Addressing Jackson Vulnerabilities

This release addresses the common vulnerabilities and exposures by updating the jackson-databind libraries. Jackson-databind is a Java library used to parse JSON and other data formats. The vulnerability occurs when the user input is improperly validated, which may allow an attacker to perform code execution by providing maliciously crafted input. The following Common Vulnerabilities and Exposures have been addressed:
uim902
Jackson_Vulnerability
This release addresses the common vulnerabilities and exposures by updating the jackson-databind libraries. Jackson-databind is a Java library used to parse JSON and other data formats. The vulnerability occurs when the user input is improperly validated, which may allow an attacker to perform code execution by providing maliciously crafted input. The following Common Vulnerabilities and Exposures have been addressed:
  • CVE-2017-17485
  • CVE-2018-14720
  • CVE-2018-14721
  • CVE-2017-7525
  • CVE-2017-15095
  • CVE-2018-14718
  • CVE-2018-14719
  • CVE-2018-19360
  • CVE-2018-19361
  • CVE-2018-19362
  • CVE-2018-7489
  • DSA-4037
  • DSA-4004
  • DSA-4190
  • DSA-4114
  • CVE-2018-5968
  • CVE-2018-1000873
The following items have been explicitly updated for this functionality:
  • adminconsoleapp 9.10
  • ad_response_mcs_templates 1.82
  • alarm-routing-service 9.03
  • apache_mcs_templates 1.72
  • automated_deployment_engine 9.10
  • cdm_mcs_templates 6.42
  • ems 10.21
  • exchange_monitor_mcs_templates 5.33
  • iis_mcs_templates 1.92
  • mcs_usm_patch 9.10
  • mcs_ws 9.10
  • mcs 9.03
  • mcs-cli 9.10
  • mps_webapp 8.5.6
  • mysql_mcs_templates 1.53
  • net_connect_mcs_templates 3.38
  • oracle_mcs_templates 5.35
  • ppm 3.51
  • restmon-uim 1.38
  • rsp_mcs_templates 5.35
  • sharepoint_mcs_templates 1.84
  • sqlserver_mcs_templates 5.42
  • telemetry 1.23
  • uimapi 9.10
  • ump_relationshipviewer 9.10
  • wasp 9.10
  • webservices_rest 9.10