Jackson Databind Vulnerability Issue in DevTest

Document ID : KB000093612
Last Modified Date : 01/05/2018
Show Technical Document Details
Issue:
Researching if we have a vulnerability in CA's devtest workstation. CVE 2018-7489 may be in play here due to the Jackson databind issue
Environment:
DevTest 10.3.0 and earlier.
Resolution:
Unfortunately this vulnerability will not be fixed until our next release DevTest 10.4.

As per development the jackson-databind jars cannot be easily patched, since updating any of them in the current releases will break other parts of the product.