Skip to main content

HiFusion v04.1.00 was released - News / Software Products - Hirschmann Support Center

DEC 20 2019

HiFusion v04.1.00 was released

Security Vulnerability Corrected in version 04.1.00

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               

VulnerabilityDescription
Java CVE-2019-2933Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE         (component: Libraries). Difficult to exploit vulnerability allows unauthenticated attacker with network access via         multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person         other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of         Java SE, Java SE Embedded accessible data.
Java CVE-2019-2945Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE         (component: Networking). Difficult to exploit vulnerability allows unauthenticated attacker with network access via         multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person         other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial         denial of service (partial DOS) of Java SE, Java SE Embedded.
Java CVE-2019-2958Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE         (component: Libraries). Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple         protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized         creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data.
Java CVE-2019-2962Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE         (component: 2D). Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple         protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized         ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.
Java CVE-2019-2964Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE         (component: Concurrency). Difficult to exploit vulnerability allows unauthenticated attacker with network access via         multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in         unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.
Java CVE-2019-2978Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE         (component: Networking). Difficult to exploit vulnerability allows unauthenticated attacker with network access via         multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in         unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.
Java CVE-2019-2983Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE         (component: Serialization). Difficult to exploit vulnerability allows unauthenticated attacker with network access via         multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in         unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.
Java CVE-2019-2989Vulnerability in the Oracle GraalVM Enterprise Edition product of         Oracle GraalVM (component: Java). Difficult to exploit vulnerability allows unauthenticated attacker with network         access via multiple protocols to compromise Oracle GraalVM Enterprise Edition. While the vulnerability is in Oracle         GraalVM Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this         vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle         GraalVM Enterprise Edition accessible data.
Java CVE-2019-2988Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE         (component: 2D). Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple         protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized         ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.
Java CVE-2019-2992Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE         (component: 2D). Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple         protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized         ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.
Java CVE-2019-2894Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE         (component: Security). Difficult to exploit vulnerability allows unauthenticated attacker with network access via         multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in         unauthorized read access to a subset of Java SE, Java SE Embedded accessible data.
Java CVE-2019-2996Vulnerability in the Java SE, Java SE Embedded product of Oracle         Java SE (component: Deployment). Difficult to exploit vulnerability allows unauthenticated attacker with network access         via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person         other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete         access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE,         Java SE Embedded accessible data.
Java CVE 2019-10086In Apache Commons Beanutils 1.9.2, a special BeanIntrospector         class was added which allows suppressing the ability for an attacker to access the classloader via the class property         available on all Java objects. However, this is not used by the default characteristic of the PropertyUtilsBean.
Java CVE 2019-12384FasterXML jackson-databind 2.x before 2.9.9.1 might allow attackers         to have a variety of impacts by leveraging failure to block the logback-core class from polymorphic deserialization.         Depending on the class-path content, remote code execution may be possible.
Java CVE 2019-14379SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2         mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup),         leading to remote code execution.
Java CVE 2019-14439A Polymorphic Typing issue was discovered in FasterXML         jackson-databind 2.x before 2.9.9.2. This occurs when Default Typing is enabled (either globally or for a specific property)         for an externally exposed JSON endpoint and the service has the logback jar in the classpath.
Java CVE 2019-14540A Polymorphic Typing issue was discovered in FasterXML jackson-databind         before 2.9.10. It is related to com.zaxxer.hikari.HikariConfig.
Java CVE 2019-16335A Polymorphic Typing issue was discovered in FasterXML jackson-databind         before 2.9.10. It is related to com.zaxxer.hikari.HikariDataSource. This is a different vulnerability than CVE-2019-14540.

            


    

Issues fixed in version 04.1.00

   

  •         
  • You can find the problems, workarounds and fixes related to this release in the issue list.
  •