Feedback

Feedback

Did this article resolve your question/issue?

   

Article

BlackDuck scan found several security vulnerabilities in SchemaTool.jar

Printable View

Information

 
TitleBlackDuck scan found several security vulnerabilities in SchemaTool.jar
URL Nameblackduck-scan-found-several-security-vulnerabilities-in-schematool-jar
Article Number000125110
EnvironmentProduct: Connect64 for ODBC MongoDB driver
Version: 08.01.0194
OS: Windows
Database: MongoDB
Application: BlackDuck
Question/Problem Description
BlackDuck scan running on the MongoDB installation directory found the following potential security vulnerabilities associated with SchemaTool.jar.
 
ComponentVersionLatest versionCVEObjectObject full path
axis 1.4CVE-2018-8032schematool.jarWindowsCommonFiles.rar:ODBC/schematool.jar:com/ddtek/mongodb/externals/org/apache/axis
axis 1.4CVE-2007-2353schematool.jarWindowsCommonFiles.rar:ODBC/schematool.jar:com/ddtek/mongodb/externals/org/apache/axis
axis 1.4CVE-2014-3596schematool.jarWindowsCommonFiles.rar:ODBC/schematool.jar:com/ddtek/mongodb/externals/org/apache/axis
axis 1.4CVE-2012-5784schematool.jarWindowsCommonFiles.rar:ODBC/schematool.jar:com/ddtek/mongodb/externals/org/apache/axis
commons-httpclient 3.1CVE-2015-5262schematool.jarWindowsCommonFiles.rar:ODBC/schematool.jar:com/ddtek/mongodb/externals/org/apache/commons/httpclient
commons-httpclient 3.1CVE-2012-6153schematool.jarWindowsCommonFiles.rar:ODBC/schematool.jar:com/ddtek/mongodb/externals/org/apache/commons/httpclient
commons-httpclient 3.1CVE-2012-5783schematool.jarWindowsCommonFiles.rar:ODBC/schematool.jar:com/ddtek/mongodb/externals/org/apache/commons/httpclient
cxf2.4.33.3.0CVE-2018-8039schematool.jarWindowsCommonFiles.rar:ODBC/schematool.jar:com/ddtek/mongodb/externals/org/apache/cxf
cxf2.4.33.3.0CVE-2017-3156schematool.jarWindowsCommonFiles.rar:ODBC/schematool.jar:com/ddtek/mongodb/externals/org/apache/cxf
cxf2.4.33.3.0CVE-2016-8739schematool.jarWindowsCommonFiles.rar:ODBC/schematool.jar:com/ddtek/mongodb/externals/org/apache/cxf
cxf2.4.33.3.0CVE-2016-6812schematool.jarWindowsCommonFiles.rar:ODBC/schematool.jar:com/ddtek/mongodb/externals/org/apache/cxf
cxf2.4.33.3.0CVE-2015-5253schematool.jarWindowsCommonFiles.rar:ODBC/schematool.jar:com/ddtek/mongodb/externals/org/apache/cxf
cxf2.4.33.3.0CVE-2014-0110schematool.jarWindowsCommonFiles.rar:ODBC/schematool.jar:com/ddtek/mongodb/externals/org/apache/cxf
cxf2.4.33.3.0CVE-2014-0109schematool.jarWindowsCommonFiles.rar:ODBC/schematool.jar:com/ddtek/mongodb/externals/org/apache/cxf
cxf2.4.33.3.0CVE-2014-0035schematool.jarWindowsCommonFiles.rar:ODBC/schematool.jar:com/ddtek/mongodb/externals/org/apache/cxf
cxf2.4.33.3.0CVE-2014-0034schematool.jarWindowsCommonFiles.rar:ODBC/schematool.jar:com/ddtek/mongodb/externals/org/apache/cxf
cxf2.4.33.3.0CVE-2012-3451schematool.jarWindowsCommonFiles.rar:ODBC/schematool.jar:com/ddtek/mongodb/externals/org/apache/cxf
cxf2.4.33.3.0CVE-2014-3584schematool.jarWindowsCommonFiles.rar:ODBC/schematool.jar:com/ddtek/mongodb/externals/org/apache/cxf
cxf2.4.33.3.0CVE-2013-0239schematool.jarWindowsCommonFiles.rar:ODBC/schematool.jar:com/ddtek/mongodb/externals/org/apache/cxf
cxf2.4.33.3.0CVE-2012-5786schematool.jarWindowsCommonFiles.rar:ODBC/schematool.jar:com/ddtek/mongodb/externals/org/apache/cxf
cxf2.4.33.3.0CVE-2012-5633schematool.jarWindowsCommonFiles.rar:ODBC/schematool.jar:com/ddtek/mongodb/externals/org/apache/cxf
cxf2.4.33.3.0CVE-2012-2379schematool.jarWindowsCommonFiles.rar:ODBC/schematool.jar:com/ddtek/mongodb/externals/org/apache/cxf
jackson2.6.62.9.8CVE-2016-7051schematool.jarWindowsCommonFiles.rar:ODBC/schematool.jar:com
jackson-databind2.6.62.9.8CVE-2018-14721schematool.jarWindowsCommonFiles.rar:ODBC/schematool.jar:com/fasterxml/jackson/databind
jackson-databind2.6.62.9.8CVE-2018-7489schematool.jarWindowsCommonFiles.rar:ODBC/schematool.jar:com/fasterxml/jackson/databind
jackson-databind2.6.62.9.8CVE-2018-19362schematool.jarWindowsCommonFiles.rar:ODBC/schematool.jar:com/fasterxml/jackson/databind
jackson-databind2.6.62.9.8CVE-2018-19361schematool.jarWindowsCommonFiles.rar:ODBC/schematool.jar:com/fasterxml/jackson/databind
jackson-databind2.6.62.9.8CVE-2018-19360schematool.jarWindowsCommonFiles.rar:ODBC/schematool.jar:com/fasterxml/jackson/databind
jackson-databind2.6.62.9.8CVE-2018-14720schematool.jarWindowsCommonFiles.rar:ODBC/schematool.jar:com/fasterxml/jackson/databind
jackson-databind2.6.62.9.8CVE-2018-14719schematool.jarWindowsCommonFiles.rar:ODBC/schematool.jar:com/fasterxml/jackson/databind
jackson-databind2.6.62.9.8CVE-2018-14718schematool.jarWindowsCommonFiles.rar:ODBC/schematool.jar:com/fasterxml/jackson/databind
jackson-databind2.6.62.9.8CVE-2017-7525schematool.jarWindowsCommonFiles.rar:ODBC/schematool.jar:com/fasterxml/jackson/databind
jackson-databind2.6.62.9.8CVE-2017-17485schematool.jarWindowsCommonFiles.rar:ODBC/schematool.jar:com/fasterxml/jackson/databind
jackson-databind2.6.62.9.8CVE-2017-15095schematool.jarWindowsCommonFiles.rar:ODBC/schematool.jar:com/fasterxml/jackson/databind
jackson-databind2.6.62.9.8CVE-2018-5968schematool.jarWindowsCommonFiles.rar:ODBC/schematool.jar:com/fasterxml/jackson/databind
jackson-databind2.6.62.9.8CVE-2018-1000873schematool.jarWindowsCommonFiles.rar:ODBC/schematool.jar:com/fasterxml/jackson/databind
mysql-jdbc 8.0.15CVE-2017-3586schematool.jarWindowsCommonFiles.rar:ODBC/schematool.jar:com/ddtek/jdbc/oursql
mysql-jdbc 8.0.15CVE-2015-2575schematool.jarWindowsCommonFiles.rar:ODBC/schematool.jar:com/ddtek/jdbc/oursql
Steps to Reproduce
Clarifying Information
Error Message
Defect NumberDefect XDBC-13597
Enhancement Number
Cause
Original SchemaTool.jar (v6.0.2.63), that came with the customer's driver package, was misplaced with an older version of the Schematool.jar (6.0.2.56) which did not have the fixes for the above security vulnerablities
Resolution

Fixed in SchemaTool.jar (v6.0.2.63) which comes with the MongoDB ODBC driver package (v08.01.0194)

Workaround
Notes
Last Modified Date4/25/2019 4:44 PM
Files
Disclaimer The origins of the information on this site may be internal or external to Progress Software Corporation (“Progress”). Progress Software Corporation makes all reasonable efforts to verify this information. However, the information provided is for your information only. Progress Software Corporation makes no explicit or implied claims to the validity of this information.

Any sample code provided on this site is not supported under any Progress support program or service. The sample code is provided on an "AS IS" basis. Progress makes no warranties, express or implied, and disclaims all implied warranties including, without limitation, the implied warranties of merchantability or of fitness for a particular purpose. The entire risk arising out of the use or performance of the sample code is borne by the user. In no event shall Progress, its employees, or anyone else involved in the creation, production, or delivery of the code be liable for any damages whatsoever (including, without limitation, damages for loss of business profits, business interruption, loss of business information, or other pecuniary loss) arising out of the use of or inability to use the sample code, even if Progress has been advised of the possibility of such damages.


Copyright © 2022 Progress Software Corporation and/or its subsidiaries or affiliates.
All Rights Reserved.

Progress, Telerik, Ipswitch, Chef, Kemp, Flowmon and certain product names used herein are trademarks or registered trademarks of Progress Software Corporation and/or one of its subsidiaries or affiliates in the U.S. and/or other countries. See Trademarks for appropriate markings.

Terms of Use Privacy Center Security Center Trademarks License Agreements Code of Conduct Careers Offices
Do Not Sell My Personal Information