BDU:2024-00114
Vulnerability from fstec - Published: 11.03.2022
VLAI Severity ?
Title
Уязвимость библиотеки Jackson-databind, связанная с записью за границами буфера, позволяющая нарушителю вызвать отказ в обслуживании
Description
Уязвимость библиотеки Jackson-databind связана с записью за границами буфера. Эксплуатация уязвимости может позволить нарушителю,действующему удаленно, вызвать отказ в обслуживании
Severity ?
Vendor
Red Hat Inc., Сообщество свободного программного обеспечения, Oracle Corp., NetApp Inc., Novell Inc., АО "НППКТ", АО «НТЦ ИТ РОСА», АО «ИВК», FasterXML, LLC
Software Name
Red Hat Enterprise Linux, Debian GNU/Linux, Primavera Unifier, OnCommand Workflow Automation, OpenShift Application Runtimes, Red Hat Single Sign-On, openSUSE Tumbleweed, PeopleSoft Enterprise PeopleTools, Red Hat BPM Suite, Oracle Coherence, Oracle SD-WAN Edge, SUSE Linux Enterprise Module for Basesystem, Oracle WebLogic Server Proxy Plug-In, Red Hat Integration Camel K, Red Hat Integration Service Registry, OpenSUSE Leap, Red Hat CodeReady Studio, Red Hat JBoss A-MQ, Red Hat JBoss BRMS, Suse Linux Enterprise Server, OpenShift Logging, Primavera Gateway, Snap Creator Framework, SUSE Linux Enterprise High Performance Computing, SUSE Linux Enterprise Server for SAP Applications, SUSE Manager Proxy, SUSE Manager Server, Suse Linux Enterprise Desktop, SUSE Enterprise Storage, SUSE Linux Enterprise Module for Development Tools, SUSE Manager Retail Branch Server, Oracle Utilities Framework, Active IQ Unified Manager for Microsoft Windows, Active IQ Unified Manager for VMware vSphere, Red Hat OpenShift Container Platform, Cloud Insights Acquisition Unit, Red Hat Integration Change Data Capture, Financial Services Analytical Applications Infrastructure, Oracle Communications Cloud Native Core Console, JBoss Enterprise Application Platform, SUSE Linux Enterprise Real Time, Communications Billing and Revenue Management, Decision Manager, Oracle Financial Services Crime and Compliance Management Studio, Oracle Big Data Spatial and Graph, ОСОН ОСнова Оnyx (запись в едином реестре российских программ №5913), Communications Cloud Native Core Binding Support Function, РОСА ХРОМ (запись в едином реестре российских программ №1607), Red Hat JBoss Enterprise Application Platform, Active IQ Unified Manager for Linux, АЛЬТ СП 10, Oracle Commerce Platform, Logging subsystem for Red Hat OpenShift, Red Hat AMQ Streams, Red Hat AMQ, Red Hat Fuse, Red Hat build of Eclipse Vert.x, Red Hat support for Spring Boot, Oracle Financial Services Enterprise Case Management, Red Hat Data Grid, RHAF Camel-K, Jackson-databind, Red Hat build of Quarkus, Red Hat Process Automation Manager, Red Hat A-MQ Online, Oracle Graph Server and Client, Spatial studio, Oracle Communications Cloud Native Core Network Repository Function, Oracle Communications Cloud Native Core Network Slice Selection Function, Oracle Communications Cloud Native Core Security Edge Protection Proxy, Oracle Communications Cloud Native Core Service Communication Proxy (SCP), Oracle Communications Cloud Native Core Unified Data Repository, Primavera P6 Enterprise Project Portfolio Management, Financial Services Behavior Detection Platform, Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition, Oracle Global Lifecycle Management NextGen OUI Framework, Oracle Health Sciences Empirica Signal, Oracle Retail Sales Audit, SUSE Liberty Linux
Software Version
8 (Red Hat Enterprise Linux), 10 (Debian GNU/Linux), 18.8 (Primavera Unifier), - (OnCommand Workflow Automation), - (OpenShift Application Runtimes), 7 (Red Hat Single Sign-On), 19.12 (Primavera Unifier), - (openSUSE Tumbleweed), от 17.7 до 17.12 включительно (Primavera Unifier), 8.58 (PeopleSoft Enterprise PeopleTools), 6 (Red Hat BPM Suite), 14.1.1.0.0 (Oracle Coherence), 9.0 (Oracle SD-WAN Edge), 20.12 (Primavera Unifier), 15 SP3 (SUSE Linux Enterprise Module for Basesystem), 12.2.1.3.0 (Oracle WebLogic Server Proxy Plug-In), 12.2.1.4.0 (Oracle WebLogic Server Proxy Plug-In), - (Red Hat Integration Camel K), - (Red Hat Integration Service Registry), 15.3 (OpenSUSE Leap), 11 (Debian GNU/Linux), 12 (Debian GNU/Linux), 12 (Red Hat CodeReady Studio), 6 (Red Hat JBoss A-MQ), 6 (Red Hat JBoss BRMS), 15 SP2 LTSS (Suse Linux Enterprise Server), 5.3 (OpenShift Logging), от 17.12.0 до 17.12.11 включительно (Primavera Gateway), - (Snap Creator Framework), 15.4 (OpenSUSE Leap), 15 SP3 (SUSE Linux Enterprise High Performance Computing), 15 SP3 (Suse Linux Enterprise Server), 15 SP3 (SUSE Linux Enterprise Server for SAP Applications), 4.2 (SUSE Manager Proxy), 4.2 (SUSE Manager Server), 15 SP3 (Suse Linux Enterprise Desktop), 7 (SUSE Enterprise Storage), 15 SP2 (SUSE Linux Enterprise Server for SAP Applications), 4.1 (SUSE Manager Server), 4.1 (SUSE Manager Proxy), 15 SP2-ESPOS (SUSE Linux Enterprise High Performance Computing), 15 SP2-LTSS (SUSE Linux Enterprise High Performance Computing), 15 SP3 (SUSE Linux Enterprise Module for Development Tools), 4.1 (SUSE Manager Retail Branch Server), 8.59 (PeopleSoft Enterprise PeopleTools), 4.4.0.3.0 (Oracle Utilities Framework), 4.4.0.2.0 (Oracle Utilities Framework), 4.4.0.0.0 (Oracle Utilities Framework), - (Active IQ Unified Manager for Microsoft Windows), - (Active IQ Unified Manager for VMware vSphere), 3.11 (Red Hat OpenShift Container Platform), - (Cloud Insights Acquisition Unit), 15 SP4 (Suse Linux Enterprise Server), 4 (Red Hat OpenShift Container Platform), - (Red Hat Integration Change Data Capture), 15 SP4 (Suse Linux Enterprise Desktop), 8.1.1 (Financial Services Analytical Applications Infrastructure), 15 SP2-BCL (Suse Linux Enterprise Server), 15 SP4 (SUSE Linux Enterprise Server for SAP Applications), 1.9.0 (Oracle Communications Cloud Native Core Console), 7.4 for RHEL 8 (JBoss Enterprise Application Platform), 7.4 on RHEL 7 (JBoss Enterprise Application Platform), 4.2 (SUSE Manager Retail Branch Server), 9 (Red Hat Enterprise Linux), 15 SP2 (SUSE Linux Enterprise Real Time), 4.3 (SUSE Manager Retail Branch Server), 4.3 (SUSE Manager Proxy), 4.3 (SUSE Manager Server), 15 SP4 (SUSE Linux Enterprise High Performance Computing), 7.1 (SUSE Enterprise Storage), 15 SP4 (SUSE Linux Enterprise Module for Basesystem), 15 SP4 (SUSE Linux Enterprise Module for Development Tools), от 12.0.0.4.0 до 12.0.0.6.0 включительно (Communications Billing and Revenue Management), 21.12 (Primavera Unifier), 4.3.0.5.0 (Oracle Utilities Framework), 4.3.0.6.0 (Oracle Utilities Framework), 7 (Decision Manager), 8.0.8.2.0 (Oracle Financial Services Crime and Compliance Management Studio), 8.0.8.3.0 (Oracle Financial Services Crime and Compliance Management Studio), 9.1 (Oracle SD-WAN Edge), до 23.1 (Oracle Big Data Spatial and Graph), до 2.7 (ОСОН ОСнова Оnyx), 15 SP5 (SUSE Linux Enterprise Server for SAP Applications), 15 SP5 (Suse Linux Enterprise Server), 15 SP5 (Suse Linux Enterprise Desktop), 15 SP5 (SUSE Linux Enterprise High Performance Computing), 15 SP5 (SUSE Linux Enterprise Module for Basesystem), 15 SP5 (SUSE Linux Enterprise Module for Development Tools), 22.1.3 (Communications Cloud Native Core Binding Support Function), 12.4 (РОСА ХРОМ), 7 (Red Hat JBoss Enterprise Application Platform), - (Active IQ Unified Manager for Linux), - (АЛЬТ СП 10), 7.6 for RHEL 7 (Red Hat Single Sign-On), 7.6 for RHEL 8 (Red Hat Single Sign-On), 7.6 for RHEL 9 (Red Hat Single Sign-On), 11.3.2 (Oracle Commerce Platform), 5.4 (Logging subsystem for Red Hat OpenShift), 2.4.0 (Red Hat AMQ Streams), 7.5 for RHEL 7 (Red Hat Single Sign-On), 7.5 for RHEL 8 (Red Hat Single Sign-On), 7.10.0 (Red Hat AMQ), 7.6.1 (Red Hat Single Sign-On), 7.11 (Red Hat Fuse), 2.2.0 (Red Hat AMQ Streams), 4.2.7 (Red Hat build of Eclipse Vert.x), - (Red Hat support for Spring Boot), 8.0.7.1 (Oracle Financial Services Enterprise Case Management), 8.0.7.2 (Oracle Financial Services Enterprise Case Management), 8.0.8.0 (Oracle Financial Services Enterprise Case Management), 8.0.8.1 (Oracle Financial Services Enterprise Case Management), 8.3.1 (Red Hat Data Grid), 1.8 (RHAF Camel-K), до 2.12.6.1 (Jackson-databind), от 2.13.0 до 2.13.2.1 (Jackson-databind), 2.7.6 (Red Hat build of Quarkus), 7.13.1 (Red Hat Process Automation Manager), - (Red Hat A-MQ Online), до 22.2.0 (Oracle Graph Server and Client), до 22.1.0 (Spatial studio), 11.3.0 (Oracle Commerce Platform), 11.3.1 (Oracle Commerce Platform), 22.1.2 (Oracle Communications Cloud Native Core Network Repository Function), 22.2.0 (Oracle Communications Cloud Native Core Network Repository Function), 22.1.1 (Oracle Communications Cloud Native Core Network Slice Selection Function), 22.1.1 (Oracle Communications Cloud Native Core Security Edge Protection Proxy), 22.2.0 (Oracle Communications Cloud Native Core Service Communication Proxy (SCP)), 22.2.0 (Oracle Communications Cloud Native Core Unified Data Repository), от 18.8.0 до 18.8.14 включительно (Primavera Gateway), от 19.12.0 до 19.12.13 включительно (Primavera Gateway), от 20.12.0 до 20.12.8 включительно (Primavera Gateway), от 21.12.0 до 21.12.1 включительно (Primavera Gateway), от 17.12.0.0 до 17.12.20.4 включительно (Primavera P6 Enterprise Project Portfolio Management), от 18.8.0.0 до 18.8.25.4 включительно (Primavera P6 Enterprise Project Portfolio Management), от 19.12.0.0 до 19.12.19.0 включительно (Primavera P6 Enterprise Project Portfolio Management), от 8.0.7.0 до 8.1.0.0 включительно (Financial Services Analytical Applications Infrastructure), 8.1.2.0 (Financial Services Analytical Applications Infrastructure), 8.1.2.1 (Financial Services Analytical Applications Infrastructure), 8.0.7.0 (Financial Services Behavior Detection Platform), 8.0.8.0 (Financial Services Behavior Detection Platform), от 8.1.1.0 до 8.1.2.1 включительно (Oracle Financial Services Enterprise Case Management), 8.0.7.0 (Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition), 8.0.8.0 (Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition), до 13.9.4.2.10 включительно (Oracle Global Lifecycle Management NextGen OUI Framework), 14.1.1.0.0 (Oracle WebLogic Server Proxy Plug-In), 9.1.0.52 (Oracle Health Sciences Empirica Signal), 9.2.0.52 (Oracle Health Sciences Empirica Signal), 15.0.3.1 (Oracle Retail Sales Audit), 4.5.0.0.0 (Oracle Utilities Framework), 9 (SUSE Liberty Linux)
Possible Mitigations
Использование рекомендаций:
Для FasterXML:
https://github.com/FasterXML/jackson-databind/issues/2816
Для Debian GNU/Linux:
https://security-tracker.debian.org/tracker/CVE-2020-36518
Для программных продуктов Red Hat Inc.:
https://access.redhat.com/security/cve/CVE-2020-36518
Для программных продуктов Novell Inc.:
https://www.suse.com/security/cve/CVE-2020-36518.html
Для программных продуктов NetApp Inc.:
https://security.netapp.com/advisory/ntap-20220506-0004/
Для программных продуктов Oracle Corp.:
https://www.oracle.com/security-alerts/cpujul2022.html
https://www.oracle.com/security-alerts/cpuapr2022.html
Для ОСОН ОСнова Оnyx:
https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.7/
Для операционной системы РОСА ХРОМ: https://abf.rosa.ru/advisories/ROSA-SA-2025-2629
Для ОС АЛЬТ СП 10: установка обновления из публичного репозитория программного средства: https://altsp.su/obnovleniya-bezopasnosti/
Reference
https://github.com/FasterXML/jackson-databind/issues/2816
https://security-tracker.debian.org/tracker/CVE-2020-36518
https://access.redhat.com/security/cve/CVE-2020-36518
https://www.suse.com/security/cve/CVE-2020-36518.html
https://security.netapp.com/advisory/ntap-20220506-0004/
https://www.oracle.com/security-alerts/cpujul2022.html
https://www.oracle.com/security-alerts/cpuapr2022.html
https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.7/
https://lists.debian.org/debian-lts-announce/2022/05/msg00001.html
https://abf.rosa.ru/advisories/ROSA-SA-2025-2629
https://altsp.su/obnovleniya-bezopasnosti/
CWE
CWE-787
{
"CVSS 2.0": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Red Hat Inc., \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, Oracle Corp., NetApp Inc., Novell Inc., \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\", \u0410\u041e \u00ab\u041d\u0422\u0426 \u0418\u0422 \u0420\u041e\u0421\u0410\u00bb, \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb, FasterXML, LLC",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "8 (Red Hat Enterprise Linux), 10 (Debian GNU/Linux), 18.8 (Primavera Unifier), - (OnCommand Workflow Automation), - (OpenShift Application Runtimes), 7 (Red Hat Single Sign-On), 19.12 (Primavera Unifier), - (openSUSE Tumbleweed), \u043e\u0442 17.7 \u0434\u043e 17.12 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Primavera Unifier), 8.58 (PeopleSoft Enterprise PeopleTools), 6 (Red Hat BPM Suite), 14.1.1.0.0 (Oracle Coherence), 9.0 (Oracle SD-WAN Edge), 20.12 (Primavera Unifier), 15 SP3 (SUSE Linux Enterprise Module for Basesystem), 12.2.1.3.0 (Oracle WebLogic Server Proxy Plug-In), 12.2.1.4.0 (Oracle WebLogic Server Proxy Plug-In), - (Red Hat Integration Camel K), - (Red Hat Integration Service Registry), 15.3 (OpenSUSE Leap), 11 (Debian GNU/Linux), 12 (Debian GNU/Linux), 12 (Red Hat CodeReady Studio), 6 (Red Hat JBoss A-MQ), 6 (Red Hat JBoss BRMS), 15 SP2 LTSS (Suse Linux Enterprise Server), 5.3 (OpenShift Logging), \u043e\u0442 17.12.0 \u0434\u043e 17.12.11 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Primavera Gateway), - (Snap Creator Framework), 15.4 (OpenSUSE Leap), 15 SP3 (SUSE Linux Enterprise High Performance Computing), 15 SP3 (Suse Linux Enterprise Server), 15 SP3 (SUSE Linux Enterprise Server for SAP Applications), 4.2 (SUSE Manager Proxy), 4.2 (SUSE Manager Server), 15 SP3 (Suse Linux Enterprise Desktop), 7 (SUSE Enterprise Storage), 15 SP2 (SUSE Linux Enterprise Server for SAP Applications), 4.1 (SUSE Manager Server), 4.1 (SUSE Manager Proxy), 15 SP2-ESPOS (SUSE Linux Enterprise High Performance Computing), 15 SP2-LTSS (SUSE Linux Enterprise High Performance Computing), 15 SP3 (SUSE Linux Enterprise Module for Development Tools), 4.1 (SUSE Manager Retail Branch Server), 8.59 (PeopleSoft Enterprise PeopleTools), 4.4.0.3.0 (Oracle Utilities Framework), 4.4.0.2.0 (Oracle Utilities Framework), 4.4.0.0.0 (Oracle Utilities Framework), - (Active IQ Unified Manager for Microsoft Windows), - (Active IQ Unified Manager for VMware vSphere), 3.11 (Red Hat OpenShift Container Platform), - (Cloud Insights Acquisition Unit), 15 SP4 (Suse Linux Enterprise Server), 4 (Red Hat OpenShift Container Platform), - (Red Hat Integration Change Data Capture), 15 SP4 (Suse Linux Enterprise Desktop), 8.1.1 (Financial Services Analytical Applications Infrastructure), 15 SP2-BCL (Suse Linux Enterprise Server), 15 SP4 (SUSE Linux Enterprise Server for SAP Applications), 1.9.0 (Oracle Communications Cloud Native Core Console), 7.4 for RHEL 8 (JBoss Enterprise Application Platform), 7.4 on RHEL 7 (JBoss Enterprise Application Platform), 4.2 (SUSE Manager Retail Branch Server), 9 (Red Hat Enterprise Linux), 15 SP2 (SUSE Linux Enterprise Real Time), 4.3 (SUSE Manager Retail Branch Server), 4.3 (SUSE Manager Proxy), 4.3 (SUSE Manager Server), 15 SP4 (SUSE Linux Enterprise High Performance Computing), 7.1 (SUSE Enterprise Storage), 15 SP4 (SUSE Linux Enterprise Module for Basesystem), 15 SP4 (SUSE Linux Enterprise Module for Development Tools), \u043e\u0442 12.0.0.4.0 \u0434\u043e 12.0.0.6.0 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Communications Billing and Revenue Management), 21.12 (Primavera Unifier), 4.3.0.5.0 (Oracle Utilities Framework), 4.3.0.6.0 (Oracle Utilities Framework), 7 (Decision Manager), 8.0.8.2.0 (Oracle Financial Services Crime and Compliance Management Studio), 8.0.8.3.0 (Oracle Financial Services Crime and Compliance Management Studio), 9.1 (Oracle SD-WAN Edge), \u0434\u043e 23.1 (Oracle Big Data Spatial and Graph), \u0434\u043e 2.7 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx), 15 SP5 (SUSE Linux Enterprise Server for SAP Applications), 15 SP5 (Suse Linux Enterprise Server), 15 SP5 (Suse Linux Enterprise Desktop), 15 SP5 (SUSE Linux Enterprise High Performance Computing), 15 SP5 (SUSE Linux Enterprise Module for Basesystem), 15 SP5 (SUSE Linux Enterprise Module for Development Tools), 22.1.3 (Communications Cloud Native Core Binding Support Function), 12.4 (\u0420\u041e\u0421\u0410 \u0425\u0420\u041e\u041c), 7 (Red Hat JBoss Enterprise Application Platform), - (Active IQ Unified Manager for Linux), - (\u0410\u041b\u042c\u0422 \u0421\u041f 10), 7.6 for RHEL 7 (Red Hat Single Sign-On), 7.6 for RHEL 8 (Red Hat Single Sign-On), 7.6 for RHEL 9 (Red Hat Single Sign-On), 11.3.2 (Oracle Commerce Platform), 5.4 (Logging subsystem for Red Hat OpenShift), 2.4.0 (Red Hat AMQ Streams), 7.5 for RHEL 7 (Red Hat Single Sign-On), 7.5 for RHEL 8 (Red Hat Single Sign-On), 7.10.0 (Red Hat AMQ), 7.6.1 (Red Hat Single Sign-On), 7.11 (Red Hat Fuse), 2.2.0 (Red Hat AMQ Streams), 4.2.7 (Red Hat build of Eclipse Vert.x), - (Red Hat support for Spring Boot), 8.0.7.1 (Oracle Financial Services Enterprise Case Management), 8.0.7.2 (Oracle Financial Services Enterprise Case Management), 8.0.8.0 (Oracle Financial Services Enterprise Case Management), 8.0.8.1 (Oracle Financial Services Enterprise Case Management), 8.3.1 (Red Hat Data Grid), 1.8 (RHAF Camel-K), \u0434\u043e 2.12.6.1 (Jackson-databind), \u043e\u0442 2.13.0 \u0434\u043e 2.13.2.1 (Jackson-databind), 2.7.6 (Red Hat build of Quarkus), 7.13.1 (Red Hat Process Automation Manager), - (Red Hat A-MQ Online), \u0434\u043e 22.2.0 (Oracle Graph Server and Client), \u0434\u043e 22.1.0 (Spatial studio), 11.3.0 (Oracle Commerce Platform), 11.3.1 (Oracle Commerce Platform), 22.1.2 (Oracle Communications Cloud Native Core Network Repository Function), 22.2.0 (Oracle Communications Cloud Native Core Network Repository Function), 22.1.1 (Oracle Communications Cloud Native Core Network Slice Selection Function), 22.1.1 (Oracle Communications Cloud Native Core Security Edge Protection Proxy), 22.2.0 (Oracle Communications Cloud Native Core Service Communication Proxy (SCP)), 22.2.0 (Oracle Communications Cloud Native Core Unified Data Repository), \u043e\u0442 18.8.0 \u0434\u043e 18.8.14 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Primavera Gateway), \u043e\u0442 19.12.0 \u0434\u043e 19.12.13 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Primavera Gateway), \u043e\u0442 20.12.0 \u0434\u043e 20.12.8 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Primavera Gateway), \u043e\u0442 21.12.0 \u0434\u043e 21.12.1 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Primavera Gateway), \u043e\u0442 17.12.0.0 \u0434\u043e 17.12.20.4 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Primavera P6 Enterprise Project Portfolio Management), \u043e\u0442 18.8.0.0 \u0434\u043e 18.8.25.4 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Primavera P6 Enterprise Project Portfolio Management), \u043e\u0442 19.12.0.0 \u0434\u043e 19.12.19.0 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Primavera P6 Enterprise Project Portfolio Management), \u043e\u0442 8.0.7.0 \u0434\u043e 8.1.0.0 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Financial Services Analytical Applications Infrastructure), 8.1.2.0 (Financial Services Analytical Applications Infrastructure), 8.1.2.1 (Financial Services Analytical Applications Infrastructure), 8.0.7.0 (Financial Services Behavior Detection Platform), 8.0.8.0 (Financial Services Behavior Detection Platform), \u043e\u0442 8.1.1.0 \u0434\u043e 8.1.2.1 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Oracle Financial Services Enterprise Case Management), 8.0.7.0 (Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition), 8.0.8.0 (Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition), \u0434\u043e 13.9.4.2.10 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Oracle Global Lifecycle Management NextGen OUI Framework), 14.1.1.0.0 (Oracle WebLogic Server Proxy Plug-In), 9.1.0.52 (Oracle Health Sciences Empirica Signal), 9.2.0.52 (Oracle Health Sciences Empirica Signal), 15.0.3.1 (Oracle Retail Sales Audit), 4.5.0.0.0 (Oracle Utilities Framework), 9 (SUSE Liberty Linux)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f FasterXML:\nhttps://github.com/FasterXML/jackson-databind/issues/2816\n\n\u0414\u043b\u044f Debian GNU/Linux:\nhttps://security-tracker.debian.org/tracker/CVE-2020-36518\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Red Hat Inc.:\nhttps://access.redhat.com/security/cve/CVE-2020-36518\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Novell Inc.:\nhttps://www.suse.com/security/cve/CVE-2020-36518.html\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 NetApp Inc.:\nhttps://security.netapp.com/advisory/ntap-20220506-0004/\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Oracle Corp.:\nhttps://www.oracle.com/security-alerts/cpujul2022.html\nhttps://www.oracle.com/security-alerts/cpuapr2022.html\n\n\u0414\u043b\u044f \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx:\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.7/\n\n\u0414\u043b\u044f \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0420\u041e\u0421\u0410 \u0425\u0420\u041e\u041c: https://abf.rosa.ru/advisories/ROSA-SA-2025-2629\n\n\u0414\u043b\u044f \u041e\u0421 \u0410\u041b\u042c\u0422 \u0421\u041f 10: \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0438\u0437 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e\u0433\u043e \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430: https://altsp.su/obnovleniya-bezopasnosti/",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "11.03.2022",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "26.12.2025",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "10.01.2024",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2024-00114",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2020-36518",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Red Hat Enterprise Linux, Debian GNU/Linux, Primavera Unifier, OnCommand Workflow Automation, OpenShift Application Runtimes, Red Hat Single Sign-On, openSUSE Tumbleweed, PeopleSoft Enterprise PeopleTools, Red Hat BPM Suite, Oracle Coherence, Oracle SD-WAN Edge, SUSE Linux Enterprise Module for Basesystem, Oracle WebLogic Server Proxy Plug-In, Red Hat Integration Camel K, Red Hat Integration Service Registry, OpenSUSE Leap, Red Hat CodeReady Studio, Red Hat JBoss A-MQ, Red Hat JBoss BRMS, Suse Linux Enterprise Server, OpenShift Logging, Primavera Gateway, Snap Creator Framework, SUSE Linux Enterprise High Performance Computing, SUSE Linux Enterprise Server for SAP Applications, SUSE Manager Proxy, SUSE Manager Server, Suse Linux Enterprise Desktop, SUSE Enterprise Storage, SUSE Linux Enterprise Module for Development Tools, SUSE Manager Retail Branch Server, Oracle Utilities Framework, Active IQ Unified Manager for Microsoft Windows, Active IQ Unified Manager for VMware vSphere, Red Hat OpenShift Container Platform, Cloud Insights Acquisition Unit, Red Hat Integration Change Data Capture, Financial Services Analytical Applications Infrastructure, Oracle Communications Cloud Native Core Console, JBoss Enterprise Application Platform, SUSE Linux Enterprise Real Time, Communications Billing and Revenue Management, Decision Manager, Oracle Financial Services Crime and Compliance Management Studio, Oracle Big Data Spatial and Graph, \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913), Communications Cloud Native Core Binding Support Function, \u0420\u041e\u0421\u0410 \u0425\u0420\u041e\u041c (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21161607), Red Hat JBoss Enterprise Application Platform, Active IQ Unified Manager for Linux, \u0410\u041b\u042c\u0422 \u0421\u041f 10, Oracle Commerce Platform, Logging subsystem for Red Hat OpenShift, Red Hat AMQ Streams, Red Hat AMQ, Red Hat Fuse, Red Hat build of Eclipse Vert.x, Red Hat support for Spring Boot, Oracle Financial Services Enterprise Case Management, Red Hat Data Grid, RHAF Camel-K, Jackson-databind, Red Hat build of Quarkus, Red Hat Process Automation Manager, Red Hat A-MQ Online, Oracle Graph Server and Client, Spatial studio, Oracle Communications Cloud Native Core Network Repository Function, Oracle Communications Cloud Native Core Network Slice Selection Function, Oracle Communications Cloud Native Core Security Edge Protection Proxy, Oracle Communications Cloud Native Core Service Communication Proxy (SCP), Oracle Communications Cloud Native Core Unified Data Repository, Primavera P6 Enterprise Project Portfolio Management, Financial Services Behavior Detection Platform, Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition, Oracle Global Lifecycle Management NextGen OUI Framework, Oracle Health Sciences Empirica Signal, Oracle Retail Sales Audit, SUSE Liberty Linux",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Red Hat Inc. Red Hat Enterprise Linux 8 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 10 , Novell Inc. openSUSE Tumbleweed - , Novell Inc. OpenSUSE Leap 15.3 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 11 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 12 , Novell Inc. Suse Linux Enterprise Server 15 SP2 LTSS , Novell Inc. OpenSUSE Leap 15.4 , Novell Inc. Suse Linux Enterprise Server 15 SP3 , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 15 SP3 , Novell Inc. Suse Linux Enterprise Desktop 15 SP3 , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 15 SP2 , Novell Inc. Suse Linux Enterprise Server 15 SP4 , Novell Inc. Suse Linux Enterprise Desktop 15 SP4 , Novell Inc. Suse Linux Enterprise Server 15 SP2-BCL , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 15 SP4 , Red Hat Inc. Red Hat Enterprise Linux 9 , Novell Inc. SUSE Linux Enterprise Real Time 15 SP2 , \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\" \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx \u0434\u043e 2.7 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913), Novell Inc. SUSE Linux Enterprise Server for SAP Applications 15 SP5 , Novell Inc. Suse Linux Enterprise Server 15 SP5 , Novell Inc. Suse Linux Enterprise Desktop 15 SP5 , \u0410\u041e \u00ab\u041d\u0422\u0426 \u0418\u0422 \u0420\u041e\u0421\u0410\u00bb \u0420\u041e\u0421\u0410 \u0425\u0420\u041e\u041c 12.4 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21161607), \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb \u0410\u041b\u042c\u0422 \u0421\u041f 10 - , Novell Inc. SUSE Liberty Linux 9 ",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 Jackson-databind, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u0437\u0430\u043f\u0438\u0441\u044c\u044e \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u0430\u043c\u0438 \u0431\u0443\u0444\u0435\u0440\u0430, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0417\u0430\u043f\u0438\u0441\u044c \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u0430\u043c\u0438 \u0431\u0443\u0444\u0435\u0440\u0430 (CWE-787)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 Jackson-databind \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0437\u0430\u043f\u0438\u0441\u044c\u044e \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u0430\u043c\u0438 \u0431\u0443\u0444\u0435\u0440\u0430. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e,\u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://github.com/FasterXML/jackson-databind/issues/2816\nhttps://security-tracker.debian.org/tracker/CVE-2020-36518\nhttps://access.redhat.com/security/cve/CVE-2020-36518\nhttps://www.suse.com/security/cve/CVE-2020-36518.html\nhttps://security.netapp.com/advisory/ntap-20220506-0004/\nhttps://www.oracle.com/security-alerts/cpujul2022.html\nhttps://www.oracle.com/security-alerts/cpuapr2022.html\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.7/\nhttps://lists.debian.org/debian-lts-announce/2022/05/msg00001.html\nhttps://abf.rosa.ru/advisories/ROSA-SA-2025-2629\nhttps://altsp.su/obnovleniya-bezopasnosti/",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c, \u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e, \u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e, \u041f\u041e \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438/\u041f\u041e \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-787",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,8)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,5)"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…