Vulnerabilites related to oracle - retail_sales_audit
Vulnerability from fkie_nvd
Published
2020-03-31 05:15
Modified
2024-11-21 04:56
Summary
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).
References
cve@mitre.orghttps://github.com/FasterXML/jackson-databind/issues/2664Patch, Third Party Advisory
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2020/04/msg00012.htmlMailing List, Third Party Advisory
cve@mitre.orghttps://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
cve@mitre.orghttps://security.netapp.com/advisory/ntap-20200403-0002/Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpujan2021.htmlPatch, Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpujul2020.htmlPatch, Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpuoct2020.htmlPatch, Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpuoct2021.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/FasterXML/jackson-databind/issues/2664Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2020/04/msg00012.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20200403-0002/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujan2021.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujul2020.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuoct2020.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuoct2021.htmlPatch, Third Party Advisory
Impacted products
Vendor Product Version
fasterxml jackson-databind *
debian debian_linux 8.0
netapp steelstore_cloud_integrated_storage -
oracle agile_plm 9.3.6
oracle autovue_for_agile_product_lifecycle_management 21.0.2
oracle banking_digital_experience 18.1
oracle banking_digital_experience 18.2
oracle banking_digital_experience 18.3
oracle banking_digital_experience 19.1
oracle banking_digital_experience 19.2
oracle banking_digital_experience 20.1
oracle banking_platform *
oracle communications_calendar_server 8.0.0.4.0
oracle communications_contacts_server 8.0.0.4.0
oracle communications_contacts_server 8.0.0.5.0
oracle communications_diameter_signaling_router *
oracle communications_element_manager *
oracle communications_evolved_communications_application_server 7.1
oracle communications_instant_messaging_server 10.0.1.4.0
oracle communications_network_charging_and_control *
oracle communications_network_charging_and_control 6.0.1
oracle communications_session_report_manager *
oracle communications_session_route_manager *
oracle enterprise_manager_base_platform 13.3.0.0
oracle enterprise_manager_base_platform 13.4.0.0
oracle global_lifecycle_management_opatch *
oracle jd_edwards_enterpriseone_orchestrator *
oracle jd_edwards_enterpriseone_tools *
oracle primavera_unifier *
oracle primavera_unifier 16.1
oracle primavera_unifier 16.2
oracle primavera_unifier 18.8
oracle primavera_unifier 19.12
oracle retail_merchandising_system 15.0
oracle retail_sales_audit 14.1
oracle retail_xstore_point_of_service 15.0
oracle retail_xstore_point_of_service 16.0
oracle retail_xstore_point_of_service 17.0
oracle retail_xstore_point_of_service 18.0
oracle retail_xstore_point_of_service 19.0
oracle weblogic_server 12.2.1.3.0
oracle weblogic_server 12.2.1.4.0



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "77F8EDB1-5890-4054-84FF-2034C7D2ED96",
                     versionEndExcluding: "2.9.10.4",
                     versionStartIncluding: "2.9.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "C650FEDB-E903-4C2D-AD40-282AB5F2E3C2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "97994257-C9A4-4491-B362-E8B25B7187AB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "BBE7BF09-B89C-4590-821E-6C0587E096B5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "ADAE8A71-0BCD-42D5-B38C-9B2A27CC1E6B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "E7231D2D-4092-44F3-B60A-D7C9ED78AFDF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "F7BDFC10-45A0-46D8-AB92-4A5E2C1C76ED",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "18127694-109C-4E7E-AE79-0BA351849291",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "33F68878-BC19-4DB8-8A72-BD9FE3D0ACEC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "5343F8F8-E8B4-49E9-A304-9C8A608B8027",
                     versionEndIncluding: "2.9.0",
                     versionStartIncluding: "2.4.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "46059231-E7F6-4402-8119-1C7FE4ABEA96",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_contacts_server:8.0.0.4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "113E281E-977E-4195-B131-B7C7A2933B6E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_contacts_server:8.0.0.5.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "D01A0BBC-DA0E-4AFE-83BF-4F3BA01653EC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "526E2FE5-263F-416F-8628-6CD40B865780",
                     versionEndIncluding: "8.2.2",
                     versionStartIncluding: "8.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "B51F78F4-8D7E-48C2-86D1-D53A6EB348A7",
                     versionEndIncluding: "8.2.2",
                     versionStartIncluding: "8.2.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "987811D5-DA5E-493D-8709-F9231A84E5F9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "0DB23B9A-571E-4B77-B432-23F3DC9B67D1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "2AB443D1-D8E0-4253-9E1C-B62AEBBE582A",
                     versionEndIncluding: "12.0.3",
                     versionStartIncluding: "12.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "ECC00750-1DBF-401F-886E-E0E65A277409",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "3E5416A1-EE58-415D-9645-B6A875EBAED2",
                     versionEndIncluding: "8.2.2",
                     versionStartIncluding: "8.2.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "11B0C37E-D7C7-45F2-A8D8-5A3B1B191430",
                     versionEndIncluding: "8.2.2",
                     versionStartIncluding: "8.2.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "7582B307-3899-4BBB-B868-BC912A4D0109",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "D26F3E23-F1A9-45E7-9E5F-0C0A24EE3783",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "A8200D5C-D3C7-4936-84A7-37864DEEC62B",
                     versionEndExcluding: "12.2.0.1.20",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "6E46AE88-E9F8-41CB-B15F-12F5127A1E8D",
                     versionEndExcluding: "9.2.4.2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "A3D635AE-5E4A-47FB-9FCA-D82D52A61367",
                     versionEndExcluding: "9.2.4.2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "08FA59A8-6A62-4B33-8952-D6E658F8DAC9",
                     versionEndIncluding: "17.12",
                     versionStartIncluding: "17.7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "D55A54FD-7DD1-49CD-BE81-0BE73990943C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "82EB08C0-2D46-4635-88DF-E54F6452D3A3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "202AD518-2E9B-4062-B063-9858AE1F9CE2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*",
                     matchCriteriaId: "10864586-270E-4ACF-BDCC-ECFCD299305F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "792DF04A-2D1B-40B5-B960-3E7152732EB8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "7DA6E92C-AC3B-40CF-96AE-22CD8769886F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "11DA6839-849D-4CEF-85F3-38FE75E07183",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "BCE78490-A4BE-40BD-8C72-0A4526BBD4A4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "55AE3629-4A66-49E4-A33D-6D81CC94962F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "4CB39A1A-AD29-45DD-9EB5-5E2053A01B9A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "27C26705-6D1F-4D5E-B64D-B479108154FF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F14A818F-AA16-4438-A3E4-E64C9287AC66",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).",
      },
      {
         lang: "es",
         value: "FasterXML jackson-databind versiones 2.x anteriores a 2.9.10.4, maneja inapropiadamente la interacción entre los gadgets de serialización y la escritura, relacionado con org.apache.activemq.* (también se conoce como activemq-jms, activemq-core, activemq-pool, y activemq-pool-jms).",
      },
   ],
   id: "CVE-2020-11111",
   lastModified: "2024-11-21T04:56:48.703",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 6.8,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 5.9,
            source: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
            type: "Secondary",
         },
      ],
   },
   published: "2020-03-31T05:15:13.007",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/FasterXML/jackson-databind/issues/2664",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html",
      },
      {
         source: "cve@mitre.org",
         url: "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20200403-0002/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpujan2021.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpujul2020.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpuoct2020.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpuoct2021.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/FasterXML/jackson-databind/issues/2664",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20200403-0002/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpujan2021.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpujul2020.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpuoct2020.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpuoct2021.html",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-502",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-502",
            },
         ],
         source: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
         type: "Secondary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2019-10-01 17:15
Modified
2024-11-21 04:31
Severity ?
Summary
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.
References
cve@mitre.orghttps://access.redhat.com/errata/RHSA-2020:0159Third Party Advisory
cve@mitre.orghttps://access.redhat.com/errata/RHSA-2020:0160Third Party Advisory
cve@mitre.orghttps://access.redhat.com/errata/RHSA-2020:0161Third Party Advisory
cve@mitre.orghttps://access.redhat.com/errata/RHSA-2020:0164Third Party Advisory
cve@mitre.orghttps://access.redhat.com/errata/RHSA-2020:0445Third Party Advisory
cve@mitre.orghttps://github.com/FasterXML/jackson-databind/issues/2478Patch, Third Party Advisory
cve@mitre.orghttps://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/5ec8d8d485c2c8ac55ea425f4cd96596ef37312532712639712ebcdd%40%3Ccommits.iceberg.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/6788e4c991f75b89d290ad06b463fcd30bcae99fee610345a35b7bc6%40%3Cissues.iceberg.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/r392099ed2757ff2e383b10440594e914d080511d7da1c8fed0612c1f%40%3Ccommits.druid.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2019/10/msg00001.htmlMailing List, Third Party Advisory
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q7CANA7KV53JROZDX5Z5P26UG5VN2K43/
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TH5VFUN4P7CCIP7KSEXYA5MUTFCUDUJT/
cve@mitre.orghttps://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
cve@mitre.orghttps://seclists.org/bugtraq/2019/Oct/6Issue Tracking, Mailing List, Third Party Advisory
cve@mitre.orghttps://security.netapp.com/advisory/ntap-20191017-0006/Third Party Advisory
cve@mitre.orghttps://www.debian.org/security/2019/dsa-4542Mailing List, Third Party Advisory
cve@mitre.orghttps://www.oracle.com//security-alerts/cpujul2021.htmlPatch, Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpuapr2020.htmlThird Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpujan2020.htmlThird Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpujul2020.htmlThird Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpuoct2020.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2020:0159Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2020:0160Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2020:0161Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2020:0164Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2020:0445Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/FasterXML/jackson-databind/issues/2478Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/5ec8d8d485c2c8ac55ea425f4cd96596ef37312532712639712ebcdd%40%3Ccommits.iceberg.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/6788e4c991f75b89d290ad06b463fcd30bcae99fee610345a35b7bc6%40%3Cissues.iceberg.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r392099ed2757ff2e383b10440594e914d080511d7da1c8fed0612c1f%40%3Ccommits.druid.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2019/10/msg00001.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q7CANA7KV53JROZDX5Z5P26UG5VN2K43/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TH5VFUN4P7CCIP7KSEXYA5MUTFCUDUJT/
af854a3a-2127-422b-91ae-364da2661108https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
af854a3a-2127-422b-91ae-364da2661108https://seclists.org/bugtraq/2019/Oct/6Issue Tracking, Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20191017-0006/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2019/dsa-4542Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com//security-alerts/cpujul2021.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuapr2020.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujan2020.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujul2020.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuoct2020.htmlPatch, Third Party Advisory
Impacted products
Vendor Product Version
fasterxml jackson-databind *
fasterxml jackson-databind *
fasterxml jackson-databind *
debian debian_linux 8.0
debian debian_linux 9.0
debian debian_linux 10.0
fedoraproject fedora 30
fedoraproject fedora 31
redhat jboss_enterprise_application_platform 7.2
redhat jboss_enterprise_application_platform 7.3
redhat enterprise_linux_server 6.0
redhat enterprise_linux_server 7.0
redhat jboss_enterprise_application_platform 7.2
redhat jboss_enterprise_application_platform 7.3
redhat enterprise_linux_server 8.0
oracle banking_platform 2.4.0
oracle banking_platform 2.4.1
oracle banking_platform 2.5.0
oracle banking_platform 2.6.0
oracle banking_platform 2.6.1
oracle banking_platform 2.6.2
oracle banking_platform 2.7.0
oracle banking_platform 2.7.1
oracle banking_platform 2.9.0
oracle communications_billing_and_revenue_management 7.5.0.23.0
oracle communications_billing_and_revenue_management 12.0.0.3.0
oracle communications_calendar_server 8.0.0.2.0
oracle communications_calendar_server 8.0.0.3.0
oracle communications_cloud_native_core_network_slice_selection_function 1.2.1
oracle communications_evolved_communications_application_server 7.1
oracle global_lifecycle_management_nextgen_oui_framework 12.2.1.3.0
oracle global_lifecycle_management_nextgen_oui_framework 12.2.1.4.0
oracle global_lifecycle_management_nextgen_oui_framework 13.9.4.2.2
oracle goldengate_application_adapters 19.1.0.0.0
oracle jd_edwards_enterpriseone_orchestrator 9.2
oracle jd_edwards_enterpriseone_tools 9.2
oracle primavera_gateway *
oracle primavera_gateway *
oracle primavera_gateway 16.1
oracle primavera_gateway 16.2
oracle primavera_gateway 19.12.0
oracle retail_merchandising_system 15.0.3
oracle retail_merchandising_system 16.0.2
oracle retail_merchandising_system 16.0.3
oracle retail_sales_audit 14.1
oracle siebel_engineering_-_installer_\&_deployment *
oracle trace_file_analyzer 12.2.0.1
oracle trace_file_analyzer 18c
oracle trace_file_analyzer 19c
oracle webcenter_portal 12.2.1.3.0
oracle webcenter_portal 12.2.1.4.0
oracle webcenter_sites 12.2.1.3.0
oracle webcenter_sites 12.2.1.4.0
oracle weblogic_server 12.2.1.3.0
oracle weblogic_server 12.2.1.4.0
netapp active_iq_unified_manager *
netapp active_iq_unified_manager *
netapp active_iq_unified_manager *
netapp oncommand_api_services -
netapp oncommand_workflow_automation -
netapp service_level_manager -
netapp steelstore_cloud_integrated_storage -



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "7036DA13-110D-40B3-8494-E361BBF4AFCD",
                     versionEndExcluding: "2.6.7.3",
                     versionStartIncluding: "2.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "5F83B193-74CF-459A-8055-AE0F033D5BCB",
                     versionEndExcluding: "2.8.11.5",
                     versionStartIncluding: "2.7.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "18324CA7-89A0-4212-B603-E9C3DD998219",
                     versionEndExcluding: "2.9.10.1",
                     versionStartIncluding: "2.9.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
                     matchCriteriaId: "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
                     matchCriteriaId: "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "0C3AA5CE-9ACB-4E96-A4C1-50A662D641FB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "B4911A72-5FAE-47C5-A141-2E3CA8E1CCAB",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "9BBCD86A-E6C7-4444-9D74-F861084090F0",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "51EF4996-72F4-4FA4-814F-F5991E7A8318",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "0C3AA5CE-9ACB-4E96-A4C1-50A662D641FB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "B4911A72-5FAE-47C5-A141-2E3CA8E1CCAB",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server:8.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "B0FEFCDD-A212-4525-B449-2C4A00A0D2E9",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:oracle:banking_platform:2.4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "C2BEE49E-A5AA-42D3-B422-460454505480",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:banking_platform:2.4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "F4FF66F7-10C8-4A1C-910A-EF7D12A4284C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:banking_platform:2.5.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "35AD0C07-9688-4397-8D45-FBB88C0F0C11",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:banking_platform:2.6.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "8972497F-6E24-45A9-9A18-EB0E842CB1D4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:banking_platform:2.6.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "400509A8-D6F2-432C-A2F1-AD5B8778D0D9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "132CE62A-FBFC-4001-81EC-35D81F73AF48",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:banking_platform:2.7.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "282150FF-C945-4A3E-8A80-E8757A8907EA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:banking_platform:2.7.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "645AA3D1-C8B5-4CD2-8ACE-31541FA267F0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:banking_platform:2.9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "AB9FC9AB-1070-420F-870E-A5EC43A924A4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "790A89FD-6B86-49AE-9B4F-AE7262915E13",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "E39D442D-1997-49AF-8B02-5640BE2A26CC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "559579F1-3975-45C5-9F62-2F0A5AF13E84",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "50882F8D-9740-4CC0-B2C6-CCE4F6D90C7C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.2.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "ADE6EF8F-1F05-429B-A916-76FDB20CEB81",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "987811D5-DA5E-493D-8709-F9231A84E5F9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:global_lifecycle_management_nextgen_oui_framework:12.2.1.3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "08A37FE9-B626-48C3-8FE0-D4F1A559E0B8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:global_lifecycle_management_nextgen_oui_framework:12.2.1.4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "6495B29F-3DA2-4628-9CC0-39617871F3AD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:global_lifecycle_management_nextgen_oui_framework:13.9.4.2.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "5A6FFB5C-EB44-499F-BE81-24ED2B1F201A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:goldengate_application_adapters:19.1.0.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "E7BE0590-31BD-4FCD-B50E-A5F86196F99E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:9.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "989598A3-7012-4F57-B172-02404E20D16D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "41684398-18A4-4DC6-B8A2-3EBAA0CBF9A6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "3C209FAC-B7DE-42DC-AC9C-BD3ADA44D0B7",
                     versionEndIncluding: "17.12.6",
                     versionStartIncluding: "17.7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "597495A7-FE17-4B31-804D-B28C2B872B4D",
                     versionEndIncluding: "18.8.8",
                     versionStartIncluding: "18.8.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:primavera_gateway:16.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "DADAD14D-4836-4C74-A474-B8A044EED2EB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:primavera_gateway:16.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "0513B305-97EF-4609-A82E-D0CDFF9925BA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:primavera_gateway:19.12.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "B201A85E-1310-46B8-8A3B-FF7675F84E09",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_merchandising_system:15.0.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "E7C9BB48-50B2-4735-9E2F-E492C708C36D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_merchandising_system:16.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "4A848888-0A4A-4B6D-8176-9A2685B37AC2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_merchandising_system:16.0.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "F8383028-B719-41FD-9B6A-71F8EB4C5F8D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "7DA6E92C-AC3B-40CF-96AE-22CD8769886F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:siebel_engineering_-_installer_\\&_deployment:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "A83C7FAE-9848-427E-88F8-BFA24134A84B",
                     versionEndIncluding: "2.20.5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:trace_file_analyzer:12.2.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "EDB52969-7705-47CF-BD55-5632C56A7FD1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:trace_file_analyzer:18c:*:*:*:*:*:*:*",
                     matchCriteriaId: "67107890-A521-47E7-BC10-00635C85BEC4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:trace_file_analyzer:19c:*:*:*:*:*:*:*",
                     matchCriteriaId: "9B3C1811-E651-4975-A1AE-BCE3377D51A0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "D6A4F71A-4269-40FC-8F61-1D1301F2B728",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "5A502118-5B2B-47AE-82EC-1999BD841103",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:webcenter_sites:12.2.1.3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "D551CAB1-4312-44AA-BDA8-A030817E153A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:webcenter_sites:12.2.1.4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "174A6D2E-E42E-4C92-A194-C6A820CD7EF4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F14A818F-AA16-4438-A3E4-E64C9287AC66",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:linux:*:*",
                     matchCriteriaId: "9FBC1BD0-FF12-4691-8751-5F245D991989",
                     versionStartIncluding: "7.3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*",
                     matchCriteriaId: "BD075607-09B7-493E-8611-66D041FFDA62",
                     versionStartIncluding: "7.3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*",
                     matchCriteriaId: "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB",
                     versionStartIncluding: "9.5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:oncommand_api_services:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5EC98B22-FFAA-4B59-8E63-EBAA4336AD13",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5735E553-9731-4AAC-BCFF-989377F817B3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:service_level_manager:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "7081652A-D28B-494E-94EF-CA88117F23EE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.",
      },
      {
         lang: "es",
         value: "Se descubrió un problema de escritura polimórfica en FasterXML jackson-databind versiones 2.0.0 hasta 2.9.10. Cuando la Escritura Predeterminada está habilitada (globalmente o para una propiedad específica) para un end point JSON expuesto externamente y el servicio posee el jar p6spy (versión 3.8.6) en el classpath, y un atacante puede encontrar un end point del servicio RMI para acceder, es posible lograr que el servicio ejecute una carga maliciosa. Este problema se presenta debido al manejo inapropiado de com.p6spy.engine.spy.P6DataSource.",
      },
   ],
   id: "CVE-2019-16943",
   lastModified: "2024-11-21T04:31:23.737",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 6.8,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 9.8,
               baseSeverity: "CRITICAL",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2019-10-01T17:15:10.400",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2020:0159",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2020:0160",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2020:0161",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2020:0164",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2020:0445",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/FasterXML/jackson-databind/issues/2478",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.apache.org/thread.html/5ec8d8d485c2c8ac55ea425f4cd96596ef37312532712639712ebcdd%40%3Ccommits.iceberg.apache.org%3E",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.apache.org/thread.html/6788e4c991f75b89d290ad06b463fcd30bcae99fee610345a35b7bc6%40%3Cissues.iceberg.apache.org%3E",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.apache.org/thread.html/r392099ed2757ff2e383b10440594e914d080511d7da1c8fed0612c1f%40%3Ccommits.druid.apache.org%3E",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2019/10/msg00001.html",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q7CANA7KV53JROZDX5Z5P26UG5VN2K43/",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TH5VFUN4P7CCIP7KSEXYA5MUTFCUDUJT/",
      },
      {
         source: "cve@mitre.org",
         url: "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Issue Tracking",
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://seclists.org/bugtraq/2019/Oct/6",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20191017-0006/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2019/dsa-4542",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com//security-alerts/cpujul2021.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpuapr2020.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpujan2020.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpujul2020.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpuoct2020.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2020:0159",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2020:0160",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2020:0161",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2020:0164",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2020:0445",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/FasterXML/jackson-databind/issues/2478",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.apache.org/thread.html/5ec8d8d485c2c8ac55ea425f4cd96596ef37312532712639712ebcdd%40%3Ccommits.iceberg.apache.org%3E",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.apache.org/thread.html/6788e4c991f75b89d290ad06b463fcd30bcae99fee610345a35b7bc6%40%3Cissues.iceberg.apache.org%3E",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.apache.org/thread.html/r392099ed2757ff2e383b10440594e914d080511d7da1c8fed0612c1f%40%3Ccommits.druid.apache.org%3E",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2019/10/msg00001.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q7CANA7KV53JROZDX5Z5P26UG5VN2K43/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TH5VFUN4P7CCIP7KSEXYA5MUTFCUDUJT/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://seclists.org/bugtraq/2019/Oct/6",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20191017-0006/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2019/dsa-4542",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com//security-alerts/cpujul2021.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpuapr2020.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpujan2020.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpujul2020.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpuoct2020.html",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-502",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2019-10-12 21:15
Modified
2024-11-21 04:32
Severity ?
Summary
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload.
References
cve@mitre.orghttps://access.redhat.com/errata/RHSA-2019:4192Third Party Advisory
cve@mitre.orghttps://access.redhat.com/errata/RHSA-2020:0159Third Party Advisory
cve@mitre.orghttps://access.redhat.com/errata/RHSA-2020:0160Third Party Advisory
cve@mitre.orghttps://access.redhat.com/errata/RHSA-2020:0161Third Party Advisory
cve@mitre.orghttps://access.redhat.com/errata/RHSA-2020:0164Third Party Advisory
cve@mitre.orghttps://access.redhat.com/errata/RHSA-2020:0445Third Party Advisory
cve@mitre.orghttps://github.com/FasterXML/jackson-databind/issues/2498Patch, Third Party Advisory
cve@mitre.orghttps://lists.apache.org/thread.html/b3c90d38f99db546de60fea65f99a924d540fae2285f014b79606ca5%40%3Ccommits.pulsar.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/r392099ed2757ff2e383b10440594e914d080511d7da1c8fed0612c1f%40%3Ccommits.druid.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2019/12/msg00013.htmlMailing List, Third Party Advisory
cve@mitre.orghttps://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
cve@mitre.orghttps://security.netapp.com/advisory/ntap-20191024-0005/Third Party Advisory
cve@mitre.orghttps://www.oracle.com//security-alerts/cpujul2021.htmlPatch, Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpuapr2020.htmlThird Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpujan2020.htmlThird Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpujul2020.htmlThird Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpuoct2020.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2019:4192Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2020:0159Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2020:0160Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2020:0161Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2020:0164Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2020:0445Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/FasterXML/jackson-databind/issues/2498Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/b3c90d38f99db546de60fea65f99a924d540fae2285f014b79606ca5%40%3Ccommits.pulsar.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r392099ed2757ff2e383b10440594e914d080511d7da1c8fed0612c1f%40%3Ccommits.druid.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2019/12/msg00013.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20191024-0005/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com//security-alerts/cpujul2021.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuapr2020.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujan2020.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujul2020.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuoct2020.htmlPatch, Third Party Advisory
Impacted products
Vendor Product Version
fasterxml jackson-databind *
fasterxml jackson-databind *
fasterxml jackson-databind *
debian debian_linux 8.0
redhat jboss_enterprise_application_platform 7.2
redhat jboss_enterprise_application_platform 7.3
redhat enterprise_linux_server 6.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server 8.0
oracle banking_platform 2.4.0
oracle banking_platform 2.4.1
oracle banking_platform 2.5.0
oracle banking_platform 2.6.0
oracle banking_platform 2.6.1
oracle banking_platform 2.6.2
oracle banking_platform 2.7.0
oracle banking_platform 2.7.1
oracle banking_platform 2.9.0
oracle communications_billing_and_revenue_management 7.5.0.23.0
oracle communications_billing_and_revenue_management 12.0.0.3.0
oracle communications_calendar_server 8.0.0.2.0
oracle communications_calendar_server 8.0.0.3.0
oracle communications_cloud_native_core_network_slice_selection_function 1.2.1
oracle communications_evolved_communications_application_server 7.1
oracle global_lifecycle_management_nextgen_oui_framework 12.2.1.3.0
oracle global_lifecycle_management_nextgen_oui_framework 12.2.1.4.0
oracle global_lifecycle_management_nextgen_oui_framework 13.9.4.2.2
oracle goldengate_application_adapters 19.1.0.0.0
oracle jd_edwards_enterpriseone_orchestrator 9.2
oracle jd_edwards_enterpriseone_tools 9.2
oracle primavera_gateway *
oracle primavera_gateway *
oracle primavera_gateway 16.1
oracle primavera_gateway 16.2
oracle primavera_gateway 19.12.0
oracle retail_merchandising_system 15.0.3
oracle retail_merchandising_system 16.0.2
oracle retail_merchandising_system 16.0.3
oracle retail_sales_audit 14.1
oracle siebel_engineering_-_installer_\&_deployment *
oracle trace_file_analyzer 12.2.0.1
oracle trace_file_analyzer 18c
oracle trace_file_analyzer 19c
oracle webcenter_portal 12.2.1.3.0
oracle webcenter_portal 12.2.1.4.0
oracle webcenter_sites 12.2.1.3.0
oracle webcenter_sites 12.2.1.4.0
oracle weblogic_server 12.2.1.3.0
oracle weblogic_server 12.2.1.4.0
netapp oncommand_workflow_automation -
netapp steelstore_cloud_integrated_storage -



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "7036DA13-110D-40B3-8494-E361BBF4AFCD",
                     versionEndExcluding: "2.6.7.3",
                     versionStartIncluding: "2.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "5F83B193-74CF-459A-8055-AE0F033D5BCB",
                     versionEndExcluding: "2.8.11.5",
                     versionStartIncluding: "2.7.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "18324CA7-89A0-4212-B603-E9C3DD998219",
                     versionEndExcluding: "2.9.10.1",
                     versionStartIncluding: "2.9.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "0C3AA5CE-9ACB-4E96-A4C1-50A662D641FB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "B4911A72-5FAE-47C5-A141-2E3CA8E1CCAB",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "9BBCD86A-E6C7-4444-9D74-F861084090F0",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "51EF4996-72F4-4FA4-814F-F5991E7A8318",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server:8.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "B0FEFCDD-A212-4525-B449-2C4A00A0D2E9",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:oracle:banking_platform:2.4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "C2BEE49E-A5AA-42D3-B422-460454505480",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:banking_platform:2.4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "F4FF66F7-10C8-4A1C-910A-EF7D12A4284C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:banking_platform:2.5.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "35AD0C07-9688-4397-8D45-FBB88C0F0C11",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:banking_platform:2.6.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "8972497F-6E24-45A9-9A18-EB0E842CB1D4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:banking_platform:2.6.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "400509A8-D6F2-432C-A2F1-AD5B8778D0D9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "132CE62A-FBFC-4001-81EC-35D81F73AF48",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:banking_platform:2.7.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "282150FF-C945-4A3E-8A80-E8757A8907EA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:banking_platform:2.7.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "645AA3D1-C8B5-4CD2-8ACE-31541FA267F0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:banking_platform:2.9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "AB9FC9AB-1070-420F-870E-A5EC43A924A4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "790A89FD-6B86-49AE-9B4F-AE7262915E13",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "E39D442D-1997-49AF-8B02-5640BE2A26CC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "559579F1-3975-45C5-9F62-2F0A5AF13E84",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "50882F8D-9740-4CC0-B2C6-CCE4F6D90C7C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.2.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "ADE6EF8F-1F05-429B-A916-76FDB20CEB81",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "987811D5-DA5E-493D-8709-F9231A84E5F9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:global_lifecycle_management_nextgen_oui_framework:12.2.1.3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "08A37FE9-B626-48C3-8FE0-D4F1A559E0B8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:global_lifecycle_management_nextgen_oui_framework:12.2.1.4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "6495B29F-3DA2-4628-9CC0-39617871F3AD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:global_lifecycle_management_nextgen_oui_framework:13.9.4.2.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "5A6FFB5C-EB44-499F-BE81-24ED2B1F201A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:goldengate_application_adapters:19.1.0.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "E7BE0590-31BD-4FCD-B50E-A5F86196F99E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:9.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "989598A3-7012-4F57-B172-02404E20D16D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "41684398-18A4-4DC6-B8A2-3EBAA0CBF9A6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "3C209FAC-B7DE-42DC-AC9C-BD3ADA44D0B7",
                     versionEndIncluding: "17.12.6",
                     versionStartIncluding: "17.7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "597495A7-FE17-4B31-804D-B28C2B872B4D",
                     versionEndIncluding: "18.8.8",
                     versionStartIncluding: "18.8.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:primavera_gateway:16.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "DADAD14D-4836-4C74-A474-B8A044EED2EB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:primavera_gateway:16.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "0513B305-97EF-4609-A82E-D0CDFF9925BA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:primavera_gateway:19.12.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "B201A85E-1310-46B8-8A3B-FF7675F84E09",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_merchandising_system:15.0.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "E7C9BB48-50B2-4735-9E2F-E492C708C36D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_merchandising_system:16.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "4A848888-0A4A-4B6D-8176-9A2685B37AC2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_merchandising_system:16.0.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "F8383028-B719-41FD-9B6A-71F8EB4C5F8D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "7DA6E92C-AC3B-40CF-96AE-22CD8769886F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:siebel_engineering_-_installer_\\&_deployment:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "A83C7FAE-9848-427E-88F8-BFA24134A84B",
                     versionEndIncluding: "2.20.5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:trace_file_analyzer:12.2.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "EDB52969-7705-47CF-BD55-5632C56A7FD1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:trace_file_analyzer:18c:*:*:*:*:*:*:*",
                     matchCriteriaId: "67107890-A521-47E7-BC10-00635C85BEC4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:trace_file_analyzer:19c:*:*:*:*:*:*:*",
                     matchCriteriaId: "9B3C1811-E651-4975-A1AE-BCE3377D51A0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "D6A4F71A-4269-40FC-8F61-1D1301F2B728",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "5A502118-5B2B-47AE-82EC-1999BD841103",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:webcenter_sites:12.2.1.3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "D551CAB1-4312-44AA-BDA8-A030817E153A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:webcenter_sites:12.2.1.4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "174A6D2E-E42E-4C92-A194-C6A820CD7EF4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F14A818F-AA16-4438-A3E4-E64C9287AC66",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5735E553-9731-4AAC-BCFF-989377F817B3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload.",
      },
      {
         lang: "es",
         value: "Se detectó un problema de escritura polimórfica en FasterXML jackson-databind versiones 2.0.0 hasta 2.9.10. Cuando Default Typing está habilitado (globalmente o para una propiedad específica) para un endpoint JSON expuesto externamente y el servicio presenta el jar apache-log4j-extra (versión 1.2.x) en el classpath, y un atacante puede proveer un servicio JNDI para acceder, es posible hacer que el servicio ejecute una carga útil maliciosa.",
      },
   ],
   id: "CVE-2019-17531",
   lastModified: "2024-11-21T04:32:27.613",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 6.8,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 9.8,
               baseSeverity: "CRITICAL",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2019-10-12T21:15:08.570",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2019:4192",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2020:0159",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2020:0160",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2020:0161",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2020:0164",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2020:0445",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/FasterXML/jackson-databind/issues/2498",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.apache.org/thread.html/b3c90d38f99db546de60fea65f99a924d540fae2285f014b79606ca5%40%3Ccommits.pulsar.apache.org%3E",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.apache.org/thread.html/r392099ed2757ff2e383b10440594e914d080511d7da1c8fed0612c1f%40%3Ccommits.druid.apache.org%3E",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2019/12/msg00013.html",
      },
      {
         source: "cve@mitre.org",
         url: "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20191024-0005/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com//security-alerts/cpujul2021.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpuapr2020.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpujan2020.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpujul2020.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpuoct2020.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2019:4192",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2020:0159",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2020:0160",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2020:0161",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2020:0164",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2020:0445",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/FasterXML/jackson-databind/issues/2498",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.apache.org/thread.html/b3c90d38f99db546de60fea65f99a924d540fae2285f014b79606ca5%40%3Ccommits.pulsar.apache.org%3E",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.apache.org/thread.html/r392099ed2757ff2e383b10440594e914d080511d7da1c8fed0612c1f%40%3Ccommits.druid.apache.org%3E",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2019/12/msg00013.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20191024-0005/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com//security-alerts/cpujul2021.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpuapr2020.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpujan2020.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpujul2020.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpuoct2020.html",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-502",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2020-01-03 04:15
Modified
2024-11-21 04:38
Severity ?
Summary
FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.ehcache blocking.
References
cve@mitre.orghttps://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.10.1...jackson-databind-2.9.10.2Patch, Third Party Advisory
cve@mitre.orghttps://github.com/FasterXML/jackson-databind/issues/2526Patch, Third Party Advisory
cve@mitre.orghttps://lists.apache.org/thread.html/r107c8737db39ec9ec4f4e7147b249e29be79170b9ef4b80528105a2d%40%3Cdev.zookeeper.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/r2c77dd6ab8344285bd8e481b57cf3029965a4b0036eefccef74cdd44%40%3Cnotifications.zookeeper.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/r392099ed2757ff2e383b10440594e914d080511d7da1c8fed0612c1f%40%3Ccommits.druid.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/r3f8180d0d25a7c6473ebb9714b0c1d19a73f455ae70d0c5fefc17e6c%40%3Cissues.zookeeper.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/r428735963bee7cb99877b88d3228e28ec28af64646455c4f3e7a3c94%40%3Cissues.zookeeper.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/r50f513772f12e1babf65c7c2b9c16425bac2d945351879e2e267517f%40%3Cissues.zookeeper.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/r5c14fdcabdeaba258857bcb67198652e4dce1d33ddc590cd81d82393%40%3Cdev.zookeeper.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/r5c3644c97f0434d1ceb48ff48897a67bdbf3baf7efbe7d04625425b3%40%3Ccommits.druid.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/r5d3d10fdf28110da3f9ac1b7d08d7e252f98d7d37ce0a6bd139a2e4f%40%3Cissues.zookeeper.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/r67f4d4c48197454b83d62afbed8bebbda3764e6e3a6e26a848961764%40%3Ccommits.zookeeper.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/r707d23bb9ee245f50aa909add0da6e8d8f24719b1278ddd99d2428b2%40%3Cissues.zookeeper.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/r7a0821b44247a1e6c6fe5f2943b90ebc4f80a8d1fb0aa9a8b29a59a2%40%3Ccommits.zookeeper.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/r7fb123e7dad49af5886cfec7135c0fd5b74e4c67af029e1dc91ba744%40%3Ccommits.druid.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/r8831b7fa5ca87a1cf23ee08d6dedb7877a964c1d2bd869af24056a63%40%3Ccommits.zookeeper.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/r909c822409a276ba04dc2ae31179b16f6864ba02c4f9911bdffebf95%40%3Cissues.zookeeper.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/ra2e572f568de8df5ba151e6aebb225a0629faaf0476bf7c7ed877af8%40%3Cnotifications.zookeeper.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/ra5ce96faec37c26b0aa15b4b6a8b1cbb145a748653e56ae83e9685d0%40%3Cnotifications.zookeeper.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/ra8a80dbc7319916946397823aec0d893d24713cbf7b5aee0e957298c%40%3Cdev.zookeeper.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/rb532fed78d031fff477fd840b81946f6d1200f93a63698dae65aa528%40%3Ccommits.druid.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/rd1f346227e11fc515914f3a7b20d81543e51e5822ba71baa0452634a%40%3Cissues.zookeeper.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/rd49cfa41bbb71ef33b53736a6af2aa8ba88c2106e30f2a34902a87d2%40%3Cnotifications.zookeeper.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/rd6c6fef14944f3dcfb58d35f9317eb1c32a700e86c1b5231e45d3d0b%40%3Ccommits.druid.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/rfa57d9c2a27d3af14c69607fb1a3da00e758b2092aa88eb6a51b6e99%40%3Cissues.zookeeper.apache.org%3E
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2020/02/msg00020.htmlMailing List, Third Party Advisory
cve@mitre.orghttps://security.netapp.com/advisory/ntap-20200127-0004/Third Party Advisory
cve@mitre.orghttps://www.oracle.com//security-alerts/cpujul2021.htmlPatch, Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpuapr2020.htmlThird Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpujul2020.htmlThird Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpuoct2020.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.10.1...jackson-databind-2.9.10.2Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/FasterXML/jackson-databind/issues/2526Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r107c8737db39ec9ec4f4e7147b249e29be79170b9ef4b80528105a2d%40%3Cdev.zookeeper.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r2c77dd6ab8344285bd8e481b57cf3029965a4b0036eefccef74cdd44%40%3Cnotifications.zookeeper.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r392099ed2757ff2e383b10440594e914d080511d7da1c8fed0612c1f%40%3Ccommits.druid.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r3f8180d0d25a7c6473ebb9714b0c1d19a73f455ae70d0c5fefc17e6c%40%3Cissues.zookeeper.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r428735963bee7cb99877b88d3228e28ec28af64646455c4f3e7a3c94%40%3Cissues.zookeeper.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r50f513772f12e1babf65c7c2b9c16425bac2d945351879e2e267517f%40%3Cissues.zookeeper.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r5c14fdcabdeaba258857bcb67198652e4dce1d33ddc590cd81d82393%40%3Cdev.zookeeper.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r5c3644c97f0434d1ceb48ff48897a67bdbf3baf7efbe7d04625425b3%40%3Ccommits.druid.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r5d3d10fdf28110da3f9ac1b7d08d7e252f98d7d37ce0a6bd139a2e4f%40%3Cissues.zookeeper.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r67f4d4c48197454b83d62afbed8bebbda3764e6e3a6e26a848961764%40%3Ccommits.zookeeper.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r707d23bb9ee245f50aa909add0da6e8d8f24719b1278ddd99d2428b2%40%3Cissues.zookeeper.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r7a0821b44247a1e6c6fe5f2943b90ebc4f80a8d1fb0aa9a8b29a59a2%40%3Ccommits.zookeeper.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r7fb123e7dad49af5886cfec7135c0fd5b74e4c67af029e1dc91ba744%40%3Ccommits.druid.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r8831b7fa5ca87a1cf23ee08d6dedb7877a964c1d2bd869af24056a63%40%3Ccommits.zookeeper.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r909c822409a276ba04dc2ae31179b16f6864ba02c4f9911bdffebf95%40%3Cissues.zookeeper.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/ra2e572f568de8df5ba151e6aebb225a0629faaf0476bf7c7ed877af8%40%3Cnotifications.zookeeper.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/ra5ce96faec37c26b0aa15b4b6a8b1cbb145a748653e56ae83e9685d0%40%3Cnotifications.zookeeper.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/ra8a80dbc7319916946397823aec0d893d24713cbf7b5aee0e957298c%40%3Cdev.zookeeper.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/rb532fed78d031fff477fd840b81946f6d1200f93a63698dae65aa528%40%3Ccommits.druid.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/rd1f346227e11fc515914f3a7b20d81543e51e5822ba71baa0452634a%40%3Cissues.zookeeper.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/rd49cfa41bbb71ef33b53736a6af2aa8ba88c2106e30f2a34902a87d2%40%3Cnotifications.zookeeper.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/rd6c6fef14944f3dcfb58d35f9317eb1c32a700e86c1b5231e45d3d0b%40%3Ccommits.druid.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/rfa57d9c2a27d3af14c69607fb1a3da00e758b2092aa88eb6a51b6e99%40%3Cissues.zookeeper.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2020/02/msg00020.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20200127-0004/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com//security-alerts/cpujul2021.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuapr2020.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujul2020.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuoct2020.htmlPatch, Third Party Advisory
Impacted products
Vendor Product Version
fasterxml jackson-databind *
fasterxml jackson-databind *
fasterxml jackson-databind *
oracle banking_platform *
oracle communications_billing_and_revenue_management 7.5.0.23.0
oracle communications_billing_and_revenue_management 12.0.0.3.0
oracle communications_cloud_native_core_network_slice_selection_function 1.2.1
oracle communications_contacts_server 8.0.0.4.0
oracle communications_evolved_communications_application_server 7.1
oracle communications_instant_messaging_server 10.0.1.4.0
oracle communications_network_charging_and_control *
oracle communications_network_charging_and_control 6.0.1
oracle customer_management_and_segmentation_foundation 18.0
oracle enterprise_manager_base_platform 13.3.0.0
oracle enterprise_manager_base_platform 13.4.0.0
oracle global_lifecycle_management_opatch *
oracle global_lifecycle_management_opatch *
oracle global_lifecycle_management_opatch *
oracle goldengate_application_adapters 19.1.0.0.0
oracle goldengate_stream_analytics *
oracle jd_edwards_enterpriseone_orchestrator *
oracle jd_edwards_enterpriseone_tools *
oracle primavera_unifier *
oracle primavera_unifier 16.1
oracle primavera_unifier 16.2
oracle primavera_unifier 18.8
oracle primavera_unifier 19.12
oracle retail_merchandising_system 15.0.3
oracle retail_merchandising_system 16.0.2
oracle retail_merchandising_system 16.0.3
oracle retail_sales_audit 14.1
oracle retail_xstore_point_of_service 15.0
oracle retail_xstore_point_of_service 16.0
oracle retail_xstore_point_of_service 17.0
oracle retail_xstore_point_of_service 18.0
oracle retail_xstore_point_of_service 19.0
oracle siebel_engineering_-_installer_\&_deployment *
oracle siebel_ui_framework *
oracle trace_file_analyzer 12.2.0.1
oracle trace_file_analyzer 18c
oracle trace_file_analyzer 19c
oracle webcenter_portal 12.2.1.3.0
oracle webcenter_portal 12.2.1.4.0
oracle weblogic_server 12.2.1.3.0
oracle weblogic_server 12.2.1.4.0
debian debian_linux 8.0
netapp active_iq_unified_manager *
netapp active_iq_unified_manager *
netapp active_iq_unified_manager *
netapp oncommand_api_services -
netapp service_level_manager -
netapp snapcenter -
netapp steelstore_cloud_integrated_storage -



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "2F87CF67-6994-43F1-BEC3-DD7D122D0146",
                     versionEndExcluding: "2.7.9.7",
                     versionStartIncluding: "2.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "BF323F3D-B2A4-41E7-94F9-5539C9B7025E",
                     versionEndExcluding: "2.8.11.5",
                     versionStartIncluding: "2.8.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "2AE46C31-B9B7-48D7-8AC7-CF431317D50E",
                     versionEndExcluding: "2.9.10.2",
                     versionStartIncluding: "2.9.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "5343F8F8-E8B4-49E9-A304-9C8A608B8027",
                     versionEndIncluding: "2.9.0",
                     versionStartIncluding: "2.4.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "790A89FD-6B86-49AE-9B4F-AE7262915E13",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "E39D442D-1997-49AF-8B02-5640BE2A26CC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.2.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "ADE6EF8F-1F05-429B-A916-76FDB20CEB81",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_contacts_server:8.0.0.4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "113E281E-977E-4195-B131-B7C7A2933B6E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "987811D5-DA5E-493D-8709-F9231A84E5F9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "0DB23B9A-571E-4B77-B432-23F3DC9B67D1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "2AB443D1-D8E0-4253-9E1C-B62AEBBE582A",
                     versionEndIncluding: "12.0.3",
                     versionStartIncluding: "12.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "ECC00750-1DBF-401F-886E-E0E65A277409",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:customer_management_and_segmentation_foundation:18.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "727DF4F5-3D21-491E-96B9-EC973A6C9C18",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "7582B307-3899-4BBB-B868-BC912A4D0109",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "D26F3E23-F1A9-45E7-9E5F-0C0A24EE3783",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "F6455EB1-C741-45E8-A53E-E7AD7A5D00EE",
                     versionEndExcluding: "11.2.0.3.23",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "BFD43191-E67F-4D1B-967B-3C7B20331945",
                     versionEndExcluding: "12.2.0.1.19",
                     versionStartIncluding: "12.2.0.1.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "062C588A-CBBA-470F-8D11-2F961922E927",
                     versionEndExcluding: "13.9.4.2.1",
                     versionStartIncluding: "13.9.4.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:goldengate_application_adapters:19.1.0.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "E7BE0590-31BD-4FCD-B50E-A5F86196F99E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:goldengate_stream_analytics:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "F4E7F2AA-B851-4D85-9895-2CDD6BE9FCB4",
                     versionEndExcluding: "19.1.0.0.1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "6E46AE88-E9F8-41CB-B15F-12F5127A1E8D",
                     versionEndExcluding: "9.2.4.2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "A3D635AE-5E4A-47FB-9FCA-D82D52A61367",
                     versionEndExcluding: "9.2.4.2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "08FA59A8-6A62-4B33-8952-D6E658F8DAC9",
                     versionEndIncluding: "17.12",
                     versionStartIncluding: "17.7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "D55A54FD-7DD1-49CD-BE81-0BE73990943C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "82EB08C0-2D46-4635-88DF-E54F6452D3A3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "202AD518-2E9B-4062-B063-9858AE1F9CE2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*",
                     matchCriteriaId: "10864586-270E-4ACF-BDCC-ECFCD299305F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_merchandising_system:15.0.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "E7C9BB48-50B2-4735-9E2F-E492C708C36D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_merchandising_system:16.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "4A848888-0A4A-4B6D-8176-9A2685B37AC2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_merchandising_system:16.0.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "F8383028-B719-41FD-9B6A-71F8EB4C5F8D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "7DA6E92C-AC3B-40CF-96AE-22CD8769886F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "11DA6839-849D-4CEF-85F3-38FE75E07183",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "BCE78490-A4BE-40BD-8C72-0A4526BBD4A4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "55AE3629-4A66-49E4-A33D-6D81CC94962F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "4CB39A1A-AD29-45DD-9EB5-5E2053A01B9A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "27C26705-6D1F-4D5E-B64D-B479108154FF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:siebel_engineering_-_installer_\\&_deployment:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "A83C7FAE-9848-427E-88F8-BFA24134A84B",
                     versionEndIncluding: "2.20.5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:siebel_ui_framework:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "F510ED6D-7BF8-4548-BF0F-3CF926EB135E",
                     versionEndIncluding: "20.5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:trace_file_analyzer:12.2.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "EDB52969-7705-47CF-BD55-5632C56A7FD1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:trace_file_analyzer:18c:*:*:*:*:*:*:*",
                     matchCriteriaId: "67107890-A521-47E7-BC10-00635C85BEC4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:trace_file_analyzer:19c:*:*:*:*:*:*:*",
                     matchCriteriaId: "9B3C1811-E651-4975-A1AE-BCE3377D51A0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "D6A4F71A-4269-40FC-8F61-1D1301F2B728",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "5A502118-5B2B-47AE-82EC-1999BD841103",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F14A818F-AA16-4438-A3E4-E64C9287AC66",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:linux:*:*",
                     matchCriteriaId: "9FBC1BD0-FF12-4691-8751-5F245D991989",
                     versionStartIncluding: "7.3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*",
                     matchCriteriaId: "BD075607-09B7-493E-8611-66D041FFDA62",
                     versionStartIncluding: "7.3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*",
                     matchCriteriaId: "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB",
                     versionStartIncluding: "9.5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:oncommand_api_services:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5EC98B22-FFAA-4B59-8E63-EBAA4336AD13",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:service_level_manager:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "7081652A-D28B-494E-94EF-CA88117F23EE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "BDFB1169-41A0-4A86-8E4F-FDA9730B1E94",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.ehcache blocking.",
      },
      {
         lang: "es",
         value: "FasterXML jackson-databind versiones 2.x anteriores a la versión  2.9.10.2, carece de cierto bloqueo de net.sf.ehcache.",
      },
   ],
   id: "CVE-2019-20330",
   lastModified: "2024-11-21T04:38:16.833",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 7.5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 9.8,
               baseSeverity: "CRITICAL",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2020-01-03T04:15:12.137",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.10.1...jackson-databind-2.9.10.2",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/FasterXML/jackson-databind/issues/2526",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.apache.org/thread.html/r107c8737db39ec9ec4f4e7147b249e29be79170b9ef4b80528105a2d%40%3Cdev.zookeeper.apache.org%3E",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.apache.org/thread.html/r2c77dd6ab8344285bd8e481b57cf3029965a4b0036eefccef74cdd44%40%3Cnotifications.zookeeper.apache.org%3E",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.apache.org/thread.html/r392099ed2757ff2e383b10440594e914d080511d7da1c8fed0612c1f%40%3Ccommits.druid.apache.org%3E",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.apache.org/thread.html/r3f8180d0d25a7c6473ebb9714b0c1d19a73f455ae70d0c5fefc17e6c%40%3Cissues.zookeeper.apache.org%3E",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.apache.org/thread.html/r428735963bee7cb99877b88d3228e28ec28af64646455c4f3e7a3c94%40%3Cissues.zookeeper.apache.org%3E",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.apache.org/thread.html/r50f513772f12e1babf65c7c2b9c16425bac2d945351879e2e267517f%40%3Cissues.zookeeper.apache.org%3E",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.apache.org/thread.html/r5c14fdcabdeaba258857bcb67198652e4dce1d33ddc590cd81d82393%40%3Cdev.zookeeper.apache.org%3E",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.apache.org/thread.html/r5c3644c97f0434d1ceb48ff48897a67bdbf3baf7efbe7d04625425b3%40%3Ccommits.druid.apache.org%3E",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.apache.org/thread.html/r5d3d10fdf28110da3f9ac1b7d08d7e252f98d7d37ce0a6bd139a2e4f%40%3Cissues.zookeeper.apache.org%3E",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.apache.org/thread.html/r67f4d4c48197454b83d62afbed8bebbda3764e6e3a6e26a848961764%40%3Ccommits.zookeeper.apache.org%3E",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.apache.org/thread.html/r707d23bb9ee245f50aa909add0da6e8d8f24719b1278ddd99d2428b2%40%3Cissues.zookeeper.apache.org%3E",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.apache.org/thread.html/r7a0821b44247a1e6c6fe5f2943b90ebc4f80a8d1fb0aa9a8b29a59a2%40%3Ccommits.zookeeper.apache.org%3E",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.apache.org/thread.html/r7fb123e7dad49af5886cfec7135c0fd5b74e4c67af029e1dc91ba744%40%3Ccommits.druid.apache.org%3E",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.apache.org/thread.html/r8831b7fa5ca87a1cf23ee08d6dedb7877a964c1d2bd869af24056a63%40%3Ccommits.zookeeper.apache.org%3E",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.apache.org/thread.html/r909c822409a276ba04dc2ae31179b16f6864ba02c4f9911bdffebf95%40%3Cissues.zookeeper.apache.org%3E",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.apache.org/thread.html/ra2e572f568de8df5ba151e6aebb225a0629faaf0476bf7c7ed877af8%40%3Cnotifications.zookeeper.apache.org%3E",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.apache.org/thread.html/ra5ce96faec37c26b0aa15b4b6a8b1cbb145a748653e56ae83e9685d0%40%3Cnotifications.zookeeper.apache.org%3E",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.apache.org/thread.html/ra8a80dbc7319916946397823aec0d893d24713cbf7b5aee0e957298c%40%3Cdev.zookeeper.apache.org%3E",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.apache.org/thread.html/rb532fed78d031fff477fd840b81946f6d1200f93a63698dae65aa528%40%3Ccommits.druid.apache.org%3E",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.apache.org/thread.html/rd1f346227e11fc515914f3a7b20d81543e51e5822ba71baa0452634a%40%3Cissues.zookeeper.apache.org%3E",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.apache.org/thread.html/rd49cfa41bbb71ef33b53736a6af2aa8ba88c2106e30f2a34902a87d2%40%3Cnotifications.zookeeper.apache.org%3E",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.apache.org/thread.html/rd6c6fef14944f3dcfb58d35f9317eb1c32a700e86c1b5231e45d3d0b%40%3Ccommits.druid.apache.org%3E",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.apache.org/thread.html/rfa57d9c2a27d3af14c69607fb1a3da00e758b2092aa88eb6a51b6e99%40%3Cissues.zookeeper.apache.org%3E",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2020/02/msg00020.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20200127-0004/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com//security-alerts/cpujul2021.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpuapr2020.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpujul2020.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpuoct2020.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.10.1...jackson-databind-2.9.10.2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/FasterXML/jackson-databind/issues/2526",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.apache.org/thread.html/r107c8737db39ec9ec4f4e7147b249e29be79170b9ef4b80528105a2d%40%3Cdev.zookeeper.apache.org%3E",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.apache.org/thread.html/r2c77dd6ab8344285bd8e481b57cf3029965a4b0036eefccef74cdd44%40%3Cnotifications.zookeeper.apache.org%3E",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.apache.org/thread.html/r392099ed2757ff2e383b10440594e914d080511d7da1c8fed0612c1f%40%3Ccommits.druid.apache.org%3E",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.apache.org/thread.html/r3f8180d0d25a7c6473ebb9714b0c1d19a73f455ae70d0c5fefc17e6c%40%3Cissues.zookeeper.apache.org%3E",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.apache.org/thread.html/r428735963bee7cb99877b88d3228e28ec28af64646455c4f3e7a3c94%40%3Cissues.zookeeper.apache.org%3E",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.apache.org/thread.html/r50f513772f12e1babf65c7c2b9c16425bac2d945351879e2e267517f%40%3Cissues.zookeeper.apache.org%3E",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.apache.org/thread.html/r5c14fdcabdeaba258857bcb67198652e4dce1d33ddc590cd81d82393%40%3Cdev.zookeeper.apache.org%3E",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.apache.org/thread.html/r5c3644c97f0434d1ceb48ff48897a67bdbf3baf7efbe7d04625425b3%40%3Ccommits.druid.apache.org%3E",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.apache.org/thread.html/r5d3d10fdf28110da3f9ac1b7d08d7e252f98d7d37ce0a6bd139a2e4f%40%3Cissues.zookeeper.apache.org%3E",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.apache.org/thread.html/r67f4d4c48197454b83d62afbed8bebbda3764e6e3a6e26a848961764%40%3Ccommits.zookeeper.apache.org%3E",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.apache.org/thread.html/r707d23bb9ee245f50aa909add0da6e8d8f24719b1278ddd99d2428b2%40%3Cissues.zookeeper.apache.org%3E",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.apache.org/thread.html/r7a0821b44247a1e6c6fe5f2943b90ebc4f80a8d1fb0aa9a8b29a59a2%40%3Ccommits.zookeeper.apache.org%3E",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.apache.org/thread.html/r7fb123e7dad49af5886cfec7135c0fd5b74e4c67af029e1dc91ba744%40%3Ccommits.druid.apache.org%3E",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.apache.org/thread.html/r8831b7fa5ca87a1cf23ee08d6dedb7877a964c1d2bd869af24056a63%40%3Ccommits.zookeeper.apache.org%3E",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.apache.org/thread.html/r909c822409a276ba04dc2ae31179b16f6864ba02c4f9911bdffebf95%40%3Cissues.zookeeper.apache.org%3E",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.apache.org/thread.html/ra2e572f568de8df5ba151e6aebb225a0629faaf0476bf7c7ed877af8%40%3Cnotifications.zookeeper.apache.org%3E",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.apache.org/thread.html/ra5ce96faec37c26b0aa15b4b6a8b1cbb145a748653e56ae83e9685d0%40%3Cnotifications.zookeeper.apache.org%3E",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.apache.org/thread.html/ra8a80dbc7319916946397823aec0d893d24713cbf7b5aee0e957298c%40%3Cdev.zookeeper.apache.org%3E",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.apache.org/thread.html/rb532fed78d031fff477fd840b81946f6d1200f93a63698dae65aa528%40%3Ccommits.druid.apache.org%3E",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.apache.org/thread.html/rd1f346227e11fc515914f3a7b20d81543e51e5822ba71baa0452634a%40%3Cissues.zookeeper.apache.org%3E",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.apache.org/thread.html/rd49cfa41bbb71ef33b53736a6af2aa8ba88c2106e30f2a34902a87d2%40%3Cnotifications.zookeeper.apache.org%3E",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.apache.org/thread.html/rd6c6fef14944f3dcfb58d35f9317eb1c32a700e86c1b5231e45d3d0b%40%3Ccommits.druid.apache.org%3E",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.apache.org/thread.html/rfa57d9c2a27d3af14c69607fb1a3da00e758b2092aa88eb6a51b6e99%40%3Cissues.zookeeper.apache.org%3E",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2020/02/msg00020.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20200127-0004/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com//security-alerts/cpujul2021.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpuapr2020.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpujul2020.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpuoct2020.html",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-502",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2020-03-18 22:15
Modified
2024-11-21 04:55
Summary
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).
References
cve@mitre.orghttps://github.com/FasterXML/jackson-databind/issues/2659Patch, Third Party Advisory
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2020/03/msg00027.htmlMailing List, Third Party Advisory
cve@mitre.orghttps://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
cve@mitre.orghttps://security.netapp.com/advisory/ntap-20200403-0002/Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpujan2021.htmlPatch, Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpujul2020.htmlPatch, Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpuoct2020.htmlPatch, Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpuoct2021.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/FasterXML/jackson-databind/issues/2659Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2020/03/msg00027.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20200403-0002/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujan2021.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujul2020.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuoct2020.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuoct2021.htmlPatch, Third Party Advisory
Impacted products
Vendor Product Version
fasterxml jackson-databind *
debian debian_linux 8.0
netapp steelstore_cloud_integrated_storage -
oracle agile_plm 9.3.6
oracle autovue_for_agile_product_lifecycle_management 21.0.2
oracle banking_digital_experience 18.1
oracle banking_digital_experience 18.2
oracle banking_digital_experience 18.3
oracle banking_digital_experience 19.1
oracle banking_digital_experience 19.2
oracle banking_digital_experience 20.1
oracle banking_platform *
oracle communications_calendar_server 8.0.0.4.0
oracle communications_contacts_server 8.0.0.4.0
oracle communications_contacts_server 8.0.0.5.0
oracle communications_diameter_signaling_router *
oracle communications_element_manager *
oracle communications_evolved_communications_application_server 7.1
oracle communications_instant_messaging_server 10.0.1.4.0
oracle communications_network_charging_and_control *
oracle communications_network_charging_and_control 6.0.1
oracle communications_session_report_manager *
oracle communications_session_route_manager *
oracle enterprise_manager_base_platform 13.3.0.0
oracle enterprise_manager_base_platform 13.4.0.0
oracle financial_services_analytical_applications_infrastructure *
oracle financial_services_institutional_performance_analytics 8.0.6
oracle financial_services_institutional_performance_analytics 8.0.7
oracle financial_services_institutional_performance_analytics 8.1.0
oracle financial_services_price_creation_and_discovery 8.0.6
oracle financial_services_price_creation_and_discovery 8.0.7
oracle financial_services_retail_customer_analytics 8.0.6
oracle global_lifecycle_management_opatch *
oracle insurance_policy_administration_j2ee 11.0.2.25
oracle insurance_policy_administration_j2ee 11.1.0.15
oracle jd_edwards_enterpriseone_orchestrator *
oracle jd_edwards_enterpriseone_tools *
oracle primavera_unifier *
oracle primavera_unifier 16.1
oracle primavera_unifier 16.2
oracle primavera_unifier 18.8
oracle primavera_unifier 19.12
oracle retail_merchandising_system 15.0
oracle retail_sales_audit 14.1
oracle retail_service_backbone 14.1
oracle retail_service_backbone 15.0
oracle retail_service_backbone 16.0
oracle retail_xstore_point_of_service 15.0
oracle retail_xstore_point_of_service 16.0
oracle retail_xstore_point_of_service 17.0
oracle retail_xstore_point_of_service 18.0
oracle retail_xstore_point_of_service 19.0
oracle weblogic_server 12.2.1.3.0
oracle weblogic_server 12.2.1.4.0



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "77F8EDB1-5890-4054-84FF-2034C7D2ED96",
                     versionEndExcluding: "2.9.10.4",
                     versionStartIncluding: "2.9.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "C650FEDB-E903-4C2D-AD40-282AB5F2E3C2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "97994257-C9A4-4491-B362-E8B25B7187AB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "BBE7BF09-B89C-4590-821E-6C0587E096B5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "ADAE8A71-0BCD-42D5-B38C-9B2A27CC1E6B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "E7231D2D-4092-44F3-B60A-D7C9ED78AFDF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "F7BDFC10-45A0-46D8-AB92-4A5E2C1C76ED",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "18127694-109C-4E7E-AE79-0BA351849291",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "33F68878-BC19-4DB8-8A72-BD9FE3D0ACEC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "5343F8F8-E8B4-49E9-A304-9C8A608B8027",
                     versionEndIncluding: "2.9.0",
                     versionStartIncluding: "2.4.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "46059231-E7F6-4402-8119-1C7FE4ABEA96",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_contacts_server:8.0.0.4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "113E281E-977E-4195-B131-B7C7A2933B6E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_contacts_server:8.0.0.5.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "D01A0BBC-DA0E-4AFE-83BF-4F3BA01653EC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "526E2FE5-263F-416F-8628-6CD40B865780",
                     versionEndIncluding: "8.2.2",
                     versionStartIncluding: "8.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "B51F78F4-8D7E-48C2-86D1-D53A6EB348A7",
                     versionEndIncluding: "8.2.2",
                     versionStartIncluding: "8.2.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "987811D5-DA5E-493D-8709-F9231A84E5F9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "0DB23B9A-571E-4B77-B432-23F3DC9B67D1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "2AB443D1-D8E0-4253-9E1C-B62AEBBE582A",
                     versionEndIncluding: "12.0.3",
                     versionStartIncluding: "12.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "ECC00750-1DBF-401F-886E-E0E65A277409",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "3E5416A1-EE58-415D-9645-B6A875EBAED2",
                     versionEndIncluding: "8.2.2",
                     versionStartIncluding: "8.2.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "11B0C37E-D7C7-45F2-A8D8-5A3B1B191430",
                     versionEndIncluding: "8.2.2",
                     versionStartIncluding: "8.2.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "7582B307-3899-4BBB-B868-BC912A4D0109",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "D26F3E23-F1A9-45E7-9E5F-0C0A24EE3783",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "021014B2-DC51-481C-BCFE-5857EFBDEDDA",
                     versionEndIncluding: "8.1.0",
                     versionStartIncluding: "8.0.6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "37C8EE84-A840-4132-B331-C7D450B1FBBF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "1D8436A2-9CA3-4C91-B632-9B03368ABC1B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "A00142E6-EEB3-44BD-AB0D-0E5C5640557F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "4A01F8ED-64DA-43BC-9C02-488010BCD0F4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "75638A6A-88B2-4BC7-84EA-1CF5FC30D555",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "1FBF422E-3F67-4599-A7C1-0E2E4224553A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "A8200D5C-D3C7-4936-84A7-37864DEEC62B",
                     versionEndExcluding: "12.2.0.1.20",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.0.2.25:*:*:*:*:*:*:*",
                     matchCriteriaId: "72F28CE3-F835-4458-8D70-CBE9FC2F7E7A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.1.0.15:*:*:*:*:*:*:*",
                     matchCriteriaId: "9F058FDA-04BC-4F32-830D-206983770692",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "6E46AE88-E9F8-41CB-B15F-12F5127A1E8D",
                     versionEndExcluding: "9.2.4.2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "A3D635AE-5E4A-47FB-9FCA-D82D52A61367",
                     versionEndExcluding: "9.2.4.2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "08FA59A8-6A62-4B33-8952-D6E658F8DAC9",
                     versionEndIncluding: "17.12",
                     versionStartIncluding: "17.7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "D55A54FD-7DD1-49CD-BE81-0BE73990943C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "82EB08C0-2D46-4635-88DF-E54F6452D3A3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "202AD518-2E9B-4062-B063-9858AE1F9CE2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*",
                     matchCriteriaId: "10864586-270E-4ACF-BDCC-ECFCD299305F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "792DF04A-2D1B-40B5-B960-3E7152732EB8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "7DA6E92C-AC3B-40CF-96AE-22CD8769886F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_service_backbone:14.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "378A6656-252B-4929-83EA-BC107FDFD357",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_service_backbone:15.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "363395FA-C296-4B2B-9D6F-BCB8DBE6FACE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_service_backbone:16.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F62A2144-5EF8-4319-B8C2-D7975F51E5FA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "11DA6839-849D-4CEF-85F3-38FE75E07183",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "BCE78490-A4BE-40BD-8C72-0A4526BBD4A4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "55AE3629-4A66-49E4-A33D-6D81CC94962F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "4CB39A1A-AD29-45DD-9EB5-5E2053A01B9A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "27C26705-6D1F-4D5E-B64D-B479108154FF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F14A818F-AA16-4438-A3E4-E64C9287AC66",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).",
      },
      {
         lang: "es",
         value: "FasterXML jackson-databind versiones 2.x anteriores a 2.9.10.4, maneja inapropiadamente la interacción entre los gadgets de serialización y escritura, relacionados con org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (también se conoce como aries.transaction.jms).",
      },
   ],
   id: "CVE-2020-10672",
   lastModified: "2024-11-21T04:55:49.050",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 6.8,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 5.9,
            source: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
            type: "Secondary",
         },
      ],
   },
   published: "2020-03-18T22:15:12.313",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/FasterXML/jackson-databind/issues/2659",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2020/03/msg00027.html",
      },
      {
         source: "cve@mitre.org",
         url: "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20200403-0002/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpujan2021.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpujul2020.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpuoct2020.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpuoct2021.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/FasterXML/jackson-databind/issues/2659",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2020/03/msg00027.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20200403-0002/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpujan2021.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpujul2020.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpuoct2020.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpuoct2021.html",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-502",
            },
         ],
         source: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
         type: "Secondary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2020-03-18 22:15
Modified
2024-11-21 04:55
Summary
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).
References
cve@mitre.orghttps://github.com/FasterXML/jackson-databind/issues/2660Third Party Advisory
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2020/03/msg00027.htmlMailing List, Third Party Advisory
cve@mitre.orghttps://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
cve@mitre.orghttps://security.netapp.com/advisory/ntap-20200403-0002/Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpujan2021.htmlPatch, Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpujul2020.htmlPatch, Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpuoct2020.htmlPatch, Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpuoct2021.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/FasterXML/jackson-databind/issues/2660Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2020/03/msg00027.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20200403-0002/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujan2021.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujul2020.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuoct2020.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuoct2021.htmlPatch, Third Party Advisory
Impacted products
Vendor Product Version
fasterxml jackson-databind *
fasterxml jackson-databind *
debian debian_linux 8.0
netapp steelstore_cloud_integrated_storage -
oracle agile_plm 9.3.6
oracle autovue_for_agile_product_lifecycle_management 21.0.2
oracle banking_digital_experience 18.1
oracle banking_digital_experience 18.2
oracle banking_digital_experience 18.3
oracle banking_digital_experience 19.1
oracle banking_digital_experience 19.2
oracle banking_digital_experience 20.1
oracle banking_platform *
oracle communications_calendar_server 8.0.0.4.0
oracle communications_contacts_server 8.0.0.4.0
oracle communications_contacts_server 8.0.0.5.0
oracle communications_diameter_signaling_router *
oracle communications_element_manager *
oracle communications_evolved_communications_application_server 7.1
oracle communications_instant_messaging_server 10.0.1.4.0
oracle communications_network_charging_and_control *
oracle communications_network_charging_and_control 6.0.1
oracle communications_session_report_manager *
oracle communications_session_route_manager *
oracle enterprise_manager_base_platform 13.3.0.0
oracle enterprise_manager_base_platform 13.4.0.0
oracle financial_services_analytical_applications_infrastructure *
oracle financial_services_institutional_performance_analytics 8.0.6
oracle financial_services_institutional_performance_analytics 8.0.7
oracle financial_services_institutional_performance_analytics 8.1.0
oracle financial_services_price_creation_and_discovery 8.0.6
oracle financial_services_price_creation_and_discovery 8.0.7
oracle financial_services_retail_customer_analytics 8.0.6
oracle global_lifecycle_management_opatch *
oracle insurance_policy_administration_j2ee 11.0.2.25
oracle insurance_policy_administration_j2ee 11.1.0.15
oracle jd_edwards_enterpriseone_orchestrator *
oracle jd_edwards_enterpriseone_tools *
oracle primavera_unifier *
oracle primavera_unifier 16.1
oracle primavera_unifier 16.2
oracle primavera_unifier 18.8
oracle primavera_unifier 19.12
oracle retail_merchandising_system 15.0
oracle retail_sales_audit 14.1
oracle retail_service_backbone 14.1
oracle retail_service_backbone 15.0
oracle retail_service_backbone 16.0
oracle retail_xstore_point_of_service 15.0
oracle retail_xstore_point_of_service 16.0
oracle retail_xstore_point_of_service 17.0
oracle retail_xstore_point_of_service 18.0
oracle retail_xstore_point_of_service 19.0
oracle weblogic_server 12.2.1.3.0
oracle weblogic_server 12.2.1.4.0



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "9FB021E3-0529-4F99-B880-66FDAC2F889D",
                     versionEndExcluding: "2.6.7.4",
                     versionStartIncluding: "2.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "77F8EDB1-5890-4054-84FF-2034C7D2ED96",
                     versionEndExcluding: "2.9.10.4",
                     versionStartIncluding: "2.9.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "C650FEDB-E903-4C2D-AD40-282AB5F2E3C2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "97994257-C9A4-4491-B362-E8B25B7187AB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "BBE7BF09-B89C-4590-821E-6C0587E096B5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "ADAE8A71-0BCD-42D5-B38C-9B2A27CC1E6B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "E7231D2D-4092-44F3-B60A-D7C9ED78AFDF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "F7BDFC10-45A0-46D8-AB92-4A5E2C1C76ED",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "18127694-109C-4E7E-AE79-0BA351849291",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "33F68878-BC19-4DB8-8A72-BD9FE3D0ACEC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "5343F8F8-E8B4-49E9-A304-9C8A608B8027",
                     versionEndIncluding: "2.9.0",
                     versionStartIncluding: "2.4.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "46059231-E7F6-4402-8119-1C7FE4ABEA96",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_contacts_server:8.0.0.4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "113E281E-977E-4195-B131-B7C7A2933B6E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_contacts_server:8.0.0.5.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "D01A0BBC-DA0E-4AFE-83BF-4F3BA01653EC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "526E2FE5-263F-416F-8628-6CD40B865780",
                     versionEndIncluding: "8.2.2",
                     versionStartIncluding: "8.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "B51F78F4-8D7E-48C2-86D1-D53A6EB348A7",
                     versionEndIncluding: "8.2.2",
                     versionStartIncluding: "8.2.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "987811D5-DA5E-493D-8709-F9231A84E5F9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "0DB23B9A-571E-4B77-B432-23F3DC9B67D1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "2AB443D1-D8E0-4253-9E1C-B62AEBBE582A",
                     versionEndIncluding: "12.0.3",
                     versionStartIncluding: "12.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "ECC00750-1DBF-401F-886E-E0E65A277409",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "3E5416A1-EE58-415D-9645-B6A875EBAED2",
                     versionEndIncluding: "8.2.2",
                     versionStartIncluding: "8.2.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "11B0C37E-D7C7-45F2-A8D8-5A3B1B191430",
                     versionEndIncluding: "8.2.2",
                     versionStartIncluding: "8.2.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "7582B307-3899-4BBB-B868-BC912A4D0109",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "D26F3E23-F1A9-45E7-9E5F-0C0A24EE3783",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "021014B2-DC51-481C-BCFE-5857EFBDEDDA",
                     versionEndIncluding: "8.1.0",
                     versionStartIncluding: "8.0.6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "37C8EE84-A840-4132-B331-C7D450B1FBBF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "1D8436A2-9CA3-4C91-B632-9B03368ABC1B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "A00142E6-EEB3-44BD-AB0D-0E5C5640557F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "4A01F8ED-64DA-43BC-9C02-488010BCD0F4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "75638A6A-88B2-4BC7-84EA-1CF5FC30D555",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "1FBF422E-3F67-4599-A7C1-0E2E4224553A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "A8200D5C-D3C7-4936-84A7-37864DEEC62B",
                     versionEndExcluding: "12.2.0.1.20",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.0.2.25:*:*:*:*:*:*:*",
                     matchCriteriaId: "72F28CE3-F835-4458-8D70-CBE9FC2F7E7A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.1.0.15:*:*:*:*:*:*:*",
                     matchCriteriaId: "9F058FDA-04BC-4F32-830D-206983770692",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "6E46AE88-E9F8-41CB-B15F-12F5127A1E8D",
                     versionEndExcluding: "9.2.4.2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "A3D635AE-5E4A-47FB-9FCA-D82D52A61367",
                     versionEndExcluding: "9.2.4.2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "08FA59A8-6A62-4B33-8952-D6E658F8DAC9",
                     versionEndIncluding: "17.12",
                     versionStartIncluding: "17.7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "D55A54FD-7DD1-49CD-BE81-0BE73990943C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "82EB08C0-2D46-4635-88DF-E54F6452D3A3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "202AD518-2E9B-4062-B063-9858AE1F9CE2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*",
                     matchCriteriaId: "10864586-270E-4ACF-BDCC-ECFCD299305F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "792DF04A-2D1B-40B5-B960-3E7152732EB8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "7DA6E92C-AC3B-40CF-96AE-22CD8769886F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_service_backbone:14.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "378A6656-252B-4929-83EA-BC107FDFD357",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_service_backbone:15.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "363395FA-C296-4B2B-9D6F-BCB8DBE6FACE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_service_backbone:16.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F62A2144-5EF8-4319-B8C2-D7975F51E5FA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "11DA6839-849D-4CEF-85F3-38FE75E07183",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "BCE78490-A4BE-40BD-8C72-0A4526BBD4A4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "55AE3629-4A66-49E4-A33D-6D81CC94962F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "4CB39A1A-AD29-45DD-9EB5-5E2053A01B9A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "27C26705-6D1F-4D5E-B64D-B479108154FF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F14A818F-AA16-4438-A3E4-E64C9287AC66",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).",
      },
      {
         lang: "es",
         value: "FasterXML jackson-databind versiones 2.x anteriores a 2.9.10.4, maneja inapropiadamente la interacción entre los gadgets de serialización y escritura, relacionada con com.caucho.config.types.ResourceRef (también se conoce como caucho-quercus).",
      },
   ],
   id: "CVE-2020-10673",
   lastModified: "2024-11-21T04:55:49.360",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 6.8,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 5.9,
            source: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
            type: "Secondary",
         },
      ],
   },
   published: "2020-03-18T22:15:12.407",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://github.com/FasterXML/jackson-databind/issues/2660",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2020/03/msg00027.html",
      },
      {
         source: "cve@mitre.org",
         url: "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20200403-0002/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpujan2021.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpujul2020.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpuoct2020.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpuoct2021.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://github.com/FasterXML/jackson-databind/issues/2660",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2020/03/msg00027.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20200403-0002/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpujan2021.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpujul2020.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpuoct2020.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpuoct2021.html",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-502",
            },
         ],
         source: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
         type: "Secondary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2019-10-01 17:15
Modified
2024-11-21 04:31
Severity ?
Summary
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.
References
cve@mitre.orghttps://access.redhat.com/errata/RHSA-2019:3901Third Party Advisory
cve@mitre.orghttps://access.redhat.com/errata/RHSA-2020:0159Third Party Advisory
cve@mitre.orghttps://access.redhat.com/errata/RHSA-2020:0160Third Party Advisory
cve@mitre.orghttps://access.redhat.com/errata/RHSA-2020:0161Third Party Advisory
cve@mitre.orghttps://access.redhat.com/errata/RHSA-2020:0164Third Party Advisory
cve@mitre.orghttps://access.redhat.com/errata/RHSA-2020:0445Third Party Advisory
cve@mitre.orghttps://github.com/FasterXML/jackson-databind/issues/2478Patch, Third Party Advisory
cve@mitre.orghttps://issues.apache.org/jira/browse/GEODE-7255Issue Tracking, Third Party Advisory
cve@mitre.orghttps://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/7782a937c9259a58337ee36b2961f00e2d744feafc13084e176d0df5%40%3Cissues.geode.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/a430dbc9be874c41314cc69e697384567a9a24025e819d9485547954%40%3Cissues.geode.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/b2e23c94f9dfef53e04c492e5d02e5c75201734be7adc73a49ef2370%40%3Cissues.geode.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2019/10/msg00001.htmlMailing List, Third Party Advisory
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q7CANA7KV53JROZDX5Z5P26UG5VN2K43/
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TH5VFUN4P7CCIP7KSEXYA5MUTFCUDUJT/
cve@mitre.orghttps://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
cve@mitre.orghttps://seclists.org/bugtraq/2019/Oct/6Issue Tracking, Mailing List, Third Party Advisory
cve@mitre.orghttps://security.netapp.com/advisory/ntap-20191017-0006/Third Party Advisory
cve@mitre.orghttps://www.debian.org/security/2019/dsa-4542Mailing List, Third Party Advisory
cve@mitre.orghttps://www.oracle.com//security-alerts/cpujul2021.htmlPatch, Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpuApr2021.htmlPatch, Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpuapr2020.htmlThird Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpujan2020.htmlThird Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpujul2020.htmlThird Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpuoct2020.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2019:3901Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2020:0159Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2020:0160Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2020:0161Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2020:0164Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2020:0445Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/FasterXML/jackson-databind/issues/2478Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://issues.apache.org/jira/browse/GEODE-7255Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/7782a937c9259a58337ee36b2961f00e2d744feafc13084e176d0df5%40%3Cissues.geode.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/a430dbc9be874c41314cc69e697384567a9a24025e819d9485547954%40%3Cissues.geode.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/b2e23c94f9dfef53e04c492e5d02e5c75201734be7adc73a49ef2370%40%3Cissues.geode.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2019/10/msg00001.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q7CANA7KV53JROZDX5Z5P26UG5VN2K43/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TH5VFUN4P7CCIP7KSEXYA5MUTFCUDUJT/
af854a3a-2127-422b-91ae-364da2661108https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
af854a3a-2127-422b-91ae-364da2661108https://seclists.org/bugtraq/2019/Oct/6Issue Tracking, Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20191017-0006/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2019/dsa-4542Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com//security-alerts/cpujul2021.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuApr2021.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuapr2020.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujan2020.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujul2020.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuoct2020.htmlPatch, Third Party Advisory
Impacted products
Vendor Product Version
fasterxml jackson-databind *
fasterxml jackson-databind *
fasterxml jackson-databind *
debian debian_linux 8.0
debian debian_linux 9.0
debian debian_linux 10.0
fedoraproject fedora 30
fedoraproject fedora 31
redhat jboss_enterprise_application_platform 7.2.0
redhat jboss_enterprise_application_platform 7.3
redhat enterprise_linux 6.0
redhat enterprise_linux 7.0
redhat enterprise_linux 8.0
netapp active_iq_unified_manager *
netapp active_iq_unified_manager *
netapp active_iq_unified_manager *
netapp oncommand_api_services -
netapp oncommand_workflow_automation -
netapp service_level_manager -
netapp steelstore_cloud_integrated_storage -
oracle banking_platform 2.4.0
oracle banking_platform 2.4.1
oracle banking_platform 2.5.0
oracle banking_platform 2.6.0
oracle banking_platform 2.6.1
oracle banking_platform 2.6.2
oracle banking_platform 2.7.0
oracle banking_platform 2.7.1
oracle banking_platform 2.9.0
oracle communications_billing_and_revenue_management 7.5.0.23.0
oracle communications_billing_and_revenue_management 12.0.0.3.0
oracle communications_calendar_server 8.0.0.2.0
oracle communications_calendar_server 8.0.0.3.0
oracle communications_cloud_native_core_network_slice_selection_function 1.2.1
oracle communications_evolved_communications_application_server 7.1
oracle database_server 12.2.0.1
oracle database_server 18c
oracle database_server 19c
oracle global_lifecycle_management_nextgen_oui_framework 12.2.1.3.0
oracle global_lifecycle_management_nextgen_oui_framework 12.2.1.4.0
oracle global_lifecycle_management_nextgen_oui_framework 13.9.4.2.2
oracle goldengate_application_adapters 19.1.0.0.0
oracle jd_edwards_enterpriseone_orchestrator 9.2
oracle jd_edwards_enterpriseone_tools 9.2
oracle primavera_gateway *
oracle primavera_gateway *
oracle primavera_gateway 19.12.0
oracle primavera_unifier *
oracle primavera_unifier 16.1
oracle primavera_unifier 16.2
oracle primavera_unifier 18.8
oracle primavera_unifier 19.12
oracle retail_merchandising_system 15.0.3
oracle retail_merchandising_system 16.0.2
oracle retail_merchandising_system 16.0.3
oracle retail_sales_audit 14.1
oracle siebel_engineering_-_installer_\&_deployment *
oracle siebel_ui_framework *
oracle siebel_ui_framework 20.6
oracle webcenter_portal 12.2.1.3.0
oracle webcenter_portal 12.2.1.4.0
oracle webcenter_sites 12.2.1.3.0
oracle webcenter_sites 12.2.1.4.0
oracle weblogic_server 12.2.1.3.0
oracle weblogic_server 12.2.1.4.0



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "7036DA13-110D-40B3-8494-E361BBF4AFCD",
                     versionEndExcluding: "2.6.7.3",
                     versionStartIncluding: "2.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "BF323F3D-B2A4-41E7-94F9-5539C9B7025E",
                     versionEndExcluding: "2.8.11.5",
                     versionStartIncluding: "2.8.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "18324CA7-89A0-4212-B603-E9C3DD998219",
                     versionEndExcluding: "2.9.10.1",
                     versionStartIncluding: "2.9.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
                     matchCriteriaId: "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
                     matchCriteriaId: "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "0952BA1A-5DF9-400F-B01F-C3A398A8A2D4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "B4911A72-5FAE-47C5-A141-2E3CA8E1CCAB",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F4CFF558-3C47-480D-A2F0-BABF26042943",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:linux:*:*",
                     matchCriteriaId: "9FBC1BD0-FF12-4691-8751-5F245D991989",
                     versionStartIncluding: "7.3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*",
                     matchCriteriaId: "BD075607-09B7-493E-8611-66D041FFDA62",
                     versionStartIncluding: "7.3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*",
                     matchCriteriaId: "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB",
                     versionStartIncluding: "9.5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:oncommand_api_services:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5EC98B22-FFAA-4B59-8E63-EBAA4336AD13",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5735E553-9731-4AAC-BCFF-989377F817B3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:service_level_manager:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "7081652A-D28B-494E-94EF-CA88117F23EE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:oracle:banking_platform:2.4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "C2BEE49E-A5AA-42D3-B422-460454505480",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:banking_platform:2.4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "F4FF66F7-10C8-4A1C-910A-EF7D12A4284C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:banking_platform:2.5.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "35AD0C07-9688-4397-8D45-FBB88C0F0C11",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:banking_platform:2.6.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "8972497F-6E24-45A9-9A18-EB0E842CB1D4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:banking_platform:2.6.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "400509A8-D6F2-432C-A2F1-AD5B8778D0D9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "132CE62A-FBFC-4001-81EC-35D81F73AF48",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:banking_platform:2.7.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "282150FF-C945-4A3E-8A80-E8757A8907EA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:banking_platform:2.7.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "645AA3D1-C8B5-4CD2-8ACE-31541FA267F0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:banking_platform:2.9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "AB9FC9AB-1070-420F-870E-A5EC43A924A4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "790A89FD-6B86-49AE-9B4F-AE7262915E13",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "E39D442D-1997-49AF-8B02-5640BE2A26CC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "559579F1-3975-45C5-9F62-2F0A5AF13E84",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "50882F8D-9740-4CC0-B2C6-CCE4F6D90C7C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.2.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "ADE6EF8F-1F05-429B-A916-76FDB20CEB81",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "987811D5-DA5E-493D-8709-F9231A84E5F9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:database_server:12.2.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "5C614BA7-7103-4ED7-ADD0-56064FE256A3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:database_server:18c:*:*:*:*:*:*:*",
                     matchCriteriaId: "6833701E-5510-4180-9523-9CFD318DEE6A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:database_server:19c:*:*:*:*:*:*:*",
                     matchCriteriaId: "B2204841-585F-40C7-A1D9-C34E612808CA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:global_lifecycle_management_nextgen_oui_framework:12.2.1.3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "08A37FE9-B626-48C3-8FE0-D4F1A559E0B8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:global_lifecycle_management_nextgen_oui_framework:12.2.1.4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "6495B29F-3DA2-4628-9CC0-39617871F3AD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:global_lifecycle_management_nextgen_oui_framework:13.9.4.2.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "5A6FFB5C-EB44-499F-BE81-24ED2B1F201A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:goldengate_application_adapters:19.1.0.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "E7BE0590-31BD-4FCD-B50E-A5F86196F99E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:9.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "989598A3-7012-4F57-B172-02404E20D16D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "41684398-18A4-4DC6-B8A2-3EBAA0CBF9A6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "BA6FCD1C-9093-4630-8016-B70F25C34358",
                     versionEndIncluding: "17.12.6",
                     versionStartIncluding: "17.12.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "597495A7-FE17-4B31-804D-B28C2B872B4D",
                     versionEndIncluding: "18.8.8",
                     versionStartIncluding: "18.8.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:primavera_gateway:19.12.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "B201A85E-1310-46B8-8A3B-FF7675F84E09",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "08FA59A8-6A62-4B33-8952-D6E658F8DAC9",
                     versionEndIncluding: "17.12",
                     versionStartIncluding: "17.7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "D55A54FD-7DD1-49CD-BE81-0BE73990943C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "82EB08C0-2D46-4635-88DF-E54F6452D3A3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "202AD518-2E9B-4062-B063-9858AE1F9CE2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*",
                     matchCriteriaId: "10864586-270E-4ACF-BDCC-ECFCD299305F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_merchandising_system:15.0.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "E7C9BB48-50B2-4735-9E2F-E492C708C36D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_merchandising_system:16.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "4A848888-0A4A-4B6D-8176-9A2685B37AC2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_merchandising_system:16.0.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "F8383028-B719-41FD-9B6A-71F8EB4C5F8D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "7DA6E92C-AC3B-40CF-96AE-22CD8769886F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:siebel_engineering_-_installer_\\&_deployment:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "A83C7FAE-9848-427E-88F8-BFA24134A84B",
                     versionEndIncluding: "2.20.5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:siebel_ui_framework:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "F510ED6D-7BF8-4548-BF0F-3CF926EB135E",
                     versionEndIncluding: "20.5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:siebel_ui_framework:20.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "E66708CA-D7AC-4FE8-97D5-E8998A40CC85",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "D6A4F71A-4269-40FC-8F61-1D1301F2B728",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "5A502118-5B2B-47AE-82EC-1999BD841103",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:webcenter_sites:12.2.1.3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "D551CAB1-4312-44AA-BDA8-A030817E153A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:webcenter_sites:12.2.1.4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "174A6D2E-E42E-4C92-A194-C6A820CD7EF4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F14A818F-AA16-4438-A3E4-E64C9287AC66",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.",
      },
      {
         lang: "es",
         value: "Se descubrió un problema de escritura polimórfica en FasterXML jackson-databind versión 2.0.0 hasta 2.9.10. Cuando la Escritura Predeterminada está habilitada (tanto globalmente o para una propiedad específica) para un end point JSON expuesto externamente y el servicio posee el jar commons-dbcp (versión 1.4) en el classpath, y un atacante puede encontrar un end point de servicio RMI para acceder, es posible lograr que el servicio ejecute una carga maliciosa. Este problema se presenta debido a un manejo inapropiado de org.apache.commons.dbcp.datasources.SharedPoolDataSource y org.apache.commons.dbcp.datasources.PerUserPoolDataSource",
      },
   ],
   id: "CVE-2019-16942",
   lastModified: "2024-11-21T04:31:23.477",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 7.5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 9.8,
               baseSeverity: "CRITICAL",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2019-10-01T17:15:10.323",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2019:3901",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2020:0159",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2020:0160",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2020:0161",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2020:0164",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2020:0445",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/FasterXML/jackson-databind/issues/2478",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://issues.apache.org/jira/browse/GEODE-7255",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.apache.org/thread.html/7782a937c9259a58337ee36b2961f00e2d744feafc13084e176d0df5%40%3Cissues.geode.apache.org%3E",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.apache.org/thread.html/a430dbc9be874c41314cc69e697384567a9a24025e819d9485547954%40%3Cissues.geode.apache.org%3E",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.apache.org/thread.html/b2e23c94f9dfef53e04c492e5d02e5c75201734be7adc73a49ef2370%40%3Cissues.geode.apache.org%3E",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2019/10/msg00001.html",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q7CANA7KV53JROZDX5Z5P26UG5VN2K43/",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TH5VFUN4P7CCIP7KSEXYA5MUTFCUDUJT/",
      },
      {
         source: "cve@mitre.org",
         url: "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Issue Tracking",
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://seclists.org/bugtraq/2019/Oct/6",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20191017-0006/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2019/dsa-4542",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com//security-alerts/cpujul2021.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpuApr2021.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpuapr2020.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpujan2020.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpujul2020.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpuoct2020.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2019:3901",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2020:0159",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2020:0160",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2020:0161",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2020:0164",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2020:0445",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/FasterXML/jackson-databind/issues/2478",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://issues.apache.org/jira/browse/GEODE-7255",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.apache.org/thread.html/7782a937c9259a58337ee36b2961f00e2d744feafc13084e176d0df5%40%3Cissues.geode.apache.org%3E",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.apache.org/thread.html/a430dbc9be874c41314cc69e697384567a9a24025e819d9485547954%40%3Cissues.geode.apache.org%3E",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.apache.org/thread.html/b2e23c94f9dfef53e04c492e5d02e5c75201734be7adc73a49ef2370%40%3Cissues.geode.apache.org%3E",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2019/10/msg00001.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q7CANA7KV53JROZDX5Z5P26UG5VN2K43/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TH5VFUN4P7CCIP7KSEXYA5MUTFCUDUJT/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://seclists.org/bugtraq/2019/Oct/6",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20191017-0006/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2019/dsa-4542",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com//security-alerts/cpujul2021.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpuApr2021.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpuapr2020.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpujan2020.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpujul2020.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpuoct2020.html",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-502",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2022-12-26 20:15
Modified
2024-11-21 04:55
Summary
A deserialization flaw was discovered in jackson-databind through 2.9.10.4. It could allow an unauthenticated user to perform code execution via ignite-jta or quartz-core: org.apache.ignite.cache.jta.jndi.CacheJndiTmLookup, org.apache.ignite.cache.jta.jndi.CacheJndiTmFactory, and org.quartz.utils.JNDIConnectionProvider.
References
cve@mitre.orghttps://github.com/FasterXML/jackson-databind/commit/a424c038ba0c0d65e579e22001dec925902ac0efPatch, Third Party Advisory
cve@mitre.orghttps://github.com/FasterXML/jackson-databind/issues/2658Patch, Third Party Advisory
cve@mitre.orghttps://github.com/advisories/GHSA-rpr3-cw39-3pxhThird Party Advisory
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2023/04/msg00032.html
cve@mitre.orghttps://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062Exploit, Third Party Advisory
cve@mitre.orghttps://security.netapp.com/advisory/ntap-20230818-0007/
cve@mitre.orghttps://www.oracle.com/security-alerts/cpujan2021.htmlPatch, Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpuoct2022.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/FasterXML/jackson-databind/commit/a424c038ba0c0d65e579e22001dec925902ac0efPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/FasterXML/jackson-databind/issues/2658Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/advisories/GHSA-rpr3-cw39-3pxhThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2023/04/msg00032.html
af854a3a-2127-422b-91ae-364da2661108https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20230818-0007/
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujan2021.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuoct2022.htmlPatch, Third Party Advisory
Impacted products



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "238F4D80-C84C-4C96-B45D-D73ADE46A3C8",
                     versionEndIncluding: "2.9.10.4",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "792DF04A-2D1B-40B5-B960-3E7152732EB8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "7DA6E92C-AC3B-40CF-96AE-22CD8769886F",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "A deserialization flaw was discovered in jackson-databind through 2.9.10.4. It could allow an unauthenticated user to perform code execution via ignite-jta or quartz-core: org.apache.ignite.cache.jta.jndi.CacheJndiTmLookup, org.apache.ignite.cache.jta.jndi.CacheJndiTmFactory, and org.quartz.utils.JNDIConnectionProvider.",
      },
      {
         lang: "es",
         value: "Se descubrió un fallo de deserialización en jackson-databind hasta 2.9.10.4. Podría permitir que un usuario no autenticado realice la ejecución de código a través de ignite-jta o quartz-core: org.apache.ignite.cache.jta.jndi.CacheJndiTmLookup, org.apache.ignite.cache.jta.jndi.CacheJndiTmFactory y org. quartz.utils.JNDIConnectionProvider.",
      },
   ],
   id: "CVE-2020-10650",
   lastModified: "2024-11-21T04:55:46.330",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8.1,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.2,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2022-12-26T20:15:10.433",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/FasterXML/jackson-databind/commit/a424c038ba0c0d65e579e22001dec925902ac0ef",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/FasterXML/jackson-databind/issues/2658",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://github.com/advisories/GHSA-rpr3-cw39-3pxh",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.debian.org/debian-lts-announce/2023/04/msg00032.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
      },
      {
         source: "cve@mitre.org",
         url: "https://security.netapp.com/advisory/ntap-20230818-0007/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpujan2021.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpuoct2022.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/FasterXML/jackson-databind/commit/a424c038ba0c0d65e579e22001dec925902ac0ef",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/FasterXML/jackson-databind/issues/2658",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://github.com/advisories/GHSA-rpr3-cw39-3pxh",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.debian.org/debian-lts-announce/2023/04/msg00032.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://security.netapp.com/advisory/ntap-20230818-0007/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpujan2021.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpuoct2022.html",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-502",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2022-03-11 07:15
Modified
2024-11-21 05:29
Summary
jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.
References
cve@mitre.orghttps://github.com/FasterXML/jackson-databind/issues/2816Issue Tracking, Third Party Advisory
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2022/05/msg00001.htmlExploit, Mailing List, Third Party Advisory
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2022/11/msg00035.htmlMailing List, Third Party Advisory
cve@mitre.orghttps://security.netapp.com/advisory/ntap-20220506-0004/Third Party Advisory
cve@mitre.orghttps://www.debian.org/security/2022/dsa-5283Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpuapr2022.htmlThird Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpujul2022.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/FasterXML/jackson-databind/issues/2816Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2022/05/msg00001.htmlExploit, Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2022/11/msg00035.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20220506-0004/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2022/dsa-5283Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuapr2022.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujul2022.htmlThird Party Advisory
Impacted products
Vendor Product Version
fasterxml jackson-databind *
fasterxml jackson-databind *
oracle big_data_spatial_and_graph *
oracle coherence 14.1.1.0.0
oracle commerce_platform 11.3.0
oracle commerce_platform 11.3.1
oracle commerce_platform 11.3.2
oracle communications_billing_and_revenue_management *
oracle communications_cloud_native_core_binding_support_function 22.1.3
oracle communications_cloud_native_core_console 1.9.0
oracle communications_cloud_native_core_network_repository_function 22.1.2
oracle communications_cloud_native_core_network_repository_function 22.2.0
oracle communications_cloud_native_core_network_slice_selection_function 22.1.0
oracle communications_cloud_native_core_network_slice_selection_function 22.1.1
oracle communications_cloud_native_core_security_edge_protection_proxy 22.1.1
oracle communications_cloud_native_core_service_communication_proxy 22.2.0
oracle communications_cloud_native_core_unified_data_repository 22.2.0
oracle financial_services_analytical_applications_infrastructure *
oracle financial_services_analytical_applications_infrastructure 8.1.1.0
oracle financial_services_analytical_applications_infrastructure 8.1.2.0
oracle financial_services_analytical_applications_infrastructure 8.1.2.1
oracle financial_services_behavior_detection_platform *
oracle financial_services_behavior_detection_platform 8.0.7.0.0
oracle financial_services_behavior_detection_platform 8.0.8
oracle financial_services_crime_and_compliance_management_studio 8.0.8.2.0
oracle financial_services_crime_and_compliance_management_studio 8.0.8.3.0
oracle financial_services_enterprise_case_management *
oracle financial_services_enterprise_case_management 8.0.7.1
oracle financial_services_enterprise_case_management 8.0.7.2
oracle financial_services_enterprise_case_management 8.0.8.0
oracle financial_services_enterprise_case_management 8.0.8.1
oracle financial_services_trade-based_anti_money_laundering 8.0.7
oracle financial_services_trade-based_anti_money_laundering 8.0.8
oracle global_lifecycle_management_nextgen_oui_framework *
oracle global_lifecycle_management_nextgen_oui_framework 13.9.4.2.2
oracle global_lifecycle_management_opatch *
oracle graph_server_and_client *
oracle health_sciences_empirica_signal 9.1.0.5.2
oracle peoplesoft_enterprise_peopletools 8.58
oracle peoplesoft_enterprise_peopletools 8.59
oracle primavera_gateway *
oracle primavera_gateway *
oracle primavera_gateway *
oracle primavera_gateway *
oracle primavera_gateway *
oracle primavera_p6_enterprise_project_portfolio_management *
oracle primavera_p6_enterprise_project_portfolio_management *
oracle primavera_p6_enterprise_project_portfolio_management *
oracle primavera_p6_enterprise_project_portfolio_management *
oracle primavera_unifier *
oracle primavera_unifier 18.0
oracle primavera_unifier 19.12
oracle primavera_unifier 20.12
oracle primavera_unifier 21.12
oracle retail_sales_audit 15.0.3.1
oracle sd-wan_edge 9.0
oracle sd-wan_edge 9.1
oracle spatial_studio *
oracle utilities_framework 4.3.0.5.0
oracle utilities_framework 4.3.0.6.0
oracle utilities_framework 4.4.0.0.0
oracle utilities_framework 4.4.0.2.0
oracle utilities_framework 4.4.0.3.0
oracle utilities_framework 4.4.0.5.0
oracle weblogic_server 12.2.1.3.0
oracle weblogic_server 12.2.1.4.0
oracle weblogic_server 14.1.1.0.0
debian debian_linux 9.0
debian debian_linux 10.0
debian debian_linux 11.0
netapp active_iq_unified_manager -
netapp active_iq_unified_manager -
netapp active_iq_unified_manager -
netapp cloud_insights_acquisition_unit -
netapp oncommand_insight -
netapp oncommand_workflow_automation -
netapp snap_creator_framework -



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "E4445932-0923-4D28-8911-CFC9B61DFE2B",
                     versionEndExcluding: "2.12.6.1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "862ED616-15D6-42A2-88DB-9D3F304EFB5D",
                     versionEndExcluding: "2.13.2.1",
                     versionStartIncluding: "2.13.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:oracle:big_data_spatial_and_graph:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "384DEDD9-CB26-4306-99D8-83068A9B23ED",
                     versionEndExcluding: "23.1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:coherence:14.1.1.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "5FA64A1D-34F9-4441-857A-25C165E6DBB6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:commerce_platform:11.3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "57DA1DD8-E9F1-43C6-BCA2-1E9C92B1664C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:commerce_platform:11.3.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "869CDD22-4A6C-4665-AA37-E340B07EF81C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:commerce_platform:11.3.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "8CDE72F7-ED9D-4A53-BF63-DF6711FFDEF4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_billing_and_revenue_management:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "DCE2010E-A144-4ED2-B73D-1CA3800A8F71",
                     versionEndIncluding: "12.0.0.6.0",
                     versionStartIncluding: "12.0.0.4.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "6EDB6772-7FDB-45FF-8D72-952902A7EE56",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_console:1.9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "DAAB7154-4DE8-4806-86D0-C1D33B84417B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.1.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "A264E0DE-209D-49B1-8B26-51AB8BBC97F1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "EBB5FF32-7362-4A1E-AD24-EF6B8770FCAD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:22.1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "D6577F14-36B6-46A5-A1B1-FCCADA61A23B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:22.1.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "4F4637E5-3324-441D-94E9-C2DBE9A6B502",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.1.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "8B40FAF9-0A6B-41C4-8CAD-D3D1DD982C2C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:22.2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "C4E817B5-A26B-4EA8-BA93-F87F42114FF4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "74810125-09E6-4F27-B541-AFB61112AC56",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "69F21EC6-EC2F-4E96-A9DE-621B84105304",
                     versionEndIncluding: "8.1.0.0",
                     versionStartIncluding: "8.0.7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "3CC69CF0-6269-40F5-871B-16CFD5EC4C45",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "172BECE8-9626-4910-AAA1-A2FA9C7139E3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.2.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "ACB82398-7281-47CF-81F9-A8A67D9C9DFE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "AD9AC3A6-9B91-4B55-A320-A40E95F21058",
                     versionEndIncluding: "8.1.2.1",
                     versionStartIncluding: "8.1.1.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.0.7.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F9319627-379D-4069-8AC9-512D411F22DA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.0.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "1AC36036-07CE-4903-8FFB-445C6908F0CE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:financial_services_crime_and_compliance_management_studio:8.0.8.2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "55F091C7-0869-4FD6-AC73-DA697D990304",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:financial_services_crime_and_compliance_management_studio:8.0.8.3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "4D134C60-F9E2-46C2-8466-DB90AD98439E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:financial_services_enterprise_case_management:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "E6F77FFB-558E-4740-A63E-B702EE12EF68",
                     versionEndIncluding: "8.1.2.1",
                     versionStartIncluding: "8.1.1.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.7.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "C64D669C-513E-4C53-8BB8-13EB336CDC3A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.7.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "D4BDDBCD-4038-4BEC-91DB-587C2FBC6369",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.8.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F6394E90-2F2C-4955-9F97-BFED76D4333B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.8.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "5B5DC0C1-789B-4126-8C6D-DEDE83AA2D2E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:financial_services_trade-based_anti_money_laundering:8.0.7:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "B57ECC6E-CC64-4DE7-B657-3BA54EDDFFF4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:financial_services_trade-based_anti_money_laundering:8.0.8:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "10BBAD37-51A1-4819-807B-2642E9D4A69C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:global_lifecycle_management_nextgen_oui_framework:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "EE85204F-614D-4EF1-ABEB-B3CD381C2CB0",
                     versionEndExcluding: "13.9.4.2.2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:global_lifecycle_management_nextgen_oui_framework:13.9.4.2.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "5A6FFB5C-EB44-499F-BE81-24ED2B1F201A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "8F0728F8-14D0-4282-9CA7-EFCD68EE77AF",
                     versionEndExcluding: "12.2.0.1.30",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:graph_server_and_client:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "097A31AB-B77F-4DC5-9CD8-AC3A403607AA",
                     versionEndExcluding: "22.2.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:health_sciences_empirica_signal:9.1.0.5.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "42F4D251-489F-41C8-BFA3-B51A1B69028D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*",
                     matchCriteriaId: "D9DB4A14-2EF5-4B54-95D2-75E6CF9AA0A9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*",
                     matchCriteriaId: "C8AF00C6-B97F-414D-A8DF-057E6BFD8597",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "8B1C88FD-C2EC-4C96-AC7E-6F95C8763B48",
                     versionEndIncluding: "17.12.11",
                     versionStartIncluding: "17.12.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "F04DF183-EBCB-456E-90F9-A8500E6E32B7",
                     versionEndIncluding: "18.8.14",
                     versionStartIncluding: "18.8.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "8D30B0D1-4466-4601-8822-CE8ADBB381FB",
                     versionEndIncluding: "19.12.13",
                     versionStartIncluding: "19.12.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "17DE4709-5FFB-4E70-9416-553D89149D51",
                     versionEndIncluding: "20.12.18",
                     versionStartIncluding: "20.12.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "2982311E-B89A-4F9A-8BD2-44635DDDC10B",
                     versionEndIncluding: "21.12.1",
                     versionStartIncluding: "21.12.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "050C3F61-FD74-4B62-BBC7-FFF05B22FB34",
                     versionEndIncluding: "17.12.20.4",
                     versionStartIncluding: "17.12.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "CD0A17FC-BFA9-4EA5-8D4F-1CEC5BC11AA7",
                     versionEndIncluding: "18.8.25.4",
                     versionStartIncluding: "18.8.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "5BC6277C-7C2F-49E1-8A68-4C726A087F74",
                     versionEndIncluding: "19.12.19.0",
                     versionStartIncluding: "19.12.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "C383F1DE-32E0-4E77-9C5F-2D91893F458E",
                     versionEndIncluding: "21.12.4.0",
                     versionStartIncluding: "20.12.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "5AFBEE29-1972-40B1-ADD6-536D5C74D4EA",
                     versionEndIncluding: "17.12",
                     versionStartIncluding: "17.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:primavera_unifier:18.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "951EC479-1B04-49C9-8381-D849685E7517",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*",
                     matchCriteriaId: "10864586-270E-4ACF-BDCC-ECFCD299305F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*",
                     matchCriteriaId: "38340E3C-C452-4370-86D4-355B6B4E0A06",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:primavera_unifier:21.12:*:*:*:*:*:*:*",
                     matchCriteriaId: "E9C55C69-E22E-4B80-9371-5CD821D79FE2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_sales_audit:15.0.3.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "5B32D7B0-CAE2-4B31-94C4-6124356C12B2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:sd-wan_edge:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "77E39D5C-5EFA-4FEB-909E-0A92004F2563",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:sd-wan_edge:9.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "06816711-7C49-47B9-A9D7-FB18CC3F42F2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:spatial_studio:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "7E244A7B-EB39-4A84-BB01-EB09037A701F",
                     versionEndExcluding: "20.1.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:utilities_framework:4.3.0.5.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "A5BBA303-8D2B-48C5-B52A-4E192166699C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:utilities_framework:4.3.0.6.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "8DF02546-3F0D-4FDD-89B1-8A3FE43FB5BF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:utilities_framework:4.4.0.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "3F906F04-39E4-4BE4-8A73-9D058AAADB43",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:utilities_framework:4.4.0.2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "7B393A82-476A-4270-A903-38ED4169E431",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:utilities_framework:4.4.0.3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "85CAE52B-C2CA-4C6B-A0B7-2B9D6F0499E2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:utilities_framework:4.4.0.5.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "B4DAAD73-FE86-4934-AB1A-A60E840C6C1E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F14A818F-AA16-4438-A3E4-E64C9287AC66",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "04BCDC24-4A21-473C-8733-0D9CFB38A752",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "FA6FEEC2-9F11-4643-8827-749718254FED",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:*",
                     matchCriteriaId: "F3E0B672-3E06-4422-B2A4-0BD073AEC2A1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
                     matchCriteriaId: "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
                     matchCriteriaId: "B55E8D50-99B4-47EC-86F9-699B67D473CE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "CCAA4004-9319-478C-9D55-0E8307F872F6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5735E553-9731-4AAC-BCFF-989377F817B3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "9F4754FB-E3EB-454A-AB1A-AE3835C5350C",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.",
      },
      {
         lang: "es",
         value: "jackson-databind versiones anteriores a 2.13.0, permite una excepción Java StackOverflow y una denegación de servicio por medio de una gran profundidad de objetos anidados",
      },
   ],
   id: "CVE-2020-36518",
   lastModified: "2024-11-21T05:29:44.297",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 5,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 7.5,
               baseSeverity: "HIGH",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2022-03-11T07:15:07.800",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://github.com/FasterXML/jackson-databind/issues/2816",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2022/05/msg00001.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20220506-0004/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2022/dsa-5283",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpuapr2022.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpujul2022.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://github.com/FasterXML/jackson-databind/issues/2816",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2022/05/msg00001.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20220506-0004/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2022/dsa-5283",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpuapr2022.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpujul2022.html",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-787",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2019-10-16 18:15
Modified
2024-11-21 04:41
Severity ?
Summary
Vulnerability in the Oracle JDeveloper and ADF product of Oracle Fusion Middleware (component: ADF Faces). Supported versions that are affected are 11.1.1.9.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle JDeveloper and ADF. Successful attacks of this vulnerability can result in takeover of Oracle JDeveloper and ADF. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
References
Impacted products
Vendor Product Version
oracle application_testing_suite 12.5.0.3
oracle application_testing_suite 13.1.0.1
oracle application_testing_suite 13.2.0.1
oracle application_testing_suite 13.3.0.1
oracle banking_enterprise_collections 2.7.0
oracle banking_enterprise_collections 2.8.0
oracle banking_enterprise_originations 2.7.0
oracle banking_enterprise_originations 2.8.0
oracle banking_enterprise_product_manufacturing 2.7.0
oracle banking_enterprise_product_manufacturing 2.8.0
oracle banking_platform 2.4.0
oracle banking_platform 2.4.1
oracle banking_platform 2.5.0
oracle banking_platform 2.6.0
oracle banking_platform 2.6.1
oracle banking_platform 2.6.2
oracle banking_platform 2.7.0
oracle banking_platform 2.7.1
oracle banking_platform 2.9.0
oracle business_process_management_suite 12.2.1.3.0
oracle business_process_management_suite 12.2.1.4.0
oracle clinical 5.2
oracle communications_diameter_signaling_router *
oracle communications_network_integrity *
oracle communications_service_broker 6.0
oracle communications_service_broker 6.1
oracle communications_services_gatekeeper 6.0
oracle communications_services_gatekeeper 6.1
oracle enterprise_repository 11.1.1.7.0
oracle financial_services_lending_and_leasing *
oracle financial_services_lending_and_leasing 12.5.0
oracle financial_services_revenue_management_and_billing_analytics 2.6
oracle financial_services_revenue_management_and_billing_analytics 2.7
oracle financial_services_revenue_management_and_billing_analytics 2.8
oracle flexcube_private_banking 12.0.0
oracle flexcube_private_banking 12.1.0
oracle health_sciences_data_management_workbench 2.4
oracle health_sciences_data_management_workbench 2.5
oracle hyperion_planning 11.1.2.4
oracle rapid_planning 12.1.3
oracle retail_assortment_planning 15.0.3.0
oracle retail_assortment_planning 16.0.3.0
oracle retail_clearance_optimization_engine 13.4
oracle retail_clearance_optimization_engine 14.0.3
oracle retail_clearance_optimization_engine 14.0.5
oracle retail_markdown_optimization 13.4
oracle retail_sales_audit 15.0.3
oracle retail_sales_audit 16.0.2



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:oracle:application_testing_suite:12.5.0.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "17EA8B91-7634-4636-B647-1049BA7CA088",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:application_testing_suite:13.1.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "5B4DF46F-DBCC-41F2-A260-F83A14838F23",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:application_testing_suite:13.2.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "10F17843-32EA-4C31-B65C-F424447BEF7B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "A125E817-F974-4509-872C-B71933F42AD1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:banking_enterprise_collections:2.7.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "CFB663EB-1E06-428B-BE2D-AECFF7F1A025",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:banking_enterprise_collections:2.8.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "3753A492-B62D-4E4A-8D60-C1AC1F71419B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:banking_enterprise_originations:2.7.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "7AB8ABFD-C72C-4CBB-8872-9440A19154D6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:banking_enterprise_originations:2.8.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "3054FEBB-484B-4927-9D1C-2024772E8B3D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:banking_enterprise_product_manufacturing:2.7.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "5AED3C78-7D65-4F02-820D-B51BCE4022F9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:banking_enterprise_product_manufacturing:2.8.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "557A23A1-4762-4D29-A478-D1670C1847D3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:banking_platform:2.4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "C2BEE49E-A5AA-42D3-B422-460454505480",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:banking_platform:2.4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "F4FF66F7-10C8-4A1C-910A-EF7D12A4284C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:banking_platform:2.5.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "35AD0C07-9688-4397-8D45-FBB88C0F0C11",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:banking_platform:2.6.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "8972497F-6E24-45A9-9A18-EB0E842CB1D4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:banking_platform:2.6.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "400509A8-D6F2-432C-A2F1-AD5B8778D0D9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "132CE62A-FBFC-4001-81EC-35D81F73AF48",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:banking_platform:2.7.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "282150FF-C945-4A3E-8A80-E8757A8907EA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:banking_platform:2.7.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "645AA3D1-C8B5-4CD2-8ACE-31541FA267F0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:banking_platform:2.9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "AB9FC9AB-1070-420F-870E-A5EC43A924A4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "E869C417-C0E6-4FC3-B406-45598A1D1906",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "DFEFE2C0-7B98-44F9-B3AD-D6EC607E90DA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:clinical:5.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "F60487A7-386A-4C86-9456-53D1F437CE0C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "12981AA7-BBF6-4158-8F7D-9DD3880FDCC1",
                     versionEndIncluding: "8.4.0.5",
                     versionStartIncluding: "8.0.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_network_integrity:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "ABD748C9-24F6-4739-9772-208B98616EE2",
                     versionEndIncluding: "7.3.6",
                     versionStartIncluding: "7.3.2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_service_broker:6.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "373C4024-679F-4C37-B408-0FB0D7FD845F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_service_broker:6.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "7B1B6C73-F0DC-48AA-BD31-FD3FAEC22F58",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_services_gatekeeper:6.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "BA4E8A1E-FBB5-4EAC-9A7F-6FE95A1B5F60",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_services_gatekeeper:6.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "F3287751-9F54-4806-81D2-E28A42DF1407",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:enterprise_repository:11.1.1.7.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "69300B13-8C0F-4433-A6E8-B2CE32C4723D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:financial_services_lending_and_leasing:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "FCDA89CD-FE10-47AA-9F64-F4BC93E44755",
                     versionEndIncluding: "14.2.0",
                     versionStartIncluding: "14.1.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:financial_services_lending_and_leasing:12.5.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "317CA916-61F3-4E24-B42F-610A1C88A5BA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "A51A10EB-10A9-48EE-9B24-AEE2ABACE9C5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "4CCE1968-016C-43C1-9EE1-FD9F978B688F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "5B5DBF4C-84BB-4537-BD8D-E10C5A4B69F4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:flexcube_private_banking:12.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "6762F207-93C7-4363-B2F9-7A7C6F8AF993",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "1B74B912-152D-4F38-9FC1-741D6D0B27FC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:health_sciences_data_management_workbench:2.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "271745B7-203F-4025-ACF0-C7CA40EE1643",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:health_sciences_data_management_workbench:2.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "A6C07C54-1A10-4063-87F1-E4A371695149",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:hyperion_planning:11.1.2.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "86045AB3-7CCA-49D0-B6FA-DA57A55248DE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:rapid_planning:12.1.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "10578046-1907-4B2B-B8DE-80B3DE6AA476",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_assortment_planning:15.0.3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "44357172-4035-4D57-9C83-D80BDDE8E8C7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_assortment_planning:16.0.3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "CDDD1BFF-9B0D-45DA-86DC-05CF829107FB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_clearance_optimization_engine:13.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "B13EC6F1-1EB7-4A71-8298-A9140C0F6EBB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_clearance_optimization_engine:14.0.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "4D31A422-0B1D-415E-A551-26B8449017DF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_clearance_optimization_engine:14.0.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "FE91D517-D85D-4A8D-90DC-4561BBF8670E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_markdown_optimization:13.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "32E89B1F-7746-47A6-93A2-E7EB69A85EA1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_sales_audit:15.0.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "12AFC92F-E46B-4382-9302-26F27B79723C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_sales_audit:16.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "B5AA4401-E672-4E34-A7DB-5F8F93C3A4F9",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Vulnerability in the Oracle JDeveloper and ADF product of Oracle Fusion Middleware (component: ADF Faces). Supported versions that are affected are 11.1.1.9.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle JDeveloper and ADF. Successful attacks of this vulnerability can result in takeover of Oracle JDeveloper and ADF. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",
      },
      {
         lang: "es",
         value: "Una vulnerabilidad en el producto Oracle JDeveloper and ADF de Oracle Fusion Middleware (componente: ADF Faces). Las versiones compatibles que están afectadas son 11.1.1.9.0, 12.1.3.0.0 y 12.2.1.3.0. Una vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red por medio de HTTP comprometer a Oracle JDeveloper and ADF. Los ataques con éxito de esta vulnerabilidad pueden resultar en la toma de control de Oracle JDeveloper and ADF. CVSS 3.0 Puntuación Base 9.8 (Impactos de la Confidencialidad, Integridad y Disponibilidad). Vector CVSS: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",
      },
   ],
   id: "CVE-2019-2904",
   lastModified: "2024-11-21T04:41:46.483",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 7.5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 9.8,
               baseSeverity: "CRITICAL",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
               version: "3.0",
            },
            exploitabilityScore: 3.9,
            impactScore: 5.9,
            source: "secalert_us@oracle.com",
            type: "Secondary",
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 9.8,
               baseSeverity: "CRITICAL",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2019-10-16T18:15:27.560",
   references: [
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpuapr2020.html",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpuapr2021.html",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpujan2020.html",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpujul2020.html",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpuoct2020.html",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "https://www.zerodayinitiative.com/advisories/ZDI-19-1024/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpuapr2020.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpuapr2021.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpujan2020.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpujul2020.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpuoct2020.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "https://www.zerodayinitiative.com/advisories/ZDI-19-1024/",
      },
   ],
   sourceIdentifier: "secalert_us@oracle.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-noinfo",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2020-04-07 23:15
Modified
2024-11-21 04:58
Summary
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly).
References
cve@mitre.orghttps://github.com/FasterXML/jackson-databind/issues/2682Issue Tracking, Third Party Advisory
cve@mitre.orghttps://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2020/04/msg00012.htmlMailing List, Third Party Advisory
cve@mitre.orghttps://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
cve@mitre.orghttps://security.netapp.com/advisory/ntap-20200511-0004/Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpujan2021.htmlThird Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpujul2020.htmlThird Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpuoct2020.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/FasterXML/jackson-databind/issues/2682Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2020/04/msg00012.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20200511-0004/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujan2021.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujul2020.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuoct2020.htmlThird Party Advisory



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "77F8EDB1-5890-4054-84FF-2034C7D2ED96",
                     versionEndExcluding: "2.9.10.4",
                     versionStartIncluding: "2.9.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:linux:*:*",
                     matchCriteriaId: "9FBC1BD0-FF12-4691-8751-5F245D991989",
                     versionStartIncluding: "7.3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*",
                     matchCriteriaId: "BD075607-09B7-493E-8611-66D041FFDA62",
                     versionStartIncluding: "7.3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*",
                     matchCriteriaId: "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB",
                     versionStartIncluding: "9.5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "5343F8F8-E8B4-49E9-A304-9C8A608B8027",
                     versionEndIncluding: "2.9.0",
                     versionStartIncluding: "2.4.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_contacts_server:8.0.0.4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "113E281E-977E-4195-B131-B7C7A2933B6E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "987811D5-DA5E-493D-8709-F9231A84E5F9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "0DB23B9A-571E-4B77-B432-23F3DC9B67D1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "2AB443D1-D8E0-4253-9E1C-B62AEBBE582A",
                     versionEndIncluding: "12.0.3",
                     versionStartIncluding: "12.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "ECC00750-1DBF-401F-886E-E0E65A277409",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "7582B307-3899-4BBB-B868-BC912A4D0109",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "D26F3E23-F1A9-45E7-9E5F-0C0A24EE3783",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "A8200D5C-D3C7-4936-84A7-37864DEEC62B",
                     versionEndExcluding: "12.2.0.1.20",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "6E46AE88-E9F8-41CB-B15F-12F5127A1E8D",
                     versionEndExcluding: "9.2.4.2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "A3D635AE-5E4A-47FB-9FCA-D82D52A61367",
                     versionEndExcluding: "9.2.4.2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "08FA59A8-6A62-4B33-8952-D6E658F8DAC9",
                     versionEndIncluding: "17.12",
                     versionStartIncluding: "17.7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "D55A54FD-7DD1-49CD-BE81-0BE73990943C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "82EB08C0-2D46-4635-88DF-E54F6452D3A3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "202AD518-2E9B-4062-B063-9858AE1F9CE2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*",
                     matchCriteriaId: "10864586-270E-4ACF-BDCC-ECFCD299305F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "792DF04A-2D1B-40B5-B960-3E7152732EB8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "7DA6E92C-AC3B-40CF-96AE-22CD8769886F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "11DA6839-849D-4CEF-85F3-38FE75E07183",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "BCE78490-A4BE-40BD-8C72-0A4526BBD4A4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "55AE3629-4A66-49E4-A33D-6D81CC94962F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "4CB39A1A-AD29-45DD-9EB5-5E2053A01B9A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "27C26705-6D1F-4D5E-B64D-B479108154FF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F14A818F-AA16-4438-A3E4-E64C9287AC66",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly).",
      },
      {
         lang: "es",
         value: "FasterXML jackson-databind versiones 2.x anteriores a 2.9.10.4, maneja inapropiadamente la interacción entre los gadgets de serialización y la escritura, relacionada con el componente org.apache.commons.jelly.impl.Embedded (también se conoce como commons-jelly).",
      },
   ],
   id: "CVE-2020-11620",
   lastModified: "2024-11-21T04:58:15.937",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 6.8,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8.1,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.2,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2020-04-07T23:15:12.140",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://github.com/FasterXML/jackson-databind/issues/2682",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html",
      },
      {
         source: "cve@mitre.org",
         url: "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20200511-0004/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpujan2021.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpujul2020.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpuoct2020.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://github.com/FasterXML/jackson-databind/issues/2682",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20200511-0004/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpujan2021.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpujul2020.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpuoct2020.html",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-502",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2020-03-26 13:15
Modified
2024-11-21 04:56
Summary
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.
References
cve@mitre.orghttps://github.com/FasterXML/jackson-databind/issues/2642Third Party Advisory
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2020/04/msg00012.htmlMailing List, Third Party Advisory
cve@mitre.orghttps://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
cve@mitre.orghttps://security.netapp.com/advisory/ntap-20200403-0002/Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpujan2021.htmlPatch, Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpujul2020.htmlPatch, Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpuoct2020.htmlPatch, Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpuoct2021.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/FasterXML/jackson-databind/issues/2642Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2020/04/msg00012.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20200403-0002/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujan2021.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujul2020.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuoct2020.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuoct2021.htmlPatch, Third Party Advisory
Impacted products
Vendor Product Version
fasterxml jackson-databind *
fasterxml jackson-databind *
fasterxml jackson-databind *
debian debian_linux 8.0
netapp steelstore_cloud_integrated_storage -
oracle agile_plm 9.3.6
oracle autovue_for_agile_product_lifecycle_management 21.0.2
oracle banking_digital_experience 18.1
oracle banking_digital_experience 18.2
oracle banking_digital_experience 18.3
oracle banking_digital_experience 19.1
oracle banking_digital_experience 19.2
oracle banking_digital_experience 20.1
oracle banking_platform *
oracle communications_calendar_server 8.0.0.4.0
oracle communications_contacts_server 8.0.0.4.0
oracle communications_contacts_server 8.0.0.5.0
oracle communications_diameter_signaling_router *
oracle communications_element_manager *
oracle communications_evolved_communications_application_server 7.1
oracle communications_instant_messaging_server 10.0.1.4.0
oracle communications_network_charging_and_control *
oracle communications_network_charging_and_control 6.0.1
oracle communications_session_report_manager *
oracle communications_session_route_manager *
oracle enterprise_manager_base_platform 13.3.0.0
oracle enterprise_manager_base_platform 13.4.0.0
oracle financial_services_analytical_applications_infrastructure *
oracle financial_services_institutional_performance_analytics 8.0.6
oracle financial_services_institutional_performance_analytics 8.0.7
oracle financial_services_institutional_performance_analytics 8.1.0
oracle financial_services_price_creation_and_discovery 8.0.6
oracle financial_services_price_creation_and_discovery 8.0.7
oracle financial_services_retail_customer_analytics 8.0.6
oracle global_lifecycle_management_opatch *
oracle insurance_policy_administration_j2ee 11.0.2.25
oracle insurance_policy_administration_j2ee 11.1.0.15
oracle jd_edwards_enterpriseone_orchestrator *
oracle jd_edwards_enterpriseone_tools *
oracle primavera_unifier *
oracle primavera_unifier 16.1
oracle primavera_unifier 16.2
oracle primavera_unifier 18.8
oracle primavera_unifier 19.12
oracle retail_merchandising_system 15.0
oracle retail_sales_audit 14.1
oracle retail_service_backbone 14.1
oracle retail_service_backbone 15.0
oracle retail_service_backbone 16.0
oracle retail_xstore_point_of_service 15.0
oracle retail_xstore_point_of_service 16.0
oracle retail_xstore_point_of_service 17.0
oracle retail_xstore_point_of_service 18.0
oracle retail_xstore_point_of_service 19.0
oracle weblogic_server 12.2.1.3.0
oracle weblogic_server 12.2.1.4.0



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "29BC94E0-FEBC-4E86-825C-0101DC339852",
                     versionEndExcluding: "2.7.9.7",
                     versionStartIncluding: "2.7.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "04F30C23-46F8-4F58-807B-002C5E96B7F7",
                     versionEndExcluding: "2.8.11.6",
                     versionStartIncluding: "2.8.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "77F8EDB1-5890-4054-84FF-2034C7D2ED96",
                     versionEndExcluding: "2.9.10.4",
                     versionStartIncluding: "2.9.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "C650FEDB-E903-4C2D-AD40-282AB5F2E3C2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "97994257-C9A4-4491-B362-E8B25B7187AB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "BBE7BF09-B89C-4590-821E-6C0587E096B5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "ADAE8A71-0BCD-42D5-B38C-9B2A27CC1E6B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "E7231D2D-4092-44F3-B60A-D7C9ED78AFDF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "F7BDFC10-45A0-46D8-AB92-4A5E2C1C76ED",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "18127694-109C-4E7E-AE79-0BA351849291",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "33F68878-BC19-4DB8-8A72-BD9FE3D0ACEC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "5343F8F8-E8B4-49E9-A304-9C8A608B8027",
                     versionEndIncluding: "2.9.0",
                     versionStartIncluding: "2.4.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "46059231-E7F6-4402-8119-1C7FE4ABEA96",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_contacts_server:8.0.0.4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "113E281E-977E-4195-B131-B7C7A2933B6E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_contacts_server:8.0.0.5.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "D01A0BBC-DA0E-4AFE-83BF-4F3BA01653EC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "526E2FE5-263F-416F-8628-6CD40B865780",
                     versionEndIncluding: "8.2.2",
                     versionStartIncluding: "8.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "B51F78F4-8D7E-48C2-86D1-D53A6EB348A7",
                     versionEndIncluding: "8.2.2",
                     versionStartIncluding: "8.2.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "987811D5-DA5E-493D-8709-F9231A84E5F9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "0DB23B9A-571E-4B77-B432-23F3DC9B67D1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "2AB443D1-D8E0-4253-9E1C-B62AEBBE582A",
                     versionEndIncluding: "12.0.3",
                     versionStartIncluding: "12.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "ECC00750-1DBF-401F-886E-E0E65A277409",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "3E5416A1-EE58-415D-9645-B6A875EBAED2",
                     versionEndIncluding: "8.2.2",
                     versionStartIncluding: "8.2.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "11B0C37E-D7C7-45F2-A8D8-5A3B1B191430",
                     versionEndIncluding: "8.2.2",
                     versionStartIncluding: "8.2.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "7582B307-3899-4BBB-B868-BC912A4D0109",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "D26F3E23-F1A9-45E7-9E5F-0C0A24EE3783",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "021014B2-DC51-481C-BCFE-5857EFBDEDDA",
                     versionEndIncluding: "8.1.0",
                     versionStartIncluding: "8.0.6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "37C8EE84-A840-4132-B331-C7D450B1FBBF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "1D8436A2-9CA3-4C91-B632-9B03368ABC1B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "A00142E6-EEB3-44BD-AB0D-0E5C5640557F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "4A01F8ED-64DA-43BC-9C02-488010BCD0F4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "75638A6A-88B2-4BC7-84EA-1CF5FC30D555",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "1FBF422E-3F67-4599-A7C1-0E2E4224553A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "A8200D5C-D3C7-4936-84A7-37864DEEC62B",
                     versionEndExcluding: "12.2.0.1.20",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.0.2.25:*:*:*:*:*:*:*",
                     matchCriteriaId: "72F28CE3-F835-4458-8D70-CBE9FC2F7E7A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.1.0.15:*:*:*:*:*:*:*",
                     matchCriteriaId: "9F058FDA-04BC-4F32-830D-206983770692",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "6E46AE88-E9F8-41CB-B15F-12F5127A1E8D",
                     versionEndExcluding: "9.2.4.2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "A3D635AE-5E4A-47FB-9FCA-D82D52A61367",
                     versionEndExcluding: "9.2.4.2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "08FA59A8-6A62-4B33-8952-D6E658F8DAC9",
                     versionEndIncluding: "17.12",
                     versionStartIncluding: "17.7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "D55A54FD-7DD1-49CD-BE81-0BE73990943C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "82EB08C0-2D46-4635-88DF-E54F6452D3A3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "202AD518-2E9B-4062-B063-9858AE1F9CE2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*",
                     matchCriteriaId: "10864586-270E-4ACF-BDCC-ECFCD299305F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "792DF04A-2D1B-40B5-B960-3E7152732EB8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "7DA6E92C-AC3B-40CF-96AE-22CD8769886F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_service_backbone:14.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "378A6656-252B-4929-83EA-BC107FDFD357",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_service_backbone:15.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "363395FA-C296-4B2B-9D6F-BCB8DBE6FACE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_service_backbone:16.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F62A2144-5EF8-4319-B8C2-D7975F51E5FA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "11DA6839-849D-4CEF-85F3-38FE75E07183",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "BCE78490-A4BE-40BD-8C72-0A4526BBD4A4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "55AE3629-4A66-49E4-A33D-6D81CC94962F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "4CB39A1A-AD29-45DD-9EB5-5E2053A01B9A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "27C26705-6D1F-4D5E-B64D-B479108154FF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F14A818F-AA16-4438-A3E4-E64C9287AC66",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.",
      },
      {
         lang: "es",
         value: "FasterXML jackson-databind versiones 2.x anteriores a 2.9.10.4, maneja inapropiadamente la interacción entre los gadgets de serialización y la escritura, relacionado con javax.swing.JEditorPane.",
      },
   ],
   id: "CVE-2020-10969",
   lastModified: "2024-11-21T04:56:28.820",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 6.8,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 5.9,
            source: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
            type: "Secondary",
         },
      ],
   },
   published: "2020-03-26T13:15:13.077",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://github.com/FasterXML/jackson-databind/issues/2642",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html",
      },
      {
         source: "cve@mitre.org",
         url: "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20200403-0002/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpujan2021.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpujul2020.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpuoct2020.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpuoct2021.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://github.com/FasterXML/jackson-databind/issues/2642",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20200403-0002/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpujan2021.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpujul2020.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpuoct2020.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpuoct2021.html",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-502",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-502",
            },
         ],
         source: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
         type: "Secondary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2020-03-31 05:15
Modified
2024-11-21 04:56
Summary
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).
References
cve@mitre.orghttps://github.com/FasterXML/jackson-databind/issues/2670Patch, Third Party Advisory
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2020/04/msg00012.htmlMailing List, Third Party Advisory
cve@mitre.orghttps://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
cve@mitre.orghttps://security.netapp.com/advisory/ntap-20200403-0002/Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpujan2021.htmlPatch, Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpujul2020.htmlPatch, Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpuoct2020.htmlPatch, Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpuoct2021.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/FasterXML/jackson-databind/issues/2670Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2020/04/msg00012.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20200403-0002/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujan2021.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujul2020.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuoct2020.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuoct2021.htmlPatch, Third Party Advisory
Impacted products
Vendor Product Version
fasterxml jackson-databind *
debian debian_linux 8.0
netapp steelstore_cloud_integrated_storage -
oracle agile_plm 9.3.6
oracle autovue_for_agile_product_lifecycle_management 21.0.2
oracle banking_digital_experience 18.1
oracle banking_digital_experience 18.2
oracle banking_digital_experience 18.3
oracle banking_digital_experience 19.1
oracle banking_digital_experience 19.2
oracle banking_digital_experience 20.1
oracle banking_platform *
oracle communications_calendar_server 8.0.0.4.0
oracle communications_contacts_server 8.0.0.5.0
oracle communications_diameter_signaling_router *
oracle communications_element_manager *
oracle communications_evolved_communications_application_server 7.1
oracle communications_instant_messaging_server 10.0.1.4.0
oracle communications_network_charging_and_control *
oracle communications_network_charging_and_control 6.0.1
oracle communications_session_report_manager *
oracle communications_session_route_manager *
oracle enterprise_manager_base_platform 13.3.0.0
oracle enterprise_manager_base_platform 13.4.0.0
oracle financial_services_analytical_applications_infrastructure *
oracle financial_services_institutional_performance_analytics 8.0.6
oracle financial_services_institutional_performance_analytics 8.0.7
oracle financial_services_institutional_performance_analytics 8.1.0
oracle financial_services_price_creation_and_discovery 8.0.6
oracle financial_services_price_creation_and_discovery 8.0.7
oracle financial_services_retail_customer_analytics 8.0.6
oracle global_lifecycle_management_opatch *
oracle insurance_policy_administration_j2ee 11.0.2.25
oracle insurance_policy_administration_j2ee 11.1.0.15
oracle jd_edwards_enterpriseone_orchestrator *
oracle jd_edwards_enterpriseone_tools *
oracle primavera_unifier *
oracle primavera_unifier 16.1
oracle primavera_unifier 16.2
oracle primavera_unifier 18.8
oracle primavera_unifier 19.12
oracle retail_merchandising_system 15.0
oracle retail_sales_audit 14.1
oracle retail_service_backbone 14.1
oracle retail_service_backbone 15.0
oracle retail_service_backbone 16.0
oracle retail_xstore_point_of_service 15.0
oracle retail_xstore_point_of_service 16.0
oracle retail_xstore_point_of_service 17.0
oracle retail_xstore_point_of_service 18.0
oracle retail_xstore_point_of_service 19.0
oracle webcenter_portal 12.2.1.3.0
oracle webcenter_portal 12.2.1.4.0
oracle weblogic_server 12.2.1.3.0
oracle weblogic_server 12.2.1.4.0



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "77F8EDB1-5890-4054-84FF-2034C7D2ED96",
                     versionEndExcluding: "2.9.10.4",
                     versionStartIncluding: "2.9.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "C650FEDB-E903-4C2D-AD40-282AB5F2E3C2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "97994257-C9A4-4491-B362-E8B25B7187AB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "BBE7BF09-B89C-4590-821E-6C0587E096B5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "ADAE8A71-0BCD-42D5-B38C-9B2A27CC1E6B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "E7231D2D-4092-44F3-B60A-D7C9ED78AFDF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "F7BDFC10-45A0-46D8-AB92-4A5E2C1C76ED",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "18127694-109C-4E7E-AE79-0BA351849291",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "33F68878-BC19-4DB8-8A72-BD9FE3D0ACEC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "5343F8F8-E8B4-49E9-A304-9C8A608B8027",
                     versionEndIncluding: "2.9.0",
                     versionStartIncluding: "2.4.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "46059231-E7F6-4402-8119-1C7FE4ABEA96",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_contacts_server:8.0.0.5.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "D01A0BBC-DA0E-4AFE-83BF-4F3BA01653EC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "526E2FE5-263F-416F-8628-6CD40B865780",
                     versionEndIncluding: "8.2.2",
                     versionStartIncluding: "8.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "B51F78F4-8D7E-48C2-86D1-D53A6EB348A7",
                     versionEndIncluding: "8.2.2",
                     versionStartIncluding: "8.2.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "987811D5-DA5E-493D-8709-F9231A84E5F9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "0DB23B9A-571E-4B77-B432-23F3DC9B67D1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "2AB443D1-D8E0-4253-9E1C-B62AEBBE582A",
                     versionEndIncluding: "12.0.3",
                     versionStartIncluding: "12.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "ECC00750-1DBF-401F-886E-E0E65A277409",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "3E5416A1-EE58-415D-9645-B6A875EBAED2",
                     versionEndIncluding: "8.2.2",
                     versionStartIncluding: "8.2.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "11B0C37E-D7C7-45F2-A8D8-5A3B1B191430",
                     versionEndIncluding: "8.2.2",
                     versionStartIncluding: "8.2.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "7582B307-3899-4BBB-B868-BC912A4D0109",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "D26F3E23-F1A9-45E7-9E5F-0C0A24EE3783",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "021014B2-DC51-481C-BCFE-5857EFBDEDDA",
                     versionEndIncluding: "8.1.0",
                     versionStartIncluding: "8.0.6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "37C8EE84-A840-4132-B331-C7D450B1FBBF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "1D8436A2-9CA3-4C91-B632-9B03368ABC1B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "A00142E6-EEB3-44BD-AB0D-0E5C5640557F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "4A01F8ED-64DA-43BC-9C02-488010BCD0F4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "75638A6A-88B2-4BC7-84EA-1CF5FC30D555",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "1FBF422E-3F67-4599-A7C1-0E2E4224553A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "A8200D5C-D3C7-4936-84A7-37864DEEC62B",
                     versionEndExcluding: "12.2.0.1.20",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.0.2.25:*:*:*:*:*:*:*",
                     matchCriteriaId: "72F28CE3-F835-4458-8D70-CBE9FC2F7E7A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.1.0.15:*:*:*:*:*:*:*",
                     matchCriteriaId: "9F058FDA-04BC-4F32-830D-206983770692",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "6E46AE88-E9F8-41CB-B15F-12F5127A1E8D",
                     versionEndExcluding: "9.2.4.2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "A3D635AE-5E4A-47FB-9FCA-D82D52A61367",
                     versionEndExcluding: "9.2.4.2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "08FA59A8-6A62-4B33-8952-D6E658F8DAC9",
                     versionEndIncluding: "17.12",
                     versionStartIncluding: "17.7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "D55A54FD-7DD1-49CD-BE81-0BE73990943C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "82EB08C0-2D46-4635-88DF-E54F6452D3A3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "202AD518-2E9B-4062-B063-9858AE1F9CE2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*",
                     matchCriteriaId: "10864586-270E-4ACF-BDCC-ECFCD299305F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "792DF04A-2D1B-40B5-B960-3E7152732EB8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "7DA6E92C-AC3B-40CF-96AE-22CD8769886F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_service_backbone:14.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "378A6656-252B-4929-83EA-BC107FDFD357",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_service_backbone:15.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "363395FA-C296-4B2B-9D6F-BCB8DBE6FACE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_service_backbone:16.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F62A2144-5EF8-4319-B8C2-D7975F51E5FA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "11DA6839-849D-4CEF-85F3-38FE75E07183",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "BCE78490-A4BE-40BD-8C72-0A4526BBD4A4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "55AE3629-4A66-49E4-A33D-6D81CC94962F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "4CB39A1A-AD29-45DD-9EB5-5E2053A01B9A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "27C26705-6D1F-4D5E-B64D-B479108154FF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "D6A4F71A-4269-40FC-8F61-1D1301F2B728",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "5A502118-5B2B-47AE-82EC-1999BD841103",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F14A818F-AA16-4438-A3E4-E64C9287AC66",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).",
      },
      {
         lang: "es",
         value: "FasterXML jackson-databind versiones 2.x anteriores a 2.9.10.4, maneja inapropiadamente la interacción entre los gadgets de serialización y la escritura, relacionado con org.apache.openjpa.ee.WASRegistryManagedRuntime (también se conoce como openjpa).",
      },
   ],
   id: "CVE-2020-11113",
   lastModified: "2024-11-21T04:56:49.317",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 6.8,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 5.9,
            source: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
            type: "Secondary",
         },
      ],
   },
   published: "2020-03-31T05:15:13.117",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/FasterXML/jackson-databind/issues/2670",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html",
      },
      {
         source: "cve@mitre.org",
         url: "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20200403-0002/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpujan2021.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpujul2020.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpuoct2020.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpuoct2021.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/FasterXML/jackson-databind/issues/2670",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20200403-0002/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpujan2021.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpujul2020.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpuoct2020.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpuoct2021.html",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-502",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-502",
            },
         ],
         source: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
         type: "Secondary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2020-04-07 23:15
Modified
2024-11-21 04:58
Summary
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).
References
cve@mitre.orghttps://github.com/FasterXML/jackson-databind/issues/2680Issue Tracking, Patch, Third Party Advisory
cve@mitre.orghttps://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2020/04/msg00012.htmlMailing List, Third Party Advisory
cve@mitre.orghttps://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
cve@mitre.orghttps://security.netapp.com/advisory/ntap-20200511-0004/Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpujan2021.htmlThird Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpujul2020.htmlThird Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpuoct2020.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/FasterXML/jackson-databind/issues/2680Issue Tracking, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2020/04/msg00012.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20200511-0004/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujan2021.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujul2020.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuoct2020.htmlThird Party Advisory



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "77F8EDB1-5890-4054-84FF-2034C7D2ED96",
                     versionEndExcluding: "2.9.10.4",
                     versionStartIncluding: "2.9.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:linux:*:*",
                     matchCriteriaId: "9FBC1BD0-FF12-4691-8751-5F245D991989",
                     versionStartIncluding: "7.3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*",
                     matchCriteriaId: "BD075607-09B7-493E-8611-66D041FFDA62",
                     versionStartIncluding: "7.3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*",
                     matchCriteriaId: "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB",
                     versionStartIncluding: "9.5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "C650FEDB-E903-4C2D-AD40-282AB5F2E3C2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "5343F8F8-E8B4-49E9-A304-9C8A608B8027",
                     versionEndIncluding: "2.9.0",
                     versionStartIncluding: "2.4.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "46059231-E7F6-4402-8119-1C7FE4ABEA96",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_contacts_server:8.0.0.4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "113E281E-977E-4195-B131-B7C7A2933B6E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_contacts_server:8.0.0.5.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "D01A0BBC-DA0E-4AFE-83BF-4F3BA01653EC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "526E2FE5-263F-416F-8628-6CD40B865780",
                     versionEndIncluding: "8.2.2",
                     versionStartIncluding: "8.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "987811D5-DA5E-493D-8709-F9231A84E5F9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "0DB23B9A-571E-4B77-B432-23F3DC9B67D1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "2AB443D1-D8E0-4253-9E1C-B62AEBBE582A",
                     versionEndIncluding: "12.0.3",
                     versionStartIncluding: "12.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "ECC00750-1DBF-401F-886E-E0E65A277409",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "7582B307-3899-4BBB-B868-BC912A4D0109",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "D26F3E23-F1A9-45E7-9E5F-0C0A24EE3783",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "A8200D5C-D3C7-4936-84A7-37864DEEC62B",
                     versionEndExcluding: "12.2.0.1.20",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "6E46AE88-E9F8-41CB-B15F-12F5127A1E8D",
                     versionEndExcluding: "9.2.4.2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "A3D635AE-5E4A-47FB-9FCA-D82D52A61367",
                     versionEndExcluding: "9.2.4.2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "08FA59A8-6A62-4B33-8952-D6E658F8DAC9",
                     versionEndIncluding: "17.12",
                     versionStartIncluding: "17.7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "D55A54FD-7DD1-49CD-BE81-0BE73990943C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "82EB08C0-2D46-4635-88DF-E54F6452D3A3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "202AD518-2E9B-4062-B063-9858AE1F9CE2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*",
                     matchCriteriaId: "10864586-270E-4ACF-BDCC-ECFCD299305F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "792DF04A-2D1B-40B5-B960-3E7152732EB8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "7DA6E92C-AC3B-40CF-96AE-22CD8769886F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "11DA6839-849D-4CEF-85F3-38FE75E07183",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "BCE78490-A4BE-40BD-8C72-0A4526BBD4A4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "55AE3629-4A66-49E4-A33D-6D81CC94962F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "4CB39A1A-AD29-45DD-9EB5-5E2053A01B9A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "27C26705-6D1F-4D5E-B64D-B479108154FF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F14A818F-AA16-4438-A3E4-E64C9287AC66",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).",
      },
      {
         lang: "es",
         value: "FasterXML jackson-databind versiones 2.x anteriores a 2.9.10.4, maneja inapropiadamente la interacción entre los gadgets de serialización y la escritura, relacionada con el componente  org.springframework.aop.config.MethodLocatingFactoryBean (también se conoce como spring-aop).",
      },
   ],
   id: "CVE-2020-11619",
   lastModified: "2024-11-21T04:58:15.730",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 6.8,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8.1,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.2,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2020-04-07T23:15:12.077",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Issue Tracking",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/FasterXML/jackson-databind/issues/2680",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html",
      },
      {
         source: "cve@mitre.org",
         url: "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20200511-0004/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpujan2021.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpujul2020.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpuoct2020.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/FasterXML/jackson-databind/issues/2680",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20200511-0004/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpujan2021.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpujul2020.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpuoct2020.html",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-502",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2020-03-31 05:15
Modified
2024-11-21 04:56
Summary
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).
References
cve@mitre.orghttps://github.com/FasterXML/jackson-databind/issues/2666Patch, Third Party Advisory
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2020/04/msg00012.htmlMailing List, Third Party Advisory
cve@mitre.orghttps://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
cve@mitre.orghttps://security.netapp.com/advisory/ntap-20200403-0002/Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpujan2021.htmlPatch, Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpujul2020.htmlPatch, Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpuoct2020.htmlPatch, Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpuoct2021.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/FasterXML/jackson-databind/issues/2666Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2020/04/msg00012.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20200403-0002/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujan2021.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujul2020.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuoct2020.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuoct2021.htmlPatch, Third Party Advisory
Impacted products
Vendor Product Version
fasterxml jackson-databind *
debian debian_linux 8.0
netapp steelstore_cloud_integrated_storage -
oracle agile_plm 9.3.6
oracle autovue_for_agile_product_lifecycle_management 21.0.2
oracle banking_digital_experience 18.1
oracle banking_digital_experience 18.2
oracle banking_digital_experience 18.3
oracle banking_digital_experience 19.1
oracle banking_digital_experience 19.2
oracle banking_digital_experience 20.1
oracle banking_platform *
oracle communications_calendar_server 8.0.0.4.0
oracle communications_contacts_server 8.0.0.4.0
oracle communications_contacts_server 8.0.0.5.0
oracle communications_diameter_signaling_router *
oracle communications_element_manager *
oracle communications_evolved_communications_application_server 7.1
oracle communications_instant_messaging_server 10.0.1.4.0
oracle communications_network_charging_and_control *
oracle communications_network_charging_and_control 6.0.1
oracle communications_session_report_manager *
oracle communications_session_route_manager *
oracle enterprise_manager_base_platform 13.3.0.0
oracle enterprise_manager_base_platform 13.4.0.0
oracle financial_services_analytical_applications_infrastructure *
oracle financial_services_institutional_performance_analytics 8.0.6
oracle financial_services_institutional_performance_analytics 8.0.7
oracle financial_services_institutional_performance_analytics 8.1.0
oracle financial_services_price_creation_and_discovery 8.0.6
oracle financial_services_price_creation_and_discovery 8.0.7
oracle financial_services_retail_customer_analytics 8.0.6
oracle global_lifecycle_management_opatch *
oracle insurance_policy_administration_j2ee 11.0.2.25
oracle insurance_policy_administration_j2ee 11.1.0.15
oracle jd_edwards_enterpriseone_orchestrator *
oracle jd_edwards_enterpriseone_tools *
oracle primavera_unifier *
oracle primavera_unifier 16.1
oracle primavera_unifier 16.2
oracle primavera_unifier 18.8
oracle primavera_unifier 19.12
oracle retail_merchandising_system 15.0
oracle retail_sales_audit 14.1
oracle retail_service_backbone 14.1
oracle retail_service_backbone 15.0
oracle retail_service_backbone 16.0
oracle retail_xstore_point_of_service 15.0
oracle retail_xstore_point_of_service 16.0
oracle retail_xstore_point_of_service 17.0
oracle retail_xstore_point_of_service 18.0
oracle retail_xstore_point_of_service 19.0
oracle weblogic_server 12.2.1.3.0
oracle weblogic_server 12.2.1.4.0



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "77F8EDB1-5890-4054-84FF-2034C7D2ED96",
                     versionEndExcluding: "2.9.10.4",
                     versionStartIncluding: "2.9.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "C650FEDB-E903-4C2D-AD40-282AB5F2E3C2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "97994257-C9A4-4491-B362-E8B25B7187AB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "BBE7BF09-B89C-4590-821E-6C0587E096B5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "ADAE8A71-0BCD-42D5-B38C-9B2A27CC1E6B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "E7231D2D-4092-44F3-B60A-D7C9ED78AFDF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "F7BDFC10-45A0-46D8-AB92-4A5E2C1C76ED",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "18127694-109C-4E7E-AE79-0BA351849291",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "33F68878-BC19-4DB8-8A72-BD9FE3D0ACEC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "5343F8F8-E8B4-49E9-A304-9C8A608B8027",
                     versionEndIncluding: "2.9.0",
                     versionStartIncluding: "2.4.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "46059231-E7F6-4402-8119-1C7FE4ABEA96",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_contacts_server:8.0.0.4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "113E281E-977E-4195-B131-B7C7A2933B6E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_contacts_server:8.0.0.5.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "D01A0BBC-DA0E-4AFE-83BF-4F3BA01653EC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "526E2FE5-263F-416F-8628-6CD40B865780",
                     versionEndIncluding: "8.2.2",
                     versionStartIncluding: "8.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "B51F78F4-8D7E-48C2-86D1-D53A6EB348A7",
                     versionEndIncluding: "8.2.2",
                     versionStartIncluding: "8.2.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "987811D5-DA5E-493D-8709-F9231A84E5F9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "0DB23B9A-571E-4B77-B432-23F3DC9B67D1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "2AB443D1-D8E0-4253-9E1C-B62AEBBE582A",
                     versionEndIncluding: "12.0.3",
                     versionStartIncluding: "12.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "ECC00750-1DBF-401F-886E-E0E65A277409",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "3E5416A1-EE58-415D-9645-B6A875EBAED2",
                     versionEndIncluding: "8.2.2",
                     versionStartIncluding: "8.2.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "11B0C37E-D7C7-45F2-A8D8-5A3B1B191430",
                     versionEndIncluding: "8.2.2",
                     versionStartIncluding: "8.2.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "7582B307-3899-4BBB-B868-BC912A4D0109",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "D26F3E23-F1A9-45E7-9E5F-0C0A24EE3783",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "021014B2-DC51-481C-BCFE-5857EFBDEDDA",
                     versionEndIncluding: "8.1.0",
                     versionStartIncluding: "8.0.6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "37C8EE84-A840-4132-B331-C7D450B1FBBF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "1D8436A2-9CA3-4C91-B632-9B03368ABC1B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "A00142E6-EEB3-44BD-AB0D-0E5C5640557F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "4A01F8ED-64DA-43BC-9C02-488010BCD0F4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "75638A6A-88B2-4BC7-84EA-1CF5FC30D555",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "1FBF422E-3F67-4599-A7C1-0E2E4224553A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "A8200D5C-D3C7-4936-84A7-37864DEEC62B",
                     versionEndExcluding: "12.2.0.1.20",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.0.2.25:*:*:*:*:*:*:*",
                     matchCriteriaId: "72F28CE3-F835-4458-8D70-CBE9FC2F7E7A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.1.0.15:*:*:*:*:*:*:*",
                     matchCriteriaId: "9F058FDA-04BC-4F32-830D-206983770692",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "6E46AE88-E9F8-41CB-B15F-12F5127A1E8D",
                     versionEndExcluding: "9.2.4.2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "A3D635AE-5E4A-47FB-9FCA-D82D52A61367",
                     versionEndExcluding: "9.2.4.2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "08FA59A8-6A62-4B33-8952-D6E658F8DAC9",
                     versionEndIncluding: "17.12",
                     versionStartIncluding: "17.7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "D55A54FD-7DD1-49CD-BE81-0BE73990943C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "82EB08C0-2D46-4635-88DF-E54F6452D3A3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "202AD518-2E9B-4062-B063-9858AE1F9CE2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*",
                     matchCriteriaId: "10864586-270E-4ACF-BDCC-ECFCD299305F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "792DF04A-2D1B-40B5-B960-3E7152732EB8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "7DA6E92C-AC3B-40CF-96AE-22CD8769886F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_service_backbone:14.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "378A6656-252B-4929-83EA-BC107FDFD357",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_service_backbone:15.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "363395FA-C296-4B2B-9D6F-BCB8DBE6FACE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_service_backbone:16.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F62A2144-5EF8-4319-B8C2-D7975F51E5FA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "11DA6839-849D-4CEF-85F3-38FE75E07183",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "BCE78490-A4BE-40BD-8C72-0A4526BBD4A4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "55AE3629-4A66-49E4-A33D-6D81CC94962F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "4CB39A1A-AD29-45DD-9EB5-5E2053A01B9A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "27C26705-6D1F-4D5E-B64D-B479108154FF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F14A818F-AA16-4438-A3E4-E64C9287AC66",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).",
      },
      {
         lang: "es",
         value: "FasterXML jackson-databind versiones 2.x anteriores a 2.9.10.4, maneja inapropiadamente la interacción entre los gadgets de serialización y la escritura, relacionado con org.apache.commons.proxy.provider.remoting.RmiProvider (también se conoce como apache/commons-proxy).",
      },
   ],
   id: "CVE-2020-11112",
   lastModified: "2024-11-21T04:56:49.010",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 6.8,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 5.9,
            source: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
            type: "Secondary",
         },
      ],
   },
   published: "2020-03-31T05:15:13.070",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/FasterXML/jackson-databind/issues/2666",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html",
      },
      {
         source: "cve@mitre.org",
         url: "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20200403-0002/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpujan2021.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpujul2020.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpuoct2020.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpuoct2021.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/FasterXML/jackson-databind/issues/2666",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20200403-0002/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpujan2021.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpujul2020.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpuoct2020.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpuoct2021.html",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-502",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-502",
            },
         ],
         source: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
         type: "Secondary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2020-03-02 04:15
Modified
2024-11-21 05:40
Severity ?
Summary
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).
References
cve@mitre.orghttps://github.com/FasterXML/jackson-databind/issues/2631Patch, Third Party Advisory
cve@mitre.orghttps://lists.apache.org/thread.html/r35d30db00440ef63b791c4b7f7acb036e14d4a23afa2a249cb66c0fd%40%3Cissues.zookeeper.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/r893a0104e50c1c2559eb9a5812add28ae8c3e5f43712947a9847ec18%40%3Cnotifications.zookeeper.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/r9464a40d25c3ba1a55622db72f113eb494a889656962d098c70c5bb1%40%3Cdev.zookeeper.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/r98c9b6e4c9e17792e2cd1ec3e4aa20b61a791939046d3f10888176bb%40%3Cissues.zookeeper.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/rb6fecb5e96a6d61e175ff49f33f2713798dd05cf03067c169d195596%40%3Cissues.zookeeper.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/rd5a4457be4623038c3989294429bc063eec433a2e55995d81591e2ca%40%3Cissues.zookeeper.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/rdd49ab9565bec436a896bc00c4b9fc9dce1598e106c318524fbdfec6%40%3Cissues.zookeeper.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/rdd4df698d5d8e635144d2994922bf0842e933809eae259521f3b5097%40%3Cissues.zookeeper.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2020/03/msg00008.htmlMailing List, Third Party Advisory
cve@mitre.orghttps://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
cve@mitre.orghttps://security.netapp.com/advisory/ntap-20200904-0006/Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpujan2021.htmlPatch, Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpujul2020.htmlThird Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpuoct2020.htmlPatch, Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpuoct2021.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/FasterXML/jackson-databind/issues/2631Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r35d30db00440ef63b791c4b7f7acb036e14d4a23afa2a249cb66c0fd%40%3Cissues.zookeeper.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r893a0104e50c1c2559eb9a5812add28ae8c3e5f43712947a9847ec18%40%3Cnotifications.zookeeper.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r9464a40d25c3ba1a55622db72f113eb494a889656962d098c70c5bb1%40%3Cdev.zookeeper.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r98c9b6e4c9e17792e2cd1ec3e4aa20b61a791939046d3f10888176bb%40%3Cissues.zookeeper.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/rb6fecb5e96a6d61e175ff49f33f2713798dd05cf03067c169d195596%40%3Cissues.zookeeper.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/rd5a4457be4623038c3989294429bc063eec433a2e55995d81591e2ca%40%3Cissues.zookeeper.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/rdd49ab9565bec436a896bc00c4b9fc9dce1598e106c318524fbdfec6%40%3Cissues.zookeeper.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/rdd4df698d5d8e635144d2994922bf0842e933809eae259521f3b5097%40%3Cissues.zookeeper.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2020/03/msg00008.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20200904-0006/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujan2021.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujul2020.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuoct2020.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuoct2021.htmlPatch, Third Party Advisory
Impacted products
Vendor Product Version
fasterxml jackson-databind *
fasterxml jackson-databind *
fasterxml jackson-databind *
netapp active_iq_unified_manager *
netapp active_iq_unified_manager *
netapp active_iq_unified_manager *
debian debian_linux 8.0
oracle agile_plm 9.3.6
oracle autovue_for_agile_product_lifecycle_management 21.0.2
oracle banking_digital_experience 18.1
oracle banking_digital_experience 18.2
oracle banking_digital_experience 18.3
oracle banking_digital_experience 19.1
oracle banking_digital_experience 19.2
oracle banking_digital_experience 20.1
oracle banking_platform *
oracle communications_calendar_server 8.0.0.4.0
oracle communications_contacts_server 8.0.0.4.0
oracle communications_contacts_server 8.0.0.5.0
oracle communications_diameter_signaling_router *
oracle communications_element_manager *
oracle communications_evolved_communications_application_server 7.1
oracle communications_instant_messaging_server 10.0.1.4.0
oracle communications_network_charging_and_control *
oracle communications_network_charging_and_control 6.0.1
oracle communications_session_report_manager *
oracle communications_session_route_manager *
oracle enterprise_manager_base_platform 13.3.0.0
oracle enterprise_manager_base_platform 13.4.0.0
oracle financial_services_analytical_applications_infrastructure *
oracle financial_services_institutional_performance_analytics 8.0.6
oracle financial_services_institutional_performance_analytics 8.0.7
oracle financial_services_institutional_performance_analytics 8.1.0
oracle financial_services_institutional_performance_analytics 8.7.0
oracle financial_services_price_creation_and_discovery 8.0.6
oracle financial_services_price_creation_and_discovery 8.0.7
oracle financial_services_retail_customer_analytics 8.0.6
oracle global_lifecycle_management_opatch *
oracle insurance_policy_administration_j2ee 11.0.2.25
oracle insurance_policy_administration_j2ee 11.1.0.15
oracle jd_edwards_enterpriseone_orchestrator *
oracle jd_edwards_enterpriseone_tools *
oracle primavera_unifier *
oracle primavera_unifier 16.1
oracle primavera_unifier 16.2
oracle primavera_unifier 18.8
oracle primavera_unifier 19.12
oracle retail_merchandising_system 15.0
oracle retail_sales_audit 14.1
oracle retail_service_backbone 14.1
oracle retail_service_backbone 15.0
oracle retail_service_backbone 16.0
oracle retail_xstore_point_of_service 15.0
oracle retail_xstore_point_of_service 16.0
oracle retail_xstore_point_of_service 17.0
oracle retail_xstore_point_of_service 18.0
oracle retail_xstore_point_of_service 19.0
oracle weblogic_server 12.2.1.3.0
oracle weblogic_server 12.2.1.4.0



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "29BC94E0-FEBC-4E86-825C-0101DC339852",
                     versionEndExcluding: "2.7.9.7",
                     versionStartIncluding: "2.7.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "04F30C23-46F8-4F58-807B-002C5E96B7F7",
                     versionEndExcluding: "2.8.11.6",
                     versionStartIncluding: "2.8.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "77F8EDB1-5890-4054-84FF-2034C7D2ED96",
                     versionEndExcluding: "2.9.10.4",
                     versionStartIncluding: "2.9.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:linux:*:*",
                     matchCriteriaId: "9FBC1BD0-FF12-4691-8751-5F245D991989",
                     versionStartIncluding: "7.3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*",
                     matchCriteriaId: "BD075607-09B7-493E-8611-66D041FFDA62",
                     versionStartIncluding: "7.3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*",
                     matchCriteriaId: "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB",
                     versionStartIncluding: "9.5",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "C650FEDB-E903-4C2D-AD40-282AB5F2E3C2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "97994257-C9A4-4491-B362-E8B25B7187AB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "BBE7BF09-B89C-4590-821E-6C0587E096B5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "ADAE8A71-0BCD-42D5-B38C-9B2A27CC1E6B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "E7231D2D-4092-44F3-B60A-D7C9ED78AFDF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "F7BDFC10-45A0-46D8-AB92-4A5E2C1C76ED",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "18127694-109C-4E7E-AE79-0BA351849291",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "33F68878-BC19-4DB8-8A72-BD9FE3D0ACEC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "5343F8F8-E8B4-49E9-A304-9C8A608B8027",
                     versionEndIncluding: "2.9.0",
                     versionStartIncluding: "2.4.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "46059231-E7F6-4402-8119-1C7FE4ABEA96",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_contacts_server:8.0.0.4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "113E281E-977E-4195-B131-B7C7A2933B6E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_contacts_server:8.0.0.5.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "D01A0BBC-DA0E-4AFE-83BF-4F3BA01653EC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "526E2FE5-263F-416F-8628-6CD40B865780",
                     versionEndIncluding: "8.2.2",
                     versionStartIncluding: "8.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "B51F78F4-8D7E-48C2-86D1-D53A6EB348A7",
                     versionEndIncluding: "8.2.2",
                     versionStartIncluding: "8.2.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "987811D5-DA5E-493D-8709-F9231A84E5F9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "0DB23B9A-571E-4B77-B432-23F3DC9B67D1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "2AB443D1-D8E0-4253-9E1C-B62AEBBE582A",
                     versionEndIncluding: "12.0.3",
                     versionStartIncluding: "12.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "ECC00750-1DBF-401F-886E-E0E65A277409",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "3E5416A1-EE58-415D-9645-B6A875EBAED2",
                     versionEndIncluding: "8.2.2",
                     versionStartIncluding: "8.2.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "11B0C37E-D7C7-45F2-A8D8-5A3B1B191430",
                     versionEndIncluding: "8.2.2",
                     versionStartIncluding: "8.2.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "7582B307-3899-4BBB-B868-BC912A4D0109",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "D26F3E23-F1A9-45E7-9E5F-0C0A24EE3783",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "021014B2-DC51-481C-BCFE-5857EFBDEDDA",
                     versionEndIncluding: "8.1.0",
                     versionStartIncluding: "8.0.6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "37C8EE84-A840-4132-B331-C7D450B1FBBF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "1D8436A2-9CA3-4C91-B632-9B03368ABC1B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "A00142E6-EEB3-44BD-AB0D-0E5C5640557F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.7.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "EB4FBBDC-0AAF-4E9B-9902-02E7B4EF4E68",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "4A01F8ED-64DA-43BC-9C02-488010BCD0F4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "75638A6A-88B2-4BC7-84EA-1CF5FC30D555",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "1FBF422E-3F67-4599-A7C1-0E2E4224553A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "A8200D5C-D3C7-4936-84A7-37864DEEC62B",
                     versionEndExcluding: "12.2.0.1.20",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.0.2.25:*:*:*:*:*:*:*",
                     matchCriteriaId: "72F28CE3-F835-4458-8D70-CBE9FC2F7E7A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.1.0.15:*:*:*:*:*:*:*",
                     matchCriteriaId: "9F058FDA-04BC-4F32-830D-206983770692",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "6E46AE88-E9F8-41CB-B15F-12F5127A1E8D",
                     versionEndExcluding: "9.2.4.2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "A3D635AE-5E4A-47FB-9FCA-D82D52A61367",
                     versionEndExcluding: "9.2.4.2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "08FA59A8-6A62-4B33-8952-D6E658F8DAC9",
                     versionEndIncluding: "17.12",
                     versionStartIncluding: "17.7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "D55A54FD-7DD1-49CD-BE81-0BE73990943C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "82EB08C0-2D46-4635-88DF-E54F6452D3A3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "202AD518-2E9B-4062-B063-9858AE1F9CE2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*",
                     matchCriteriaId: "10864586-270E-4ACF-BDCC-ECFCD299305F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "792DF04A-2D1B-40B5-B960-3E7152732EB8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "7DA6E92C-AC3B-40CF-96AE-22CD8769886F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_service_backbone:14.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "378A6656-252B-4929-83EA-BC107FDFD357",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_service_backbone:15.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "363395FA-C296-4B2B-9D6F-BCB8DBE6FACE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_service_backbone:16.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F62A2144-5EF8-4319-B8C2-D7975F51E5FA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "11DA6839-849D-4CEF-85F3-38FE75E07183",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "BCE78490-A4BE-40BD-8C72-0A4526BBD4A4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "55AE3629-4A66-49E4-A33D-6D81CC94962F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "4CB39A1A-AD29-45DD-9EB5-5E2053A01B9A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "27C26705-6D1F-4D5E-B64D-B479108154FF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F14A818F-AA16-4438-A3E4-E64C9287AC66",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).",
      },
      {
         lang: "es",
         value: "FasterXML jackson-databind versiones 2.x anteriores a  2.9.10.4 maneja inapropiadamente la interacción entre la serialización de gadgets y el tipeo, relacionada a org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (también se conoce como shaded hikari-config).",
      },
   ],
   id: "CVE-2020-9546",
   lastModified: "2024-11-21T05:40:50.133",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 6.8,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 9.8,
               baseSeverity: "CRITICAL",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2020-03-02T04:15:10.843",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/FasterXML/jackson-databind/issues/2631",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.apache.org/thread.html/r35d30db00440ef63b791c4b7f7acb036e14d4a23afa2a249cb66c0fd%40%3Cissues.zookeeper.apache.org%3E",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.apache.org/thread.html/r893a0104e50c1c2559eb9a5812add28ae8c3e5f43712947a9847ec18%40%3Cnotifications.zookeeper.apache.org%3E",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.apache.org/thread.html/r9464a40d25c3ba1a55622db72f113eb494a889656962d098c70c5bb1%40%3Cdev.zookeeper.apache.org%3E",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.apache.org/thread.html/r98c9b6e4c9e17792e2cd1ec3e4aa20b61a791939046d3f10888176bb%40%3Cissues.zookeeper.apache.org%3E",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.apache.org/thread.html/rb6fecb5e96a6d61e175ff49f33f2713798dd05cf03067c169d195596%40%3Cissues.zookeeper.apache.org%3E",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.apache.org/thread.html/rd5a4457be4623038c3989294429bc063eec433a2e55995d81591e2ca%40%3Cissues.zookeeper.apache.org%3E",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.apache.org/thread.html/rdd49ab9565bec436a896bc00c4b9fc9dce1598e106c318524fbdfec6%40%3Cissues.zookeeper.apache.org%3E",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.apache.org/thread.html/rdd4df698d5d8e635144d2994922bf0842e933809eae259521f3b5097%40%3Cissues.zookeeper.apache.org%3E",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2020/03/msg00008.html",
      },
      {
         source: "cve@mitre.org",
         url: "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20200904-0006/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpujan2021.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpujul2020.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpuoct2020.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpuoct2021.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/FasterXML/jackson-databind/issues/2631",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.apache.org/thread.html/r35d30db00440ef63b791c4b7f7acb036e14d4a23afa2a249cb66c0fd%40%3Cissues.zookeeper.apache.org%3E",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.apache.org/thread.html/r893a0104e50c1c2559eb9a5812add28ae8c3e5f43712947a9847ec18%40%3Cnotifications.zookeeper.apache.org%3E",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.apache.org/thread.html/r9464a40d25c3ba1a55622db72f113eb494a889656962d098c70c5bb1%40%3Cdev.zookeeper.apache.org%3E",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.apache.org/thread.html/r98c9b6e4c9e17792e2cd1ec3e4aa20b61a791939046d3f10888176bb%40%3Cissues.zookeeper.apache.org%3E",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.apache.org/thread.html/rb6fecb5e96a6d61e175ff49f33f2713798dd05cf03067c169d195596%40%3Cissues.zookeeper.apache.org%3E",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.apache.org/thread.html/rd5a4457be4623038c3989294429bc063eec433a2e55995d81591e2ca%40%3Cissues.zookeeper.apache.org%3E",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.apache.org/thread.html/rdd49ab9565bec436a896bc00c4b9fc9dce1598e106c318524fbdfec6%40%3Cissues.zookeeper.apache.org%3E",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.apache.org/thread.html/rdd4df698d5d8e635144d2994922bf0842e933809eae259521f3b5097%40%3Cissues.zookeeper.apache.org%3E",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2020/03/msg00008.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20200904-0006/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpujan2021.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpujul2020.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpuoct2020.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpuoct2021.html",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-502",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2018-01-18 23:29
Modified
2024-11-21 02:40
Summary
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
References
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html
cve@mitre.orghttp://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html
cve@mitre.orghttp://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html
cve@mitre.orghttp://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html
cve@mitre.orghttp://seclists.org/fulldisclosure/2019/May/10
cve@mitre.orghttp://seclists.org/fulldisclosure/2019/May/11
cve@mitre.orghttp://seclists.org/fulldisclosure/2019/May/13
cve@mitre.orghttp://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.htmlPatch
cve@mitre.orghttp://www.securityfocus.com/bid/105658Third Party Advisory, VDB Entry
cve@mitre.orghttps://access.redhat.com/errata/RHSA-2020:0481
cve@mitre.orghttps://access.redhat.com/errata/RHSA-2020:0729
cve@mitre.orghttps://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0ccPatch, Third Party Advisory
cve@mitre.orghttps://github.com/jquery/jquery/issues/2432Issue Tracking, Patch, Third Party Advisory
cve@mitre.orghttps://github.com/jquery/jquery/pull/2588Issue Tracking, Patch, Third Party Advisory
cve@mitre.orghttps://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2Patch, Third Party Advisory
cve@mitre.orghttps://ics-cert.us-cert.gov/advisories/ICSA-18-212-04Third Party Advisory, US Government Resource
cve@mitre.orghttps://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601
cve@mitre.orghttps://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731%40%3Cdev.flink.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49%40%3Cuser.flink.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2%40%3Cuser.flink.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854%40%3Cuser.flink.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3Ccommits.roller.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E
cve@mitre.orghttps://seclists.org/bugtraq/2019/May/18
cve@mitre.orghttps://security.netapp.com/advisory/ntap-20210108-0004/
cve@mitre.orghttps://snyk.io/vuln/npm:jquery:20150627Patch, Third Party Advisory
cve@mitre.orghttps://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdfThird Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpuapr2020.html
cve@mitre.orghttps://www.oracle.com/security-alerts/cpujan2020.html
cve@mitre.orghttps://www.oracle.com/security-alerts/cpujul2020.html
cve@mitre.orghttps://www.oracle.com/security-alerts/cpuoct2020.html
cve@mitre.orghttps://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlPatch
cve@mitre.orghttps://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlPatch
cve@mitre.orghttps://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
cve@mitre.orghttps://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
cve@mitre.orghttps://www.tenable.com/security/tns-2019-08
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/fulldisclosure/2019/May/10
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/fulldisclosure/2019/May/11
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/fulldisclosure/2019/May/13
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.htmlPatch
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/105658Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2020:0481
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2020:0729
af854a3a-2127-422b-91ae-364da2661108https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0ccPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/jquery/jquery/issues/2432Issue Tracking, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/jquery/jquery/pull/2588Issue Tracking, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731%40%3Cdev.flink.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49%40%3Cuser.flink.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2%40%3Cuser.flink.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854%40%3Cuser.flink.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3Ccommits.roller.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://seclists.org/bugtraq/2019/May/18
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20210108-0004/
af854a3a-2127-422b-91ae-364da2661108https://snyk.io/vuln/npm:jquery:20150627Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdfThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuapr2020.html
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujan2020.html
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujul2020.html
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuoct2020.html
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlPatch
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlPatch
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
af854a3a-2127-422b-91ae-364da2661108https://www.tenable.com/security/tns-2019-08
Impacted products
Vendor Product Version
jquery jquery *
oracle agile_product_lifecycle_management_for_process 6.2.0.0
oracle agile_product_lifecycle_management_for_process 6.2.1.0
oracle agile_product_lifecycle_management_for_process 6.2.2.0
oracle agile_product_lifecycle_management_for_process 6.2.3.0
oracle agile_product_lifecycle_management_for_process 6.2.3.1
oracle banking_platform 2.6.0
oracle banking_platform 2.6.1
oracle banking_platform 2.6.2
oracle business_process_management_suite 11.1.1.9.0
oracle business_process_management_suite 12.1.3.0.0
oracle business_process_management_suite 12.2.1.3.0
oracle communications_converged_application_server *
oracle communications_interactive_session_recorder 6.0
oracle communications_interactive_session_recorder 6.1
oracle communications_interactive_session_recorder 6.2
oracle communications_services_gatekeeper *
oracle communications_webrtc_session_controller *
oracle endeca_information_discovery_studio 3.1.0
oracle endeca_information_discovery_studio 3.2.0
oracle enterprise_manager_ops_center 12.2.2
oracle enterprise_manager_ops_center 12.3.3
oracle enterprise_operations_monitor 3.4
oracle enterprise_operations_monitor 4.0
oracle financial_services_analytical_applications_infrastructure *
oracle financial_services_analytical_applications_infrastructure *
oracle financial_services_asset_liability_management *
oracle financial_services_data_integration_hub *
oracle financial_services_funds_transfer_pricing *
oracle financial_services_hedge_management_and_ifrs_valuations *
oracle financial_services_liquidity_risk_management *
oracle financial_services_loan_loss_forecasting_and_provisioning *
oracle financial_services_market_risk_measurement_and_management 8.0.5
oracle financial_services_market_risk_measurement_and_management 8.0.6
oracle financial_services_profitability_management *
oracle financial_services_reconciliation_framework 8.0.5
oracle financial_services_reconciliation_framework 8.0.6
oracle fusion_middleware_mapviewer 12.2.1.3.0
oracle healthcare_foundation 7.1
oracle healthcare_foundation 7.2
oracle healthcare_translational_research 3.1.0
oracle hospitality_cruise_fleet_management 9.0.11
oracle hospitality_guest_access 4.2.0
oracle hospitality_guest_access 4.2.1
oracle hospitality_materials_control 18.1
oracle hospitality_reporting_and_analytics 9.1.0
oracle insurance_insbridge_rating_and_underwriting 5.2
oracle insurance_insbridge_rating_and_underwriting 5.4
oracle insurance_insbridge_rating_and_underwriting 5.5
oracle jd_edwards_enterpriseone_tools 9.2
oracle jdeveloper 11.1.1.9.0
oracle jdeveloper 12.1.3.0.0
oracle jdeveloper 12.2.1.3.0
oracle oss_support_tools 19.1
oracle peoplesoft_enterprise_peopletools 8.55
oracle peoplesoft_enterprise_peopletools 8.56
oracle peoplesoft_enterprise_peopletools 8.57
oracle primavera_gateway 15.2
oracle primavera_gateway 16.2
oracle primavera_gateway 17.12
oracle primavera_unifier *
oracle primavera_unifier 16.1
oracle primavera_unifier 16.2
oracle primavera_unifier 18.8
oracle real-time_scheduler 2.3.0
oracle retail_allocation 15.0.2
oracle retail_customer_insights 15.0
oracle retail_customer_insights 16.0
oracle retail_invoice_matching 15.0
oracle retail_sales_audit 15.0
oracle retail_workforce_management_software 1.60.9
oracle retail_workforce_management_software 1.64.0
oracle service_bus 12.1.3.0.0
oracle service_bus 12.2.1.3.0
oracle siebel_ui_framework 18.10
oracle siebel_ui_framework 18.11
oracle utilities_framework *
oracle utilities_mobile_workforce_management 2.3.0
oracle webcenter_sites 11.1.1.8.0
oracle weblogic_server 12.1.3.0
oracle weblogic_server 12.2.1.3



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "9CD7C3A9-7A77-4553-9893-D16D9FDC84AB",
                     versionEndExcluding: "3.0.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "A079FD6E-3BB0-4997-9A8E-6F8FEC89887A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "900D2344-5160-42A0-8C49-36DBC7FF3D87",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "A4AA4B21-1BA9-4ED8-B9EA-558AF8655D24",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "9C3F9EE5-FCFC-45B8-9F57-C05D42EE0FF0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "E3DF1971-3FD9-4954-AF2D-DDA0B24B89CD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:banking_platform:2.6.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "8972497F-6E24-45A9-9A18-EB0E842CB1D4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:banking_platform:2.6.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "400509A8-D6F2-432C-A2F1-AD5B8778D0D9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "132CE62A-FBFC-4001-81EC-35D81F73AF48",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:business_process_management_suite:11.1.1.9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "013043A2-0765-4AF5-ABFC-6A8960FFBFD2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:business_process_management_suite:12.1.3.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "B887E174-57AB-449D-AEE4-82DD1A3E5C84",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "E869C417-C0E6-4FC3-B406-45598A1D1906",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_converged_application_server:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "EC361999-AAD8-4CB3-B00E-E3990C3529B4",
                     versionEndExcluding: "7.0.0.1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "C510CE66-DD71-45C8-B678-9BD81EC7FFBB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "BF0A211C-7C3D-46AE-B525-890A9194C422",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "B1AD7C68-81DF-4332-AEB3-B368E0221F52",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_services_gatekeeper:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "97C1FA4C-5163-420C-A01A-EA36F1039BBB",
                     versionEndExcluding: "6.1.0.4.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_webrtc_session_controller:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "77120A3C-9A48-45FC-A620-5072AF325ACF",
                     versionEndExcluding: "7.2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:endeca_information_discovery_studio:3.1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "BED45FB9-410F-4FC6-ACEB-49476F1C50BE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:endeca_information_discovery_studio:3.2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "9D03A8C9-35A5-4B75-9711-7A4A60457307",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "BE12B6A4-E128-41EC-8017-558F50B961BE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "AB654DFA-FEF9-4D00-ADB0-F3F2B6ACF13E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:enterprise_operations_monitor:3.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "835BFCBC-848C-4A2C-BDE7-3D94CEC3F5D8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:enterprise_operations_monitor:4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "8A1B7A35-B332-476E-A676-C2CD4D72FA50",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "B5BC32AA-78BE-468B-B92A-5A0FFFA970FA",
                     versionEndIncluding: "7.3.5",
                     versionStartIncluding: "7.3.3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "47E1F95E-A3A5-4996-B951-0F946CB11210",
                     versionEndIncluding: "8.0.7",
                     versionStartIncluding: "8.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:financial_services_asset_liability_management:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "703DA91D-3440-4C67-AA20-78F71B1376DD",
                     versionEndIncluding: "8.0.7",
                     versionStartIncluding: "8.0.4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:financial_services_data_integration_hub:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "73E05211-8415-42FB-9B93-959EB03B090B",
                     versionEndIncluding: "8.0.7",
                     versionStartIncluding: "8.0.5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "AC15899F-8528-4D10-8CD5-F67121D7F293",
                     versionEndIncluding: "8.0.7",
                     versionStartIncluding: "8.0.4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "30657F1B-D1FC-4EE6-9854-18993294A01D",
                     versionEndIncluding: "8.0.7",
                     versionStartIncluding: "8.0.4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:financial_services_liquidity_risk_management:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "E376C9FB-1870-4B4E-8D69-02A70C0A041C",
                     versionEndIncluding: "8.0.6",
                     versionStartIncluding: "8.0.2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "DB6C521C-F104-4E26-82F2-6F63F94108BC",
                     versionEndIncluding: "8.0.7",
                     versionStartIncluding: "8.0.2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "402B8642-7ACC-4F42-87A9-AB4D3B581751",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "EF6D5112-4055-4F89-A5B3-0DCB109481B7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:financial_services_profitability_management:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "EC3830C0-2B9F-41BD-94C9-E3718467A1AC",
                     versionEndIncluding: "8.0.6",
                     versionStartIncluding: "8.0.4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:financial_services_reconciliation_framework:8.0.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "6D027285-07C1-4B3A-AB54-4426C16E236A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:financial_services_reconciliation_framework:8.0.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "3831F35C-DED2-4E40-AA94-1512E106BFF2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "06E586B3-3434-4B08-8BE3-16C528642CA5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:healthcare_foundation:7.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "3C36C520-B5F5-45F1-B55F-62859CDA012E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:healthcare_foundation:7.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "5EAAFF95-000C-4D78-98FF-9EDE9D966A65",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:healthcare_translational_research:3.1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "A5ACB1D2-69CE-4B7D-9B51-D8F80E541631",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:hospitality_cruise_fleet_management:9.0.11:*:*:*:*:*:*:*",
                     matchCriteriaId: "03C46CCD-B49F-405A-A0A0-E0DFBA60F0D5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "1A3DC116-2844-47A1-BEC2-D0675DD97148",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "E0F1DF3E-0F2D-4EFC-9A3E-F72149C8AE94",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "2AC63D10-2326-4542-B345-31D45B9A7408",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:hospitality_reporting_and_analytics:9.1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "FCBF2756-B831-4E6E-A15B-2A11DD48DB7C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "0D76453B-95AF-4AC4-8096-7D117F69B45B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "EDE3671B-EB36-490A-BA70-575FCA332B94",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "E03A631E-253A-4C56-9986-97F86C323482",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "41684398-18A4-4DC6-B8A2-3EBAA0CBF9A6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "A7506589-9B3B-49BA-B826-774BFDCC45B8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdeveloper:12.1.3.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "042C243F-EDFE-4A04-AB0B-26E73CC34837",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "228DA523-4D6D-48C5-BDB0-DB1A60F23F8B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:oss_support_tools:19.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "0A81D092-FC04-4B7D-83FB-58D402B5EF9A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*",
                     matchCriteriaId: "45CB30A1-B2C9-4BF5-B510-1F2F18B60C64",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*",
                     matchCriteriaId: "D0A735B4-4F3C-416B-8C08-9CB21BAD2889",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*",
                     matchCriteriaId: "7E1E416B-920B-49A0-9523-382898C2979D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:primavera_gateway:15.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "6CBFA960-D242-43ED-8D4C-A60F01B70740",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:primavera_gateway:16.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "0513B305-97EF-4609-A82E-D0CDFF9925BA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:primavera_gateway:17.12:*:*:*:*:*:*:*",
                     matchCriteriaId: "61A7F6E0-A4A4-4FC3-90CB-156933CB3B9A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "B8249A74-C34A-4F66-8F11-F7F50F8813BF",
                     versionEndIncluding: "17.12",
                     versionStartIncluding: "17.1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "D55A54FD-7DD1-49CD-BE81-0BE73990943C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "82EB08C0-2D46-4635-88DF-E54F6452D3A3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "202AD518-2E9B-4062-B063-9858AE1F9CE2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:real-time_scheduler:2.3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "A108B4EF-768F-4118-86B5-C0D9CDDE6A6C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_allocation:15.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "686D4323-4B05-4B92-B598-594A31F937C3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_customer_insights:15.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "AD4AB77A-E829-4603-AF6A-97B9CD0D687F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_customer_insights:16.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "6DE15D64-6F49-4F43-8079-0C7827384C86",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_invoice_matching:15.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "788F2530-F011-4489-8029-B3468BAF7787",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_sales_audit:15.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "68B5147A-F6A3-499E-815D-6DAABDA33B03",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_workforce_management_software:1.60.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "26C5CF80-8CFF-44D9-B3ED-C259847E9C46",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_workforce_management_software:1.64.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "569644AC-69AD-412D-B399-4052D4DB2928",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:service_bus:12.1.3.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "70BEF219-45EC-4A53-A815-42FBE20FC300",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:service_bus:12.2.1.3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "1EA2023A-1AD6-41FE-A214-9D1F6021D6B6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:siebel_ui_framework:18.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "3FFFBA49-F340-4A3D-BE8C-73213A669855",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:siebel_ui_framework:18.11:*:*:*:*:*:*:*",
                     matchCriteriaId: "B491FB70-B6FC-4063-BE00-CAD664B39055",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:utilities_framework:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "70E13C38-9FC3-46BD-B9A4-1033C98C19D3",
                     versionEndIncluding: "4.3.0.4",
                     versionStartIncluding: "4.3.0.1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:utilities_mobile_workforce_management:2.3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "AE1E1CA5-D443-4C5D-8F43-550106FFE3DE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:webcenter_sites:11.1.1.8.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "1BB4709C-6373-43CC-918C-876A6569865A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:weblogic_server:12.1.3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F745235C-55A9-4353-A4CB-4B7834BDD63F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:weblogic_server:12.2.1.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "CBFF04EF-B1C3-4601-878A-35EA6A15EF0C",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.",
      },
      {
         lang: "es",
         value: "jQuery en versiones anteriores a la 3.0.0 es vulnerable a ataques de Cross-site Scripting (XSS) cuando se realiza una petición Ajax de dominios cruzados sin la opción dataType. Esto provoca que se ejecuten respuestas de texto/javascript.",
      },
   ],
   id: "CVE-2015-9251",
   lastModified: "2024-11-21T02:40:09.093",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 4.3,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 6.1,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "LOW",
               integrityImpact: "LOW",
               privilegesRequired: "NONE",
               scope: "CHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
               version: "3.0",
            },
            exploitabilityScore: 2.8,
            impactScore: 2.7,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2018-01-18T23:29:00.307",
   references: [
      {
         source: "cve@mitre.org",
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://seclists.org/fulldisclosure/2019/May/10",
      },
      {
         source: "cve@mitre.org",
         url: "http://seclists.org/fulldisclosure/2019/May/11",
      },
      {
         source: "cve@mitre.org",
         url: "http://seclists.org/fulldisclosure/2019/May/13",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
         ],
         url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/bid/105658",
      },
      {
         source: "cve@mitre.org",
         url: "https://access.redhat.com/errata/RHSA-2020:0481",
      },
      {
         source: "cve@mitre.org",
         url: "https://access.redhat.com/errata/RHSA-2020:0729",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Issue Tracking",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/jquery/jquery/issues/2432",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Issue Tracking",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/jquery/jquery/pull/2588",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
            "US Government Resource",
         ],
         url: "https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04",
      },
      {
         source: "cve@mitre.org",
         url: "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731%40%3Cdev.flink.apache.org%3E",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49%40%3Cuser.flink.apache.org%3E",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2%40%3Cuser.flink.apache.org%3E",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854%40%3Cuser.flink.apache.org%3E",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3Ccommits.roller.apache.org%3E",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E",
      },
      {
         source: "cve@mitre.org",
         url: "https://seclists.org/bugtraq/2019/May/18",
      },
      {
         source: "cve@mitre.org",
         url: "https://security.netapp.com/advisory/ntap-20210108-0004/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://snyk.io/vuln/npm:jquery:20150627",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf",
      },
      {
         source: "cve@mitre.org",
         url: "https://www.oracle.com/security-alerts/cpuapr2020.html",
      },
      {
         source: "cve@mitre.org",
         url: "https://www.oracle.com/security-alerts/cpujan2020.html",
      },
      {
         source: "cve@mitre.org",
         url: "https://www.oracle.com/security-alerts/cpujul2020.html",
      },
      {
         source: "cve@mitre.org",
         url: "https://www.oracle.com/security-alerts/cpuoct2020.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
         ],
         url: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
         ],
         url: "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
      },
      {
         source: "cve@mitre.org",
         url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
      },
      {
         source: "cve@mitre.org",
         url: "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
      },
      {
         source: "cve@mitre.org",
         url: "https://www.tenable.com/security/tns-2019-08",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://seclists.org/fulldisclosure/2019/May/10",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://seclists.org/fulldisclosure/2019/May/11",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://seclists.org/fulldisclosure/2019/May/13",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/bid/105658",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://access.redhat.com/errata/RHSA-2020:0481",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://access.redhat.com/errata/RHSA-2020:0729",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/jquery/jquery/issues/2432",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/jquery/jquery/pull/2588",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "US Government Resource",
         ],
         url: "https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731%40%3Cdev.flink.apache.org%3E",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49%40%3Cuser.flink.apache.org%3E",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2%40%3Cuser.flink.apache.org%3E",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854%40%3Cuser.flink.apache.org%3E",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3Ccommits.roller.apache.org%3E",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://seclists.org/bugtraq/2019/May/18",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://security.netapp.com/advisory/ntap-20210108-0004/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://snyk.io/vuln/npm:jquery:20150627",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://www.oracle.com/security-alerts/cpuapr2020.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://www.oracle.com/security-alerts/cpujan2020.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://www.oracle.com/security-alerts/cpujul2020.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://www.oracle.com/security-alerts/cpuoct2020.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://www.tenable.com/security/tns-2019-08",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-79",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2018-10-17 01:31
Modified
2024-11-21 04:05
Summary
Vulnerability in the Oracle Retail Sales Audit component of Oracle Retail Applications (subcomponent: Operational Insights). Supported versions that are affected are 15.0 and 16.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Retail Sales Audit. While the vulnerability is in Oracle Retail Sales Audit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Retail Sales Audit accessible data as well as unauthorized update, insert or delete access to some of Oracle Retail Sales Audit accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Retail Sales Audit. CVSS 3.0 Base Score 7.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L).
Impacted products
Vendor Product Version
oracle retail_sales_audit 15.0
oracle retail_sales_audit 16.0



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:oracle:retail_sales_audit:15.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "68B5147A-F6A3-499E-815D-6DAABDA33B03",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_sales_audit:16.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "88B6DCD1-8AB6-4FDD-B174-955101F3E070",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Vulnerability in the Oracle Retail Sales Audit component of Oracle Retail Applications (subcomponent: Operational Insights). Supported versions that are affected are 15.0 and 16.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Retail Sales Audit. While the vulnerability is in Oracle Retail Sales Audit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Retail Sales Audit accessible data as well as unauthorized update, insert or delete access to some of Oracle Retail Sales Audit accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Retail Sales Audit. CVSS 3.0 Base Score 7.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L).",
      },
      {
         lang: "es",
         value: "Vulnerabilidad en el componente Oracle Retail Sales Audit de Oracle Retail Applications (subcomponente: Operational Insights). Las versiones compatibles que se han visto afectadas son la 15.0 y la 16.0. Una vulnerabilidad difícilmente explotable permite que un atacante con pocos privilegios que tenga acceso a red por HTTP comprometa la seguridad de Oracle Retail Sales Audit. Aunque la vulnerabilidad está presente en Oracle Retail Sales Audit, los ataques podrían afectar significativamente a productos adicionales. Los ataques exitosos a esta vulnerabilidad pueden resultar en un acceso no autorizado a datos críticos o un acceso total a todos los datos accesibles de Oracle Retail Sales Audit, así como el acceso no autorizado de actualización, inserción o supresión de algunos de los datos accesibles de Oracle Retail Sales Audit. Además, puede dar lugar a la capacidad no autorizada de provocar una denegación de servicio parcial (DoS parcial) de Oracle Retail Sales Audit. CVSS 3.0 Base Score 7.7 (impactos en la confidencialidad, integridad y disponibilidad). Vector CVSS: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L).",
      },
   ],
   id: "CVE-2018-3115",
   lastModified: "2024-11-21T04:05:11.883",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "SINGLE",
               availabilityImpact: "PARTIAL",
               baseScore: 6,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:S/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 6.8,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "NETWORK",
               availabilityImpact: "LOW",
               baseScore: 7.7,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "LOW",
               privilegesRequired: "LOW",
               scope: "CHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L",
               version: "3.0",
            },
            exploitabilityScore: 1.8,
            impactScore: 5.3,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2018-10-17T01:31:15.260",
   references: [
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/bid/105586",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/bid/105586",
      },
   ],
   sourceIdentifier: "secalert_us@oracle.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-noinfo",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2020-03-02 04:15
Modified
2024-11-21 05:40
Severity ?
Summary
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).
References
cve@mitre.orghttps://github.com/FasterXML/jackson-databind/issues/2634Patch, Third Party Advisory
cve@mitre.orghttps://lists.apache.org/thread.html/r35d30db00440ef63b791c4b7f7acb036e14d4a23afa2a249cb66c0fd%40%3Cissues.zookeeper.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/r9464a40d25c3ba1a55622db72f113eb494a889656962d098c70c5bb1%40%3Cdev.zookeeper.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/r98c9b6e4c9e17792e2cd1ec3e4aa20b61a791939046d3f10888176bb%40%3Cissues.zookeeper.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/rb6fecb5e96a6d61e175ff49f33f2713798dd05cf03067c169d195596%40%3Cissues.zookeeper.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/rd5a4457be4623038c3989294429bc063eec433a2e55995d81591e2ca%40%3Cissues.zookeeper.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/rdd49ab9565bec436a896bc00c4b9fc9dce1598e106c318524fbdfec6%40%3Cissues.zookeeper.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/rdd4df698d5d8e635144d2994922bf0842e933809eae259521f3b5097%40%3Cissues.zookeeper.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2020/03/msg00008.htmlMailing List, Third Party Advisory
cve@mitre.orghttps://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
cve@mitre.orghttps://security.netapp.com/advisory/ntap-20200904-0006/Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpujan2021.htmlPatch, Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpujul2020.htmlMailing List, Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpuoct2020.htmlPatch, Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpuoct2021.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/FasterXML/jackson-databind/issues/2634Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r35d30db00440ef63b791c4b7f7acb036e14d4a23afa2a249cb66c0fd%40%3Cissues.zookeeper.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r9464a40d25c3ba1a55622db72f113eb494a889656962d098c70c5bb1%40%3Cdev.zookeeper.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r98c9b6e4c9e17792e2cd1ec3e4aa20b61a791939046d3f10888176bb%40%3Cissues.zookeeper.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/rb6fecb5e96a6d61e175ff49f33f2713798dd05cf03067c169d195596%40%3Cissues.zookeeper.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/rd5a4457be4623038c3989294429bc063eec433a2e55995d81591e2ca%40%3Cissues.zookeeper.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/rdd49ab9565bec436a896bc00c4b9fc9dce1598e106c318524fbdfec6%40%3Cissues.zookeeper.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/rdd4df698d5d8e635144d2994922bf0842e933809eae259521f3b5097%40%3Cissues.zookeeper.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2020/03/msg00008.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20200904-0006/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujan2021.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujul2020.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuoct2020.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuoct2021.htmlPatch, Third Party Advisory
Impacted products
Vendor Product Version
fasterxml jackson-databind *
fasterxml jackson-databind *
fasterxml jackson-databind *
netapp active_iq_unified_manager *
netapp active_iq_unified_manager *
netapp active_iq_unified_manager *
debian debian_linux 8.0
oracle agile_plm 9.3.6
oracle autovue_for_agile_product_lifecycle_management 21.0.2
oracle banking_digital_experience 18.1
oracle banking_digital_experience 18.2
oracle banking_digital_experience 18.3
oracle banking_digital_experience 19.1
oracle banking_digital_experience 19.2
oracle banking_digital_experience 20.1
oracle banking_platform *
oracle communications_calendar_server 8.0.0.4.0
oracle communications_contacts_server 8.0.0.4.0
oracle communications_contacts_server 8.0.0.5.0
oracle communications_diameter_signaling_router *
oracle communications_element_manager *
oracle communications_evolved_communications_application_server 7.1
oracle communications_instant_messaging_server 10.0.1.4.0
oracle communications_network_charging_and_control *
oracle communications_network_charging_and_control 6.0.1
oracle communications_session_report_manager *
oracle communications_session_route_manager *
oracle enterprise_manager_base_platform 13.3.0.0
oracle enterprise_manager_base_platform 13.4.0.0
oracle global_lifecycle_management_opatch *
oracle jd_edwards_enterpriseone_orchestrator *
oracle jd_edwards_enterpriseone_tools *
oracle primavera_unifier *
oracle primavera_unifier 16.1
oracle primavera_unifier 16.2
oracle primavera_unifier 18.8
oracle primavera_unifier 19.12
oracle retail_merchandising_system 15.0
oracle retail_sales_audit 14.1
oracle retail_xstore_point_of_service 15.0
oracle retail_xstore_point_of_service 16.0
oracle retail_xstore_point_of_service 17.0
oracle retail_xstore_point_of_service 18.0
oracle retail_xstore_point_of_service 19.0
oracle weblogic_server 12.2.1.3.0
oracle weblogic_server 12.2.1.4.0



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "2F87CF67-6994-43F1-BEC3-DD7D122D0146",
                     versionEndExcluding: "2.7.9.7",
                     versionStartIncluding: "2.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "04F30C23-46F8-4F58-807B-002C5E96B7F7",
                     versionEndExcluding: "2.8.11.6",
                     versionStartIncluding: "2.8.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "77F8EDB1-5890-4054-84FF-2034C7D2ED96",
                     versionEndExcluding: "2.9.10.4",
                     versionStartIncluding: "2.9.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:linux:*:*",
                     matchCriteriaId: "9FBC1BD0-FF12-4691-8751-5F245D991989",
                     versionStartIncluding: "7.3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*",
                     matchCriteriaId: "BD075607-09B7-493E-8611-66D041FFDA62",
                     versionStartIncluding: "7.3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*",
                     matchCriteriaId: "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB",
                     versionStartIncluding: "9.5",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "C650FEDB-E903-4C2D-AD40-282AB5F2E3C2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "97994257-C9A4-4491-B362-E8B25B7187AB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "BBE7BF09-B89C-4590-821E-6C0587E096B5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "ADAE8A71-0BCD-42D5-B38C-9B2A27CC1E6B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "E7231D2D-4092-44F3-B60A-D7C9ED78AFDF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "F7BDFC10-45A0-46D8-AB92-4A5E2C1C76ED",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "18127694-109C-4E7E-AE79-0BA351849291",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "33F68878-BC19-4DB8-8A72-BD9FE3D0ACEC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "5343F8F8-E8B4-49E9-A304-9C8A608B8027",
                     versionEndIncluding: "2.9.0",
                     versionStartIncluding: "2.4.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "46059231-E7F6-4402-8119-1C7FE4ABEA96",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_contacts_server:8.0.0.4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "113E281E-977E-4195-B131-B7C7A2933B6E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_contacts_server:8.0.0.5.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "D01A0BBC-DA0E-4AFE-83BF-4F3BA01653EC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "526E2FE5-263F-416F-8628-6CD40B865780",
                     versionEndIncluding: "8.2.2",
                     versionStartIncluding: "8.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "B51F78F4-8D7E-48C2-86D1-D53A6EB348A7",
                     versionEndIncluding: "8.2.2",
                     versionStartIncluding: "8.2.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "987811D5-DA5E-493D-8709-F9231A84E5F9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "0DB23B9A-571E-4B77-B432-23F3DC9B67D1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "2AB443D1-D8E0-4253-9E1C-B62AEBBE582A",
                     versionEndIncluding: "12.0.3",
                     versionStartIncluding: "12.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "ECC00750-1DBF-401F-886E-E0E65A277409",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "3E5416A1-EE58-415D-9645-B6A875EBAED2",
                     versionEndIncluding: "8.2.2",
                     versionStartIncluding: "8.2.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "11B0C37E-D7C7-45F2-A8D8-5A3B1B191430",
                     versionEndIncluding: "8.2.2",
                     versionStartIncluding: "8.2.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "7582B307-3899-4BBB-B868-BC912A4D0109",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "D26F3E23-F1A9-45E7-9E5F-0C0A24EE3783",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "A8200D5C-D3C7-4936-84A7-37864DEEC62B",
                     versionEndExcluding: "12.2.0.1.20",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "6E46AE88-E9F8-41CB-B15F-12F5127A1E8D",
                     versionEndExcluding: "9.2.4.2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "A3D635AE-5E4A-47FB-9FCA-D82D52A61367",
                     versionEndExcluding: "9.2.4.2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "08FA59A8-6A62-4B33-8952-D6E658F8DAC9",
                     versionEndIncluding: "17.12",
                     versionStartIncluding: "17.7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "D55A54FD-7DD1-49CD-BE81-0BE73990943C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "82EB08C0-2D46-4635-88DF-E54F6452D3A3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "202AD518-2E9B-4062-B063-9858AE1F9CE2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*",
                     matchCriteriaId: "10864586-270E-4ACF-BDCC-ECFCD299305F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "792DF04A-2D1B-40B5-B960-3E7152732EB8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "7DA6E92C-AC3B-40CF-96AE-22CD8769886F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "11DA6839-849D-4CEF-85F3-38FE75E07183",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "BCE78490-A4BE-40BD-8C72-0A4526BBD4A4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "55AE3629-4A66-49E4-A33D-6D81CC94962F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "4CB39A1A-AD29-45DD-9EB5-5E2053A01B9A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "27C26705-6D1F-4D5E-B64D-B479108154FF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F14A818F-AA16-4438-A3E4-E64C9287AC66",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).",
      },
      {
         lang: "es",
         value: "FasterXML jackson-databind versiones 2.x anteriores a 2.9.10.4,  maneja inapropiadamente la interacción entre la serialización de gadgets y el tipeo, relacionada a br.com.anteros.dbcp.AnterosDBCPConfig (también se conoce como anteros-core).",
      },
   ],
   id: "CVE-2020-9548",
   lastModified: "2024-11-21T05:40:50.670",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 6.8,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 9.8,
               baseSeverity: "CRITICAL",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2020-03-02T04:15:11.077",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/FasterXML/jackson-databind/issues/2634",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.apache.org/thread.html/r35d30db00440ef63b791c4b7f7acb036e14d4a23afa2a249cb66c0fd%40%3Cissues.zookeeper.apache.org%3E",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.apache.org/thread.html/r9464a40d25c3ba1a55622db72f113eb494a889656962d098c70c5bb1%40%3Cdev.zookeeper.apache.org%3E",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.apache.org/thread.html/r98c9b6e4c9e17792e2cd1ec3e4aa20b61a791939046d3f10888176bb%40%3Cissues.zookeeper.apache.org%3E",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.apache.org/thread.html/rb6fecb5e96a6d61e175ff49f33f2713798dd05cf03067c169d195596%40%3Cissues.zookeeper.apache.org%3E",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.apache.org/thread.html/rd5a4457be4623038c3989294429bc063eec433a2e55995d81591e2ca%40%3Cissues.zookeeper.apache.org%3E",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.apache.org/thread.html/rdd49ab9565bec436a896bc00c4b9fc9dce1598e106c318524fbdfec6%40%3Cissues.zookeeper.apache.org%3E",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.apache.org/thread.html/rdd4df698d5d8e635144d2994922bf0842e933809eae259521f3b5097%40%3Cissues.zookeeper.apache.org%3E",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2020/03/msg00008.html",
      },
      {
         source: "cve@mitre.org",
         url: "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20200904-0006/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpujan2021.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpujul2020.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpuoct2020.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpuoct2021.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/FasterXML/jackson-databind/issues/2634",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.apache.org/thread.html/r35d30db00440ef63b791c4b7f7acb036e14d4a23afa2a249cb66c0fd%40%3Cissues.zookeeper.apache.org%3E",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.apache.org/thread.html/r9464a40d25c3ba1a55622db72f113eb494a889656962d098c70c5bb1%40%3Cdev.zookeeper.apache.org%3E",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.apache.org/thread.html/r98c9b6e4c9e17792e2cd1ec3e4aa20b61a791939046d3f10888176bb%40%3Cissues.zookeeper.apache.org%3E",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.apache.org/thread.html/rb6fecb5e96a6d61e175ff49f33f2713798dd05cf03067c169d195596%40%3Cissues.zookeeper.apache.org%3E",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.apache.org/thread.html/rd5a4457be4623038c3989294429bc063eec433a2e55995d81591e2ca%40%3Cissues.zookeeper.apache.org%3E",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.apache.org/thread.html/rdd49ab9565bec436a896bc00c4b9fc9dce1598e106c318524fbdfec6%40%3Cissues.zookeeper.apache.org%3E",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.apache.org/thread.html/rdd4df698d5d8e635144d2994922bf0842e933809eae259521f3b5097%40%3Cissues.zookeeper.apache.org%3E",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2020/03/msg00008.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20200904-0006/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpujan2021.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpujul2020.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpuoct2020.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpuoct2021.html",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-502",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2020-03-26 13:15
Modified
2024-11-21 04:56
Summary
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).
References
cve@mitre.orghttps://github.com/FasterXML/jackson-databind/issues/2662Patch, Third Party Advisory
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2020/04/msg00012.htmlMailing List, Third Party Advisory
cve@mitre.orghttps://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
cve@mitre.orghttps://security.netapp.com/advisory/ntap-20200403-0002/Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpujan2021.htmlPatch, Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpujul2020.htmlPatch, Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpuoct2020.htmlPatch, Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpuoct2021.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/FasterXML/jackson-databind/issues/2662Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2020/04/msg00012.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20200403-0002/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujan2021.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujul2020.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuoct2020.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuoct2021.htmlPatch, Third Party Advisory
Impacted products
Vendor Product Version
fasterxml jackson-databind *
debian debian_linux 8.0
netapp steelstore_cloud_integrated_storage -
oracle agile_plm 9.3.6
oracle autovue_for_agile_product_lifecycle_management 21.0.2
oracle banking_digital_experience 18.1
oracle banking_digital_experience 18.2
oracle banking_digital_experience 18.3
oracle banking_digital_experience 19.1
oracle banking_digital_experience 19.2
oracle banking_digital_experience 20.1
oracle banking_platform *
oracle communications_calendar_server 8.0.0.4.0
oracle communications_contacts_server 8.0.0.4.0
oracle communications_contacts_server 8.0.0.5.0
oracle communications_diameter_signaling_router *
oracle communications_element_manager *
oracle communications_evolved_communications_application_server 7.1
oracle communications_instant_messaging_server 10.0.1.4.0
oracle communications_network_charging_and_control *
oracle communications_network_charging_and_control 6.0.1
oracle communications_session_report_manager *
oracle communications_session_route_manager *
oracle enterprise_manager_base_platform 13.3.0.0
oracle enterprise_manager_base_platform 13.4.0.0
oracle financial_services_analytical_applications_infrastructure *
oracle financial_services_institutional_performance_analytics 8.0.6
oracle financial_services_institutional_performance_analytics 8.0.7
oracle financial_services_institutional_performance_analytics 8.1.0
oracle financial_services_price_creation_and_discovery 8.0.6
oracle financial_services_price_creation_and_discovery 8.0.7
oracle financial_services_retail_customer_analytics 8.0.6
oracle global_lifecycle_management_opatch *
oracle insurance_policy_administration_j2ee 11.0.2.25
oracle insurance_policy_administration_j2ee 11.1.0.15
oracle jd_edwards_enterpriseone_orchestrator *
oracle jd_edwards_enterpriseone_tools *
oracle primavera_unifier *
oracle primavera_unifier 16.1
oracle primavera_unifier 16.2
oracle primavera_unifier 18.8
oracle primavera_unifier 19.12
oracle retail_merchandising_system 15.0
oracle retail_sales_audit 14.1
oracle retail_service_backbone 14.1
oracle retail_service_backbone 15.0
oracle retail_service_backbone 16.0
oracle retail_xstore_point_of_service 15.0
oracle retail_xstore_point_of_service 16.0
oracle retail_xstore_point_of_service 17.0
oracle retail_xstore_point_of_service 18.0
oracle retail_xstore_point_of_service 19.0
oracle weblogic_server 12.2.1.3.0
oracle weblogic_server 12.2.1.4.0



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "77F8EDB1-5890-4054-84FF-2034C7D2ED96",
                     versionEndExcluding: "2.9.10.4",
                     versionStartIncluding: "2.9.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "C650FEDB-E903-4C2D-AD40-282AB5F2E3C2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "97994257-C9A4-4491-B362-E8B25B7187AB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "BBE7BF09-B89C-4590-821E-6C0587E096B5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "ADAE8A71-0BCD-42D5-B38C-9B2A27CC1E6B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "E7231D2D-4092-44F3-B60A-D7C9ED78AFDF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "F7BDFC10-45A0-46D8-AB92-4A5E2C1C76ED",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "18127694-109C-4E7E-AE79-0BA351849291",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "33F68878-BC19-4DB8-8A72-BD9FE3D0ACEC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "5343F8F8-E8B4-49E9-A304-9C8A608B8027",
                     versionEndIncluding: "2.9.0",
                     versionStartIncluding: "2.4.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "46059231-E7F6-4402-8119-1C7FE4ABEA96",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_contacts_server:8.0.0.4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "113E281E-977E-4195-B131-B7C7A2933B6E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_contacts_server:8.0.0.5.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "D01A0BBC-DA0E-4AFE-83BF-4F3BA01653EC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "526E2FE5-263F-416F-8628-6CD40B865780",
                     versionEndIncluding: "8.2.2",
                     versionStartIncluding: "8.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "B51F78F4-8D7E-48C2-86D1-D53A6EB348A7",
                     versionEndIncluding: "8.2.2",
                     versionStartIncluding: "8.2.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "987811D5-DA5E-493D-8709-F9231A84E5F9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "0DB23B9A-571E-4B77-B432-23F3DC9B67D1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "2AB443D1-D8E0-4253-9E1C-B62AEBBE582A",
                     versionEndIncluding: "12.0.3",
                     versionStartIncluding: "12.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "ECC00750-1DBF-401F-886E-E0E65A277409",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "3E5416A1-EE58-415D-9645-B6A875EBAED2",
                     versionEndIncluding: "8.2.2",
                     versionStartIncluding: "8.2.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "11B0C37E-D7C7-45F2-A8D8-5A3B1B191430",
                     versionEndIncluding: "8.2.2",
                     versionStartIncluding: "8.2.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "7582B307-3899-4BBB-B868-BC912A4D0109",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "D26F3E23-F1A9-45E7-9E5F-0C0A24EE3783",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "021014B2-DC51-481C-BCFE-5857EFBDEDDA",
                     versionEndIncluding: "8.1.0",
                     versionStartIncluding: "8.0.6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "37C8EE84-A840-4132-B331-C7D450B1FBBF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "1D8436A2-9CA3-4C91-B632-9B03368ABC1B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "A00142E6-EEB3-44BD-AB0D-0E5C5640557F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "4A01F8ED-64DA-43BC-9C02-488010BCD0F4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "75638A6A-88B2-4BC7-84EA-1CF5FC30D555",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "1FBF422E-3F67-4599-A7C1-0E2E4224553A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "A8200D5C-D3C7-4936-84A7-37864DEEC62B",
                     versionEndExcluding: "12.2.0.1.20",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.0.2.25:*:*:*:*:*:*:*",
                     matchCriteriaId: "72F28CE3-F835-4458-8D70-CBE9FC2F7E7A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.1.0.15:*:*:*:*:*:*:*",
                     matchCriteriaId: "9F058FDA-04BC-4F32-830D-206983770692",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "6E46AE88-E9F8-41CB-B15F-12F5127A1E8D",
                     versionEndExcluding: "9.2.4.2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "A3D635AE-5E4A-47FB-9FCA-D82D52A61367",
                     versionEndExcluding: "9.2.4.2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "08FA59A8-6A62-4B33-8952-D6E658F8DAC9",
                     versionEndIncluding: "17.12",
                     versionStartIncluding: "17.7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "D55A54FD-7DD1-49CD-BE81-0BE73990943C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "82EB08C0-2D46-4635-88DF-E54F6452D3A3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "202AD518-2E9B-4062-B063-9858AE1F9CE2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*",
                     matchCriteriaId: "10864586-270E-4ACF-BDCC-ECFCD299305F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "792DF04A-2D1B-40B5-B960-3E7152732EB8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "7DA6E92C-AC3B-40CF-96AE-22CD8769886F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_service_backbone:14.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "378A6656-252B-4929-83EA-BC107FDFD357",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_service_backbone:15.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "363395FA-C296-4B2B-9D6F-BCB8DBE6FACE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_service_backbone:16.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F62A2144-5EF8-4319-B8C2-D7975F51E5FA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "11DA6839-849D-4CEF-85F3-38FE75E07183",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "BCE78490-A4BE-40BD-8C72-0A4526BBD4A4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "55AE3629-4A66-49E4-A33D-6D81CC94962F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "4CB39A1A-AD29-45DD-9EB5-5E2053A01B9A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "27C26705-6D1F-4D5E-B64D-B479108154FF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F14A818F-AA16-4438-A3E4-E64C9287AC66",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).",
      },
      {
         lang: "es",
         value: "FasterXML jackson-databind versiones 2.x anteriores a 2.9.10.4, maneja inapropiadamente la interacción entre los gadgets de serialización y la escritura, relacionado con org.aoju.bus.proxy.provider.remoting.RmiProvider (también se conoce como bus-proxy).",
      },
   ],
   id: "CVE-2020-10968",
   lastModified: "2024-11-21T04:56:28.520",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 6.8,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 5.9,
            source: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
            type: "Secondary",
         },
      ],
   },
   published: "2020-03-26T13:15:12.970",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/FasterXML/jackson-databind/issues/2662",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html",
      },
      {
         source: "cve@mitre.org",
         url: "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20200403-0002/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpujan2021.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpujul2020.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpuoct2020.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpuoct2021.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/FasterXML/jackson-databind/issues/2662",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20200403-0002/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpujan2021.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpujul2020.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpuoct2020.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpuoct2021.html",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-502",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-502",
            },
         ],
         source: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
         type: "Secondary",
      },
   ],
}

cve-2020-11111
Vulnerability from cvelistv5
Published
2020-03-31 04:37
Modified
2024-08-04 11:21
Summary
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            affected: [
               {
                  cpes: [
                     "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "financial_services_analytical_applications_infrastructure",
                  vendor: "oracle",
                  versions: [
                     {
                        lessThanOrEqual: "8.1.0",
                        status: "affected",
                        version: "8.0.6",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "jackson-databind",
                  vendor: "fasterxml",
                  versions: [
                     {
                        lessThan: "2.9.10.4",
                        status: "affected",
                        version: "0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "debian_linux",
                  vendor: "debian",
                  versions: [
                     {
                        status: "affected",
                        version: "8.0",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "steelstore_cloud_integrated_storage",
                  vendor: "netapp",
                  versions: [
                     {
                        status: "affected",
                        version: "*",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "agile_plm",
                  vendor: "oracle",
                  versions: [
                     {
                        status: "affected",
                        version: "9.3.6",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "autovue_for_agile_product_lifecycle_management",
                  vendor: "oracle",
                  versions: [
                     {
                        status: "affected",
                        version: "21.0.2",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "banking_digital_experience",
                  vendor: "oracle",
                  versions: [
                     {
                        lessThanOrEqual: "18.3",
                        status: "affected",
                        version: "18.1",
                        versionType: "custom",
                     },
                     {
                        lessThanOrEqual: "19.2",
                        status: "affected",
                        version: "19.1",
                        versionType: "custom",
                     },
                     {
                        status: "affected",
                        version: "20.1",
                     },
                     {
                        lessThanOrEqual: "2.9.0",
                        status: "affected",
                        version: "2.4.0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "communications_calendar_server",
                  vendor: "oracle",
                  versions: [
                     {
                        lessThanOrEqual: "8.0.0.5.0",
                        status: "affected",
                        version: "8.0.0.4.0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:communications_diameter_signaling_router:-:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "communications_diameter_signaling_router",
                  vendor: "oracle",
                  versions: [
                     {
                        lessThanOrEqual: "8.2.2",
                        status: "affected",
                        version: "8.0.0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "communications_element_manager",
                  vendor: "oracle",
                  versions: [
                     {
                        lessThanOrEqual: "8.2.2",
                        status: "affected",
                        version: "8.2.0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "communications_evolved_communications_application_server",
                  vendor: "oracle",
                  versions: [
                     {
                        status: "affected",
                        version: "7.1",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "communications_instant_messaging_server",
                  vendor: "oracle",
                  versions: [
                     {
                        status: "affected",
                        version: "10.0.1.4.0",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "communications_network_charging_and_control",
                  vendor: "oracle",
                  versions: [
                     {
                        status: "affected",
                        version: "6.0.1",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.0:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "communications_network_charging_and_control",
                  vendor: "oracle",
                  versions: [
                     {
                        lessThanOrEqual: "12.0.3",
                        status: "affected",
                        version: "12.0.0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:communications_session_route_manager:-:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "communications_session_route_manager",
                  vendor: "oracle",
                  versions: [
                     {
                        lessThanOrEqual: "8.2.2",
                        status: "affected",
                        version: "8.2.0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "enterprise_manager_base_platform",
                  vendor: "oracle",
                  versions: [
                     {
                        lessThanOrEqual: "13.4.0.0",
                        status: "affected",
                        version: "13.3.0.0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "financial_services_institutional_performance_analytics",
                  vendor: "oracle",
                  versions: [
                     {
                        status: "affected",
                        version: "8.0.6",
                     },
                     {
                        status: "affected",
                        version: "8.0.7",
                     },
                     {
                        status: "affected",
                        version: "8.1.0",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "financial_services_price_creation_and_discovery",
                  vendor: "oracle",
                  versions: [
                     {
                        lessThanOrEqual: "8.0.7",
                        status: "affected",
                        version: "8.0.6",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "financial_services_retail_customer_analytics",
                  vendor: "oracle",
                  versions: [
                     {
                        status: "affected",
                        version: "8.0.6",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "global_lifecycle_management_opatch",
                  vendor: "oracle",
                  versions: [
                     {
                        lessThanOrEqual: "12.2.0.1.20",
                        status: "affected",
                        version: "0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "insurance_policy_administration_j2ee",
                  vendor: "oracle",
                  versions: [
                     {
                        lessThan: "11.1.0.15",
                        status: "affected",
                        version: "11.0.2.25",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:-:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "jd_edwards_enterpriseone_orchestrator",
                  vendor: "oracle",
                  versions: [
                     {
                        lessThanOrEqual: "9.2.4.2",
                        status: "affected",
                        version: "0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "primavera_unifier",
                  vendor: "oracle",
                  versions: [
                     {
                        status: "affected",
                        version: "16.1",
                     },
                     {
                        status: "affected",
                        version: "16.2",
                     },
                     {
                        lessThanOrEqual: "17.12",
                        status: "affected",
                        version: "17.7",
                        versionType: "custom",
                     },
                     {
                        status: "affected",
                        version: "18.8",
                     },
                     {
                        status: "affected",
                        version: "19.12",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "retail_merchandising_system",
                  vendor: "oracle",
                  versions: [
                     {
                        status: "affected",
                        version: "15.0",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "retail_sales_audit",
                  vendor: "oracle",
                  versions: [
                     {
                        status: "affected",
                        version: "14.1",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:retail_service_backbone:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "retail_service_backbone",
                  vendor: "oracle",
                  versions: [
                     {
                        status: "affected",
                        version: "14.1",
                     },
                     {
                        status: "affected",
                        version: "15.0",
                     },
                     {
                        status: "affected",
                        version: "16.0",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "retail_xstore_point_of_service",
                  vendor: "oracle",
                  versions: [
                     {
                        lessThanOrEqual: "19.0",
                        status: "affected",
                        version: "15.0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:weblogic_server:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "weblogic_server",
                  vendor: "oracle",
                  versions: [
                     {
                        lessThanOrEqual: "12.2.1.4.0",
                        status: "affected",
                        version: "12.2.1.3.0",
                        versionType: "custom",
                     },
                  ],
               },
            ],
            metrics: [
               {
                  cvssV3_1: {
                     attackComplexity: "LOW",
                     attackVector: "NETWORK",
                     availabilityImpact: "HIGH",
                     baseScore: 8.8,
                     baseSeverity: "HIGH",
                     confidentialityImpact: "HIGH",
                     integrityImpact: "HIGH",
                     privilegesRequired: "NONE",
                     scope: "UNCHANGED",
                     userInteraction: "REQUIRED",
                     vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                     version: "3.1",
                  },
               },
               {
                  other: {
                     content: {
                        id: "CVE-2020-11111",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "total",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-05-25T04:00:44.621248Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            problemTypes: [
               {
                  descriptions: [
                     {
                        cweId: "CWE-502",
                        description: "CWE-502 Deserialization of Untrusted Data",
                        lang: "en",
                        type: "CWE",
                     },
                  ],
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-06-04T17:12:18.053Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T11:21:14.611Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "[debian-lts-announce] 20200417 [SECURITY] [DLA 2179-1] jackson-databind security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpujul2020.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20200403-0002/",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/FasterXML/jackson-databind/issues/2664",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpuoct2020.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpujan2021.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpuoct2021.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2021-10-20T10:38:48",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "[debian-lts-announce] 20200417 [SECURITY] [DLA 2179-1] jackson-databind security update",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com/security-alerts/cpujul2020.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://security.netapp.com/advisory/ntap-20200403-0002/",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/FasterXML/jackson-databind/issues/2664",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com/security-alerts/cpuoct2020.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com/security-alerts/cpujan2021.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com/security-alerts/cpuoct2021.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2020-11111",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "[debian-lts-announce] 20200417 [SECURITY] [DLA 2179-1] jackson-databind security update",
                     refsource: "MLIST",
                     url: "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html",
                  },
                  {
                     name: "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
                     refsource: "MISC",
                     url: "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
                  },
                  {
                     name: "https://www.oracle.com/security-alerts/cpujul2020.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com/security-alerts/cpujul2020.html",
                  },
                  {
                     name: "https://security.netapp.com/advisory/ntap-20200403-0002/",
                     refsource: "CONFIRM",
                     url: "https://security.netapp.com/advisory/ntap-20200403-0002/",
                  },
                  {
                     name: "https://github.com/FasterXML/jackson-databind/issues/2664",
                     refsource: "MISC",
                     url: "https://github.com/FasterXML/jackson-databind/issues/2664",
                  },
                  {
                     name: "https://www.oracle.com/security-alerts/cpuoct2020.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com/security-alerts/cpuoct2020.html",
                  },
                  {
                     name: "https://www.oracle.com/security-alerts/cpujan2021.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com/security-alerts/cpujan2021.html",
                  },
                  {
                     name: "https://www.oracle.com/security-alerts/cpuoct2021.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com/security-alerts/cpuoct2021.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2020-11111",
      datePublished: "2020-03-31T04:37:49",
      dateReserved: "2020-03-31T00:00:00",
      dateUpdated: "2024-08-04T11:21:14.611Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2015-9251
Vulnerability from cvelistv5
Published
2018-01-18 23:00
Modified
2024-08-06 08:43
Severity ?
Summary
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
References
http://www.securityfocus.com/bid/105658vdb-entry, x_refsource_BID
https://seclists.org/bugtraq/2019/May/18mailing-list, x_refsource_BUGTRAQ
http://seclists.org/fulldisclosure/2019/May/11mailing-list, x_refsource_FULLDISC
http://seclists.org/fulldisclosure/2019/May/10mailing-list, x_refsource_FULLDISC
http://seclists.org/fulldisclosure/2019/May/13mailing-list, x_refsource_FULLDISC
https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854%40%3Cuser.flink.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731%40%3Cdev.flink.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49%40%3Cuser.flink.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2%40%3Cuser.flink.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3Ccommits.roller.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3Emailing-list, x_refsource_MLIST
https://access.redhat.com/errata/RHSA-2020:0481vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2020:0729vendor-advisory, x_refsource_REDHAT
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.htmlvendor-advisory, x_refsource_SUSE
https://www.oracle.com/security-alerts/cpuapr2020.htmlx_refsource_MISC
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.htmlx_refsource_CONFIRM
https://www.oracle.com/security-alerts/cpujul2020.htmlx_refsource_MISC
https://github.com/jquery/jquery/issues/2432x_refsource_MISC
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlx_refsource_CONFIRM
https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdfx_refsource_MISC
https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2x_refsource_MISC
https://snyk.io/vuln/npm:jquery:20150627x_refsource_MISC
https://github.com/jquery/jquery/pull/2588x_refsource_MISC
https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04x_refsource_MISC
https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0ccx_refsource_MISC
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlx_refsource_MISC
http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.htmlx_refsource_MISC
http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.htmlx_refsource_MISC
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlx_refsource_MISC
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.htmlx_refsource_MISC
https://www.tenable.com/security/tns-2019-08x_refsource_CONFIRM
https://www.oracle.com/security-alerts/cpujan2020.htmlx_refsource_MISC
http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpuoct2020.htmlx_refsource_MISC
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601x_refsource_CONFIRM
https://security.netapp.com/advisory/ntap-20210108-0004/x_refsource_CONFIRM
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T08:43:41.697Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "105658",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/105658",
               },
               {
                  name: "20190509 dotCMS v5.1.1 Vulnerabilities",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "https://seclists.org/bugtraq/2019/May/18",
               },
               {
                  name: "20190510 dotCMS v5.1.1 HTML Injection & XSS Vulnerability",
                  tags: [
                     "mailing-list",
                     "x_refsource_FULLDISC",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2019/May/11",
               },
               {
                  name: "20190510 dotCMS v5.1.1 Vulnerabilities",
                  tags: [
                     "mailing-list",
                     "x_refsource_FULLDISC",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2019/May/10",
               },
               {
                  name: "20190510 Re: dotCMS v5.1.1 HTML Injection & XSS Vulnerability",
                  tags: [
                     "mailing-list",
                     "x_refsource_FULLDISC",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2019/May/13",
               },
               {
                  name: "[flink-user] 20190811 Apache flink 1.7.2 security issues",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854%40%3Cuser.flink.apache.org%3E",
               },
               {
                  name: "[flink-dev] 20190811 Apache flink 1.7.2 security issues",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731%40%3Cdev.flink.apache.org%3E",
               },
               {
                  name: "[flink-user] 20190813 Apache flink 1.7.2 security issues",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49%40%3Cuser.flink.apache.org%3E",
               },
               {
                  name: "[flink-user] 20190813 Re: Apache flink 1.7.2 security issues",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2%40%3Cuser.flink.apache.org%3E",
               },
               {
                  name: "[roller-commits] 20190820 [jira] [Created] (ROL-2150) Fix Js security vulnerabilities detected using retire js",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3Ccommits.roller.apache.org%3E",
               },
               {
                  name: "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E",
               },
               {
                  name: "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E",
               },
               {
                  name: "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E",
               },
               {
                  name: "RHSA-2020:0481",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2020:0481",
               },
               {
                  name: "RHSA-2020:0729",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2020:0729",
               },
               {
                  name: "openSUSE-SU-2020:0395",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpuapr2020.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpujul2020.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/jquery/jquery/issues/2432",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://snyk.io/vuln/npm:jquery:20150627",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/jquery/jquery/pull/2588",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://www.tenable.com/security/tns-2019-08",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpujan2020.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpuoct2020.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20210108-0004/",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2018-01-18T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2021-01-08T11:06:16",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "105658",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/105658",
            },
            {
               name: "20190509 dotCMS v5.1.1 Vulnerabilities",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "https://seclists.org/bugtraq/2019/May/18",
            },
            {
               name: "20190510 dotCMS v5.1.1 HTML Injection & XSS Vulnerability",
               tags: [
                  "mailing-list",
                  "x_refsource_FULLDISC",
               ],
               url: "http://seclists.org/fulldisclosure/2019/May/11",
            },
            {
               name: "20190510 dotCMS v5.1.1 Vulnerabilities",
               tags: [
                  "mailing-list",
                  "x_refsource_FULLDISC",
               ],
               url: "http://seclists.org/fulldisclosure/2019/May/10",
            },
            {
               name: "20190510 Re: dotCMS v5.1.1 HTML Injection & XSS Vulnerability",
               tags: [
                  "mailing-list",
                  "x_refsource_FULLDISC",
               ],
               url: "http://seclists.org/fulldisclosure/2019/May/13",
            },
            {
               name: "[flink-user] 20190811 Apache flink 1.7.2 security issues",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854%40%3Cuser.flink.apache.org%3E",
            },
            {
               name: "[flink-dev] 20190811 Apache flink 1.7.2 security issues",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731%40%3Cdev.flink.apache.org%3E",
            },
            {
               name: "[flink-user] 20190813 Apache flink 1.7.2 security issues",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49%40%3Cuser.flink.apache.org%3E",
            },
            {
               name: "[flink-user] 20190813 Re: Apache flink 1.7.2 security issues",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2%40%3Cuser.flink.apache.org%3E",
            },
            {
               name: "[roller-commits] 20190820 [jira] [Created] (ROL-2150) Fix Js security vulnerabilities detected using retire js",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3Ccommits.roller.apache.org%3E",
            },
            {
               name: "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E",
            },
            {
               name: "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E",
            },
            {
               name: "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E",
            },
            {
               name: "RHSA-2020:0481",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2020:0481",
            },
            {
               name: "RHSA-2020:0729",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2020:0729",
            },
            {
               name: "openSUSE-SU-2020:0395",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com/security-alerts/cpuapr2020.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com/security-alerts/cpujul2020.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/jquery/jquery/issues/2432",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://snyk.io/vuln/npm:jquery:20150627",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/jquery/jquery/pull/2588",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://www.tenable.com/security/tns-2019-08",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com/security-alerts/cpujan2020.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com/security-alerts/cpuoct2020.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://security.netapp.com/advisory/ntap-20210108-0004/",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2015-9251",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "105658",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/105658",
                  },
                  {
                     name: "20190509 dotCMS v5.1.1 Vulnerabilities",
                     refsource: "BUGTRAQ",
                     url: "https://seclists.org/bugtraq/2019/May/18",
                  },
                  {
                     name: "20190510 dotCMS v5.1.1 HTML Injection & XSS Vulnerability",
                     refsource: "FULLDISC",
                     url: "http://seclists.org/fulldisclosure/2019/May/11",
                  },
                  {
                     name: "20190510 dotCMS v5.1.1 Vulnerabilities",
                     refsource: "FULLDISC",
                     url: "http://seclists.org/fulldisclosure/2019/May/10",
                  },
                  {
                     name: "20190510 Re: dotCMS v5.1.1 HTML Injection & XSS Vulnerability",
                     refsource: "FULLDISC",
                     url: "http://seclists.org/fulldisclosure/2019/May/13",
                  },
                  {
                     name: "[flink-user] 20190811 Apache flink 1.7.2 security issues",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854@%3Cuser.flink.apache.org%3E",
                  },
                  {
                     name: "[flink-dev] 20190811 Apache flink 1.7.2 security issues",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731@%3Cdev.flink.apache.org%3E",
                  },
                  {
                     name: "[flink-user] 20190813 Apache flink 1.7.2 security issues",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49@%3Cuser.flink.apache.org%3E",
                  },
                  {
                     name: "[flink-user] 20190813 Re: Apache flink 1.7.2 security issues",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2@%3Cuser.flink.apache.org%3E",
                  },
                  {
                     name: "[roller-commits] 20190820 [jira] [Created] (ROL-2150) Fix Js security vulnerabilities detected using retire js",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6@%3Ccommits.roller.apache.org%3E",
                  },
                  {
                     name: "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E",
                  },
                  {
                     name: "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E",
                  },
                  {
                     name: "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E",
                  },
                  {
                     name: "RHSA-2020:0481",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2020:0481",
                  },
                  {
                     name: "RHSA-2020:0729",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2020:0729",
                  },
                  {
                     name: "openSUSE-SU-2020:0395",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html",
                  },
                  {
                     name: "https://www.oracle.com/security-alerts/cpuapr2020.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com/security-alerts/cpuapr2020.html",
                  },
                  {
                     name: "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
                     refsource: "CONFIRM",
                     url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
                  },
                  {
                     name: "https://www.oracle.com/security-alerts/cpujul2020.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com/security-alerts/cpujul2020.html",
                  },
                  {
                     name: "https://github.com/jquery/jquery/issues/2432",
                     refsource: "MISC",
                     url: "https://github.com/jquery/jquery/issues/2432",
                  },
                  {
                     name: "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
                     refsource: "CONFIRM",
                     url: "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
                  },
                  {
                     name: "https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf",
                     refsource: "MISC",
                     url: "https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf",
                  },
                  {
                     name: "https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2",
                     refsource: "MISC",
                     url: "https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2",
                  },
                  {
                     name: "https://snyk.io/vuln/npm:jquery:20150627",
                     refsource: "MISC",
                     url: "https://snyk.io/vuln/npm:jquery:20150627",
                  },
                  {
                     name: "https://github.com/jquery/jquery/pull/2588",
                     refsource: "MISC",
                     url: "https://github.com/jquery/jquery/pull/2588",
                  },
                  {
                     name: "https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04",
                     refsource: "MISC",
                     url: "https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04",
                  },
                  {
                     name: "https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc",
                     refsource: "MISC",
                     url: "https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc",
                  },
                  {
                     name: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
                  },
                  {
                     name: "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html",
                     refsource: "MISC",
                     url: "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html",
                  },
                  {
                     name: "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html",
                     refsource: "MISC",
                     url: "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html",
                  },
                  {
                     name: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
                  },
                  {
                     name: "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
                  },
                  {
                     name: "https://www.tenable.com/security/tns-2019-08",
                     refsource: "CONFIRM",
                     url: "https://www.tenable.com/security/tns-2019-08",
                  },
                  {
                     name: "https://www.oracle.com/security-alerts/cpujan2020.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com/security-alerts/cpujan2020.html",
                  },
                  {
                     name: "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html",
                     refsource: "MISC",
                     url: "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html",
                  },
                  {
                     name: "https://www.oracle.com/security-alerts/cpuoct2020.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com/security-alerts/cpuoct2020.html",
                  },
                  {
                     name: "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601",
                     refsource: "CONFIRM",
                     url: "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601",
                  },
                  {
                     name: "https://security.netapp.com/advisory/ntap-20210108-0004/",
                     refsource: "CONFIRM",
                     url: "https://security.netapp.com/advisory/ntap-20210108-0004/",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2015-9251",
      datePublished: "2018-01-18T23:00:00",
      dateReserved: "2018-01-18T00:00:00",
      dateUpdated: "2024-08-06T08:43:41.697Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2019-2904
Vulnerability from cvelistv5
Published
2019-10-16 17:40
Modified
2024-10-15 18:50
Severity ?
Summary
Vulnerability in the Oracle JDeveloper and ADF product of Oracle Fusion Middleware (component: ADF Faces). Supported versions that are affected are 11.1.1.9.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle JDeveloper and ADF. Successful attacks of this vulnerability can result in takeover of Oracle JDeveloper and ADF. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
Impacted products
Vendor Product Version
Oracle Corporation Enterprise Repository Version: 11.1.1.7.0
Oracle Corporation Rapid Planning Version: 12.1.3
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T19:03:43.365Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpuapr2020.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpujul2020.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpujan2020.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.zerodayinitiative.com/advisories/ZDI-19-1024/",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpuoct2020.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpuapr2021.html",
               },
            ],
            title: "CVE Program Container",
         },
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2019-2904",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "yes",
                           },
                           {
                              "Technical Impact": "total",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-10-15T17:36:30.925092Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-10-15T18:50:07.530Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               product: "Enterprise Repository",
               vendor: "Oracle Corporation",
               versions: [
                  {
                     status: "affected",
                     version: "11.1.1.7.0",
                  },
               ],
            },
            {
               product: "Rapid Planning",
               vendor: "Oracle Corporation",
               versions: [
                  {
                     status: "affected",
                     version: "12.1.3",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Vulnerability in the Oracle JDeveloper and ADF product of Oracle Fusion Middleware (component: ADF Faces). Supported versions that are affected are 11.1.1.9.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle JDeveloper and ADF. Successful attacks of this vulnerability can result in takeover of Oracle JDeveloper and ADF. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "HIGH",
                  baseScore: 9.8,
                  baseSeverity: "CRITICAL",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle JDeveloper and ADF.  Successful attacks of this vulnerability can result in takeover of Oracle JDeveloper and ADF.",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2021-04-22T21:53:43",
            orgId: "43595867-4340-4103-b7a2-9a5208d29a85",
            shortName: "oracle",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com/security-alerts/cpuapr2020.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com/security-alerts/cpujul2020.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com/security-alerts/cpujan2020.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.zerodayinitiative.com/advisories/ZDI-19-1024/",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com/security-alerts/cpuoct2020.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com/security-alerts/cpuapr2021.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secalert_us@oracle.com",
               ID: "CVE-2019-2904",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Enterprise Repository",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "=",
                                          version_value: "11.1.1.7.0",
                                       },
                                    ],
                                 },
                              },
                              {
                                 product_name: "Rapid Planning",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "=",
                                          version_value: "12.1.3",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Oracle Corporation",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Vulnerability in the Oracle JDeveloper and ADF product of Oracle Fusion Middleware (component: ADF Faces). Supported versions that are affected are 11.1.1.9.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle JDeveloper and ADF. Successful attacks of this vulnerability can result in takeover of Oracle JDeveloper and ADF. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",
                  },
               ],
            },
            impact: {
               cvss: {
                  baseScore: "9.8",
                  vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle JDeveloper and ADF.  Successful attacks of this vulnerability can result in takeover of Oracle JDeveloper and ADF.",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://www.oracle.com/security-alerts/cpuapr2020.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com/security-alerts/cpuapr2020.html",
                  },
                  {
                     name: "https://www.oracle.com/security-alerts/cpujul2020.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com/security-alerts/cpujul2020.html",
                  },
                  {
                     name: "https://www.oracle.com/security-alerts/cpujan2020.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com/security-alerts/cpujan2020.html",
                  },
                  {
                     name: "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
                     refsource: "MISC",
                     url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
                  },
                  {
                     name: "https://www.zerodayinitiative.com/advisories/ZDI-19-1024/",
                     refsource: "MISC",
                     url: "https://www.zerodayinitiative.com/advisories/ZDI-19-1024/",
                  },
                  {
                     name: "https://www.oracle.com/security-alerts/cpuoct2020.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com/security-alerts/cpuoct2020.html",
                  },
                  {
                     name: "https://www.oracle.com/security-alerts/cpuapr2021.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com/security-alerts/cpuapr2021.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85",
      assignerShortName: "oracle",
      cveId: "CVE-2019-2904",
      datePublished: "2019-10-16T17:40:53",
      dateReserved: "2018-12-14T00:00:00",
      dateUpdated: "2024-10-15T18:50:07.530Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-11113
Vulnerability from cvelistv5
Published
2020-03-31 04:37
Modified
2024-08-04 11:21
Summary
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            affected: [
               {
                  cpes: [
                     "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "jackson-databind",
                  vendor: "fasterxml",
                  versions: [
                     {
                        lessThan: "2.9.10.4",
                        status: "affected",
                        version: "0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "debian_linux",
                  vendor: "debian",
                  versions: [
                     {
                        status: "affected",
                        version: "8.0",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "steelstore_cloud_integrated_storage",
                  vendor: "netapp",
                  versions: [
                     {
                        status: "affected",
                        version: "*",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "agile_plm",
                  vendor: "oracle",
                  versions: [
                     {
                        status: "affected",
                        version: "9.3.6",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "autovue_for_agile_product_lifecycle_management",
                  vendor: "oracle",
                  versions: [
                     {
                        status: "affected",
                        version: "21.0.2",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "banking_digital_experience",
                  vendor: "oracle",
                  versions: [
                     {
                        lessThanOrEqual: "18.3",
                        status: "affected",
                        version: "18.1",
                        versionType: "custom",
                     },
                     {
                        lessThanOrEqual: "19.2",
                        status: "affected",
                        version: "19.1",
                        versionType: "custom",
                     },
                     {
                        status: "affected",
                        version: "20.1",
                     },
                     {
                        lessThanOrEqual: "2.9.0",
                        status: "affected",
                        version: "2.4.0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "communications_calendar_server",
                  vendor: "oracle",
                  versions: [
                     {
                        lessThanOrEqual: "8.0.0.5.0",
                        status: "affected",
                        version: "8.0.0.4.0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:communications_diameter_signaling_router:-:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "communications_diameter_signaling_router",
                  vendor: "oracle",
                  versions: [
                     {
                        lessThanOrEqual: "8.2.2",
                        status: "affected",
                        version: "8.0.0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "communications_element_manager",
                  vendor: "oracle",
                  versions: [
                     {
                        lessThanOrEqual: "8.2.2",
                        status: "affected",
                        version: "8.2.0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "communications_evolved_communications_application_server",
                  vendor: "oracle",
                  versions: [
                     {
                        status: "affected",
                        version: "7.1",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "communications_instant_messaging_server",
                  vendor: "oracle",
                  versions: [
                     {
                        status: "affected",
                        version: "10.0.1.4.0",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "communications_network_charging_and_control",
                  vendor: "oracle",
                  versions: [
                     {
                        status: "affected",
                        version: "6.0.1",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.0:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "communications_network_charging_and_control",
                  vendor: "oracle",
                  versions: [
                     {
                        lessThanOrEqual: "12.0.3",
                        status: "affected",
                        version: "12.0.0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:communications_session_route_manager:-:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "communications_session_route_manager",
                  vendor: "oracle",
                  versions: [
                     {
                        lessThanOrEqual: "8.2.2",
                        status: "affected",
                        version: "8.2.0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "enterprise_manager_base_platform",
                  vendor: "oracle",
                  versions: [
                     {
                        lessThanOrEqual: "13.4.0.0",
                        status: "affected",
                        version: "13.3.0.0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "financial_services_analytical_applications_infrastructure",
                  vendor: "oracle",
                  versions: [
                     {
                        lessThanOrEqual: "8.1.0",
                        status: "affected",
                        version: "8.0.6",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "financial_services_institutional_performance_analytics",
                  vendor: "oracle",
                  versions: [
                     {
                        status: "affected",
                        version: "8.0.6",
                     },
                     {
                        status: "affected",
                        version: "8.0.7",
                     },
                     {
                        status: "affected",
                        version: "8.1.0",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "financial_services_price_creation_and_discovery",
                  vendor: "oracle",
                  versions: [
                     {
                        lessThanOrEqual: "8.0.7",
                        status: "affected",
                        version: "8.0.6",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "financial_services_retail_customer_analytics",
                  vendor: "oracle",
                  versions: [
                     {
                        status: "affected",
                        version: "8.0.6",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "global_lifecycle_management_opatch",
                  vendor: "oracle",
                  versions: [
                     {
                        lessThanOrEqual: "12.2.0.1.20",
                        status: "affected",
                        version: "0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "insurance_policy_administration_j2ee",
                  vendor: "oracle",
                  versions: [
                     {
                        lessThan: "11.1.0.15",
                        status: "affected",
                        version: "11.0.2.25",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:-:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "jd_edwards_enterpriseone_orchestrator",
                  vendor: "oracle",
                  versions: [
                     {
                        lessThanOrEqual: "9.2.4.2",
                        status: "affected",
                        version: "0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "primavera_unifier",
                  vendor: "oracle",
                  versions: [
                     {
                        status: "affected",
                        version: "16.1",
                     },
                     {
                        status: "affected",
                        version: "16.2",
                     },
                     {
                        lessThanOrEqual: "17.12",
                        status: "affected",
                        version: "17.7",
                        versionType: "custom",
                     },
                     {
                        status: "affected",
                        version: "18.8",
                     },
                     {
                        status: "affected",
                        version: "19.12",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "retail_merchandising_system",
                  vendor: "oracle",
                  versions: [
                     {
                        status: "affected",
                        version: "15.0",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "retail_sales_audit",
                  vendor: "oracle",
                  versions: [
                     {
                        status: "affected",
                        version: "14.1",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:retail_service_backbone:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "retail_service_backbone",
                  vendor: "oracle",
                  versions: [
                     {
                        status: "affected",
                        version: "14.1",
                     },
                     {
                        status: "affected",
                        version: "15.0",
                     },
                     {
                        status: "affected",
                        version: "16.0",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "retail_xstore_point_of_service",
                  vendor: "oracle",
                  versions: [
                     {
                        lessThanOrEqual: "19.0",
                        status: "affected",
                        version: "15.0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:weblogic_server:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "weblogic_server",
                  vendor: "oracle",
                  versions: [
                     {
                        lessThanOrEqual: "12.2.1.4.0",
                        status: "affected",
                        version: "12.2.1.3.0",
                        versionType: "custom",
                     },
                  ],
               },
            ],
            metrics: [
               {
                  cvssV3_1: {
                     attackComplexity: "LOW",
                     attackVector: "NETWORK",
                     availabilityImpact: "HIGH",
                     baseScore: 8.8,
                     baseSeverity: "HIGH",
                     confidentialityImpact: "HIGH",
                     integrityImpact: "HIGH",
                     privilegesRequired: "NONE",
                     scope: "UNCHANGED",
                     userInteraction: "REQUIRED",
                     vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                     version: "3.1",
                  },
               },
               {
                  other: {
                     content: {
                        id: "CVE-2020-11113",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "total",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-05-25T04:00:43.551763Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            problemTypes: [
               {
                  descriptions: [
                     {
                        cweId: "CWE-502",
                        description: "CWE-502 Deserialization of Untrusted Data",
                        lang: "en",
                        type: "CWE",
                     },
                  ],
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-06-04T17:12:17.648Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T11:21:14.618Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "[debian-lts-announce] 20200417 [SECURITY] [DLA 2179-1] jackson-databind security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpujul2020.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20200403-0002/",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/FasterXML/jackson-databind/issues/2670",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpuoct2020.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpujan2021.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpuoct2021.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2021-10-20T10:38:50",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "[debian-lts-announce] 20200417 [SECURITY] [DLA 2179-1] jackson-databind security update",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com/security-alerts/cpujul2020.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://security.netapp.com/advisory/ntap-20200403-0002/",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/FasterXML/jackson-databind/issues/2670",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com/security-alerts/cpuoct2020.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com/security-alerts/cpujan2021.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com/security-alerts/cpuoct2021.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2020-11113",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "[debian-lts-announce] 20200417 [SECURITY] [DLA 2179-1] jackson-databind security update",
                     refsource: "MLIST",
                     url: "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html",
                  },
                  {
                     name: "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
                     refsource: "MISC",
                     url: "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
                  },
                  {
                     name: "https://www.oracle.com/security-alerts/cpujul2020.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com/security-alerts/cpujul2020.html",
                  },
                  {
                     name: "https://security.netapp.com/advisory/ntap-20200403-0002/",
                     refsource: "CONFIRM",
                     url: "https://security.netapp.com/advisory/ntap-20200403-0002/",
                  },
                  {
                     name: "https://github.com/FasterXML/jackson-databind/issues/2670",
                     refsource: "MISC",
                     url: "https://github.com/FasterXML/jackson-databind/issues/2670",
                  },
                  {
                     name: "https://www.oracle.com/security-alerts/cpuoct2020.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com/security-alerts/cpuoct2020.html",
                  },
                  {
                     name: "https://www.oracle.com/security-alerts/cpujan2021.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com/security-alerts/cpujan2021.html",
                  },
                  {
                     name: "https://www.oracle.com/security-alerts/cpuoct2021.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com/security-alerts/cpuoct2021.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2020-11113",
      datePublished: "2020-03-31T04:37:27",
      dateReserved: "2020-03-31T00:00:00",
      dateUpdated: "2024-08-04T11:21:14.618Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-11619
Vulnerability from cvelistv5
Published
2020-04-07 22:14
Modified
2024-08-04 11:35
Severity ?
Summary
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T11:35:13.200Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "[debian-lts-announce] 20200417 [SECURITY] [DLA 2179-1] jackson-databind security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpujul2020.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/FasterXML/jackson-databind/issues/2680",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20200511-0004/",
               },
               {
                  name: "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpuoct2020.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpujan2021.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2021-01-20T14:42:04",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "[debian-lts-announce] 20200417 [SECURITY] [DLA 2179-1] jackson-databind security update",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com/security-alerts/cpujul2020.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/FasterXML/jackson-databind/issues/2680",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://security.netapp.com/advisory/ntap-20200511-0004/",
            },
            {
               name: "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com/security-alerts/cpuoct2020.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com/security-alerts/cpujan2021.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2020-11619",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "[debian-lts-announce] 20200417 [SECURITY] [DLA 2179-1] jackson-databind security update",
                     refsource: "MLIST",
                     url: "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html",
                  },
                  {
                     name: "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
                     refsource: "MISC",
                     url: "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
                  },
                  {
                     name: "https://www.oracle.com/security-alerts/cpujul2020.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com/security-alerts/cpujul2020.html",
                  },
                  {
                     name: "https://github.com/FasterXML/jackson-databind/issues/2680",
                     refsource: "MISC",
                     url: "https://github.com/FasterXML/jackson-databind/issues/2680",
                  },
                  {
                     name: "https://security.netapp.com/advisory/ntap-20200511-0004/",
                     refsource: "CONFIRM",
                     url: "https://security.netapp.com/advisory/ntap-20200511-0004/",
                  },
                  {
                     name: "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E",
                  },
                  {
                     name: "https://www.oracle.com/security-alerts/cpuoct2020.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com/security-alerts/cpuoct2020.html",
                  },
                  {
                     name: "https://www.oracle.com/security-alerts/cpujan2021.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com/security-alerts/cpujan2021.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2020-11619",
      datePublished: "2020-04-07T22:14:09",
      dateReserved: "2020-04-07T00:00:00",
      dateUpdated: "2024-08-04T11:35:13.200Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-11620
Vulnerability from cvelistv5
Published
2020-04-07 22:14
Modified
2024-08-04 11:35
Severity ?
Summary
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly).
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T11:35:13.316Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "[debian-lts-announce] 20200417 [SECURITY] [DLA 2179-1] jackson-databind security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpujul2020.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20200511-0004/",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/FasterXML/jackson-databind/issues/2682",
               },
               {
                  name: "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpuoct2020.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpujan2021.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly).",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2021-01-20T14:42:04",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "[debian-lts-announce] 20200417 [SECURITY] [DLA 2179-1] jackson-databind security update",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com/security-alerts/cpujul2020.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://security.netapp.com/advisory/ntap-20200511-0004/",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/FasterXML/jackson-databind/issues/2682",
            },
            {
               name: "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com/security-alerts/cpuoct2020.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com/security-alerts/cpujan2021.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2020-11620",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly).",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "[debian-lts-announce] 20200417 [SECURITY] [DLA 2179-1] jackson-databind security update",
                     refsource: "MLIST",
                     url: "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html",
                  },
                  {
                     name: "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
                     refsource: "MISC",
                     url: "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
                  },
                  {
                     name: "https://www.oracle.com/security-alerts/cpujul2020.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com/security-alerts/cpujul2020.html",
                  },
                  {
                     name: "https://security.netapp.com/advisory/ntap-20200511-0004/",
                     refsource: "CONFIRM",
                     url: "https://security.netapp.com/advisory/ntap-20200511-0004/",
                  },
                  {
                     name: "https://github.com/FasterXML/jackson-databind/issues/2682",
                     refsource: "MISC",
                     url: "https://github.com/FasterXML/jackson-databind/issues/2682",
                  },
                  {
                     name: "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E",
                  },
                  {
                     name: "https://www.oracle.com/security-alerts/cpuoct2020.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com/security-alerts/cpuoct2020.html",
                  },
                  {
                     name: "https://www.oracle.com/security-alerts/cpujan2021.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com/security-alerts/cpujan2021.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2020-11620",
      datePublished: "2020-04-07T22:14:18",
      dateReserved: "2020-04-07T00:00:00",
      dateUpdated: "2024-08-04T11:35:13.316Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2019-16943
Vulnerability from cvelistv5
Published
2019-10-01 16:06
Modified
2024-08-05 01:24
Severity ?
Summary
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.
References
https://lists.debian.org/debian-lts-announce/2019/10/msg00001.htmlmailing-list, x_refsource_MLIST
https://www.debian.org/security/2019/dsa-4542vendor-advisory, x_refsource_DEBIAN
https://seclists.org/bugtraq/2019/Oct/6mailing-list, x_refsource_BUGTRAQ
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TH5VFUN4P7CCIP7KSEXYA5MUTFCUDUJT/vendor-advisory, x_refsource_FEDORA
https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q7CANA7KV53JROZDX5Z5P26UG5VN2K43/vendor-advisory, x_refsource_FEDORA
https://lists.apache.org/thread.html/6788e4c991f75b89d290ad06b463fcd30bcae99fee610345a35b7bc6%40%3Cissues.iceberg.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/5ec8d8d485c2c8ac55ea425f4cd96596ef37312532712639712ebcdd%40%3Ccommits.iceberg.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r392099ed2757ff2e383b10440594e914d080511d7da1c8fed0612c1f%40%3Ccommits.druid.apache.org%3Emailing-list, x_refsource_MLIST
https://access.redhat.com/errata/RHSA-2020:0164vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2020:0159vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2020:0160vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2020:0161vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2020:0445vendor-advisory, x_refsource_REDHAT
https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062x_refsource_MISC
https://www.oracle.com/security-alerts/cpuapr2020.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpujul2020.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpujan2020.htmlx_refsource_MISC
https://github.com/FasterXML/jackson-databind/issues/2478x_refsource_MISC
https://security.netapp.com/advisory/ntap-20191017-0006/x_refsource_CONFIRM
https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3Emailing-list, x_refsource_MLIST
https://www.oracle.com/security-alerts/cpuoct2020.htmlx_refsource_MISC
https://www.oracle.com//security-alerts/cpujul2021.htmlx_refsource_MISC
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T01:24:48.524Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "[debian-lts-announce] 20191002 [SECURITY] [DLA 1943-1] jackson-databind security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2019/10/msg00001.html",
               },
               {
                  name: "DSA-4542",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2019/dsa-4542",
               },
               {
                  name: "20191007 [SECURITY] [DSA 4542-1] jackson-databind security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "https://seclists.org/bugtraq/2019/Oct/6",
               },
               {
                  name: "FEDORA-2019-b171554877",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TH5VFUN4P7CCIP7KSEXYA5MUTFCUDUJT/",
               },
               {
                  name: "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E",
               },
               {
                  name: "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E",
               },
               {
                  name: "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E",
               },
               {
                  name: "FEDORA-2019-cf87377f5f",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q7CANA7KV53JROZDX5Z5P26UG5VN2K43/",
               },
               {
                  name: "[iceberg-issues] 20191027 [GitHub] [incubator-iceberg] rdsr commented on issue #535: Update Jackson to 2.9.10 for CVE-2019-14379",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/6788e4c991f75b89d290ad06b463fcd30bcae99fee610345a35b7bc6%40%3Cissues.iceberg.apache.org%3E",
               },
               {
                  name: "[iceberg-commits] 20191028 [incubator-iceberg] branch master updated: Update Jackson to 2.10.0 for CVE-2019-16943 (#583)",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/5ec8d8d485c2c8ac55ea425f4cd96596ef37312532712639712ebcdd%40%3Ccommits.iceberg.apache.org%3E",
               },
               {
                  name: "[druid-commits] 20200115 [druid] branch 0.17.0 updated: Suppress CVE-2019-20330 for htrace-core-4.0.1 (#9189) (#9191)",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/r392099ed2757ff2e383b10440594e914d080511d7da1c8fed0612c1f%40%3Ccommits.druid.apache.org%3E",
               },
               {
                  name: "RHSA-2020:0164",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2020:0164",
               },
               {
                  name: "RHSA-2020:0159",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2020:0159",
               },
               {
                  name: "RHSA-2020:0160",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2020:0160",
               },
               {
                  name: "RHSA-2020:0161",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2020:0161",
               },
               {
                  name: "RHSA-2020:0445",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2020:0445",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpuapr2020.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpujul2020.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpujan2020.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/FasterXML/jackson-databind/issues/2478",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20191017-0006/",
               },
               {
                  name: "[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E",
               },
               {
                  name: "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpuoct2020.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com//security-alerts/cpujul2021.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2021-07-20T22:53:39",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "[debian-lts-announce] 20191002 [SECURITY] [DLA 1943-1] jackson-databind security update",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2019/10/msg00001.html",
            },
            {
               name: "DSA-4542",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "https://www.debian.org/security/2019/dsa-4542",
            },
            {
               name: "20191007 [SECURITY] [DSA 4542-1] jackson-databind security update",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "https://seclists.org/bugtraq/2019/Oct/6",
            },
            {
               name: "FEDORA-2019-b171554877",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TH5VFUN4P7CCIP7KSEXYA5MUTFCUDUJT/",
            },
            {
               name: "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E",
            },
            {
               name: "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E",
            },
            {
               name: "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E",
            },
            {
               name: "FEDORA-2019-cf87377f5f",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q7CANA7KV53JROZDX5Z5P26UG5VN2K43/",
            },
            {
               name: "[iceberg-issues] 20191027 [GitHub] [incubator-iceberg] rdsr commented on issue #535: Update Jackson to 2.9.10 for CVE-2019-14379",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/6788e4c991f75b89d290ad06b463fcd30bcae99fee610345a35b7bc6%40%3Cissues.iceberg.apache.org%3E",
            },
            {
               name: "[iceberg-commits] 20191028 [incubator-iceberg] branch master updated: Update Jackson to 2.10.0 for CVE-2019-16943 (#583)",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/5ec8d8d485c2c8ac55ea425f4cd96596ef37312532712639712ebcdd%40%3Ccommits.iceberg.apache.org%3E",
            },
            {
               name: "[druid-commits] 20200115 [druid] branch 0.17.0 updated: Suppress CVE-2019-20330 for htrace-core-4.0.1 (#9189) (#9191)",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/r392099ed2757ff2e383b10440594e914d080511d7da1c8fed0612c1f%40%3Ccommits.druid.apache.org%3E",
            },
            {
               name: "RHSA-2020:0164",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2020:0164",
            },
            {
               name: "RHSA-2020:0159",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2020:0159",
            },
            {
               name: "RHSA-2020:0160",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2020:0160",
            },
            {
               name: "RHSA-2020:0161",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2020:0161",
            },
            {
               name: "RHSA-2020:0445",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2020:0445",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com/security-alerts/cpuapr2020.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com/security-alerts/cpujul2020.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com/security-alerts/cpujan2020.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/FasterXML/jackson-databind/issues/2478",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://security.netapp.com/advisory/ntap-20191017-0006/",
            },
            {
               name: "[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E",
            },
            {
               name: "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com/security-alerts/cpuoct2020.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com//security-alerts/cpujul2021.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2019-16943",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "[debian-lts-announce] 20191002 [SECURITY] [DLA 1943-1] jackson-databind security update",
                     refsource: "MLIST",
                     url: "https://lists.debian.org/debian-lts-announce/2019/10/msg00001.html",
                  },
                  {
                     name: "DSA-4542",
                     refsource: "DEBIAN",
                     url: "https://www.debian.org/security/2019/dsa-4542",
                  },
                  {
                     name: "20191007 [SECURITY] [DSA 4542-1] jackson-databind security update",
                     refsource: "BUGTRAQ",
                     url: "https://seclists.org/bugtraq/2019/Oct/6",
                  },
                  {
                     name: "FEDORA-2019-b171554877",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TH5VFUN4P7CCIP7KSEXYA5MUTFCUDUJT/",
                  },
                  {
                     name: "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E",
                  },
                  {
                     name: "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E",
                  },
                  {
                     name: "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E",
                  },
                  {
                     name: "FEDORA-2019-cf87377f5f",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q7CANA7KV53JROZDX5Z5P26UG5VN2K43/",
                  },
                  {
                     name: "[iceberg-issues] 20191027 [GitHub] [incubator-iceberg] rdsr commented on issue #535: Update Jackson to 2.9.10 for CVE-2019-14379",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/6788e4c991f75b89d290ad06b463fcd30bcae99fee610345a35b7bc6@%3Cissues.iceberg.apache.org%3E",
                  },
                  {
                     name: "[iceberg-commits] 20191028 [incubator-iceberg] branch master updated: Update Jackson to 2.10.0 for CVE-2019-16943 (#583)",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/5ec8d8d485c2c8ac55ea425f4cd96596ef37312532712639712ebcdd@%3Ccommits.iceberg.apache.org%3E",
                  },
                  {
                     name: "[iceberg-commits] 20191028 [incubator-iceberg] branch master updated: Update Jackson to 2.10.0 for CVE-2019-16943 (#583)",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/5ec8d8d485c2c8ac55ea425f4cd96596ef37312532712639712ebcdd@%3Ccommits.iceberg.apache.org%3E",
                  },
                  {
                     name: "[druid-commits] 20200115 [druid] branch 0.17.0 updated: Suppress CVE-2019-20330 for htrace-core-4.0.1 (#9189) (#9191)",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/r392099ed2757ff2e383b10440594e914d080511d7da1c8fed0612c1f@%3Ccommits.druid.apache.org%3E",
                  },
                  {
                     name: "RHSA-2020:0164",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2020:0164",
                  },
                  {
                     name: "RHSA-2020:0159",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2020:0159",
                  },
                  {
                     name: "RHSA-2020:0160",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2020:0160",
                  },
                  {
                     name: "RHSA-2020:0161",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2020:0161",
                  },
                  {
                     name: "RHSA-2020:0445",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2020:0445",
                  },
                  {
                     name: "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
                     refsource: "MISC",
                     url: "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
                  },
                  {
                     name: "https://www.oracle.com/security-alerts/cpuapr2020.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com/security-alerts/cpuapr2020.html",
                  },
                  {
                     name: "https://www.oracle.com/security-alerts/cpujul2020.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com/security-alerts/cpujul2020.html",
                  },
                  {
                     name: "https://www.oracle.com/security-alerts/cpujan2020.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com/security-alerts/cpujan2020.html",
                  },
                  {
                     name: "https://github.com/FasterXML/jackson-databind/issues/2478",
                     refsource: "MISC",
                     url: "https://github.com/FasterXML/jackson-databind/issues/2478",
                  },
                  {
                     name: "https://security.netapp.com/advisory/ntap-20191017-0006/",
                     refsource: "CONFIRM",
                     url: "https://security.netapp.com/advisory/ntap-20191017-0006/",
                  },
                  {
                     name: "[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E",
                  },
                  {
                     name: "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E",
                  },
                  {
                     name: "https://www.oracle.com/security-alerts/cpuoct2020.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com/security-alerts/cpuoct2020.html",
                  },
                  {
                     name: "https://www.oracle.com//security-alerts/cpujul2021.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com//security-alerts/cpujul2021.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2019-16943",
      datePublished: "2019-10-01T16:06:23",
      dateReserved: "2019-09-29T00:00:00",
      dateUpdated: "2024-08-05T01:24:48.524Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-10968
Vulnerability from cvelistv5
Published
2020-03-26 12:43
Modified
2024-08-04 11:21
Summary
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            affected: [
               {
                  cpes: [
                     "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "debian_linux",
                  vendor: "debian",
                  versions: [
                     {
                        status: "affected",
                        version: "8.0",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "steelstore_cloud_integrated_storage",
                  vendor: "netapp",
                  versions: [
                     {
                        status: "affected",
                        version: "*",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "agile_plm",
                  vendor: "oracle",
                  versions: [
                     {
                        status: "affected",
                        version: "9.3.6",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "autovue_for_agile_product_lifecycle_management",
                  vendor: "oracle",
                  versions: [
                     {
                        status: "affected",
                        version: "21.0.2",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "banking_digital_experience",
                  vendor: "oracle",
                  versions: [
                     {
                        lessThanOrEqual: "18.3",
                        status: "affected",
                        version: "18.1",
                        versionType: "custom",
                     },
                     {
                        lessThanOrEqual: "19.2",
                        status: "affected",
                        version: "19.1",
                        versionType: "custom",
                     },
                     {
                        status: "affected",
                        version: "20.1",
                     },
                     {
                        lessThanOrEqual: "2.9.0",
                        status: "affected",
                        version: "2.4.0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "communications_calendar_server",
                  vendor: "oracle",
                  versions: [
                     {
                        lessThanOrEqual: "8.0.0.5.0",
                        status: "affected",
                        version: "8.0.0.4.0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:communications_diameter_signaling_router:-:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "communications_diameter_signaling_router",
                  vendor: "oracle",
                  versions: [
                     {
                        lessThanOrEqual: "8.2.2",
                        status: "affected",
                        version: "8.0.0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "communications_element_manager",
                  vendor: "oracle",
                  versions: [
                     {
                        lessThanOrEqual: "8.2.2",
                        status: "affected",
                        version: "8.2.0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "communications_evolved_communications_application_server",
                  vendor: "oracle",
                  versions: [
                     {
                        status: "affected",
                        version: "7.1",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "communications_instant_messaging_server",
                  vendor: "oracle",
                  versions: [
                     {
                        status: "affected",
                        version: "10.0.1.4.0",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "communications_network_charging_and_control",
                  vendor: "oracle",
                  versions: [
                     {
                        status: "affected",
                        version: "6.0.1",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.0:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "communications_network_charging_and_control",
                  vendor: "oracle",
                  versions: [
                     {
                        lessThanOrEqual: "12.0.3",
                        status: "affected",
                        version: "12.0.0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:communications_session_route_manager:-:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "communications_session_route_manager",
                  vendor: "oracle",
                  versions: [
                     {
                        lessThanOrEqual: "8.2.2",
                        status: "affected",
                        version: "8.2.0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "enterprise_manager_base_platform",
                  vendor: "oracle",
                  versions: [
                     {
                        lessThanOrEqual: "13.4.0.0",
                        status: "affected",
                        version: "13.3.0.0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "financial_services_analytical_applications_infrastructure",
                  vendor: "oracle",
                  versions: [
                     {
                        lessThanOrEqual: "8.1.0",
                        status: "affected",
                        version: "8.0.6",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "financial_services_institutional_performance_analytics",
                  vendor: "oracle",
                  versions: [
                     {
                        status: "affected",
                        version: "8.0.6",
                     },
                     {
                        status: "affected",
                        version: "8.0.7",
                     },
                     {
                        status: "affected",
                        version: "8.1.0",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "financial_services_price_creation_and_discovery",
                  vendor: "oracle",
                  versions: [
                     {
                        lessThanOrEqual: "8.0.7",
                        status: "affected",
                        version: "8.0.6",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "financial_services_retail_customer_analytics",
                  vendor: "oracle",
                  versions: [
                     {
                        status: "affected",
                        version: "8.0.6",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "global_lifecycle_management_opatch",
                  vendor: "oracle",
                  versions: [
                     {
                        lessThanOrEqual: "12.2.0.1.20",
                        status: "affected",
                        version: "0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "insurance_policy_administration_j2ee",
                  vendor: "oracle",
                  versions: [
                     {
                        lessThan: "11.1.0.15",
                        status: "affected",
                        version: "11.0.2.25",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:-:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "jd_edwards_enterpriseone_orchestrator",
                  vendor: "oracle",
                  versions: [
                     {
                        lessThanOrEqual: "9.2.4.2",
                        status: "affected",
                        version: "0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "primavera_unifier",
                  vendor: "oracle",
                  versions: [
                     {
                        status: "affected",
                        version: "16.1",
                     },
                     {
                        status: "affected",
                        version: "16.2",
                     },
                     {
                        lessThanOrEqual: "17.12",
                        status: "affected",
                        version: "17.7",
                        versionType: "custom",
                     },
                     {
                        status: "affected",
                        version: "18.8",
                     },
                     {
                        status: "affected",
                        version: "19.12",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "retail_merchandising_system",
                  vendor: "oracle",
                  versions: [
                     {
                        status: "affected",
                        version: "15.0",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "retail_sales_audit",
                  vendor: "oracle",
                  versions: [
                     {
                        status: "affected",
                        version: "14.1",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:retail_service_backbone:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "retail_service_backbone",
                  vendor: "oracle",
                  versions: [
                     {
                        status: "affected",
                        version: "14.1",
                     },
                     {
                        status: "affected",
                        version: "15.0",
                     },
                     {
                        status: "affected",
                        version: "16.0",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "retail_xstore_point_of_service",
                  vendor: "oracle",
                  versions: [
                     {
                        lessThanOrEqual: "19.0",
                        status: "affected",
                        version: "15.0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:weblogic_server:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "weblogic_server",
                  vendor: "oracle",
                  versions: [
                     {
                        lessThanOrEqual: "12.2.1.4.0",
                        status: "affected",
                        version: "12.2.1.3.0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:fasterxml:jackson-databind:2.0.0:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "jackson-databind",
                  vendor: "fasterxml",
                  versions: [
                     {
                        lessThan: "2.9.10.4",
                        status: "affected",
                        version: "2.0.0",
                        versionType: "custom",
                     },
                  ],
               },
            ],
            metrics: [
               {
                  cvssV3_1: {
                     attackComplexity: "LOW",
                     attackVector: "NETWORK",
                     availabilityImpact: "HIGH",
                     baseScore: 8.8,
                     baseSeverity: "HIGH",
                     confidentialityImpact: "HIGH",
                     integrityImpact: "HIGH",
                     privilegesRequired: "NONE",
                     scope: "UNCHANGED",
                     userInteraction: "REQUIRED",
                     vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                     version: "3.1",
                  },
               },
               {
                  other: {
                     content: {
                        id: "CVE-2020-10968",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "total",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-05-25T04:00:46.867668Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            problemTypes: [
               {
                  descriptions: [
                     {
                        cweId: "CWE-502",
                        description: "CWE-502 Deserialization of Untrusted Data",
                        lang: "en",
                        type: "CWE",
                     },
                  ],
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-06-04T19:57:31.283Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T11:21:14.276Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "[debian-lts-announce] 20200417 [SECURITY] [DLA 2179-1] jackson-databind security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpujul2020.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20200403-0002/",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/FasterXML/jackson-databind/issues/2662",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpuoct2020.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpujan2021.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpuoct2021.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2021-10-20T10:38:43",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "[debian-lts-announce] 20200417 [SECURITY] [DLA 2179-1] jackson-databind security update",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com/security-alerts/cpujul2020.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://security.netapp.com/advisory/ntap-20200403-0002/",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/FasterXML/jackson-databind/issues/2662",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com/security-alerts/cpuoct2020.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com/security-alerts/cpujan2021.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com/security-alerts/cpuoct2021.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2020-10968",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "[debian-lts-announce] 20200417 [SECURITY] [DLA 2179-1] jackson-databind security update",
                     refsource: "MLIST",
                     url: "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html",
                  },
                  {
                     name: "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
                     refsource: "MISC",
                     url: "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
                  },
                  {
                     name: "https://www.oracle.com/security-alerts/cpujul2020.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com/security-alerts/cpujul2020.html",
                  },
                  {
                     name: "https://security.netapp.com/advisory/ntap-20200403-0002/",
                     refsource: "CONFIRM",
                     url: "https://security.netapp.com/advisory/ntap-20200403-0002/",
                  },
                  {
                     name: "https://github.com/FasterXML/jackson-databind/issues/2662",
                     refsource: "MISC",
                     url: "https://github.com/FasterXML/jackson-databind/issues/2662",
                  },
                  {
                     name: "https://www.oracle.com/security-alerts/cpuoct2020.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com/security-alerts/cpuoct2020.html",
                  },
                  {
                     name: "https://www.oracle.com/security-alerts/cpujan2021.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com/security-alerts/cpujan2021.html",
                  },
                  {
                     name: "https://www.oracle.com/security-alerts/cpuoct2021.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com/security-alerts/cpuoct2021.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2020-10968",
      datePublished: "2020-03-26T12:43:45",
      dateReserved: "2020-03-26T00:00:00",
      dateUpdated: "2024-08-04T11:21:14.276Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2019-17531
Vulnerability from cvelistv5
Published
2019-10-12 20:07
Modified
2024-08-05 01:40
Severity ?
Summary
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload.
References
https://lists.apache.org/thread.html/b3c90d38f99db546de60fea65f99a924d540fae2285f014b79606ca5%40%3Ccommits.pulsar.apache.org%3Emailing-list, x_refsource_MLIST
https://access.redhat.com/errata/RHSA-2019:4192vendor-advisory, x_refsource_REDHAT
https://lists.debian.org/debian-lts-announce/2019/12/msg00013.htmlmailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r392099ed2757ff2e383b10440594e914d080511d7da1c8fed0612c1f%40%3Ccommits.druid.apache.org%3Emailing-list, x_refsource_MLIST
https://access.redhat.com/errata/RHSA-2020:0164vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2020:0159vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2020:0160vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2020:0161vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2020:0445vendor-advisory, x_refsource_REDHAT
https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062x_refsource_MISC
https://www.oracle.com/security-alerts/cpuapr2020.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpujul2020.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpujan2020.htmlx_refsource_MISC
https://github.com/FasterXML/jackson-databind/issues/2498x_refsource_MISC
https://security.netapp.com/advisory/ntap-20191024-0005/x_refsource_CONFIRM
https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3Emailing-list, x_refsource_MLIST
https://www.oracle.com/security-alerts/cpuoct2020.htmlx_refsource_MISC
https://www.oracle.com//security-alerts/cpujul2021.htmlx_refsource_MISC
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T01:40:16.110Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "[pulsar-commits] 20191127 [GitHub] [pulsar] massakam opened a new pull request #5758: Bump jackson libraries to 2.10.1",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/b3c90d38f99db546de60fea65f99a924d540fae2285f014b79606ca5%40%3Ccommits.pulsar.apache.org%3E",
               },
               {
                  name: "RHSA-2019:4192",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2019:4192",
               },
               {
                  name: "[debian-lts-announce] 20191210 [SECURITY] [DLA 2030-1] jackson-databind security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2019/12/msg00013.html",
               },
               {
                  name: "[druid-commits] 20200115 [druid] branch 0.17.0 updated: Suppress CVE-2019-20330 for htrace-core-4.0.1 (#9189) (#9191)",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/r392099ed2757ff2e383b10440594e914d080511d7da1c8fed0612c1f%40%3Ccommits.druid.apache.org%3E",
               },
               {
                  name: "RHSA-2020:0164",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2020:0164",
               },
               {
                  name: "RHSA-2020:0159",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2020:0159",
               },
               {
                  name: "RHSA-2020:0160",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2020:0160",
               },
               {
                  name: "RHSA-2020:0161",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2020:0161",
               },
               {
                  name: "RHSA-2020:0445",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2020:0445",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpuapr2020.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpujul2020.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpujan2020.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/FasterXML/jackson-databind/issues/2498",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20191024-0005/",
               },
               {
                  name: "[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E",
               },
               {
                  name: "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpuoct2020.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com//security-alerts/cpujul2021.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2021-07-20T22:53:41",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "[pulsar-commits] 20191127 [GitHub] [pulsar] massakam opened a new pull request #5758: Bump jackson libraries to 2.10.1",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/b3c90d38f99db546de60fea65f99a924d540fae2285f014b79606ca5%40%3Ccommits.pulsar.apache.org%3E",
            },
            {
               name: "RHSA-2019:4192",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2019:4192",
            },
            {
               name: "[debian-lts-announce] 20191210 [SECURITY] [DLA 2030-1] jackson-databind security update",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2019/12/msg00013.html",
            },
            {
               name: "[druid-commits] 20200115 [druid] branch 0.17.0 updated: Suppress CVE-2019-20330 for htrace-core-4.0.1 (#9189) (#9191)",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/r392099ed2757ff2e383b10440594e914d080511d7da1c8fed0612c1f%40%3Ccommits.druid.apache.org%3E",
            },
            {
               name: "RHSA-2020:0164",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2020:0164",
            },
            {
               name: "RHSA-2020:0159",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2020:0159",
            },
            {
               name: "RHSA-2020:0160",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2020:0160",
            },
            {
               name: "RHSA-2020:0161",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2020:0161",
            },
            {
               name: "RHSA-2020:0445",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2020:0445",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com/security-alerts/cpuapr2020.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com/security-alerts/cpujul2020.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com/security-alerts/cpujan2020.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/FasterXML/jackson-databind/issues/2498",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://security.netapp.com/advisory/ntap-20191024-0005/",
            },
            {
               name: "[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E",
            },
            {
               name: "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com/security-alerts/cpuoct2020.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com//security-alerts/cpujul2021.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2019-17531",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "[pulsar-commits] 20191127 [GitHub] [pulsar] massakam opened a new pull request #5758: Bump jackson libraries to 2.10.1",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/b3c90d38f99db546de60fea65f99a924d540fae2285f014b79606ca5@%3Ccommits.pulsar.apache.org%3E",
                  },
                  {
                     name: "RHSA-2019:4192",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2019:4192",
                  },
                  {
                     name: "[debian-lts-announce] 20191210 [SECURITY] [DLA 2030-1] jackson-databind security update",
                     refsource: "MLIST",
                     url: "https://lists.debian.org/debian-lts-announce/2019/12/msg00013.html",
                  },
                  {
                     name: "[druid-commits] 20200115 [druid] branch 0.17.0 updated: Suppress CVE-2019-20330 for htrace-core-4.0.1 (#9189) (#9191)",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/r392099ed2757ff2e383b10440594e914d080511d7da1c8fed0612c1f@%3Ccommits.druid.apache.org%3E",
                  },
                  {
                     name: "RHSA-2020:0164",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2020:0164",
                  },
                  {
                     name: "RHSA-2020:0159",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2020:0159",
                  },
                  {
                     name: "RHSA-2020:0160",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2020:0160",
                  },
                  {
                     name: "RHSA-2020:0161",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2020:0161",
                  },
                  {
                     name: "RHSA-2020:0445",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2020:0445",
                  },
                  {
                     name: "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
                     refsource: "MISC",
                     url: "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
                  },
                  {
                     name: "https://www.oracle.com/security-alerts/cpuapr2020.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com/security-alerts/cpuapr2020.html",
                  },
                  {
                     name: "https://www.oracle.com/security-alerts/cpujul2020.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com/security-alerts/cpujul2020.html",
                  },
                  {
                     name: "https://www.oracle.com/security-alerts/cpujan2020.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com/security-alerts/cpujan2020.html",
                  },
                  {
                     name: "https://github.com/FasterXML/jackson-databind/issues/2498",
                     refsource: "MISC",
                     url: "https://github.com/FasterXML/jackson-databind/issues/2498",
                  },
                  {
                     name: "https://security.netapp.com/advisory/ntap-20191024-0005/",
                     refsource: "CONFIRM",
                     url: "https://security.netapp.com/advisory/ntap-20191024-0005/",
                  },
                  {
                     name: "[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E",
                  },
                  {
                     name: "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E",
                  },
                  {
                     name: "https://www.oracle.com/security-alerts/cpuoct2020.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com/security-alerts/cpuoct2020.html",
                  },
                  {
                     name: "https://www.oracle.com//security-alerts/cpujul2021.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com//security-alerts/cpujul2021.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2019-17531",
      datePublished: "2019-10-12T20:07:34",
      dateReserved: "2019-10-12T00:00:00",
      dateUpdated: "2024-08-05T01:40:16.110Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-11112
Vulnerability from cvelistv5
Published
2020-03-31 04:37
Modified
2024-08-04 11:21
Summary
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            affected: [
               {
                  cpes: [
                     "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "jackson-databind",
                  vendor: "fasterxml",
                  versions: [
                     {
                        lessThan: "2.9.10.4",
                        status: "affected",
                        version: "0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "debian_linux",
                  vendor: "debian",
                  versions: [
                     {
                        status: "affected",
                        version: "8.0",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "steelstore_cloud_integrated_storage",
                  vendor: "netapp",
                  versions: [
                     {
                        status: "affected",
                        version: "*",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "agile_plm",
                  vendor: "oracle",
                  versions: [
                     {
                        status: "affected",
                        version: "9.3.6",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "autovue_for_agile_product_lifecycle_management",
                  vendor: "oracle",
                  versions: [
                     {
                        status: "affected",
                        version: "21.0.2",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "banking_digital_experience",
                  vendor: "oracle",
                  versions: [
                     {
                        lessThanOrEqual: "18.3",
                        status: "affected",
                        version: "18.1",
                        versionType: "custom",
                     },
                     {
                        lessThanOrEqual: "19.2",
                        status: "affected",
                        version: "19.1",
                        versionType: "custom",
                     },
                     {
                        status: "affected",
                        version: "20.1",
                     },
                     {
                        lessThanOrEqual: "2.9.0",
                        status: "affected",
                        version: "2.4.0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "communications_calendar_server",
                  vendor: "oracle",
                  versions: [
                     {
                        lessThanOrEqual: "8.0.0.5.0",
                        status: "affected",
                        version: "8.0.0.4.0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:communications_diameter_signaling_router:-:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "communications_diameter_signaling_router",
                  vendor: "oracle",
                  versions: [
                     {
                        lessThanOrEqual: "8.2.2",
                        status: "affected",
                        version: "8.0.0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "communications_element_manager",
                  vendor: "oracle",
                  versions: [
                     {
                        lessThanOrEqual: "8.2.2",
                        status: "affected",
                        version: "8.2.0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "communications_evolved_communications_application_server",
                  vendor: "oracle",
                  versions: [
                     {
                        status: "affected",
                        version: "7.1",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "communications_instant_messaging_server",
                  vendor: "oracle",
                  versions: [
                     {
                        status: "affected",
                        version: "10.0.1.4.0",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "communications_network_charging_and_control",
                  vendor: "oracle",
                  versions: [
                     {
                        status: "affected",
                        version: "6.0.1",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.0:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "communications_network_charging_and_control",
                  vendor: "oracle",
                  versions: [
                     {
                        lessThanOrEqual: "12.0.3",
                        status: "affected",
                        version: "12.0.0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:communications_session_route_manager:-:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "communications_session_route_manager",
                  vendor: "oracle",
                  versions: [
                     {
                        lessThanOrEqual: "8.2.2",
                        status: "affected",
                        version: "8.2.0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "enterprise_manager_base_platform",
                  vendor: "oracle",
                  versions: [
                     {
                        lessThanOrEqual: "13.4.0.0",
                        status: "affected",
                        version: "13.3.0.0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "financial_services_analytical_applications_infrastructure",
                  vendor: "oracle",
                  versions: [
                     {
                        lessThanOrEqual: "8.1.0",
                        status: "affected",
                        version: "8.0.6",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "financial_services_institutional_performance_analytics",
                  vendor: "oracle",
                  versions: [
                     {
                        status: "affected",
                        version: "8.0.6",
                     },
                     {
                        status: "affected",
                        version: "8.0.7",
                     },
                     {
                        status: "affected",
                        version: "8.1.0",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "financial_services_price_creation_and_discovery",
                  vendor: "oracle",
                  versions: [
                     {
                        lessThanOrEqual: "8.0.7",
                        status: "affected",
                        version: "8.0.6",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "financial_services_retail_customer_analytics",
                  vendor: "oracle",
                  versions: [
                     {
                        status: "affected",
                        version: "8.0.6",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "global_lifecycle_management_opatch",
                  vendor: "oracle",
                  versions: [
                     {
                        lessThanOrEqual: "12.2.0.1.20",
                        status: "affected",
                        version: "0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "insurance_policy_administration_j2ee",
                  vendor: "oracle",
                  versions: [
                     {
                        lessThan: "11.1.0.15",
                        status: "affected",
                        version: "11.0.2.25",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:-:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "jd_edwards_enterpriseone_orchestrator",
                  vendor: "oracle",
                  versions: [
                     {
                        lessThanOrEqual: "9.2.4.2",
                        status: "affected",
                        version: "0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "primavera_unifier",
                  vendor: "oracle",
                  versions: [
                     {
                        status: "affected",
                        version: "16.1",
                     },
                     {
                        status: "affected",
                        version: "16.2",
                     },
                     {
                        lessThanOrEqual: "17.12",
                        status: "affected",
                        version: "17.7",
                        versionType: "custom",
                     },
                     {
                        status: "affected",
                        version: "18.8",
                     },
                     {
                        status: "affected",
                        version: "19.12",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "retail_merchandising_system",
                  vendor: "oracle",
                  versions: [
                     {
                        status: "affected",
                        version: "15.0",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "retail_sales_audit",
                  vendor: "oracle",
                  versions: [
                     {
                        status: "affected",
                        version: "14.1",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:retail_service_backbone:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "retail_service_backbone",
                  vendor: "oracle",
                  versions: [
                     {
                        status: "affected",
                        version: "14.1",
                     },
                     {
                        status: "affected",
                        version: "15.0",
                     },
                     {
                        status: "affected",
                        version: "16.0",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "retail_xstore_point_of_service",
                  vendor: "oracle",
                  versions: [
                     {
                        lessThanOrEqual: "19.0",
                        status: "affected",
                        version: "15.0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:weblogic_server:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "weblogic_server",
                  vendor: "oracle",
                  versions: [
                     {
                        lessThanOrEqual: "12.2.1.4.0",
                        status: "affected",
                        version: "12.2.1.3.0",
                        versionType: "custom",
                     },
                  ],
               },
            ],
            metrics: [
               {
                  cvssV3_1: {
                     attackComplexity: "LOW",
                     attackVector: "NETWORK",
                     availabilityImpact: "HIGH",
                     baseScore: 8.8,
                     baseSeverity: "HIGH",
                     confidentialityImpact: "HIGH",
                     integrityImpact: "HIGH",
                     privilegesRequired: "NONE",
                     scope: "UNCHANGED",
                     userInteraction: "REQUIRED",
                     vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                     version: "3.1",
                  },
               },
               {
                  other: {
                     content: {
                        id: "CVE-2020-11112",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "total",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-05-25T04:00:42.504958Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            problemTypes: [
               {
                  descriptions: [
                     {
                        cweId: "CWE-502",
                        description: "CWE-502 Deserialization of Untrusted Data",
                        lang: "en",
                        type: "CWE",
                     },
                  ],
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-06-04T17:12:17.235Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T11:21:14.621Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "[debian-lts-announce] 20200417 [SECURITY] [DLA 2179-1] jackson-databind security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpujul2020.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20200403-0002/",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/FasterXML/jackson-databind/issues/2666",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpuoct2020.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpujan2021.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpuoct2021.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2021-10-20T10:38:49",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "[debian-lts-announce] 20200417 [SECURITY] [DLA 2179-1] jackson-databind security update",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com/security-alerts/cpujul2020.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://security.netapp.com/advisory/ntap-20200403-0002/",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/FasterXML/jackson-databind/issues/2666",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com/security-alerts/cpuoct2020.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com/security-alerts/cpujan2021.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com/security-alerts/cpuoct2021.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2020-11112",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "[debian-lts-announce] 20200417 [SECURITY] [DLA 2179-1] jackson-databind security update",
                     refsource: "MLIST",
                     url: "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html",
                  },
                  {
                     name: "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
                     refsource: "MISC",
                     url: "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
                  },
                  {
                     name: "https://www.oracle.com/security-alerts/cpujul2020.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com/security-alerts/cpujul2020.html",
                  },
                  {
                     name: "https://security.netapp.com/advisory/ntap-20200403-0002/",
                     refsource: "CONFIRM",
                     url: "https://security.netapp.com/advisory/ntap-20200403-0002/",
                  },
                  {
                     name: "https://github.com/FasterXML/jackson-databind/issues/2666",
                     refsource: "MISC",
                     url: "https://github.com/FasterXML/jackson-databind/issues/2666",
                  },
                  {
                     name: "https://www.oracle.com/security-alerts/cpuoct2020.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com/security-alerts/cpuoct2020.html",
                  },
                  {
                     name: "https://www.oracle.com/security-alerts/cpujan2021.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com/security-alerts/cpujan2021.html",
                  },
                  {
                     name: "https://www.oracle.com/security-alerts/cpuoct2021.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com/security-alerts/cpuoct2021.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2020-11112",
      datePublished: "2020-03-31T04:37:41",
      dateReserved: "2020-03-31T00:00:00",
      dateUpdated: "2024-08-04T11:21:14.621Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-10673
Vulnerability from cvelistv5
Published
2020-03-18 21:17
Modified
2024-08-04 11:06
Summary
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            affected: [
               {
                  cpes: [
                     "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "debian_linux",
                  vendor: "debian",
                  versions: [
                     {
                        status: "affected",
                        version: "8.0",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "steelstore_cloud_integrated_storage",
                  vendor: "netapp",
                  versions: [
                     {
                        status: "affected",
                        version: "*",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "agile_plm",
                  vendor: "oracle",
                  versions: [
                     {
                        status: "affected",
                        version: "9.3.6",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "autovue_for_agile_product_lifecycle_management",
                  vendor: "oracle",
                  versions: [
                     {
                        status: "affected",
                        version: "21.0.2",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "banking_digital_experience",
                  vendor: "oracle",
                  versions: [
                     {
                        lessThanOrEqual: "18.3",
                        status: "affected",
                        version: "18.1",
                        versionType: "custom",
                     },
                     {
                        lessThanOrEqual: "19.2",
                        status: "affected",
                        version: "19.1",
                        versionType: "custom",
                     },
                     {
                        status: "affected",
                        version: "20.1",
                     },
                     {
                        lessThanOrEqual: "2.9.0",
                        status: "affected",
                        version: "2.4.0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "communications_calendar_server",
                  vendor: "oracle",
                  versions: [
                     {
                        lessThanOrEqual: "8.0.0.5.0",
                        status: "affected",
                        version: "8.0.0.4.0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:communications_diameter_signaling_router:-:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "communications_diameter_signaling_router",
                  vendor: "oracle",
                  versions: [
                     {
                        lessThanOrEqual: "8.2.2",
                        status: "affected",
                        version: "8.0.0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "communications_element_manager",
                  vendor: "oracle",
                  versions: [
                     {
                        lessThanOrEqual: "8.2.2",
                        status: "affected",
                        version: "8.2.0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "communications_evolved_communications_application_server",
                  vendor: "oracle",
                  versions: [
                     {
                        status: "affected",
                        version: "7.1",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "communications_instant_messaging_server",
                  vendor: "oracle",
                  versions: [
                     {
                        status: "affected",
                        version: "10.0.1.4.0",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "communications_network_charging_and_control",
                  vendor: "oracle",
                  versions: [
                     {
                        status: "affected",
                        version: "6.0.1",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.0:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "communications_network_charging_and_control",
                  vendor: "oracle",
                  versions: [
                     {
                        lessThanOrEqual: "12.0.3",
                        status: "affected",
                        version: "12.0.0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:communications_session_route_manager:-:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "communications_session_route_manager",
                  vendor: "oracle",
                  versions: [
                     {
                        lessThanOrEqual: "8.2.2",
                        status: "affected",
                        version: "8.2.0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "enterprise_manager_base_platform",
                  vendor: "oracle",
                  versions: [
                     {
                        lessThanOrEqual: "13.4.0.0",
                        status: "affected",
                        version: "13.3.0.0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "financial_services_analytical_applications_infrastructure",
                  vendor: "oracle",
                  versions: [
                     {
                        lessThanOrEqual: "8.1.0",
                        status: "affected",
                        version: "8.0.6",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "financial_services_institutional_performance_analytics",
                  vendor: "oracle",
                  versions: [
                     {
                        status: "affected",
                        version: "8.0.6",
                     },
                     {
                        status: "affected",
                        version: "8.0.7",
                     },
                     {
                        status: "affected",
                        version: "8.1.0",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "financial_services_price_creation_and_discovery",
                  vendor: "oracle",
                  versions: [
                     {
                        lessThanOrEqual: "8.0.7",
                        status: "affected",
                        version: "8.0.6",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "financial_services_retail_customer_analytics",
                  vendor: "oracle",
                  versions: [
                     {
                        status: "affected",
                        version: "8.0.6",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "global_lifecycle_management_opatch",
                  vendor: "oracle",
                  versions: [
                     {
                        lessThanOrEqual: "12.2.0.1.20",
                        status: "affected",
                        version: "0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "insurance_policy_administration_j2ee",
                  vendor: "oracle",
                  versions: [
                     {
                        lessThan: "11.1.0.15",
                        status: "affected",
                        version: "11.0.2.25",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:-:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "jd_edwards_enterpriseone_orchestrator",
                  vendor: "oracle",
                  versions: [
                     {
                        lessThanOrEqual: "9.2.4.2",
                        status: "affected",
                        version: "0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "primavera_unifier",
                  vendor: "oracle",
                  versions: [
                     {
                        status: "affected",
                        version: "16.1",
                     },
                     {
                        status: "affected",
                        version: "16.2",
                     },
                     {
                        lessThanOrEqual: "17.12",
                        status: "affected",
                        version: "17.7",
                        versionType: "custom",
                     },
                     {
                        status: "affected",
                        version: "18.8",
                     },
                     {
                        status: "affected",
                        version: "19.12",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "retail_merchandising_system",
                  vendor: "oracle",
                  versions: [
                     {
                        status: "affected",
                        version: "15.0",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "retail_sales_audit",
                  vendor: "oracle",
                  versions: [
                     {
                        status: "affected",
                        version: "14.1",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:retail_service_backbone:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "retail_service_backbone",
                  vendor: "oracle",
                  versions: [
                     {
                        status: "affected",
                        version: "14.1",
                     },
                     {
                        status: "affected",
                        version: "15.0",
                     },
                     {
                        status: "affected",
                        version: "16.0",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "retail_xstore_point_of_service",
                  vendor: "oracle",
                  versions: [
                     {
                        lessThanOrEqual: "19.0",
                        status: "affected",
                        version: "15.0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:weblogic_server:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "weblogic_server",
                  vendor: "oracle",
                  versions: [
                     {
                        lessThanOrEqual: "12.2.1.4.0",
                        status: "affected",
                        version: "12.2.1.3.0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:fasterxml:jackson-databind:2.0.0:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "jackson-databind",
                  vendor: "fasterxml",
                  versions: [
                     {
                        lessThan: "2.9.10.4",
                        status: "affected",
                        version: "2.0.0",
                        versionType: "custom",
                     },
                  ],
               },
            ],
            metrics: [
               {
                  cvssV3_1: {
                     attackComplexity: "LOW",
                     attackVector: "NETWORK",
                     availabilityImpact: "HIGH",
                     baseScore: 8.8,
                     baseSeverity: "HIGH",
                     confidentialityImpact: "HIGH",
                     integrityImpact: "HIGH",
                     privilegesRequired: "NONE",
                     scope: "UNCHANGED",
                     userInteraction: "REQUIRED",
                     vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                     version: "3.1",
                  },
               },
               {
                  other: {
                     content: {
                        id: "CVE-2020-10673",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "total",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-05-25T04:00:47.873963Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            problemTypes: [
               {
                  descriptions: [
                     {
                        cweId: "CWE-502",
                        description: "CWE-502 Deserialization of Untrusted Data",
                        lang: "en",
                        type: "CWE",
                     },
                  ],
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-06-04T19:56:37.760Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T11:06:10.672Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "[debian-lts-announce] 20200322 [SECURITY] [DLA 2153-1] jackson-databind security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2020/03/msg00027.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpujul2020.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20200403-0002/",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/FasterXML/jackson-databind/issues/2660",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpuoct2020.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpujan2021.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpuoct2021.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2021-10-20T10:38:39",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "[debian-lts-announce] 20200322 [SECURITY] [DLA 2153-1] jackson-databind security update",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2020/03/msg00027.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com/security-alerts/cpujul2020.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://security.netapp.com/advisory/ntap-20200403-0002/",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/FasterXML/jackson-databind/issues/2660",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com/security-alerts/cpuoct2020.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com/security-alerts/cpujan2021.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com/security-alerts/cpuoct2021.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2020-10673",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "[debian-lts-announce] 20200322 [SECURITY] [DLA 2153-1] jackson-databind security update",
                     refsource: "MLIST",
                     url: "https://lists.debian.org/debian-lts-announce/2020/03/msg00027.html",
                  },
                  {
                     name: "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
                     refsource: "MISC",
                     url: "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
                  },
                  {
                     name: "https://www.oracle.com/security-alerts/cpujul2020.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com/security-alerts/cpujul2020.html",
                  },
                  {
                     name: "https://security.netapp.com/advisory/ntap-20200403-0002/",
                     refsource: "CONFIRM",
                     url: "https://security.netapp.com/advisory/ntap-20200403-0002/",
                  },
                  {
                     name: "https://github.com/FasterXML/jackson-databind/issues/2660",
                     refsource: "MISC",
                     url: "https://github.com/FasterXML/jackson-databind/issues/2660",
                  },
                  {
                     name: "https://www.oracle.com/security-alerts/cpuoct2020.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com/security-alerts/cpuoct2020.html",
                  },
                  {
                     name: "https://www.oracle.com/security-alerts/cpujan2021.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com/security-alerts/cpujan2021.html",
                  },
                  {
                     name: "https://www.oracle.com/security-alerts/cpuoct2021.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com/security-alerts/cpuoct2021.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2020-10673",
      datePublished: "2020-03-18T21:17:26",
      dateReserved: "2020-03-18T00:00:00",
      dateUpdated: "2024-08-04T11:06:10.672Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2018-3115
Vulnerability from cvelistv5
Published
2018-10-17 01:00
Modified
2024-10-02 19:45
Severity ?
Summary
Vulnerability in the Oracle Retail Sales Audit component of Oracle Retail Applications (subcomponent: Operational Insights). Supported versions that are affected are 15.0 and 16.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Retail Sales Audit. While the vulnerability is in Oracle Retail Sales Audit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Retail Sales Audit accessible data as well as unauthorized update, insert or delete access to some of Oracle Retail Sales Audit accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Retail Sales Audit. CVSS 3.0 Base Score 7.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L).
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T04:43:34.591Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
               },
               {
                  name: "105586",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/105586",
               },
            ],
            title: "CVE Program Container",
         },
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2018-3115",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-10-02T18:08:29.213075Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-10-02T19:45:50.647Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2018-10-16T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Vulnerability in the Oracle Retail Sales Audit component of Oracle Retail Applications (subcomponent: Operational Insights). Supported versions that are affected are 15.0 and 16.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Retail Sales Audit. While the vulnerability is in Oracle Retail Sales Audit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Retail Sales Audit accessible data as well as unauthorized update, insert or delete access to some of Oracle Retail Sales Audit accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Retail Sales Audit. CVSS 3.0 Base Score 7.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L).",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2018-10-17T09:57:01",
            orgId: "43595867-4340-4103-b7a2-9a5208d29a85",
            shortName: "oracle",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
            },
            {
               name: "105586",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/105586",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secalert_us@oracle.com",
               ID: "CVE-2018-3115",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Vulnerability in the Oracle Retail Sales Audit component of Oracle Retail Applications (subcomponent: Operational Insights). Supported versions that are affected are 15.0 and 16.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Retail Sales Audit. While the vulnerability is in Oracle Retail Sales Audit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Retail Sales Audit accessible data as well as unauthorized update, insert or delete access to some of Oracle Retail Sales Audit accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Retail Sales Audit. CVSS 3.0 Base Score 7.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L).",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
                     refsource: "CONFIRM",
                     url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
                  },
                  {
                     name: "105586",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/105586",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85",
      assignerShortName: "oracle",
      cveId: "CVE-2018-3115",
      datePublished: "2018-10-17T01:00:00",
      dateReserved: "2017-12-15T00:00:00",
      dateUpdated: "2024-10-02T19:45:50.647Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2019-20330
Vulnerability from cvelistv5
Published
2020-01-03 03:35
Modified
2024-08-05 02:39
Severity ?
Summary
FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.ehcache blocking.
References
https://lists.apache.org/thread.html/rd6c6fef14944f3dcfb58d35f9317eb1c32a700e86c1b5231e45d3d0b%40%3Ccommits.druid.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rb532fed78d031fff477fd840b81946f6d1200f93a63698dae65aa528%40%3Ccommits.druid.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r5c3644c97f0434d1ceb48ff48897a67bdbf3baf7efbe7d04625425b3%40%3Ccommits.druid.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r7fb123e7dad49af5886cfec7135c0fd5b74e4c67af029e1dc91ba744%40%3Ccommits.druid.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r392099ed2757ff2e383b10440594e914d080511d7da1c8fed0612c1f%40%3Ccommits.druid.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r107c8737db39ec9ec4f4e7147b249e29be79170b9ef4b80528105a2d%40%3Cdev.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r5c14fdcabdeaba258857bcb67198652e4dce1d33ddc590cd81d82393%40%3Cdev.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r909c822409a276ba04dc2ae31179b16f6864ba02c4f9911bdffebf95%40%3Cissues.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r5d3d10fdf28110da3f9ac1b7d08d7e252f98d7d37ce0a6bd139a2e4f%40%3Cissues.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r50f513772f12e1babf65c7c2b9c16425bac2d945351879e2e267517f%40%3Cissues.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/ra8a80dbc7319916946397823aec0d893d24713cbf7b5aee0e957298c%40%3Cdev.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rfa57d9c2a27d3af14c69607fb1a3da00e758b2092aa88eb6a51b6e99%40%3Cissues.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/ra2e572f568de8df5ba151e6aebb225a0629faaf0476bf7c7ed877af8%40%3Cnotifications.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r428735963bee7cb99877b88d3228e28ec28af64646455c4f3e7a3c94%40%3Cissues.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/ra5ce96faec37c26b0aa15b4b6a8b1cbb145a748653e56ae83e9685d0%40%3Cnotifications.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rd1f346227e11fc515914f3a7b20d81543e51e5822ba71baa0452634a%40%3Cissues.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r7a0821b44247a1e6c6fe5f2943b90ebc4f80a8d1fb0aa9a8b29a59a2%40%3Ccommits.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r67f4d4c48197454b83d62afbed8bebbda3764e6e3a6e26a848961764%40%3Ccommits.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r707d23bb9ee245f50aa909add0da6e8d8f24719b1278ddd99d2428b2%40%3Cissues.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rd49cfa41bbb71ef33b53736a6af2aa8ba88c2106e30f2a34902a87d2%40%3Cnotifications.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r2c77dd6ab8344285bd8e481b57cf3029965a4b0036eefccef74cdd44%40%3Cnotifications.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r3f8180d0d25a7c6473ebb9714b0c1d19a73f455ae70d0c5fefc17e6c%40%3Cissues.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r8831b7fa5ca87a1cf23ee08d6dedb7877a964c1d2bd869af24056a63%40%3Ccommits.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.debian.org/debian-lts-announce/2020/02/msg00020.htmlmailing-list, x_refsource_MLIST
https://www.oracle.com/security-alerts/cpuapr2020.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpujul2020.htmlx_refsource_MISC
https://github.com/FasterXML/jackson-databind/issues/2526x_refsource_MISC
https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.10.1...jackson-databind-2.9.10.2x_refsource_MISC
https://security.netapp.com/advisory/ntap-20200127-0004/x_refsource_CONFIRM
https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3Emailing-list, x_refsource_MLIST
https://www.oracle.com/security-alerts/cpuoct2020.htmlx_refsource_MISC
https://www.oracle.com//security-alerts/cpujul2021.htmlx_refsource_MISC
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T02:39:09.617Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "[druid-commits] 20200114 [GitHub] [druid] ccaominh opened a new pull request #9189: Suppress CVE-2019-20330 for htrace-core-4.0.1",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/rd6c6fef14944f3dcfb58d35f9317eb1c32a700e86c1b5231e45d3d0b%40%3Ccommits.druid.apache.org%3E",
               },
               {
                  name: "[druid-commits] 20200115 [GitHub] [druid] clintropolis merged pull request #9189: Suppress CVE-2019-20330 for htrace-core-4.0.1",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/rb532fed78d031fff477fd840b81946f6d1200f93a63698dae65aa528%40%3Ccommits.druid.apache.org%3E",
               },
               {
                  name: "[druid-commits] 20200115 [GitHub] [druid] ccaominh opened a new pull request #9191: [Backport] Suppress CVE-2019-20330 for htrace-core-4.0.1 (#9189)",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/r5c3644c97f0434d1ceb48ff48897a67bdbf3baf7efbe7d04625425b3%40%3Ccommits.druid.apache.org%3E",
               },
               {
                  name: "[druid-commits] 20200115 [GitHub] [druid] clintropolis merged pull request #9191: [Backport] Suppress CVE-2019-20330 for htrace-core-4.0.1 (#9189)",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/r7fb123e7dad49af5886cfec7135c0fd5b74e4c67af029e1dc91ba744%40%3Ccommits.druid.apache.org%3E",
               },
               {
                  name: "[druid-commits] 20200115 [druid] branch 0.17.0 updated: Suppress CVE-2019-20330 for htrace-core-4.0.1 (#9189) (#9191)",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/r392099ed2757ff2e383b10440594e914d080511d7da1c8fed0612c1f%40%3Ccommits.druid.apache.org%3E",
               },
               {
                  name: "[zookeeper-dev] 20200118 Build failed in Jenkins: zookeeper-master-maven-owasp #329",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/r107c8737db39ec9ec4f4e7147b249e29be79170b9ef4b80528105a2d%40%3Cdev.zookeeper.apache.org%3E",
               },
               {
                  name: "[zookeeper-dev] 20200118 [jira] [Created] (ZOOKEEPER-3699) upgrade jackson-databind to address CVE-2019-20330",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/r5c14fdcabdeaba258857bcb67198652e4dce1d33ddc590cd81d82393%40%3Cdev.zookeeper.apache.org%3E",
               },
               {
                  name: "[zookeeper-issues] 20200118 [jira] [Created] (ZOOKEEPER-3699) upgrade jackson-databind to address CVE-2019-20330",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/r909c822409a276ba04dc2ae31179b16f6864ba02c4f9911bdffebf95%40%3Cissues.zookeeper.apache.org%3E",
               },
               {
                  name: "[zookeeper-issues] 20200118 [jira] [Commented] (ZOOKEEPER-3699) upgrade jackson-databind to address CVE-2019-20330",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/r5d3d10fdf28110da3f9ac1b7d08d7e252f98d7d37ce0a6bd139a2e4f%40%3Cissues.zookeeper.apache.org%3E",
               },
               {
                  name: "[zookeeper-issues] 20200122 [jira] [Commented] (ZOOKEEPER-3699) upgrade jackson-databind to address CVE-2019-20330",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/r50f513772f12e1babf65c7c2b9c16425bac2d945351879e2e267517f%40%3Cissues.zookeeper.apache.org%3E",
               },
               {
                  name: "[zookeeper-dev] 20200122 Re: 3.5.7",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/ra8a80dbc7319916946397823aec0d893d24713cbf7b5aee0e957298c%40%3Cdev.zookeeper.apache.org%3E",
               },
               {
                  name: "[zookeeper-issues] 20200122 [jira] [Assigned] (ZOOKEEPER-3699) upgrade jackson-databind to address CVE-2019-20330",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/rfa57d9c2a27d3af14c69607fb1a3da00e758b2092aa88eb6a51b6e99%40%3Cissues.zookeeper.apache.org%3E",
               },
               {
                  name: "[zookeeper-notifications] 20200122 [GitHub] [zookeeper] phunt commented on issue #1232: ZOOKEEPER-3699: upgrade jackson-databind to address CVE-2019-20330",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/ra2e572f568de8df5ba151e6aebb225a0629faaf0476bf7c7ed877af8%40%3Cnotifications.zookeeper.apache.org%3E",
               },
               {
                  name: "[zookeeper-issues] 20200122 [jira] [Updated] (ZOOKEEPER-3699) upgrade jackson-databind to address CVE-2019-20330",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/r428735963bee7cb99877b88d3228e28ec28af64646455c4f3e7a3c94%40%3Cissues.zookeeper.apache.org%3E",
               },
               {
                  name: "[zookeeper-notifications] 20200122 [GitHub] [zookeeper] phunt opened a new pull request #1232: ZOOKEEPER-3699: upgrade jackson-databind to address CVE-2019-20330",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/ra5ce96faec37c26b0aa15b4b6a8b1cbb145a748653e56ae83e9685d0%40%3Cnotifications.zookeeper.apache.org%3E",
               },
               {
                  name: "[zookeeper-issues] 20200123 [jira] [Commented] (ZOOKEEPER-3699) upgrade jackson-databind to address CVE-2019-20330",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/rd1f346227e11fc515914f3a7b20d81543e51e5822ba71baa0452634a%40%3Cissues.zookeeper.apache.org%3E",
               },
               {
                  name: "[zookeeper-commits] 20200123 [zookeeper] branch branch-3.6 updated: ZOOKEEPER-3699: upgrade jackson-databind to address CVE-2019-20330",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/r7a0821b44247a1e6c6fe5f2943b90ebc4f80a8d1fb0aa9a8b29a59a2%40%3Ccommits.zookeeper.apache.org%3E",
               },
               {
                  name: "[zookeeper-commits] 20200123 [zookeeper] branch branch-3.5 updated: ZOOKEEPER-3699: upgrade jackson-databind to address CVE-2019-20330",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/r67f4d4c48197454b83d62afbed8bebbda3764e6e3a6e26a848961764%40%3Ccommits.zookeeper.apache.org%3E",
               },
               {
                  name: "[zookeeper-issues] 20200123 [jira] [Resolved] (ZOOKEEPER-3699) upgrade jackson-databind to address CVE-2019-20330",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/r707d23bb9ee245f50aa909add0da6e8d8f24719b1278ddd99d2428b2%40%3Cissues.zookeeper.apache.org%3E",
               },
               {
                  name: "[zookeeper-notifications] 20200123 [GitHub] [zookeeper] asfgit closed pull request #1232: ZOOKEEPER-3699: upgrade jackson-databind to address CVE-2019-20330",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/rd49cfa41bbb71ef33b53736a6af2aa8ba88c2106e30f2a34902a87d2%40%3Cnotifications.zookeeper.apache.org%3E",
               },
               {
                  name: "[zookeeper-notifications] 20200123 [GitHub] [zookeeper] nkalmar commented on issue #1232: ZOOKEEPER-3699: upgrade jackson-databind to address CVE-2019-20330",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/r2c77dd6ab8344285bd8e481b57cf3029965a4b0036eefccef74cdd44%40%3Cnotifications.zookeeper.apache.org%3E",
               },
               {
                  name: "[zookeeper-issues] 20200123 [jira] [Updated] (ZOOKEEPER-3699) upgrade jackson-databind to address CVE-2019-20330",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/r3f8180d0d25a7c6473ebb9714b0c1d19a73f455ae70d0c5fefc17e6c%40%3Cissues.zookeeper.apache.org%3E",
               },
               {
                  name: "[zookeeper-commits] 20200123 [zookeeper] branch master updated: ZOOKEEPER-3699: upgrade jackson-databind to address CVE-2019-20330",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/r8831b7fa5ca87a1cf23ee08d6dedb7877a964c1d2bd869af24056a63%40%3Ccommits.zookeeper.apache.org%3E",
               },
               {
                  name: "[debian-lts-announce] 20200220 [SECURITY] [DLA 2111-1] jackson-databind security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2020/02/msg00020.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpuapr2020.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpujul2020.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/FasterXML/jackson-databind/issues/2526",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.10.1...jackson-databind-2.9.10.2",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20200127-0004/",
               },
               {
                  name: "[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E",
               },
               {
                  name: "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpuoct2020.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com//security-alerts/cpujul2021.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.ehcache blocking.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2021-07-20T22:53:45",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "[druid-commits] 20200114 [GitHub] [druid] ccaominh opened a new pull request #9189: Suppress CVE-2019-20330 for htrace-core-4.0.1",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/rd6c6fef14944f3dcfb58d35f9317eb1c32a700e86c1b5231e45d3d0b%40%3Ccommits.druid.apache.org%3E",
            },
            {
               name: "[druid-commits] 20200115 [GitHub] [druid] clintropolis merged pull request #9189: Suppress CVE-2019-20330 for htrace-core-4.0.1",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/rb532fed78d031fff477fd840b81946f6d1200f93a63698dae65aa528%40%3Ccommits.druid.apache.org%3E",
            },
            {
               name: "[druid-commits] 20200115 [GitHub] [druid] ccaominh opened a new pull request #9191: [Backport] Suppress CVE-2019-20330 for htrace-core-4.0.1 (#9189)",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/r5c3644c97f0434d1ceb48ff48897a67bdbf3baf7efbe7d04625425b3%40%3Ccommits.druid.apache.org%3E",
            },
            {
               name: "[druid-commits] 20200115 [GitHub] [druid] clintropolis merged pull request #9191: [Backport] Suppress CVE-2019-20330 for htrace-core-4.0.1 (#9189)",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/r7fb123e7dad49af5886cfec7135c0fd5b74e4c67af029e1dc91ba744%40%3Ccommits.druid.apache.org%3E",
            },
            {
               name: "[druid-commits] 20200115 [druid] branch 0.17.0 updated: Suppress CVE-2019-20330 for htrace-core-4.0.1 (#9189) (#9191)",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/r392099ed2757ff2e383b10440594e914d080511d7da1c8fed0612c1f%40%3Ccommits.druid.apache.org%3E",
            },
            {
               name: "[zookeeper-dev] 20200118 Build failed in Jenkins: zookeeper-master-maven-owasp #329",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/r107c8737db39ec9ec4f4e7147b249e29be79170b9ef4b80528105a2d%40%3Cdev.zookeeper.apache.org%3E",
            },
            {
               name: "[zookeeper-dev] 20200118 [jira] [Created] (ZOOKEEPER-3699) upgrade jackson-databind to address CVE-2019-20330",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/r5c14fdcabdeaba258857bcb67198652e4dce1d33ddc590cd81d82393%40%3Cdev.zookeeper.apache.org%3E",
            },
            {
               name: "[zookeeper-issues] 20200118 [jira] [Created] (ZOOKEEPER-3699) upgrade jackson-databind to address CVE-2019-20330",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/r909c822409a276ba04dc2ae31179b16f6864ba02c4f9911bdffebf95%40%3Cissues.zookeeper.apache.org%3E",
            },
            {
               name: "[zookeeper-issues] 20200118 [jira] [Commented] (ZOOKEEPER-3699) upgrade jackson-databind to address CVE-2019-20330",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/r5d3d10fdf28110da3f9ac1b7d08d7e252f98d7d37ce0a6bd139a2e4f%40%3Cissues.zookeeper.apache.org%3E",
            },
            {
               name: "[zookeeper-issues] 20200122 [jira] [Commented] (ZOOKEEPER-3699) upgrade jackson-databind to address CVE-2019-20330",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/r50f513772f12e1babf65c7c2b9c16425bac2d945351879e2e267517f%40%3Cissues.zookeeper.apache.org%3E",
            },
            {
               name: "[zookeeper-dev] 20200122 Re: 3.5.7",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/ra8a80dbc7319916946397823aec0d893d24713cbf7b5aee0e957298c%40%3Cdev.zookeeper.apache.org%3E",
            },
            {
               name: "[zookeeper-issues] 20200122 [jira] [Assigned] (ZOOKEEPER-3699) upgrade jackson-databind to address CVE-2019-20330",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/rfa57d9c2a27d3af14c69607fb1a3da00e758b2092aa88eb6a51b6e99%40%3Cissues.zookeeper.apache.org%3E",
            },
            {
               name: "[zookeeper-notifications] 20200122 [GitHub] [zookeeper] phunt commented on issue #1232: ZOOKEEPER-3699: upgrade jackson-databind to address CVE-2019-20330",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/ra2e572f568de8df5ba151e6aebb225a0629faaf0476bf7c7ed877af8%40%3Cnotifications.zookeeper.apache.org%3E",
            },
            {
               name: "[zookeeper-issues] 20200122 [jira] [Updated] (ZOOKEEPER-3699) upgrade jackson-databind to address CVE-2019-20330",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/r428735963bee7cb99877b88d3228e28ec28af64646455c4f3e7a3c94%40%3Cissues.zookeeper.apache.org%3E",
            },
            {
               name: "[zookeeper-notifications] 20200122 [GitHub] [zookeeper] phunt opened a new pull request #1232: ZOOKEEPER-3699: upgrade jackson-databind to address CVE-2019-20330",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/ra5ce96faec37c26b0aa15b4b6a8b1cbb145a748653e56ae83e9685d0%40%3Cnotifications.zookeeper.apache.org%3E",
            },
            {
               name: "[zookeeper-issues] 20200123 [jira] [Commented] (ZOOKEEPER-3699) upgrade jackson-databind to address CVE-2019-20330",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/rd1f346227e11fc515914f3a7b20d81543e51e5822ba71baa0452634a%40%3Cissues.zookeeper.apache.org%3E",
            },
            {
               name: "[zookeeper-commits] 20200123 [zookeeper] branch branch-3.6 updated: ZOOKEEPER-3699: upgrade jackson-databind to address CVE-2019-20330",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/r7a0821b44247a1e6c6fe5f2943b90ebc4f80a8d1fb0aa9a8b29a59a2%40%3Ccommits.zookeeper.apache.org%3E",
            },
            {
               name: "[zookeeper-commits] 20200123 [zookeeper] branch branch-3.5 updated: ZOOKEEPER-3699: upgrade jackson-databind to address CVE-2019-20330",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/r67f4d4c48197454b83d62afbed8bebbda3764e6e3a6e26a848961764%40%3Ccommits.zookeeper.apache.org%3E",
            },
            {
               name: "[zookeeper-issues] 20200123 [jira] [Resolved] (ZOOKEEPER-3699) upgrade jackson-databind to address CVE-2019-20330",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/r707d23bb9ee245f50aa909add0da6e8d8f24719b1278ddd99d2428b2%40%3Cissues.zookeeper.apache.org%3E",
            },
            {
               name: "[zookeeper-notifications] 20200123 [GitHub] [zookeeper] asfgit closed pull request #1232: ZOOKEEPER-3699: upgrade jackson-databind to address CVE-2019-20330",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/rd49cfa41bbb71ef33b53736a6af2aa8ba88c2106e30f2a34902a87d2%40%3Cnotifications.zookeeper.apache.org%3E",
            },
            {
               name: "[zookeeper-notifications] 20200123 [GitHub] [zookeeper] nkalmar commented on issue #1232: ZOOKEEPER-3699: upgrade jackson-databind to address CVE-2019-20330",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/r2c77dd6ab8344285bd8e481b57cf3029965a4b0036eefccef74cdd44%40%3Cnotifications.zookeeper.apache.org%3E",
            },
            {
               name: "[zookeeper-issues] 20200123 [jira] [Updated] (ZOOKEEPER-3699) upgrade jackson-databind to address CVE-2019-20330",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/r3f8180d0d25a7c6473ebb9714b0c1d19a73f455ae70d0c5fefc17e6c%40%3Cissues.zookeeper.apache.org%3E",
            },
            {
               name: "[zookeeper-commits] 20200123 [zookeeper] branch master updated: ZOOKEEPER-3699: upgrade jackson-databind to address CVE-2019-20330",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/r8831b7fa5ca87a1cf23ee08d6dedb7877a964c1d2bd869af24056a63%40%3Ccommits.zookeeper.apache.org%3E",
            },
            {
               name: "[debian-lts-announce] 20200220 [SECURITY] [DLA 2111-1] jackson-databind security update",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2020/02/msg00020.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com/security-alerts/cpuapr2020.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com/security-alerts/cpujul2020.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/FasterXML/jackson-databind/issues/2526",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.10.1...jackson-databind-2.9.10.2",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://security.netapp.com/advisory/ntap-20200127-0004/",
            },
            {
               name: "[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E",
            },
            {
               name: "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com/security-alerts/cpuoct2020.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com//security-alerts/cpujul2021.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2019-20330",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.ehcache blocking.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "[druid-commits] 20200114 [GitHub] [druid] ccaominh opened a new pull request #9189: Suppress CVE-2019-20330 for htrace-core-4.0.1",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/rd6c6fef14944f3dcfb58d35f9317eb1c32a700e86c1b5231e45d3d0b@%3Ccommits.druid.apache.org%3E",
                  },
                  {
                     name: "[druid-commits] 20200115 [GitHub] [druid] clintropolis merged pull request #9189: Suppress CVE-2019-20330 for htrace-core-4.0.1",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/rb532fed78d031fff477fd840b81946f6d1200f93a63698dae65aa528@%3Ccommits.druid.apache.org%3E",
                  },
                  {
                     name: "[druid-commits] 20200115 [GitHub] [druid] ccaominh opened a new pull request #9191: [Backport] Suppress CVE-2019-20330 for htrace-core-4.0.1 (#9189)",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/r5c3644c97f0434d1ceb48ff48897a67bdbf3baf7efbe7d04625425b3@%3Ccommits.druid.apache.org%3E",
                  },
                  {
                     name: "[druid-commits] 20200115 [GitHub] [druid] clintropolis merged pull request #9191: [Backport] Suppress CVE-2019-20330 for htrace-core-4.0.1 (#9189)",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/r7fb123e7dad49af5886cfec7135c0fd5b74e4c67af029e1dc91ba744@%3Ccommits.druid.apache.org%3E",
                  },
                  {
                     name: "[druid-commits] 20200115 [druid] branch 0.17.0 updated: Suppress CVE-2019-20330 for htrace-core-4.0.1 (#9189) (#9191)",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/r392099ed2757ff2e383b10440594e914d080511d7da1c8fed0612c1f@%3Ccommits.druid.apache.org%3E",
                  },
                  {
                     name: "[zookeeper-dev] 20200118 Build failed in Jenkins: zookeeper-master-maven-owasp #329",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/r107c8737db39ec9ec4f4e7147b249e29be79170b9ef4b80528105a2d@%3Cdev.zookeeper.apache.org%3E",
                  },
                  {
                     name: "[zookeeper-dev] 20200118 [jira] [Created] (ZOOKEEPER-3699) upgrade jackson-databind to address CVE-2019-20330",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/r5c14fdcabdeaba258857bcb67198652e4dce1d33ddc590cd81d82393@%3Cdev.zookeeper.apache.org%3E",
                  },
                  {
                     name: "[zookeeper-issues] 20200118 [jira] [Created] (ZOOKEEPER-3699) upgrade jackson-databind to address CVE-2019-20330",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/r909c822409a276ba04dc2ae31179b16f6864ba02c4f9911bdffebf95@%3Cissues.zookeeper.apache.org%3E",
                  },
                  {
                     name: "[zookeeper-issues] 20200118 [jira] [Commented] (ZOOKEEPER-3699) upgrade jackson-databind to address CVE-2019-20330",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/r5d3d10fdf28110da3f9ac1b7d08d7e252f98d7d37ce0a6bd139a2e4f@%3Cissues.zookeeper.apache.org%3E",
                  },
                  {
                     name: "[zookeeper-issues] 20200122 [jira] [Commented] (ZOOKEEPER-3699) upgrade jackson-databind to address CVE-2019-20330",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/r50f513772f12e1babf65c7c2b9c16425bac2d945351879e2e267517f@%3Cissues.zookeeper.apache.org%3E",
                  },
                  {
                     name: "[zookeeper-dev] 20200122 Re: 3.5.7",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/ra8a80dbc7319916946397823aec0d893d24713cbf7b5aee0e957298c@%3Cdev.zookeeper.apache.org%3E",
                  },
                  {
                     name: "[zookeeper-issues] 20200122 [jira] [Assigned] (ZOOKEEPER-3699) upgrade jackson-databind to address CVE-2019-20330",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/rfa57d9c2a27d3af14c69607fb1a3da00e758b2092aa88eb6a51b6e99@%3Cissues.zookeeper.apache.org%3E",
                  },
                  {
                     name: "[zookeeper-notifications] 20200122 [GitHub] [zookeeper] phunt commented on issue #1232: ZOOKEEPER-3699: upgrade jackson-databind to address CVE-2019-20330",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/ra2e572f568de8df5ba151e6aebb225a0629faaf0476bf7c7ed877af8@%3Cnotifications.zookeeper.apache.org%3E",
                  },
                  {
                     name: "[zookeeper-issues] 20200122 [jira] [Updated] (ZOOKEEPER-3699) upgrade jackson-databind to address CVE-2019-20330",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/r428735963bee7cb99877b88d3228e28ec28af64646455c4f3e7a3c94@%3Cissues.zookeeper.apache.org%3E",
                  },
                  {
                     name: "[zookeeper-notifications] 20200122 [GitHub] [zookeeper] phunt opened a new pull request #1232: ZOOKEEPER-3699: upgrade jackson-databind to address CVE-2019-20330",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/ra5ce96faec37c26b0aa15b4b6a8b1cbb145a748653e56ae83e9685d0@%3Cnotifications.zookeeper.apache.org%3E",
                  },
                  {
                     name: "[zookeeper-issues] 20200123 [jira] [Commented] (ZOOKEEPER-3699) upgrade jackson-databind to address CVE-2019-20330",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/rd1f346227e11fc515914f3a7b20d81543e51e5822ba71baa0452634a@%3Cissues.zookeeper.apache.org%3E",
                  },
                  {
                     name: "[zookeeper-commits] 20200123 [zookeeper] branch branch-3.6 updated: ZOOKEEPER-3699: upgrade jackson-databind to address CVE-2019-20330",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/r7a0821b44247a1e6c6fe5f2943b90ebc4f80a8d1fb0aa9a8b29a59a2@%3Ccommits.zookeeper.apache.org%3E",
                  },
                  {
                     name: "[zookeeper-commits] 20200123 [zookeeper] branch branch-3.5 updated: ZOOKEEPER-3699: upgrade jackson-databind to address CVE-2019-20330",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/r67f4d4c48197454b83d62afbed8bebbda3764e6e3a6e26a848961764@%3Ccommits.zookeeper.apache.org%3E",
                  },
                  {
                     name: "[zookeeper-issues] 20200123 [jira] [Resolved] (ZOOKEEPER-3699) upgrade jackson-databind to address CVE-2019-20330",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/r707d23bb9ee245f50aa909add0da6e8d8f24719b1278ddd99d2428b2@%3Cissues.zookeeper.apache.org%3E",
                  },
                  {
                     name: "[zookeeper-notifications] 20200123 [GitHub] [zookeeper] asfgit closed pull request #1232: ZOOKEEPER-3699: upgrade jackson-databind to address CVE-2019-20330",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/rd49cfa41bbb71ef33b53736a6af2aa8ba88c2106e30f2a34902a87d2@%3Cnotifications.zookeeper.apache.org%3E",
                  },
                  {
                     name: "[zookeeper-notifications] 20200123 [GitHub] [zookeeper] nkalmar commented on issue #1232: ZOOKEEPER-3699: upgrade jackson-databind to address CVE-2019-20330",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/r2c77dd6ab8344285bd8e481b57cf3029965a4b0036eefccef74cdd44@%3Cnotifications.zookeeper.apache.org%3E",
                  },
                  {
                     name: "[zookeeper-issues] 20200123 [jira] [Updated] (ZOOKEEPER-3699) upgrade jackson-databind to address CVE-2019-20330",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/r3f8180d0d25a7c6473ebb9714b0c1d19a73f455ae70d0c5fefc17e6c@%3Cissues.zookeeper.apache.org%3E",
                  },
                  {
                     name: "[zookeeper-commits] 20200123 [zookeeper] branch master updated: ZOOKEEPER-3699: upgrade jackson-databind to address CVE-2019-20330",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/r8831b7fa5ca87a1cf23ee08d6dedb7877a964c1d2bd869af24056a63@%3Ccommits.zookeeper.apache.org%3E",
                  },
                  {
                     name: "[debian-lts-announce] 20200220 [SECURITY] [DLA 2111-1] jackson-databind security update",
                     refsource: "MLIST",
                     url: "https://lists.debian.org/debian-lts-announce/2020/02/msg00020.html",
                  },
                  {
                     name: "https://www.oracle.com/security-alerts/cpuapr2020.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com/security-alerts/cpuapr2020.html",
                  },
                  {
                     name: "https://www.oracle.com/security-alerts/cpujul2020.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com/security-alerts/cpujul2020.html",
                  },
                  {
                     name: "https://github.com/FasterXML/jackson-databind/issues/2526",
                     refsource: "MISC",
                     url: "https://github.com/FasterXML/jackson-databind/issues/2526",
                  },
                  {
                     name: "https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.10.1...jackson-databind-2.9.10.2",
                     refsource: "MISC",
                     url: "https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.10.1...jackson-databind-2.9.10.2",
                  },
                  {
                     name: "https://security.netapp.com/advisory/ntap-20200127-0004/",
                     refsource: "CONFIRM",
                     url: "https://security.netapp.com/advisory/ntap-20200127-0004/",
                  },
                  {
                     name: "[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E",
                  },
                  {
                     name: "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E",
                  },
                  {
                     name: "https://www.oracle.com/security-alerts/cpuoct2020.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com/security-alerts/cpuoct2020.html",
                  },
                  {
                     name: "https://www.oracle.com//security-alerts/cpujul2021.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com//security-alerts/cpujul2021.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2019-20330",
      datePublished: "2020-01-03T03:35:52",
      dateReserved: "2020-01-03T00:00:00",
      dateUpdated: "2024-08-05T02:39:09.617Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-36518
Vulnerability from cvelistv5
Published
2022-03-11 00:00
Modified
2024-08-04 17:30
Severity ?
Summary
jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T17:30:08.127Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/FasterXML/jackson-databind/issues/2816",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpuapr2022.html",
               },
               {
                  name: "[debian-lts-announce] 20220502 [SECURITY] [DLA 2990-1] jackson-databind security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2022/05/msg00001.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpujul2022.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20220506-0004/",
               },
               {
                  name: "DSA-5283",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2022/dsa-5283",
               },
               {
                  name: "[debian-lts-announce] 20221127 [SECURITY] [DLA 3207-1] jackson-databind security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-11-27T00:00:00",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               url: "https://github.com/FasterXML/jackson-databind/issues/2816",
            },
            {
               url: "https://www.oracle.com/security-alerts/cpuapr2022.html",
            },
            {
               name: "[debian-lts-announce] 20220502 [SECURITY] [DLA 2990-1] jackson-databind security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2022/05/msg00001.html",
            },
            {
               url: "https://www.oracle.com/security-alerts/cpujul2022.html",
            },
            {
               url: "https://security.netapp.com/advisory/ntap-20220506-0004/",
            },
            {
               name: "DSA-5283",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://www.debian.org/security/2022/dsa-5283",
            },
            {
               name: "[debian-lts-announce] 20221127 [SECURITY] [DLA 3207-1] jackson-databind security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2020-36518",
      datePublished: "2022-03-11T00:00:00",
      dateReserved: "2022-03-11T00:00:00",
      dateUpdated: "2024-08-04T17:30:08.127Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-9546
Vulnerability from cvelistv5
Published
2020-03-02 03:59
Modified
2024-08-04 10:34
Severity ?
Summary
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).
References
https://lists.debian.org/debian-lts-announce/2020/03/msg00008.htmlmailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rb6fecb5e96a6d61e175ff49f33f2713798dd05cf03067c169d195596%40%3Cissues.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r9464a40d25c3ba1a55622db72f113eb494a889656962d098c70c5bb1%40%3Cdev.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rdd49ab9565bec436a896bc00c4b9fc9dce1598e106c318524fbdfec6%40%3Cissues.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r35d30db00440ef63b791c4b7f7acb036e14d4a23afa2a249cb66c0fd%40%3Cissues.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r98c9b6e4c9e17792e2cd1ec3e4aa20b61a791939046d3f10888176bb%40%3Cissues.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rd5a4457be4623038c3989294429bc063eec433a2e55995d81591e2ca%40%3Cissues.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rdd4df698d5d8e635144d2994922bf0842e933809eae259521f3b5097%40%3Cissues.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062x_refsource_MISC
https://www.oracle.com/security-alerts/cpujul2020.htmlx_refsource_MISC
https://github.com/FasterXML/jackson-databind/issues/2631x_refsource_MISC
https://lists.apache.org/thread.html/r893a0104e50c1c2559eb9a5812add28ae8c3e5f43712947a9847ec18%40%3Cnotifications.zookeeper.apache.org%3Ex_refsource_MISC
https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3Emailing-list, x_refsource_MLIST
https://www.oracle.com/security-alerts/cpuoct2020.htmlx_refsource_MISC
https://security.netapp.com/advisory/ntap-20200904-0006/x_refsource_CONFIRM
https://www.oracle.com/security-alerts/cpujan2021.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpuoct2021.htmlx_refsource_MISC
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T10:34:39.829Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "[debian-lts-announce] 20200305 [SECURITY] [DLA 2135-1] jackson-databind security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2020/03/msg00008.html",
               },
               {
                  name: "[zookeeper-issues] 20200307 [jira] [Created] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/rb6fecb5e96a6d61e175ff49f33f2713798dd05cf03067c169d195596%40%3Cissues.zookeeper.apache.org%3E",
               },
               {
                  name: "[zookeeper-dev] 20200307 [jira] [Created] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/r9464a40d25c3ba1a55622db72f113eb494a889656962d098c70c5bb1%40%3Cdev.zookeeper.apache.org%3E",
               },
               {
                  name: "[zookeeper-issues] 20200307 [jira] [Updated] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/rdd49ab9565bec436a896bc00c4b9fc9dce1598e106c318524fbdfec6%40%3Cissues.zookeeper.apache.org%3E",
               },
               {
                  name: "[zookeeper-issues] 20200308 [jira] [Commented] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/r35d30db00440ef63b791c4b7f7acb036e14d4a23afa2a249cb66c0fd%40%3Cissues.zookeeper.apache.org%3E",
               },
               {
                  name: "[zookeeper-issues] 20200319 [jira] [Commented] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/r98c9b6e4c9e17792e2cd1ec3e4aa20b61a791939046d3f10888176bb%40%3Cissues.zookeeper.apache.org%3E",
               },
               {
                  name: "[zookeeper-issues] 20200319 [jira] [Updated] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/rd5a4457be4623038c3989294429bc063eec433a2e55995d81591e2ca%40%3Cissues.zookeeper.apache.org%3E",
               },
               {
                  name: "[zookeeper-issues] 20200430 [jira] [Resolved] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/rdd4df698d5d8e635144d2994922bf0842e933809eae259521f3b5097%40%3Cissues.zookeeper.apache.org%3E",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpujul2020.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/FasterXML/jackson-databind/issues/2631",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/r893a0104e50c1c2559eb9a5812add28ae8c3e5f43712947a9847ec18%40%3Cnotifications.zookeeper.apache.org%3E",
               },
               {
                  name: "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpuoct2020.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20200904-0006/",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpujan2021.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpuoct2021.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2021-10-20T10:40:28",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "[debian-lts-announce] 20200305 [SECURITY] [DLA 2135-1] jackson-databind security update",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2020/03/msg00008.html",
            },
            {
               name: "[zookeeper-issues] 20200307 [jira] [Created] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/rb6fecb5e96a6d61e175ff49f33f2713798dd05cf03067c169d195596%40%3Cissues.zookeeper.apache.org%3E",
            },
            {
               name: "[zookeeper-dev] 20200307 [jira] [Created] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/r9464a40d25c3ba1a55622db72f113eb494a889656962d098c70c5bb1%40%3Cdev.zookeeper.apache.org%3E",
            },
            {
               name: "[zookeeper-issues] 20200307 [jira] [Updated] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/rdd49ab9565bec436a896bc00c4b9fc9dce1598e106c318524fbdfec6%40%3Cissues.zookeeper.apache.org%3E",
            },
            {
               name: "[zookeeper-issues] 20200308 [jira] [Commented] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/r35d30db00440ef63b791c4b7f7acb036e14d4a23afa2a249cb66c0fd%40%3Cissues.zookeeper.apache.org%3E",
            },
            {
               name: "[zookeeper-issues] 20200319 [jira] [Commented] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/r98c9b6e4c9e17792e2cd1ec3e4aa20b61a791939046d3f10888176bb%40%3Cissues.zookeeper.apache.org%3E",
            },
            {
               name: "[zookeeper-issues] 20200319 [jira] [Updated] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/rd5a4457be4623038c3989294429bc063eec433a2e55995d81591e2ca%40%3Cissues.zookeeper.apache.org%3E",
            },
            {
               name: "[zookeeper-issues] 20200430 [jira] [Resolved] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/rdd4df698d5d8e635144d2994922bf0842e933809eae259521f3b5097%40%3Cissues.zookeeper.apache.org%3E",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com/security-alerts/cpujul2020.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/FasterXML/jackson-databind/issues/2631",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://lists.apache.org/thread.html/r893a0104e50c1c2559eb9a5812add28ae8c3e5f43712947a9847ec18%40%3Cnotifications.zookeeper.apache.org%3E",
            },
            {
               name: "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com/security-alerts/cpuoct2020.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://security.netapp.com/advisory/ntap-20200904-0006/",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com/security-alerts/cpujan2021.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com/security-alerts/cpuoct2021.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2020-9546",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "[debian-lts-announce] 20200305 [SECURITY] [DLA 2135-1] jackson-databind security update",
                     refsource: "MLIST",
                     url: "https://lists.debian.org/debian-lts-announce/2020/03/msg00008.html",
                  },
                  {
                     name: "[zookeeper-issues] 20200307 [jira] [Created] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/rb6fecb5e96a6d61e175ff49f33f2713798dd05cf03067c169d195596@%3Cissues.zookeeper.apache.org%3E",
                  },
                  {
                     name: "[zookeeper-dev] 20200307 [jira] [Created] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/r9464a40d25c3ba1a55622db72f113eb494a889656962d098c70c5bb1@%3Cdev.zookeeper.apache.org%3E",
                  },
                  {
                     name: "[zookeeper-issues] 20200307 [jira] [Updated] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/rdd49ab9565bec436a896bc00c4b9fc9dce1598e106c318524fbdfec6@%3Cissues.zookeeper.apache.org%3E",
                  },
                  {
                     name: "[zookeeper-issues] 20200308 [jira] [Commented] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/r35d30db00440ef63b791c4b7f7acb036e14d4a23afa2a249cb66c0fd@%3Cissues.zookeeper.apache.org%3E",
                  },
                  {
                     name: "[zookeeper-issues] 20200319 [jira] [Commented] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/r98c9b6e4c9e17792e2cd1ec3e4aa20b61a791939046d3f10888176bb@%3Cissues.zookeeper.apache.org%3E",
                  },
                  {
                     name: "[zookeeper-issues] 20200319 [jira] [Updated] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/rd5a4457be4623038c3989294429bc063eec433a2e55995d81591e2ca@%3Cissues.zookeeper.apache.org%3E",
                  },
                  {
                     name: "[zookeeper-issues] 20200430 [jira] [Resolved] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/rdd4df698d5d8e635144d2994922bf0842e933809eae259521f3b5097@%3Cissues.zookeeper.apache.org%3E",
                  },
                  {
                     name: "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
                     refsource: "MISC",
                     url: "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
                  },
                  {
                     name: "https://www.oracle.com/security-alerts/cpujul2020.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com/security-alerts/cpujul2020.html",
                  },
                  {
                     name: "https://github.com/FasterXML/jackson-databind/issues/2631",
                     refsource: "MISC",
                     url: "https://github.com/FasterXML/jackson-databind/issues/2631",
                  },
                  {
                     name: "https://lists.apache.org/thread.html/r893a0104e50c1c2559eb9a5812add28ae8c3e5f43712947a9847ec18@%3Cnotifications.zookeeper.apache.org%3E",
                     refsource: "MISC",
                     url: "https://lists.apache.org/thread.html/r893a0104e50c1c2559eb9a5812add28ae8c3e5f43712947a9847ec18@%3Cnotifications.zookeeper.apache.org%3E",
                  },
                  {
                     name: "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E",
                  },
                  {
                     name: "https://www.oracle.com/security-alerts/cpuoct2020.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com/security-alerts/cpuoct2020.html",
                  },
                  {
                     name: "https://security.netapp.com/advisory/ntap-20200904-0006/",
                     refsource: "CONFIRM",
                     url: "https://security.netapp.com/advisory/ntap-20200904-0006/",
                  },
                  {
                     name: "https://www.oracle.com/security-alerts/cpujan2021.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com/security-alerts/cpujan2021.html",
                  },
                  {
                     name: "https://www.oracle.com/security-alerts/cpuoct2021.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com/security-alerts/cpuoct2021.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2020-9546",
      datePublished: "2020-03-02T03:59:18",
      dateReserved: "2020-03-02T00:00:00",
      dateUpdated: "2024-08-04T10:34:39.829Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-10969
Vulnerability from cvelistv5
Published
2020-03-26 12:43
Modified
2024-08-04 11:21
Summary
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            affected: [
               {
                  cpes: [
                     "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "debian_linux",
                  vendor: "debian",
                  versions: [
                     {
                        status: "affected",
                        version: "8.0",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "steelstore_cloud_integrated_storage",
                  vendor: "netapp",
                  versions: [
                     {
                        status: "affected",
                        version: "*",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "agile_plm",
                  vendor: "oracle",
                  versions: [
                     {
                        status: "affected",
                        version: "9.3.6",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "autovue_for_agile_product_lifecycle_management",
                  vendor: "oracle",
                  versions: [
                     {
                        status: "affected",
                        version: "21.0.2",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "banking_digital_experience",
                  vendor: "oracle",
                  versions: [
                     {
                        lessThanOrEqual: "18.3",
                        status: "affected",
                        version: "18.1",
                        versionType: "custom",
                     },
                     {
                        lessThanOrEqual: "19.2",
                        status: "affected",
                        version: "19.1",
                        versionType: "custom",
                     },
                     {
                        status: "affected",
                        version: "20.1",
                     },
                     {
                        lessThanOrEqual: "2.9.0",
                        status: "affected",
                        version: "2.4.0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "communications_calendar_server",
                  vendor: "oracle",
                  versions: [
                     {
                        lessThanOrEqual: "8.0.0.5.0",
                        status: "affected",
                        version: "8.0.0.4.0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:communications_diameter_signaling_router:-:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "communications_diameter_signaling_router",
                  vendor: "oracle",
                  versions: [
                     {
                        lessThanOrEqual: "8.2.2",
                        status: "affected",
                        version: "8.0.0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "communications_element_manager",
                  vendor: "oracle",
                  versions: [
                     {
                        lessThanOrEqual: "8.2.2",
                        status: "affected",
                        version: "8.2.0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "communications_evolved_communications_application_server",
                  vendor: "oracle",
                  versions: [
                     {
                        status: "affected",
                        version: "7.1",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "communications_instant_messaging_server",
                  vendor: "oracle",
                  versions: [
                     {
                        status: "affected",
                        version: "10.0.1.4.0",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "communications_network_charging_and_control",
                  vendor: "oracle",
                  versions: [
                     {
                        status: "affected",
                        version: "6.0.1",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.0:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "communications_network_charging_and_control",
                  vendor: "oracle",
                  versions: [
                     {
                        lessThanOrEqual: "12.0.3",
                        status: "affected",
                        version: "12.0.0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:communications_session_route_manager:-:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "communications_session_route_manager",
                  vendor: "oracle",
                  versions: [
                     {
                        lessThanOrEqual: "8.2.2",
                        status: "affected",
                        version: "8.2.0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "enterprise_manager_base_platform",
                  vendor: "oracle",
                  versions: [
                     {
                        lessThanOrEqual: "13.4.0.0",
                        status: "affected",
                        version: "13.3.0.0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "financial_services_analytical_applications_infrastructure",
                  vendor: "oracle",
                  versions: [
                     {
                        lessThanOrEqual: "8.1.0",
                        status: "affected",
                        version: "8.0.6",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "financial_services_institutional_performance_analytics",
                  vendor: "oracle",
                  versions: [
                     {
                        status: "affected",
                        version: "8.0.6",
                     },
                     {
                        status: "affected",
                        version: "8.0.7",
                     },
                     {
                        status: "affected",
                        version: "8.1.0",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "financial_services_price_creation_and_discovery",
                  vendor: "oracle",
                  versions: [
                     {
                        lessThanOrEqual: "8.0.7",
                        status: "affected",
                        version: "8.0.6",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "financial_services_retail_customer_analytics",
                  vendor: "oracle",
                  versions: [
                     {
                        status: "affected",
                        version: "8.0.6",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "global_lifecycle_management_opatch",
                  vendor: "oracle",
                  versions: [
                     {
                        lessThanOrEqual: "12.2.0.1.20",
                        status: "affected",
                        version: "0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "insurance_policy_administration_j2ee",
                  vendor: "oracle",
                  versions: [
                     {
                        lessThan: "11.1.0.15",
                        status: "affected",
                        version: "11.0.2.25",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:-:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "jd_edwards_enterpriseone_orchestrator",
                  vendor: "oracle",
                  versions: [
                     {
                        lessThanOrEqual: "9.2.4.2",
                        status: "affected",
                        version: "0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "primavera_unifier",
                  vendor: "oracle",
                  versions: [
                     {
                        status: "affected",
                        version: "16.1",
                     },
                     {
                        status: "affected",
                        version: "16.2",
                     },
                     {
                        lessThanOrEqual: "17.12",
                        status: "affected",
                        version: "17.7",
                        versionType: "custom",
                     },
                     {
                        status: "affected",
                        version: "18.8",
                     },
                     {
                        status: "affected",
                        version: "19.12",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "retail_merchandising_system",
                  vendor: "oracle",
                  versions: [
                     {
                        status: "affected",
                        version: "15.0",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "retail_sales_audit",
                  vendor: "oracle",
                  versions: [
                     {
                        status: "affected",
                        version: "14.1",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:retail_service_backbone:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "retail_service_backbone",
                  vendor: "oracle",
                  versions: [
                     {
                        status: "affected",
                        version: "14.1",
                     },
                     {
                        status: "affected",
                        version: "15.0",
                     },
                     {
                        status: "affected",
                        version: "16.0",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "retail_xstore_point_of_service",
                  vendor: "oracle",
                  versions: [
                     {
                        lessThanOrEqual: "19.0",
                        status: "affected",
                        version: "15.0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:weblogic_server:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "weblogic_server",
                  vendor: "oracle",
                  versions: [
                     {
                        lessThanOrEqual: "12.2.1.4.0",
                        status: "affected",
                        version: "12.2.1.3.0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:fasterxml:jackson-databind:2.0.0:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "jackson-databind",
                  vendor: "fasterxml",
                  versions: [
                     {
                        lessThan: "2.9.10.4",
                        status: "affected",
                        version: "2.0.0",
                        versionType: "custom",
                     },
                  ],
               },
            ],
            metrics: [
               {
                  cvssV3_1: {
                     attackComplexity: "LOW",
                     attackVector: "NETWORK",
                     availabilityImpact: "HIGH",
                     baseScore: 8.8,
                     baseSeverity: "HIGH",
                     confidentialityImpact: "HIGH",
                     integrityImpact: "HIGH",
                     privilegesRequired: "NONE",
                     scope: "UNCHANGED",
                     userInteraction: "REQUIRED",
                     vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                     version: "3.1",
                  },
               },
               {
                  other: {
                     content: {
                        id: "CVE-2020-10969",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "total",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-05-25T04:00:45.779442Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            problemTypes: [
               {
                  descriptions: [
                     {
                        cweId: "CWE-502",
                        description: "CWE-502 Deserialization of Untrusted Data",
                        lang: "en",
                        type: "CWE",
                     },
                  ],
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-06-04T19:58:54.159Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T11:21:13.816Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "[debian-lts-announce] 20200417 [SECURITY] [DLA 2179-1] jackson-databind security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpujul2020.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20200403-0002/",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/FasterXML/jackson-databind/issues/2642",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpuoct2020.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpujan2021.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpuoct2021.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2021-10-20T10:38:44",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "[debian-lts-announce] 20200417 [SECURITY] [DLA 2179-1] jackson-databind security update",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com/security-alerts/cpujul2020.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://security.netapp.com/advisory/ntap-20200403-0002/",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/FasterXML/jackson-databind/issues/2642",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com/security-alerts/cpuoct2020.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com/security-alerts/cpujan2021.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com/security-alerts/cpuoct2021.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2020-10969",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "[debian-lts-announce] 20200417 [SECURITY] [DLA 2179-1] jackson-databind security update",
                     refsource: "MLIST",
                     url: "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html",
                  },
                  {
                     name: "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
                     refsource: "MISC",
                     url: "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
                  },
                  {
                     name: "https://www.oracle.com/security-alerts/cpujul2020.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com/security-alerts/cpujul2020.html",
                  },
                  {
                     name: "https://security.netapp.com/advisory/ntap-20200403-0002/",
                     refsource: "CONFIRM",
                     url: "https://security.netapp.com/advisory/ntap-20200403-0002/",
                  },
                  {
                     name: "https://github.com/FasterXML/jackson-databind/issues/2642",
                     refsource: "MISC",
                     url: "https://github.com/FasterXML/jackson-databind/issues/2642",
                  },
                  {
                     name: "https://www.oracle.com/security-alerts/cpuoct2020.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com/security-alerts/cpuoct2020.html",
                  },
                  {
                     name: "https://www.oracle.com/security-alerts/cpujan2021.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com/security-alerts/cpujan2021.html",
                  },
                  {
                     name: "https://www.oracle.com/security-alerts/cpuoct2021.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com/security-alerts/cpuoct2021.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2020-10969",
      datePublished: "2020-03-26T12:43:34",
      dateReserved: "2020-03-26T00:00:00",
      dateUpdated: "2024-08-04T11:21:13.816Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2019-16942
Vulnerability from cvelistv5
Published
2019-10-01 16:04
Modified
2024-08-05 01:24
Severity ?
Summary
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.
References
https://lists.debian.org/debian-lts-announce/2019/10/msg00001.htmlmailing-list, x_refsource_MLIST
https://www.debian.org/security/2019/dsa-4542vendor-advisory, x_refsource_DEBIAN
https://seclists.org/bugtraq/2019/Oct/6mailing-list, x_refsource_BUGTRAQ
https://lists.apache.org/thread.html/b2e23c94f9dfef53e04c492e5d02e5c75201734be7adc73a49ef2370%40%3Cissues.geode.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/7782a937c9259a58337ee36b2961f00e2d744feafc13084e176d0df5%40%3Cissues.geode.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TH5VFUN4P7CCIP7KSEXYA5MUTFCUDUJT/vendor-advisory, x_refsource_FEDORA
https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q7CANA7KV53JROZDX5Z5P26UG5VN2K43/vendor-advisory, x_refsource_FEDORA
https://access.redhat.com/errata/RHSA-2019:3901vendor-advisory, x_refsource_REDHAT
https://lists.apache.org/thread.html/a430dbc9be874c41314cc69e697384567a9a24025e819d9485547954%40%3Cissues.geode.apache.org%3Emailing-list, x_refsource_MLIST
https://access.redhat.com/errata/RHSA-2020:0164vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2020:0159vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2020:0160vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2020:0161vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2020:0445vendor-advisory, x_refsource_REDHAT
https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062x_refsource_MISC
https://www.oracle.com/security-alerts/cpuapr2020.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpujul2020.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpujan2020.htmlx_refsource_MISC
https://github.com/FasterXML/jackson-databind/issues/2478x_refsource_MISC
https://issues.apache.org/jira/browse/GEODE-7255x_refsource_MISC
https://security.netapp.com/advisory/ntap-20191017-0006/x_refsource_CONFIRM
https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3Emailing-list, x_refsource_MLIST
https://www.oracle.com/security-alerts/cpuoct2020.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpuApr2021.htmlx_refsource_MISC
https://www.oracle.com//security-alerts/cpujul2021.htmlx_refsource_MISC
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T01:24:48.535Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "[debian-lts-announce] 20191002 [SECURITY] [DLA 1943-1] jackson-databind security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2019/10/msg00001.html",
               },
               {
                  name: "DSA-4542",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2019/dsa-4542",
               },
               {
                  name: "20191007 [SECURITY] [DSA 4542-1] jackson-databind security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "https://seclists.org/bugtraq/2019/Oct/6",
               },
               {
                  name: "[geode-issues] 20191008 [jira] [Commented] (GEODE-7255) Need to pick up CVE-2019-16942",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/b2e23c94f9dfef53e04c492e5d02e5c75201734be7adc73a49ef2370%40%3Cissues.geode.apache.org%3E",
               },
               {
                  name: "[geode-issues] 20191011 [jira] [Commented] (GEODE-7255) Need to pick up CVE-2019-16942",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/7782a937c9259a58337ee36b2961f00e2d744feafc13084e176d0df5%40%3Cissues.geode.apache.org%3E",
               },
               {
                  name: "FEDORA-2019-b171554877",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TH5VFUN4P7CCIP7KSEXYA5MUTFCUDUJT/",
               },
               {
                  name: "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E",
               },
               {
                  name: "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E",
               },
               {
                  name: "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E",
               },
               {
                  name: "FEDORA-2019-cf87377f5f",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q7CANA7KV53JROZDX5Z5P26UG5VN2K43/",
               },
               {
                  name: "RHSA-2019:3901",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2019:3901",
               },
               {
                  name: "[geode-issues] 20191230 [jira] [Closed] (GEODE-7255) Need to pick up CVE-2019-16942",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/a430dbc9be874c41314cc69e697384567a9a24025e819d9485547954%40%3Cissues.geode.apache.org%3E",
               },
               {
                  name: "RHSA-2020:0164",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2020:0164",
               },
               {
                  name: "RHSA-2020:0159",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2020:0159",
               },
               {
                  name: "RHSA-2020:0160",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2020:0160",
               },
               {
                  name: "RHSA-2020:0161",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2020:0161",
               },
               {
                  name: "RHSA-2020:0445",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2020:0445",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpuapr2020.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpujul2020.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpujan2020.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/FasterXML/jackson-databind/issues/2478",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://issues.apache.org/jira/browse/GEODE-7255",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20191017-0006/",
               },
               {
                  name: "[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E",
               },
               {
                  name: "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpuoct2020.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpuApr2021.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com//security-alerts/cpujul2021.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2021-07-20T22:53:38",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "[debian-lts-announce] 20191002 [SECURITY] [DLA 1943-1] jackson-databind security update",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2019/10/msg00001.html",
            },
            {
               name: "DSA-4542",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "https://www.debian.org/security/2019/dsa-4542",
            },
            {
               name: "20191007 [SECURITY] [DSA 4542-1] jackson-databind security update",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "https://seclists.org/bugtraq/2019/Oct/6",
            },
            {
               name: "[geode-issues] 20191008 [jira] [Commented] (GEODE-7255) Need to pick up CVE-2019-16942",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/b2e23c94f9dfef53e04c492e5d02e5c75201734be7adc73a49ef2370%40%3Cissues.geode.apache.org%3E",
            },
            {
               name: "[geode-issues] 20191011 [jira] [Commented] (GEODE-7255) Need to pick up CVE-2019-16942",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/7782a937c9259a58337ee36b2961f00e2d744feafc13084e176d0df5%40%3Cissues.geode.apache.org%3E",
            },
            {
               name: "FEDORA-2019-b171554877",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TH5VFUN4P7CCIP7KSEXYA5MUTFCUDUJT/",
            },
            {
               name: "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E",
            },
            {
               name: "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E",
            },
            {
               name: "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E",
            },
            {
               name: "FEDORA-2019-cf87377f5f",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q7CANA7KV53JROZDX5Z5P26UG5VN2K43/",
            },
            {
               name: "RHSA-2019:3901",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2019:3901",
            },
            {
               name: "[geode-issues] 20191230 [jira] [Closed] (GEODE-7255) Need to pick up CVE-2019-16942",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/a430dbc9be874c41314cc69e697384567a9a24025e819d9485547954%40%3Cissues.geode.apache.org%3E",
            },
            {
               name: "RHSA-2020:0164",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2020:0164",
            },
            {
               name: "RHSA-2020:0159",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2020:0159",
            },
            {
               name: "RHSA-2020:0160",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2020:0160",
            },
            {
               name: "RHSA-2020:0161",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2020:0161",
            },
            {
               name: "RHSA-2020:0445",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2020:0445",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com/security-alerts/cpuapr2020.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com/security-alerts/cpujul2020.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com/security-alerts/cpujan2020.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/FasterXML/jackson-databind/issues/2478",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://issues.apache.org/jira/browse/GEODE-7255",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://security.netapp.com/advisory/ntap-20191017-0006/",
            },
            {
               name: "[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E",
            },
            {
               name: "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com/security-alerts/cpuoct2020.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com/security-alerts/cpuApr2021.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com//security-alerts/cpujul2021.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2019-16942",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "[debian-lts-announce] 20191002 [SECURITY] [DLA 1943-1] jackson-databind security update",
                     refsource: "MLIST",
                     url: "https://lists.debian.org/debian-lts-announce/2019/10/msg00001.html",
                  },
                  {
                     name: "DSA-4542",
                     refsource: "DEBIAN",
                     url: "https://www.debian.org/security/2019/dsa-4542",
                  },
                  {
                     name: "20191007 [SECURITY] [DSA 4542-1] jackson-databind security update",
                     refsource: "BUGTRAQ",
                     url: "https://seclists.org/bugtraq/2019/Oct/6",
                  },
                  {
                     name: "[geode-issues] 20191008 [jira] [Commented] (GEODE-7255) Need to pick up CVE-2019-16942",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/b2e23c94f9dfef53e04c492e5d02e5c75201734be7adc73a49ef2370@%3Cissues.geode.apache.org%3E",
                  },
                  {
                     name: "[geode-issues] 20191011 [jira] [Commented] (GEODE-7255) Need to pick up CVE-2019-16942",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/7782a937c9259a58337ee36b2961f00e2d744feafc13084e176d0df5@%3Cissues.geode.apache.org%3E",
                  },
                  {
                     name: "FEDORA-2019-b171554877",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TH5VFUN4P7CCIP7KSEXYA5MUTFCUDUJT/",
                  },
                  {
                     name: "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E",
                  },
                  {
                     name: "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E",
                  },
                  {
                     name: "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E",
                  },
                  {
                     name: "FEDORA-2019-cf87377f5f",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q7CANA7KV53JROZDX5Z5P26UG5VN2K43/",
                  },
                  {
                     name: "RHSA-2019:3901",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2019:3901",
                  },
                  {
                     name: "[geode-issues] 20191230 [jira] [Closed] (GEODE-7255) Need to pick up CVE-2019-16942",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/a430dbc9be874c41314cc69e697384567a9a24025e819d9485547954@%3Cissues.geode.apache.org%3E",
                  },
                  {
                     name: "RHSA-2020:0164",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2020:0164",
                  },
                  {
                     name: "RHSA-2020:0159",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2020:0159",
                  },
                  {
                     name: "RHSA-2020:0160",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2020:0160",
                  },
                  {
                     name: "RHSA-2020:0161",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2020:0161",
                  },
                  {
                     name: "RHSA-2020:0445",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2020:0445",
                  },
                  {
                     name: "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
                     refsource: "MISC",
                     url: "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
                  },
                  {
                     name: "https://www.oracle.com/security-alerts/cpuapr2020.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com/security-alerts/cpuapr2020.html",
                  },
                  {
                     name: "https://www.oracle.com/security-alerts/cpujul2020.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com/security-alerts/cpujul2020.html",
                  },
                  {
                     name: "https://www.oracle.com/security-alerts/cpujan2020.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com/security-alerts/cpujan2020.html",
                  },
                  {
                     name: "https://github.com/FasterXML/jackson-databind/issues/2478",
                     refsource: "MISC",
                     url: "https://github.com/FasterXML/jackson-databind/issues/2478",
                  },
                  {
                     name: "https://issues.apache.org/jira/browse/GEODE-7255",
                     refsource: "MISC",
                     url: "https://issues.apache.org/jira/browse/GEODE-7255",
                  },
                  {
                     name: "https://security.netapp.com/advisory/ntap-20191017-0006/",
                     refsource: "CONFIRM",
                     url: "https://security.netapp.com/advisory/ntap-20191017-0006/",
                  },
                  {
                     name: "[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E",
                  },
                  {
                     name: "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E",
                  },
                  {
                     name: "https://www.oracle.com/security-alerts/cpuoct2020.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com/security-alerts/cpuoct2020.html",
                  },
                  {
                     name: "https://www.oracle.com/security-alerts/cpuApr2021.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com/security-alerts/cpuApr2021.html",
                  },
                  {
                     name: "https://www.oracle.com//security-alerts/cpujul2021.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com//security-alerts/cpujul2021.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2019-16942",
      datePublished: "2019-10-01T16:04:26",
      dateReserved: "2019-09-29T00:00:00",
      dateUpdated: "2024-08-05T01:24:48.535Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-9548
Vulnerability from cvelistv5
Published
2020-03-02 03:58
Modified
2024-08-04 10:34
Severity ?
Summary
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).
References
https://lists.debian.org/debian-lts-announce/2020/03/msg00008.htmlmailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rb6fecb5e96a6d61e175ff49f33f2713798dd05cf03067c169d195596%40%3Cissues.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r9464a40d25c3ba1a55622db72f113eb494a889656962d098c70c5bb1%40%3Cdev.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rdd49ab9565bec436a896bc00c4b9fc9dce1598e106c318524fbdfec6%40%3Cissues.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r35d30db00440ef63b791c4b7f7acb036e14d4a23afa2a249cb66c0fd%40%3Cissues.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r98c9b6e4c9e17792e2cd1ec3e4aa20b61a791939046d3f10888176bb%40%3Cissues.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rd5a4457be4623038c3989294429bc063eec433a2e55995d81591e2ca%40%3Cissues.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rdd4df698d5d8e635144d2994922bf0842e933809eae259521f3b5097%40%3Cissues.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062x_refsource_MISC
https://www.oracle.com/security-alerts/cpujul2020.htmlx_refsource_MISC
https://github.com/FasterXML/jackson-databind/issues/2634x_refsource_MISC
https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3Emailing-list, x_refsource_MLIST
https://www.oracle.com/security-alerts/cpuoct2020.htmlx_refsource_MISC
https://security.netapp.com/advisory/ntap-20200904-0006/x_refsource_CONFIRM
https://www.oracle.com/security-alerts/cpujan2021.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpuoct2021.htmlx_refsource_MISC
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T10:34:39.821Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "[debian-lts-announce] 20200305 [SECURITY] [DLA 2135-1] jackson-databind security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2020/03/msg00008.html",
               },
               {
                  name: "[zookeeper-issues] 20200307 [jira] [Created] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/rb6fecb5e96a6d61e175ff49f33f2713798dd05cf03067c169d195596%40%3Cissues.zookeeper.apache.org%3E",
               },
               {
                  name: "[zookeeper-dev] 20200307 [jira] [Created] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/r9464a40d25c3ba1a55622db72f113eb494a889656962d098c70c5bb1%40%3Cdev.zookeeper.apache.org%3E",
               },
               {
                  name: "[zookeeper-issues] 20200307 [jira] [Updated] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/rdd49ab9565bec436a896bc00c4b9fc9dce1598e106c318524fbdfec6%40%3Cissues.zookeeper.apache.org%3E",
               },
               {
                  name: "[zookeeper-issues] 20200308 [jira] [Commented] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/r35d30db00440ef63b791c4b7f7acb036e14d4a23afa2a249cb66c0fd%40%3Cissues.zookeeper.apache.org%3E",
               },
               {
                  name: "[zookeeper-issues] 20200319 [jira] [Commented] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/r98c9b6e4c9e17792e2cd1ec3e4aa20b61a791939046d3f10888176bb%40%3Cissues.zookeeper.apache.org%3E",
               },
               {
                  name: "[zookeeper-issues] 20200319 [jira] [Updated] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/rd5a4457be4623038c3989294429bc063eec433a2e55995d81591e2ca%40%3Cissues.zookeeper.apache.org%3E",
               },
               {
                  name: "[zookeeper-issues] 20200430 [jira] [Resolved] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/rdd4df698d5d8e635144d2994922bf0842e933809eae259521f3b5097%40%3Cissues.zookeeper.apache.org%3E",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpujul2020.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/FasterXML/jackson-databind/issues/2634",
               },
               {
                  name: "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpuoct2020.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20200904-0006/",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpujan2021.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpuoct2021.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2021-10-20T10:40:31",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "[debian-lts-announce] 20200305 [SECURITY] [DLA 2135-1] jackson-databind security update",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2020/03/msg00008.html",
            },
            {
               name: "[zookeeper-issues] 20200307 [jira] [Created] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/rb6fecb5e96a6d61e175ff49f33f2713798dd05cf03067c169d195596%40%3Cissues.zookeeper.apache.org%3E",
            },
            {
               name: "[zookeeper-dev] 20200307 [jira] [Created] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/r9464a40d25c3ba1a55622db72f113eb494a889656962d098c70c5bb1%40%3Cdev.zookeeper.apache.org%3E",
            },
            {
               name: "[zookeeper-issues] 20200307 [jira] [Updated] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/rdd49ab9565bec436a896bc00c4b9fc9dce1598e106c318524fbdfec6%40%3Cissues.zookeeper.apache.org%3E",
            },
            {
               name: "[zookeeper-issues] 20200308 [jira] [Commented] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/r35d30db00440ef63b791c4b7f7acb036e14d4a23afa2a249cb66c0fd%40%3Cissues.zookeeper.apache.org%3E",
            },
            {
               name: "[zookeeper-issues] 20200319 [jira] [Commented] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/r98c9b6e4c9e17792e2cd1ec3e4aa20b61a791939046d3f10888176bb%40%3Cissues.zookeeper.apache.org%3E",
            },
            {
               name: "[zookeeper-issues] 20200319 [jira] [Updated] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/rd5a4457be4623038c3989294429bc063eec433a2e55995d81591e2ca%40%3Cissues.zookeeper.apache.org%3E",
            },
            {
               name: "[zookeeper-issues] 20200430 [jira] [Resolved] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/rdd4df698d5d8e635144d2994922bf0842e933809eae259521f3b5097%40%3Cissues.zookeeper.apache.org%3E",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com/security-alerts/cpujul2020.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/FasterXML/jackson-databind/issues/2634",
            },
            {
               name: "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com/security-alerts/cpuoct2020.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://security.netapp.com/advisory/ntap-20200904-0006/",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com/security-alerts/cpujan2021.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com/security-alerts/cpuoct2021.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2020-9548",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "[debian-lts-announce] 20200305 [SECURITY] [DLA 2135-1] jackson-databind security update",
                     refsource: "MLIST",
                     url: "https://lists.debian.org/debian-lts-announce/2020/03/msg00008.html",
                  },
                  {
                     name: "[zookeeper-issues] 20200307 [jira] [Created] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/rb6fecb5e96a6d61e175ff49f33f2713798dd05cf03067c169d195596@%3Cissues.zookeeper.apache.org%3E",
                  },
                  {
                     name: "[zookeeper-dev] 20200307 [jira] [Created] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/r9464a40d25c3ba1a55622db72f113eb494a889656962d098c70c5bb1@%3Cdev.zookeeper.apache.org%3E",
                  },
                  {
                     name: "[zookeeper-issues] 20200307 [jira] [Updated] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/rdd49ab9565bec436a896bc00c4b9fc9dce1598e106c318524fbdfec6@%3Cissues.zookeeper.apache.org%3E",
                  },
                  {
                     name: "[zookeeper-issues] 20200308 [jira] [Commented] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/r35d30db00440ef63b791c4b7f7acb036e14d4a23afa2a249cb66c0fd@%3Cissues.zookeeper.apache.org%3E",
                  },
                  {
                     name: "[zookeeper-issues] 20200319 [jira] [Commented] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/r98c9b6e4c9e17792e2cd1ec3e4aa20b61a791939046d3f10888176bb@%3Cissues.zookeeper.apache.org%3E",
                  },
                  {
                     name: "[zookeeper-issues] 20200319 [jira] [Updated] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/rd5a4457be4623038c3989294429bc063eec433a2e55995d81591e2ca@%3Cissues.zookeeper.apache.org%3E",
                  },
                  {
                     name: "[zookeeper-issues] 20200430 [jira] [Resolved] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/rdd4df698d5d8e635144d2994922bf0842e933809eae259521f3b5097@%3Cissues.zookeeper.apache.org%3E",
                  },
                  {
                     name: "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
                     refsource: "MISC",
                     url: "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
                  },
                  {
                     name: "https://www.oracle.com/security-alerts/cpujul2020.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com/security-alerts/cpujul2020.html",
                  },
                  {
                     name: "https://github.com/FasterXML/jackson-databind/issues/2634",
                     refsource: "MISC",
                     url: "https://github.com/FasterXML/jackson-databind/issues/2634",
                  },
                  {
                     name: "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E",
                  },
                  {
                     name: "https://www.oracle.com/security-alerts/cpuoct2020.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com/security-alerts/cpuoct2020.html",
                  },
                  {
                     name: "https://security.netapp.com/advisory/ntap-20200904-0006/",
                     refsource: "CONFIRM",
                     url: "https://security.netapp.com/advisory/ntap-20200904-0006/",
                  },
                  {
                     name: "https://www.oracle.com/security-alerts/cpujan2021.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com/security-alerts/cpujan2021.html",
                  },
                  {
                     name: "https://www.oracle.com/security-alerts/cpuoct2021.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com/security-alerts/cpuoct2021.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2020-9548",
      datePublished: "2020-03-02T03:58:55",
      dateReserved: "2020-03-02T00:00:00",
      dateUpdated: "2024-08-04T10:34:39.821Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-10672
Vulnerability from cvelistv5
Published
2020-03-18 21:17
Modified
2024-08-04 11:06
Summary
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            affected: [
               {
                  cpes: [
                     "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "debian_linux",
                  vendor: "debian",
                  versions: [
                     {
                        status: "affected",
                        version: "8.0",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "steelstore_cloud_integrated_storage",
                  vendor: "netapp",
                  versions: [
                     {
                        status: "affected",
                        version: "*",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "agile_plm",
                  vendor: "oracle",
                  versions: [
                     {
                        status: "affected",
                        version: "9.3.6",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "autovue_for_agile_product_lifecycle_management",
                  vendor: "oracle",
                  versions: [
                     {
                        status: "affected",
                        version: "21.0.2",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "banking_digital_experience",
                  vendor: "oracle",
                  versions: [
                     {
                        lessThanOrEqual: "18.3",
                        status: "affected",
                        version: "18.1",
                        versionType: "custom",
                     },
                     {
                        lessThanOrEqual: "19.2",
                        status: "affected",
                        version: "19.1",
                        versionType: "custom",
                     },
                     {
                        status: "affected",
                        version: "20.1",
                     },
                     {
                        lessThanOrEqual: "2.9.0",
                        status: "affected",
                        version: "2.4.0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "communications_calendar_server",
                  vendor: "oracle",
                  versions: [
                     {
                        lessThanOrEqual: "8.0.0.5.0",
                        status: "affected",
                        version: "8.0.0.4.0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:communications_diameter_signaling_router:-:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "communications_diameter_signaling_router",
                  vendor: "oracle",
                  versions: [
                     {
                        lessThanOrEqual: "8.2.2",
                        status: "affected",
                        version: "8.0.0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "communications_element_manager",
                  vendor: "oracle",
                  versions: [
                     {
                        lessThanOrEqual: "8.2.2",
                        status: "affected",
                        version: "8.2.0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "communications_evolved_communications_application_server",
                  vendor: "oracle",
                  versions: [
                     {
                        status: "affected",
                        version: "7.1",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "communications_instant_messaging_server",
                  vendor: "oracle",
                  versions: [
                     {
                        status: "affected",
                        version: "10.0.1.4.0",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "communications_network_charging_and_control",
                  vendor: "oracle",
                  versions: [
                     {
                        status: "affected",
                        version: "6.0.1",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.0:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "communications_network_charging_and_control",
                  vendor: "oracle",
                  versions: [
                     {
                        lessThanOrEqual: "12.0.3",
                        status: "affected",
                        version: "12.0.0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:communications_session_route_manager:-:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "communications_session_route_manager",
                  vendor: "oracle",
                  versions: [
                     {
                        lessThanOrEqual: "8.2.2",
                        status: "affected",
                        version: "8.2.0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "enterprise_manager_base_platform",
                  vendor: "oracle",
                  versions: [
                     {
                        lessThanOrEqual: "13.4.0.0",
                        status: "affected",
                        version: "13.3.0.0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "financial_services_analytical_applications_infrastructure",
                  vendor: "oracle",
                  versions: [
                     {
                        lessThanOrEqual: "8.1.0",
                        status: "affected",
                        version: "8.0.6",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "financial_services_institutional_performance_analytics",
                  vendor: "oracle",
                  versions: [
                     {
                        status: "affected",
                        version: "8.0.6",
                     },
                     {
                        status: "affected",
                        version: "8.0.7",
                     },
                     {
                        status: "affected",
                        version: "8.1.0",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "financial_services_price_creation_and_discovery",
                  vendor: "oracle",
                  versions: [
                     {
                        lessThanOrEqual: "8.0.7",
                        status: "affected",
                        version: "8.0.6",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "financial_services_retail_customer_analytics",
                  vendor: "oracle",
                  versions: [
                     {
                        status: "affected",
                        version: "8.0.6",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "global_lifecycle_management_opatch",
                  vendor: "oracle",
                  versions: [
                     {
                        lessThanOrEqual: "12.2.0.1.20",
                        status: "affected",
                        version: "0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "insurance_policy_administration_j2ee",
                  vendor: "oracle",
                  versions: [
                     {
                        lessThan: "11.1.0.15",
                        status: "affected",
                        version: "11.0.2.25",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:-:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "jd_edwards_enterpriseone_orchestrator",
                  vendor: "oracle",
                  versions: [
                     {
                        lessThanOrEqual: "9.2.4.2",
                        status: "affected",
                        version: "0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "primavera_unifier",
                  vendor: "oracle",
                  versions: [
                     {
                        status: "affected",
                        version: "16.1",
                     },
                     {
                        status: "affected",
                        version: "16.2",
                     },
                     {
                        lessThanOrEqual: "17.12",
                        status: "affected",
                        version: "17.7",
                        versionType: "custom",
                     },
                     {
                        status: "affected",
                        version: "18.8",
                     },
                     {
                        status: "affected",
                        version: "19.12",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "retail_merchandising_system",
                  vendor: "oracle",
                  versions: [
                     {
                        status: "affected",
                        version: "15.0",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "retail_sales_audit",
                  vendor: "oracle",
                  versions: [
                     {
                        status: "affected",
                        version: "14.1",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:retail_service_backbone:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "retail_service_backbone",
                  vendor: "oracle",
                  versions: [
                     {
                        status: "affected",
                        version: "14.1",
                     },
                     {
                        status: "affected",
                        version: "15.0",
                     },
                     {
                        status: "affected",
                        version: "16.0",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "retail_xstore_point_of_service",
                  vendor: "oracle",
                  versions: [
                     {
                        lessThanOrEqual: "19.0",
                        status: "affected",
                        version: "15.0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:weblogic_server:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "weblogic_server",
                  vendor: "oracle",
                  versions: [
                     {
                        lessThanOrEqual: "12.2.1.4.0",
                        status: "affected",
                        version: "12.2.1.3.0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:fasterxml:jackson-databind:2.0.0:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "jackson-databind",
                  vendor: "fasterxml",
                  versions: [
                     {
                        lessThan: "2.9.10.4",
                        status: "affected",
                        version: "2.0.0",
                        versionType: "custom",
                     },
                  ],
               },
            ],
            metrics: [
               {
                  cvssV3_1: {
                     attackComplexity: "LOW",
                     attackVector: "NETWORK",
                     availabilityImpact: "HIGH",
                     baseScore: 8.8,
                     baseSeverity: "HIGH",
                     confidentialityImpact: "HIGH",
                     integrityImpact: "HIGH",
                     privilegesRequired: "NONE",
                     scope: "UNCHANGED",
                     userInteraction: "REQUIRED",
                     vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                     version: "3.1",
                  },
               },
               {
                  other: {
                     content: {
                        id: "CVE-2020-10672",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "total",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-05-25T04:00:48.872316Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            problemTypes: [
               {
                  descriptions: [
                     {
                        cweId: "CWE-502",
                        description: "CWE-502 Deserialization of Untrusted Data",
                        lang: "en",
                        type: "CWE",
                     },
                  ],
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-06-04T19:56:32.131Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T11:06:11.143Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "[debian-lts-announce] 20200322 [SECURITY] [DLA 2153-1] jackson-databind security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2020/03/msg00027.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpujul2020.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/FasterXML/jackson-databind/issues/2659",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20200403-0002/",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpuoct2020.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpujan2021.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpuoct2021.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2021-10-20T10:38:38",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "[debian-lts-announce] 20200322 [SECURITY] [DLA 2153-1] jackson-databind security update",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2020/03/msg00027.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com/security-alerts/cpujul2020.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/FasterXML/jackson-databind/issues/2659",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://security.netapp.com/advisory/ntap-20200403-0002/",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com/security-alerts/cpuoct2020.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com/security-alerts/cpujan2021.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com/security-alerts/cpuoct2021.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2020-10672",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "[debian-lts-announce] 20200322 [SECURITY] [DLA 2153-1] jackson-databind security update",
                     refsource: "MLIST",
                     url: "https://lists.debian.org/debian-lts-announce/2020/03/msg00027.html",
                  },
                  {
                     name: "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
                     refsource: "MISC",
                     url: "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
                  },
                  {
                     name: "https://www.oracle.com/security-alerts/cpujul2020.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com/security-alerts/cpujul2020.html",
                  },
                  {
                     name: "https://github.com/FasterXML/jackson-databind/issues/2659",
                     refsource: "MISC",
                     url: "https://github.com/FasterXML/jackson-databind/issues/2659",
                  },
                  {
                     name: "https://security.netapp.com/advisory/ntap-20200403-0002/",
                     refsource: "CONFIRM",
                     url: "https://security.netapp.com/advisory/ntap-20200403-0002/",
                  },
                  {
                     name: "https://www.oracle.com/security-alerts/cpuoct2020.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com/security-alerts/cpuoct2020.html",
                  },
                  {
                     name: "https://www.oracle.com/security-alerts/cpujan2021.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com/security-alerts/cpujan2021.html",
                  },
                  {
                     name: "https://www.oracle.com/security-alerts/cpuoct2021.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com/security-alerts/cpuoct2021.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2020-10672",
      datePublished: "2020-03-18T21:17:43",
      dateReserved: "2020-03-18T00:00:00",
      dateUpdated: "2024-08-04T11:06:11.143Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-10650
Vulnerability from cvelistv5
Published
2022-12-26 00:00
Modified
2024-08-04 11:06
Severity ?
Summary
A deserialization flaw was discovered in jackson-databind through 2.9.10.4. It could allow an unauthenticated user to perform code execution via ignite-jta or quartz-core: org.apache.ignite.cache.jta.jndi.CacheJndiTmLookup, org.apache.ignite.cache.jta.jndi.CacheJndiTmFactory, and org.quartz.utils.JNDIConnectionProvider.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T11:06:10.616Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpujan2021.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/advisories/GHSA-rpr3-cw39-3pxh",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpuoct2022.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/FasterXML/jackson-databind/issues/2658",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/FasterXML/jackson-databind/commit/a424c038ba0c0d65e579e22001dec925902ac0ef",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2023/04/msg00032.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20230818-0007/",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "A deserialization flaw was discovered in jackson-databind through 2.9.10.4. It could allow an unauthenticated user to perform code execution via ignite-jta or quartz-core: org.apache.ignite.cache.jta.jndi.CacheJndiTmLookup, org.apache.ignite.cache.jta.jndi.CacheJndiTmFactory, and org.quartz.utils.JNDIConnectionProvider.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-12-26T00:00:00",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               url: "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
            },
            {
               url: "https://www.oracle.com/security-alerts/cpujan2021.html",
            },
            {
               url: "https://github.com/advisories/GHSA-rpr3-cw39-3pxh",
            },
            {
               url: "https://www.oracle.com/security-alerts/cpuoct2022.html",
            },
            {
               url: "https://github.com/FasterXML/jackson-databind/issues/2658",
            },
            {
               url: "https://github.com/FasterXML/jackson-databind/commit/a424c038ba0c0d65e579e22001dec925902ac0ef",
            },
            {
               url: "https://lists.debian.org/debian-lts-announce/2023/04/msg00032.html",
            },
            {
               url: "https://security.netapp.com/advisory/ntap-20230818-0007/",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2020-10650",
      datePublished: "2022-12-26T00:00:00",
      dateReserved: "2020-03-17T00:00:00",
      dateUpdated: "2024-08-04T11:06:10.616Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}