FasterXML jackson-databind Issue

Document ID : KB000100206
Last Modified Date : 05/06/2018
Show Technical Document Details
Question:
We have identified a potential issue with Endevor Webservices. We found databind code in the Endevor directory of .../lib/EndevorService/jackson-databind-2.4.1.jar,  this code is susceptible to the CVE-2018-7489 - which relates to FasterXML jackson-databind before 2.8.11.1 and 2.9.x before 2.9.5, how to fix this security vulnerability ? 
Answer:
The upgrade of Endevor web services to use Jackson 2.9.5 has been included in a recent composite web services PTF for v18 increment 12.
Solution numbers SO00887 (base) & SO00888 (Web Services/Eclipse).