Home » IT Security: Linux is weak – FasterXML Jackson IT safety alert replace (vulnerability: medium)

IT Security: Linux is weak – FasterXML Jackson IT safety alert replace (vulnerability: medium)

by admin
IT Security: Linux is weak – FasterXML Jackson IT safety alert replace (vulnerability: medium)

As BSI stories, an IT safety warning in regards to the identified FasterXML Jackson vulnerability has obtained an replace. You can learn an outline of the safety hole together with the most recent updates and details about affected Linux techniques and merchandise right here.

Federal workplace for Security in Information Technology (BSI) printed an replace on June 3, 2024 for a safety vulnerability in FasterXML Jackson that was identified on August 9, 2023. The safety vulnerability impacts the Linux working system and the IBM Content Manager and FasterXML Jackson merchandise.

The newest producer suggestions for updates, workarounds and safety patches for this vulnerability could be discovered right here: IBM Security Bulletin 7156362 (As of June 4, 2024). Some helpful hyperlinks are listed later on this article.

FasterXML Jackson Security Notice – Risk: reasonable

Risk stage: 3 (reasonable)
CVSS Base Score: 5.9
CVSS interim rating: 5,2
Remote management: Ja

The Common Vulnerability Scoring System (CVSS) is used to evaluate the severity of vulnerabilities in laptop techniques. The CVSS normal makes it doable to match potential or precise safety dangers primarily based on varied metrics with the intention to prioritize countermeasures. The attributes “none”, “low”, “medium”, “excessive” and “extreme” are used to find out the severity ranges of vulnerability. The Base Score evaluates the necessities of an assault (together with authentication, complexity, privileges, consumer interplay) and its outcomes. Temporal scores additionally have in mind modifications over time within the threat scenario. According to CVSS, the present vulnerability risk is assessed as “reasonable” with a base rating of 5.9.

See also  Oracle MySQL: Update for IT security warning (risk: high)

FasterXML Jackson Bug: Vulnerability permits a denial of service

Jackson is an open supply JSON processing library in Java.

A distant, unknown attacker may exploit a vulnerability in FasterXML Jackson to conduct a denial of service assault.

Vulnerabilities have been categorised utilizing the CVE (Common Vulnerabilities and Exposures) reference system for every serial quantity CVE-2023-3894.

Systems affected by the safety hole at a look

working system
Linux

Products
IBM Content Manager 8.7 (cpe:/a:ibm:content_manager)
FasterXML Jackson

General suggestions for coping with IT vulnerabilities

  1. Users of the affected apps ought to keep up-to-date. When safety holes are identified, producers are required to repair them shortly by creating a patch or workaround. If safety patches can be found, set up them instantly.
  2. For info, see the sources listed within the subsequent part. This usually accommodates further details about the most recent model of the software program in query and the supply of safety patches or efficiency suggestions.
  3. If you have got any additional questions or uncertainties, please contact your accountable administrator. IT safety managers ought to frequently test the desired sources to see if a brand new safety replace is out there.

Manufacturer details about updates, patches and workarounds

Here you can see some hyperlinks with details about bug stories, safety fixes and workarounds.

IBM Security Bulletin 7156362 vom 2024-06-04 (03.06.2024)
For extra info, see:

Red Hat Bugzilla – Bug 2230718 as of 2023-08-09 (09.08.2023)
For extra info, see:

Version historical past of this safety alert

This is model 2 of this FasterXML Jackson IT safety discover. If additional updates are introduced, this doc might be up to date. You can examine modifications or additions on this model historical past.

See also  Ruby on Rails: IT security warning about a new vulnerability

August 9, 2023 – First model
June 3, 2024 – New updates from IBM added

+++ Editorial observe: This doc is predicated on present BSI knowledge and might be up to date in a data-driven method relying on the standing of the alert. We welcome suggestions and feedback at [email protected]. +++

comply with News.de you’re right here Facebook, Twitter, Pinterest once more YouTube? Here you can see scorching information, present movies and a direct line to the editorial workforce.

kns/roj/information.de

You may also like

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More

Privacy & Cookies Policy