Jackson Databind Vulnerability Issue in DevTest

Document ID : KB000093612
Last Modified Date : 01/05/2018
Show Technical Document Details
Researching if we have a vulnerability in CA's devtest workstation. CVE 2018-7489 may be in play here due to the Jackson databind issue
DevTest 10.3.0 and earlier.
Unfortunately this vulnerability will not be fixed until our next release DevTest 10.4.

As per development the jackson-databind jars cannot be easily patched, since updating any of them in the current releases will break other parts of the product.