Identified some vulnerabilities on 10.2 patch

Document ID : KB000102348
Last Modified Date : 18/06/2018
Show Technical Document Details
Issue:
Hi Team, We observed some vulnerabilities on 10.2 patch .

Please can you help on this.

List of vulnerabilities : CVE-2017-7525 CVE-2017-7525 CVE-2017-7525 CVE-2017-7525 CVE-2017-7525
Jras details: jackson-databind-2.6.5.jar jackson-databind-2.6.6.jar jackson-databind-2.6.7.jar jackson-databind-2.8.3.jar jackson-databind-2.8.8.jar
Environment:
DevTest 10.3.0 and earlier.
Cause:
outdated jackson-databind jars.
Resolution:
Unfortunately this vulnerability will not be fixed until our next release DevTest 10.4.

As per development the jackson-databind jars cannot be easily patched, since updating any of them in the current releases will break other parts of the product.