sterling Connect:Direct File Agent is vulnerable to denial of service due to FasterXML jackson-databind (CVE-2022-42004)

Source: CCN
Type: IBM Security Bulletin 6841801 (Cognos Analytics)
IBM Cognos Analytics has addressed multiple vulnerabilities (CVE-2021-29469, CVE-2022-39160, CVE-2022-38708, CVE-2022-42003, CVE-2022-42004, CVE-2022-43883, CVE-2022-43887, CVE-2022-25647, CVE-2022-36364)

Source: CCN
Type: IBM Security Bulletin 6842075 (Spectrum Protect for Virtual Environments)
Vulnerabilities in IBM WebSphere Application Server Liberty, FasterXML jackson-databind, and Zlib affect IBM Spectrum Protect for Virtual Environments (CVE-2022-34165, CVE-2022-42003, CVE-2022-42004, CVE-2018-25032)

Source: CCN
Type: IBM Security Bulletin 6844695 (Watson Assistant for Cloud Pak for Data)
IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to FasterXML jackson-databind denial of service (CVE-2022-42004)

Source: CCN
Type: IBM Security Bulletin 6845502 (Business Automation Workflow containers)
Denial of Service vulnerabilities affect IBM Business Automation Workflow - optional Process Federation Server component (CVE-2022-42003, CVE-2022-42004)

Source: CCN
Type: IBM Security Bulletin 6845796 (Business Automation Workflow containers)
Multiple security vulnerabilities in IBM Business Automation Workflow Event Emitters

Source: CCN
Type: IBM Security Bulletin 6846157 (Data Risk Manager)
IBM Data Risk Manager is affected by multiple vulnerabilities including remote code execution in Apache Commons Text 1.9

Source: CCN
Type: IBM Security Bulletin 6846205 (CICS Transaction Gateway)
FasterXML Jackson Databind used by CICS Transaction Gateway is vulnerable to a denial of service and could provide weaker than expected security

Source: CCN
Type: IBM Security Bulletin 6846525 (Netcool Operations Insight)
IBM Tivoli Netcool/OMNIbus Probe and Integrations Library are affected by vulnerabilities in FasterXML jackson-databind (CVE-2022-42004, CVE-2022-42003)

Source: CCN
Type: IBM Security Bulletin 6846533 (Spectrum Protect for Space Management)
Vulnerabilities in IBM WebSphere Application Server Liberty, FasterXML jackson-databind, and Zlib affect IBM Spectrum Protect for Space Management Client (CVE-2022-34165, CVE-2022-42003, CVE-2022-42004, CVE-2018-25032)

Source: CCN
Type: IBM Security Bulletin 6846777 (Spectrum Protect Backup-Archive Client)
Vulnerabilities in IBM WebSphere Application Server Liberty, FasterXML jackson-databind, and Zlib affect IBM Spectrum Protect Backup-Archive Client (CVE-2022-34165, CVE-2022-42003, CVE-2022-42004, CVE-2018-25032)

Source: CCN
Type: IBM Security Bulletin 6847541 (Spectrum Control)
IBM Spectrum Control is vulnerable to multiple weaknesses related IBM WebSphere Application Server Liberty and FasterXML jackson-databind

Source: CCN
Type: IBM Security Bulletin 6847945 (Sterling Connect:Direct for UNIX)
IBM Sterling Connect:Direct for UNIX is vulnerable to denial of service due to FasterXML jackson-databind (CVE-2022-42004)

Source: CCN
Type: IBM Security Bulletin 6848023 (Planning Analytics Workspace)
IBM Planning Analytics Workspace is affected by vulnerabilties

Source: CCN
Type: IBM Security Bulletin 6848879 (i Modernization Engine for Lifecycle Integration)
IBM i Modernization Engine for Lifecycle Integration is vulnerable to multiple vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6849213 (App Connect Enterprise)
IBM App Connect Enterprise and IBM Integration Bus are vulnerable to denial of service due to the package org.yaml:snakeyaml and jackson-databind

Source: CCN
Type: IBM Security Bulletin 6853345 (Sterling Connect:Direct Web Services)
IBM Sterling Connect:Direct Web Services is vulnerable to denial of service due to FasterXML jackson-databind (CVE-2022-42004)

Source: CCN
Type: IBM Security Bulletin 6853371 (Process Mining)
Vulnerability in jackson-databind affects IBM Process Mining . Multiple CVEs

Source: CCN
Type: IBM Security Bulletin 6853461 (Robotic Process Automation for Cloud Pak)
Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak.

Source: CCN
Type: IBM Security Bulletin 6854713 (Voice Gateway)
Multiple Vulnerabilities in Java and Node.js packages affect IBM Voice Gateway

Source: CCN
Type: IBM Security Bulletin 6856441 (Cloud Transformation Advisor)
IBM Cloud Transformation Advisor is vulnerable to multiple vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6856661 (Content Manager Enterprise Edition)
Content Manager Enterprise Edition is affected by a vulnerability in FasterXML jackson

Source: CCN
Type: IBM Security Bulletin 6856761 (Business Automation Workflow containers)
Multiple vulnerability affect IBM Business Automation Workflow - CVE-2022-42003, CVE-2022-42004

Source: CCN
Type: IBM Security Bulletin 6857047 (FileNet Content Manager)
FileNet Content Manager GraphQL jackson-databind security vulnerabilities, affected but not vulnerable

Source: CCN
Type: IBM Security Bulletin 6890611 (Common Licensing)
Vulnerabilities in FasterXML affects IBM Common Licensing's Administration And Reporting Tool (ART) and its Agent (CVE-2022-42003, CVE-2022-42004)

Source: CCN
Type: IBM Security Bulletin 6890689 (Workload Scheduler)
IBM Workload Scheduler potentially affected by multiple vulnerabilities in jackson-databind (CVE-2022-42003, CVE-2022-42004)

Source: CCN
Type: IBM Security Bulletin 6910171 (Integration Designer)
Multiple CVEs affect IBM Integration Designer

Source: CCN
Type: IBM Security Bulletin 6952181 (MQ)
IBM MQ is affected by FasterXML jackson-databind vulnerabilities (CVE-2022-42003, CVE-2022-42004)

Source: CCN
Type: IBM Security Bulletin 6952417 (App Connect Enterprise Certified Container)
IBM App Connect Enterprise Certified Container operands may be vulnerable to denial of service due to [CVE-2022-42003] and [CVE-2022-42004]

Source: CCN
Type: IBM Security Bulletin 6953589 (Sterling Connect:Direct for Microsoft Windows)
IBM Sterling Connect:Direct for Microsoft Windows is vulnerable to denial of service due to FasterXML jackson-databind (CVE-2022-42004)

Source: CCN
Type: IBM Security Bulletin 6954453 (Sterling Connect:Direct for UNIX)
IBM Sterling Connect:Direct for UNIX is vulnerable to denial of service due to FasterXML jackson-databind (CVE-2022-42003, CVE-2022-42004)

Source: CCN
Type: IBM Security Bulletin 6958062 (Cloud Pak for Business Automation)
Security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for Febuary 2023

Source: CCN
Type: IBM Security Bulletin 6958482 (Operations Analytics Predictive Insights)
FasterXML-jackson-databinds vulnerabilities affect IBM Operations Analytics Predictive Insights (CVE-2022-42004,CVE-2022-42003)

Source: CCN
Type: IBM Security Bulletin 6958693 (Business Automation Workflow traditional)
Multiple security vulnerabilities are reported for snakeyaml and jackson-databind in IBM Business Automation Workflow

Source: CCN
Type: IBM Security Bulletin 6959925 (Cloud Integration Platform)
Operations Dashboard is vulnerable to denial of service due to vulnerabilities in jackson-databind (CVE-2022-42004 and CVE-2022-42003)

Source: CCN
Type: IBM Security Bulletin 6966094 (Maximo Application Suite)
Maximo Application Suite is vulnerable to CVE-2022-42003 and CVE-2022-42004 per jackson-databind dependency

Source: CCN
Type: IBM Security Bulletin 6967183 (Cloud Pak System Software Suite)
Multiple vulnerabilities in Open Source software used by Cloud Pak System

Source: CCN
Type: IBM Security Bulletin 6983234 (DataPower Operations Dashboard)
DataPower Operations Dashboard vulnerable to multiple CVEs

Source: CCN
Type: IBM Security Bulletin 6983274 (Cognos Command Center)
IBM Cognos Command Center is affected by multiple vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6984699 (MobileFirst Foundation)
Multiple vulnerabilities found on thirdparty libraries used by IBM MobileFirst Platform

Source: CCN
Type: IBM Security Bulletin 6984967 (Security Verify Governance)
IBM Security Verify Governance is vulnerable to a denial of service (CVE-2022-42004, CVE-2022-42003)

Source: CCN
Type: IBM Security Bulletin 6985689 (Db2 Graph)
Multiple vulnerabilities affect IBM Db2 Graph

Source: CCN
Type: IBM Security Bulletin 6987499 (Business Automation Workflow traditional)
Multiple vulnerabilities in DITA may affect IBM Business Automation Workflow and IBM Case Manager

Source: CCN
Type: IBM Security Bulletin 6987805 (Maximo Application Suite)
FasterXML jackson-databind is vulnerable to CVE-2022-42003 and CVE-2022-42004 used in IBM Maximo Application Suite

Source: CCN
Type: IBM Security Bulletin 6987827 (Maximo Asset Management)
There are several vulnerabilities in jackson-databind used by IBM Maximo Asset Management (CVE-2022-42003, CVE-2022-42004, CVE-2020-36518)

Source: CCN
Type: IBM Security Bulletin 6987831 (Maximo Application Suite)
There are several vulnerabilities in jackson-databind used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2022-42003, CVE-2022-42004)

Source: CCN
Type: IBM Security Bulletin 6988639 (InfoSphere Information Server)
IBM InfoSphere Information Server is affected but not classified as vulnerable to multiple vulnerabilities in jackson-databind ( CVE-2022-42004, CVE-2022-42003)

Source: CCN
Type: IBM Security Bulletin 6992077 (Security Verify Information Queue)
IBM Security Verify Information Queue has multiple third-party library vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6999633 (Business Automation Manager Open Editions)
Multiple security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 8.0.3

Source: CCN
Type: IBM Security Bulletin 7001815 (QRadar User Behavior Analytics)
IBM QRadar User Behavior Analytics is vulnerable to components with known vulnerabilities

Source: CCN
Type: IBM Security Bulletin 7004645 (Watson Discovery)
IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in FasterXML jackson-databind

Source: CCN
Type: IBM Security Bulletin 7005485 (Cloud Pak for Network Automation)
Cloud Pak for Network Automation 2.5.0 fixes multiple security vulnerabilities

Source: CCN
Type: IBM Security Bulletin 7006389 (Storage Protect)
IBM Storage Protect Server is vulnerable to denial of service due to FasterXML jackson-databind (CVE-2022-42004, CVE-2022-42003)

Source: CCN
Type: IBM Security Bulletin 7007837 (Cloud Pak for Watson AIOps)
Multiple Vulnerabilities in CloudPak for Watson AIOPs

Source: CCN
Type: IBM Security Bulletin 7008449 (Db2 on Cloud Pak for Data)
Multiple vulnerabilities affect IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data

Source: CCN
Type: IBM Security Bulletin 7010099 (QRadar SIEM)
IBM QRadar SIEM includes components with known vulnerabilities

Source: CCN
Type: IBM Security Bulletin 7012675 (Netcool Operations Insight)
Netcool Operations Insights 1.6.9 addresses multiple security vulnerabilities.

Source: CCN
Type: IBM Security Bulletin 7013893 (Cognos Analytics)
IBM Cognos Analytics is affected but not classified as vulnerable to multiple vulnerabilities

Source: CCN
Type: IBM Security Bulletin 7014181 (App Connect for Manufacturing)
IBM App Connect for Manufacturing is vulnerable to a denial of service due to FasterXML jackson-databind (CVE-2022-42004, CVE-2022-42003)

Source: CCN
Type: Mend Vulnerability Database
CVE-2022-42004

Vulnerable Configuration:Configuration CCN 1:
  • cpe:/a:fasterxml:jackson-databind:2.8.11:*:*:*:*:*:*:*
  • OR cpe:/a:fasterxml:jackson-databind:2.9.3:*:*:*:*:*:*:*
  • OR cpe:/a:fasterxml:jackson-databind:2.9.7:*:*:*:*:*:*:*
  • OR cpe:/a:fasterxml:jackson-databind:2.9.6:*:*:*:*:*:*:*
  • OR cpe:/a:fasterxml:jackson-databind:2.3:*:*:*:*:*:*:*
  • OR cpe:/a:fasterxml:jackson-databind:2.4:*:*:*:*:*:*:*
  • OR cpe:/a:fasterxml:jackson-databind:2.5:*:*:*:*:*:*:*
  • OR cpe:/a:fasterxml:jackson-databind:2.6:*:*:*:*:*:*:*
  • OR cpe:/a:fasterxml:jackson-databind:2.7:*:*:*:*:*:*:*
  • OR cpe:/a:fasterxml:jackson-databind:2.8:*:*:*:*:*:*:*
  • OR cpe:/a:fasterxml:jackson-databind:2.9:*:*:*:*:*:*:*
  • OR cpe:/a:fasterxml:jackson-databind:2.9.1:*:*:*:*:*:*:*
  • OR cpe:/a:fasterxml:jackson-databind:2.9.2:*:*:*:*:*:*:*
  • OR cpe:/a:fasterxml:jackson-databind:2.13.3:*:*:*:*:*:*:*
  • AND
  • cpe:/a:ibm:operations_analytics_predictive_insights:1.3.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:operations_analytics_predictive_insights:1.3.6:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:infosphere_information_server:11.7:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:sterling_connect:direct:4.3.0:*:*:*:unix:*:*:*
  • OR cpe:/a:ibm:app_connect:11.0.0.1:*:*:*:enterprise:*:*:*
  • OR cpe:/a:ibm:cognos_command_center:10.2.4.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:sterling_connect:direct:6.0.0:*:*:*:unix:*:*:*
  • OR cpe:/a:ibm:cognos_analytics:11.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:spectrum_protect_backup-archive_client:8.1.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:spectrum_protect_for_virtual_environments:8.1.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:voice_gateway:1.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:voice_gateway:1.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_transformation_advisor:2.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_automation:19.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:voice_gateway:1.0.2.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:voice_gateway:1.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:voice_gateway:1.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_automation:20.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:filenet_content_manager:5.5.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_automation:20.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:voice_gateway:1.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_automation:20.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:integration_designer:20.0.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:voice_gateway:1.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:workload_scheduler:9.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:spectrum_protect_for_space_management:8.1.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_automation:21.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:app_connect_enterprise:12.0.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_automation:21.0.2:-:*:*:*:*:*:*
  • OR cpe:/a:ibm:cognos_analytics:11.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cognos_analytics:11.1.7:-:*:*:*:*:*:*
  • OR cpe:/a:ibm:cognos_analytics:11.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cognos_analytics:11.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:qradar_user_behavior_analytics:1.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:planning_analytics_workspace:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_automation:19.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:business_automation_workflow:20.0.0.1:-:*:*:containers:*:*:*
  • OR cpe:/a:ibm:business_automation_workflow:20.0.0.1:*:*:*:traditional:*:*:*
  • OR cpe:/a:ibm:business_automation_workflow:20.0.0.2:*:*:*:traditional:*:*:*
  • OR cpe:/a:ibm:business_automation_workflow:21.0.1:*:*:*:traditional:*:*:*
  • OR cpe:/a:ibm:business_automation_workflow:21.0.2:*:*:*:traditional:*:*:*
  • OR cpe:/a:ibm:business_automation_workflow:21.0.3:*:*:*:traditional:*:*:*
  • OR cpe:/a:ibm:business_automation_workflow:20.0.0.2:-:*:*:containers:*:*:*
  • OR cpe:/a:ibm:business_automation_workflow:21.0.3:-:*:*:containers:*:*:*
  • OR cpe:/a:ibm:maximo_asset_management:7.6.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:qradar_security_information_and_event_manager:7.5.0:-:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_automation:19.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_business_automation:18.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_business_automation:18.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_business_automation:19.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_business_automation:19.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_business_automation:20.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_business_automation:20.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_business_automation:21.0.1:-:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_business_automation:21.0.2:-:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_business_automation:21.0.3:-:*:*:*:*:*:*
  • OR cpe:/a:ibm:business_automation_workflow:21.0.2:-:*:*:containers:*:*:*
  • OR cpe:/a:ibm:case_manager:5.3.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:app_connect_enterprise_certified_container:4.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:app_connect_enterprise_certified_container:4.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_verify_governance:10.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:robotic_process_automation_for_cloud_pak:21.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:robotic_process_automation_for_cloud_pak:21.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:robotic_process_automation_for_cloud_pak:21.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:business_automation_workflow:22.0.1:-:*:*:containers:*:*:*
  • OR cpe:/a:ibm:business_automation_workflow:22.0.1:*:*:*:traditional:*:*:*
  • OR cpe:/a:ibm:maximo_asset_management:7.6.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_business_automation:22.0.1:-:*:*:*:*:*:*
  • OR cpe:/a:ibm:business_automation_workflow:21.0.3.1:*:*:*:traditional:*:*:*
  • OR cpe:/a:ibm:app_connect_enterprise_certified_container:5.0:*:*:*:lts:*:*:*
  • OR cpe:/a:ibm:app_connect_enterprise_certified_container:5.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:app_connect_enterprise_certified_container:5.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:app_connect_enterprise_certified_container:6.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:maximo_application_suite:8.8:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:app_connect_enterprise_certified_container:6.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:app_connect_enterprise:11.0.0.19:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:integration_bus:10.0.0.12:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:robotic_process_automation_for_cloud_pak:21.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:robotic_process_automation_for_cloud_pak:21.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:robotic_process_automation_for_cloud_pak:21.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:robotic_process_automation_for_cloud_pak:21.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:business_automation_workflow:22.0.2:*:*:*:traditional:*:*:*
  • OR cpe:/a:ibm:app_connect_enterprise_certified_container:6.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_business_automation:22.0.2:-:*:*:*:*:*:*
  • OR cpe:/a:ibm:sterling_connect:direct:6.0.0.2:*:*:*:*:unix:*:*
  • OR cpe:/a:ibm:sterling_connect:direct:4.3.0.1:*:*:*:*:unix:*:*
  • OR cpe:/a:ibm:operations_analytics_predictive_insights:1.3.3:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:7534
    P
    		jackson-databind-2.13.4.2-150200.3.12.1 on GA media (Moderate)
    2023-06-12
    BACK
    fasterxml jackson-databind 2.8.11
    fasterxml jackson-databind 2.9.3
    fasterxml jackson-databind 2.9.7
    fasterxml jackson-databind 2.9.6
    fasterxml jackson-databind 2.3
    fasterxml jackson-databind 2.4
    fasterxml jackson-databind 2.5
    fasterxml jackson-databind 2.6
    fasterxml jackson-databind 2.7
    fasterxml jackson-databind 2.8
    fasterxml jackson-databind 2.9
    fasterxml jackson-databind 2.9.1
    fasterxml jackson-databind 2.9.2
    fasterxml jackson-databind 2.13.3
    ibm operations analytics predictive insights 1.3.5
    ibm operations analytics predictive insights 1.3.6
    ibm infosphere information server 11.7
    ibm sterling connect:direct 4.3.0
    ibm app connect 11.0.0.1
    ibm cognos command center 10.2.4.1
    ibm sterling connect:direct 6.0.0
    ibm cognos analytics 11.1
    ibm spectrum protect backup-archive client 8.1.0.0
    ibm spectrum protect for virtual environments 8.1.0.0
    ibm voice gateway 1.0.2
    ibm voice gateway 1.0.3
    ibm cloud transformation advisor 2.0.1
    ibm cloud pak for automation 19.0.3
    ibm voice gateway 1.0.2.4
    ibm voice gateway 1.0.4
    ibm voice gateway 1.0.5
    ibm cloud pak for automation 20.0.1
    ibm filenet content manager 5.5.4
    ibm cloud pak for automation 20.0.2
    ibm voice gateway 1.0.6
    ibm cloud pak for automation 20.0.3
    ibm integration designer 20.0.0.2
    ibm voice gateway 1.0.7
    ibm workload scheduler 9.5
    ibm spectrum protect for space management 8.1.0.0
    ibm cloud pak for automation 21.0.1
    ibm app connect enterprise 12.0.1.0
    ibm cloud pak for automation 21.0.2 -
    ibm cognos analytics 11.2.0
    ibm cognos analytics 11.1.7
    ibm cognos analytics 11.2.1
    ibm cognos analytics 11.2
    ibm qradar user behavior analytics 1.0.0
    ibm planning analytics workspace 2.0
    ibm cloud pak for automation 19.0.1
    ibm business automation workflow 20.0.0.1 -
    ibm business automation workflow 20.0.0.1
    ibm business automation workflow 20.0.0.2
    ibm business automation workflow 21.0.1
    ibm business automation workflow 21.0.2
    ibm business automation workflow 21.0.3
    ibm business automation workflow 20.0.0.2 -
    ibm business automation workflow 21.0.3 -
    ibm maximo asset management 7.6.1.2
    ibm qradar security information and event manager 7.5.0 -
    ibm cloud pak for automation 19.0.2
    ibm cloud pak for business automation 18.0.0
    ibm cloud pak for business automation 18.0.2
    ibm cloud pak for business automation 19.0.1
    ibm cloud pak for business automation 19.0.3
    ibm cloud pak for business automation 20.0.1
    ibm cloud pak for business automation 20.0.3
    ibm cloud pak for business automation 21.0.1 -
    ibm cloud pak for business automation 21.0.2 -
    ibm cloud pak for business automation 21.0.3 -
    ibm business automation workflow 21.0.2 -
    ibm case manager 5.3.3
    ibm app connect enterprise certified container 4.1
    ibm app connect enterprise certified container 4.2
    ibm security verify governance 10.0
    ibm robotic process automation for cloud pak 21.0.1
    ibm robotic process automation for cloud pak 21.0.2
    ibm robotic process automation for cloud pak 21.0.3
    ibm business automation workflow 22.0.1 -
    ibm business automation workflow 22.0.1
    ibm maximo asset management 7.6.1.3
    ibm cloud pak for business automation 22.0.1 -
    ibm business automation workflow 21.0.3.1
    ibm app connect enterprise certified container 5.0
    ibm app connect enterprise certified container 5.1
    ibm app connect enterprise certified container 5.2
    ibm app connect enterprise certified container 6.0
    ibm maximo application suite 8.8
    ibm app connect enterprise certified container 6.1
    ibm app connect enterprise 11.0.0.19
    ibm integration bus 10.0.0.12
    ibm robotic process automation for cloud pak 21.0.5
    ibm robotic process automation for cloud pak 21.0.6
    ibm robotic process automation for cloud pak 21.0.4
    ibm robotic process automation for cloud pak 21.0.0
    ibm business automation workflow 22.0.2
    ibm app connect enterprise certified container 6.2
    ibm cloud pak for business automation 22.0.2 -
    ibm sterling connect:direct 6.0.0.2
    ibm sterling connect:direct 4.3.0.1
    ibm operations analytics predictive insights 1.3.3