Skip to main content

Industrial HiVision 08.0.02 was released - News / Software Products - Hirschmann Support Center

APR 3 2020

Industrial HiVision 08.0.02 was released

Security Vulnerability Corrected in version 08.0.02

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        

VulnerabilityDescription
Java CVE-2020-2583Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported                 versions that are affected are Java SE and Java SE Embedded. Difficult to exploit vulnerability allows                 unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded.                 Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service                 (partial DOS) of Java SE, Java SE Embedded.
Java CVE-2020-2590Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported                 versions that are affected are Java SE and Java SE Embedded. Difficult to exploit vulnerability allows                 unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. Successful                 attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE,                 Java SE Embedded accessible data.
Java CVE-2020-2593Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported                 versions that are affected are Java SE and Java SE Embedded. Difficult to exploit vulnerability allows                 unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded.                 Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of                 Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE                 Embedded accessible data.
Java CVE-2020-2601Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported                 versions that are affected are Java SE and Java SE Embedded. Difficult to exploit vulnerability allows                 unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. While                 the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products.                 Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access                 to all Java SE, Java SE Embedded accessible data.
Java CVE-2020-2604Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported                 versions that are affected are Java SE and Java SE Embedded. Difficult to exploit vulnerability allows                 unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded.                 Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded.
Java CVE-2020-2654Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported                 versions that are affected is Java SE. Difficult to exploit    vulnerability allows unauthenticated attacker with                 network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result                 in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE.
Java CVE-2020-2659Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported                 versions that are affected are Java SE and Java SE Embedded. Difficult to exploit vulnerability    allows                 unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded.                 Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service                 (partial DOS) of Java SE, Java SE Embedded.
Java CVE-2020-8840FasterXML jackson-databind 2.0.0 through 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated                 by org.apache.xbean.propertyeditor.JndiConverter.
Java CVE-2020-9546FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and                 typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).
Java CVE-2020-9547FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and                 typing, related to com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig (aka ibatis-sqlmap).
Java CVE-2020-9548FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and                 typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).
Java CVE-2019-2894Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE                 (component: Security). Difficult to exploit vulnerability allows unauthenticated attacker with network access via                 multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in                 unauthorized read access to a subset of Java SE, Java SE Embedded accessible data.
Java CVE-2019-2933Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE                 (component: Libraries). Difficult to exploit vulnerability allows unauthenticated attacker with network access via                 multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person                 other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of                 Java SE, Java SE Embedded accessible data.
Java CVE-2019-2945Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE                 (component: Networking). Difficult to exploit vulnerability allows unauthenticated attacker with network access via                 multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person                 other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial                 denial of service (partial DOS) of Java SE, Java SE Embedded.
Java CVE-2019-2958Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE                 (component: Libraries). Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple                 protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized                 creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data.
Java CVE-2019-2962Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE                 (component: 2D). Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple                 protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized                 ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.
Java CVE-2019-2964Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE                 (component: Concurrency). Difficult to exploit vulnerability allows unauthenticated attacker with network access via                 multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in                 unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.
Java CVE-2019-2978Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE                 (component: Networking). Difficult to exploit vulnerability allows unauthenticated attacker with network access via                 multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in                 unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.
Java CVE-2019-2983Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE                 (component: Serialization). Difficult to exploit vulnerability allows unauthenticated attacker with network access via                 multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in                 unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.
Java CVE-2019-2988Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE                 (component: 2D). Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple                 protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized                 ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.
Java CVE-2019-2989Vulnerability in the Oracle GraalVM Enterprise Edition product of                 Oracle GraalVM (component: Java). Difficult to exploit vulnerability allows unauthenticated attacker with network                 access via multiple protocols to compromise Oracle GraalVM Enterprise Edition. While the vulnerability is in Oracle                 GraalVM Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this                 vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle                 GraalVM Enterprise Edition accessible data.
Java CVE-2019-2992Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE                 (component: 2D). Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple                 protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized                 ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.
Java CVE-2019-2996Vulnerability in the Java SE, Java SE Embedded product of Oracle                 Java SE (component: Deployment). Difficult to exploit vulnerability allows unauthenticated attacker with network access                 via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person                 other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete                 access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE,                 Java SE Embedded accessible data.
Java CVE-2019-10086In Apache Commons Beanutils 1.9.2, a special BeanIntrospector                 class was added which allows suppressing the ability for an attacker to access the classloader via the class property                 available on all Java objects. However, this is not used by the default characteristic of the PropertyUtilsBean.
Java CVE-2019-12384FasterXML jackson-databind 2.x before 2.9.9.1 might allow attackers                 to have a variety of impacts by leveraging failure to block the logback-core class from polymorphic deserialization.                 Depending on the class-path content, remote code execution may be possible.
Java CVE-2019-14379SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2                 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup),                 leading to remote code execution.
Java CVE-2019-14439A Polymorphic Typing issue was discovered in FasterXML                 jackson-databind 2.x before 2.9.9.2. This occurs when Default Typing is enabled (either globally or for a specific property)                 for an externally exposed JSON endpoint and the service has the logback jar in the classpath.
Java CVE-2019-14540A Polymorphic Typing issue was discovered in FasterXML jackson-databind                 before 2.9.10. It is related to com.zaxxer.hikari.HikariConfig.
Java CVE-2019-16335A Polymorphic Typing issue was discovered in FasterXML jackson-databind                 before 2.9.10. It is related to com.zaxxer.hikari.HikariDataSource. This is a different vulnerability than CVE-2019-14540.
Java CVE-2019-20330FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.ehcache blocking.

    

   

New features in version 08.0.02

   

                     

  • Edit Mode password protection when the user management is active    

        

Issues fixed in version 08.0.02

   

  • You can find the problems, workarounds and fixes related to this release in the issue list.