Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2018-19362 (GCVE-0-2018-19362)
Vulnerability from cvelistv5 – Published: 2019-01-02 18:00 – Updated: 2024-08-05 11:37
VLAI?
EPSS
Summary
FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the jboss-common-core class from polymorphic deserialization.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
38 references
Date Public ?
2018-11-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:37:09.987Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/FasterXML/jackson-databind/issues/2186"
},
{
"name": "[debian-lts-announce] 20190304 [SECURITY] [DLA 1703-1] jackson-databind security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00005.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.8"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.apache.org/jira/browse/TINKERPOP-2121"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/FasterXML/jackson-databind/commit/42912cac4753f3f718ece875e4d486f8264c2f2b"
},
{
"name": "[infra-devnull] 20190329 [GitHub] [pulsar] massakam opened pull request #3938: Upgrade third party libraries with security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/37e1ed724a1b0e5d191d98c822c426670bdfde83804567131847d2a3%40%3Cdevnull.infra.apache.org%3E"
},
{
"name": "[pulsar-commits] 20190329 [GitHub] [pulsar] massakam opened a new pull request #3938: Upgrade third party libraries with security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/c70da3cb6e3f03e0ad8013e38b6959419d866c4a7c80fdd34b73f25c%40%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"name": "RHSA-2019:0782",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0782"
},
{
"name": "RHSA-2019:0877",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0877"
},
{
"name": "RHBA-2019:0959",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHBA-2019:0959"
},
{
"name": "DSA-4452",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4452"
},
{
"name": "20190527 [SECURITY] [DSA 4452-1] jackson-databind security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/May/68"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190530-0003/"
},
{
"name": "RHSA-2019:1782",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1782"
},
{
"name": "RHSA-2019:1797",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1797"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"name": "107985",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107985"
},
{
"name": "RHSA-2019:1822",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1822"
},
{
"name": "RHSA-2019:1823",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1823"
},
{
"name": "RHSA-2019:2804",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2804"
},
{
"name": "RHSA-2019:2858",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2858"
},
{
"name": "RHSA-2019:3002",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3002"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"name": "RHSA-2019:3140",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3140"
},
{
"name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"
},
{
"name": "RHSA-2019:3149",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3149"
},
{
"name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"
},
{
"name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E"
},
{
"name": "RHSA-2019:3892",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3892"
},
{
"name": "RHSA-2019:4037",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4037"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"name": "[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-11-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the jboss-common-core class from polymorphic deserialization."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-31T13:06:15.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/FasterXML/jackson-databind/issues/2186"
},
{
"name": "[debian-lts-announce] 20190304 [SECURITY] [DLA 1703-1] jackson-databind security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00005.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.8"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.apache.org/jira/browse/TINKERPOP-2121"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/FasterXML/jackson-databind/commit/42912cac4753f3f718ece875e4d486f8264c2f2b"
},
{
"name": "[infra-devnull] 20190329 [GitHub] [pulsar] massakam opened pull request #3938: Upgrade third party libraries with security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/37e1ed724a1b0e5d191d98c822c426670bdfde83804567131847d2a3%40%3Cdevnull.infra.apache.org%3E"
},
{
"name": "[pulsar-commits] 20190329 [GitHub] [pulsar] massakam opened a new pull request #3938: Upgrade third party libraries with security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/c70da3cb6e3f03e0ad8013e38b6959419d866c4a7c80fdd34b73f25c%40%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"name": "RHSA-2019:0782",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0782"
},
{
"name": "RHSA-2019:0877",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0877"
},
{
"name": "RHBA-2019:0959",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHBA-2019:0959"
},
{
"name": "DSA-4452",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4452"
},
{
"name": "20190527 [SECURITY] [DSA 4452-1] jackson-databind security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/May/68"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190530-0003/"
},
{
"name": "RHSA-2019:1782",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1782"
},
{
"name": "RHSA-2019:1797",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1797"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"name": "107985",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107985"
},
{
"name": "RHSA-2019:1822",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1822"
},
{
"name": "RHSA-2019:1823",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1823"
},
{
"name": "RHSA-2019:2804",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2804"
},
{
"name": "RHSA-2019:2858",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2858"
},
{
"name": "RHSA-2019:3002",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3002"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"name": "RHSA-2019:3140",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3140"
},
{
"name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"
},
{
"name": "RHSA-2019:3149",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3149"
},
{
"name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"
},
{
"name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E"
},
{
"name": "RHSA-2019:3892",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3892"
},
{
"name": "RHSA-2019:4037",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4037"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"name": "[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19362",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the jboss-common-core class from polymorphic deserialization."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/FasterXML/jackson-databind/issues/2186",
"refsource": "CONFIRM",
"url": "https://github.com/FasterXML/jackson-databind/issues/2186"
},
{
"name": "[debian-lts-announce] 20190304 [SECURITY] [DLA 1703-1] jackson-databind security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00005.html"
},
{
"name": "https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.8",
"refsource": "CONFIRM",
"url": "https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.8"
},
{
"name": "https://issues.apache.org/jira/browse/TINKERPOP-2121",
"refsource": "CONFIRM",
"url": "https://issues.apache.org/jira/browse/TINKERPOP-2121"
},
{
"name": "https://github.com/FasterXML/jackson-databind/commit/42912cac4753f3f718ece875e4d486f8264c2f2b",
"refsource": "CONFIRM",
"url": "https://github.com/FasterXML/jackson-databind/commit/42912cac4753f3f718ece875e4d486f8264c2f2b"
},
{
"name": "[infra-devnull] 20190329 [GitHub] [pulsar] massakam opened pull request #3938: Upgrade third party libraries with security vulnerabilities",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/37e1ed724a1b0e5d191d98c822c426670bdfde83804567131847d2a3@%3Cdevnull.infra.apache.org%3E"
},
{
"name": "[pulsar-commits] 20190329 [GitHub] [pulsar] massakam opened a new pull request #3938: Upgrade third party libraries with security vulnerabilities",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/c70da3cb6e3f03e0ad8013e38b6959419d866c4a7c80fdd34b73f25c@%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8@%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"name": "RHSA-2019:0782",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0782"
},
{
"name": "RHSA-2019:0877",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0877"
},
{
"name": "RHBA-2019:0959",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHBA-2019:0959"
},
{
"name": "DSA-4452",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4452"
},
{
"name": "20190527 [SECURITY] [DSA 4452-1] jackson-databind security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/May/68"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190530-0003/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190530-0003/"
},
{
"name": "RHSA-2019:1782",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1782"
},
{
"name": "RHSA-2019:1797",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1797"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"name": "107985",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107985"
},
{
"name": "RHSA-2019:1822",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1822"
},
{
"name": "RHSA-2019:1823",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1823"
},
{
"name": "RHSA-2019:2804",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2804"
},
{
"name": "RHSA-2019:2858",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2858"
},
{
"name": "RHSA-2019:3002",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3002"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
"refsource": "MISC",
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"name": "RHSA-2019:3140",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3140"
},
{
"name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E"
},
{
"name": "RHSA-2019:3149",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3149"
},
{
"name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E"
},
{
"name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E"
},
{
"name": "RHSA-2019:3892",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3892"
},
{
"name": "RHSA-2019:4037",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:4037"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"name": "[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-19362",
"datePublished": "2019-01-02T18:00:00.000Z",
"dateReserved": "2018-11-19T00:00:00.000Z",
"dateUpdated": "2024-08-05T11:37:09.987Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2018-19362",
"date": "2026-05-20",
"epss": "0.04124",
"percentile": "0.88754"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"2.6.0\", \"versionEndIncluding\": \"2.6.7.2\", \"matchCriteriaId\": \"5128ECDA-6F9A-42AC-9063-CDFC4C256537\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"2.7.0\", \"versionEndExcluding\": \"2.7.9.5\", \"matchCriteriaId\": \"B99066EB-FF79-4D9D-9466-B04AD4D3A814\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"2.8.0\", \"versionEndExcluding\": \"2.8.11.3\", \"matchCriteriaId\": \"F4D3858C-DAF3-4522-90EC-EFCD13BD121E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"2.9.0\", \"versionEndExcluding\": \"2.9.8\", \"matchCriteriaId\": \"E92778FA-5912-46E8-A33B-4BD14935647B\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:business_process_management_suite:12.1.3.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B887E174-57AB-449D-AEE4-82DD1A3E5C84\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E869C417-C0E6-4FC3-B406-45598A1D1906\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"17.7\", \"versionEndIncluding\": \"17.12\", \"matchCriteriaId\": \"7A1E1023-2EB9-4334-9B74-CA71480F71C2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:15.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"93A4E178-0082-45C5-BBC0-0A4E51C8B1DE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:15.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3F021C23-AB9B-4877-833F-D01359A98762\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:16.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2F8ED016-32A1-42EE-844E-3E6B2C116B74\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:16.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A046CC2C-445F-4336-8810-930570B4FEC6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:18.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0745445C-EC43-4091-BA7C-5105AFCC6F1F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"17.7\", \"versionEndIncluding\": \"17.12\", \"matchCriteriaId\": \"08FA59A8-6A62-4B33-8952-D6E658F8DAC9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D55A54FD-7DD1-49CD-BE81-0BE73990943C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"82EB08C0-2D46-4635-88DF-E54F6452D3A3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"202AD518-2E9B-4062-B063-9858AE1F9CE2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_workforce_management_software:1.60.9.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9967AAFD-2199-4668-9105-207D4866B707\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D6A4F71A-4269-40FC-8F61-1D1301F2B728\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:automation_manager:7.3.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D44D4F38-4028-4EAA-895C-1E2816FB36EA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:decision_manager:7.3.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D5CD928F-C9BA-443F-A46D-4FE7756D936B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:jboss_bpm_suite:6.4.11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"07E373FB-14EA-4EA2-8E4A-0B86A7184B85\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:jboss_brms:6.4.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"88C5E02F-C70E-41F4-B146-40C88439017A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2F87326E-0B56-4356-A889-73D026DB1D4B\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the jboss-common-core class from polymorphic deserialization.\"}, {\"lang\": \"es\", \"value\": \"Las versiones 2.x de FasterXML jackson-databind anteriores a la 2.9.8 podr\\u00edan permitir a los atacantes remotos tener un impacto no especificado aprovechando un fallo para bloquear la clase jboss-common-core de deserializaci\\u00f3n polim\\u00f3rfica.\"}]",
"id": "CVE-2018-19362",
"lastModified": "2024-11-21T03:57:48.657",
"metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 7.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2019-01-02T18:29:00.933",
"references": "[{\"url\": \"http://www.securityfocus.com/bid/107985\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://access.redhat.com/errata/RHBA-2019:0959\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:0782\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:0877\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:1782\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:1797\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:1822\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:1823\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:2804\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:2858\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:3002\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:3140\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:3149\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:3892\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:4037\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://github.com/FasterXML/jackson-databind/commit/42912cac4753f3f718ece875e4d486f8264c2f2b\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/FasterXML/jackson-databind/issues/2186\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.8\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Release Notes\", \"Third Party Advisory\"]}, {\"url\": \"https://issues.apache.org/jira/browse/TINKERPOP-2121\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.apache.org/thread.html/37e1ed724a1b0e5d191d98c822c426670bdfde83804567131847d2a3%40%3Cdevnull.infra.apache.org%3E\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.apache.org/thread.html/c70da3cb6e3f03e0ad8013e38b6959419d866c4a7c80fdd34b73f25c%40%3Ccommits.pulsar.apache.org%3E\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3E\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2019/03/msg00005.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://seclists.org/bugtraq/2019/May/68\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20190530-0003/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2019/dsa-4452\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuapr2020.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://www.oracle.com/security-alerts/cpujan2020.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/107985\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://access.redhat.com/errata/RHBA-2019:0959\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:0782\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:0877\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:1782\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:1797\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:1822\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:1823\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:2804\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:2858\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:3002\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:3140\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:3149\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:3892\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:4037\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://github.com/FasterXML/jackson-databind/commit/42912cac4753f3f718ece875e4d486f8264c2f2b\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/FasterXML/jackson-databind/issues/2186\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.8\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Release Notes\", \"Third Party Advisory\"]}, {\"url\": \"https://issues.apache.org/jira/browse/TINKERPOP-2121\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.apache.org/thread.html/37e1ed724a1b0e5d191d98c822c426670bdfde83804567131847d2a3%40%3Cdevnull.infra.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/c70da3cb6e3f03e0ad8013e38b6959419d866c4a7c80fdd34b73f25c%40%3Ccommits.pulsar.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2019/03/msg00005.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://seclists.org/bugtraq/2019/May/68\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20190530-0003/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2019/dsa-4452\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuapr2020.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.oracle.com/security-alerts/cpujan2020.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-502\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2018-19362\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2019-01-02T18:29:00.933\",\"lastModified\":\"2024-11-21T03:57:48.657\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the jboss-common-core class from polymorphic deserialization.\"},{\"lang\":\"es\",\"value\":\"Las versiones 2.x de FasterXML jackson-databind anteriores a la 2.9.8 podr\u00edan permitir a los atacantes remotos tener un impacto no especificado aprovechando un fallo para bloquear la clase jboss-common-core de deserializaci\u00f3n polim\u00f3rfica.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-502\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.6.0\",\"versionEndIncluding\":\"2.6.7.2\",\"matchCriteriaId\":\"5128ECDA-6F9A-42AC-9063-CDFC4C256537\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.7.0\",\"versionEndExcluding\":\"2.7.9.5\",\"matchCriteriaId\":\"B99066EB-FF79-4D9D-9466-B04AD4D3A814\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.8.0\",\"versionEndExcluding\":\"2.8.11.3\",\"matchCriteriaId\":\"F4D3858C-DAF3-4522-90EC-EFCD13BD121E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.9.0\",\"versionEndExcluding\":\"2.9.8\",\"matchCriteriaId\":\"E92778FA-5912-46E8-A33B-4BD14935647B\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:business_process_management_suite:12.1.3.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B887E174-57AB-449D-AEE4-82DD1A3E5C84\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E869C417-C0E6-4FC3-B406-45598A1D1906\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.7\",\"versionEndIncluding\":\"17.12\",\"matchCriteriaId\":\"7A1E1023-2EB9-4334-9B74-CA71480F71C2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:15.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"93A4E178-0082-45C5-BBC0-0A4E51C8B1DE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:15.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3F021C23-AB9B-4877-833F-D01359A98762\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:16.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F8ED016-32A1-42EE-844E-3E6B2C116B74\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:16.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A046CC2C-445F-4336-8810-930570B4FEC6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:18.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0745445C-EC43-4091-BA7C-5105AFCC6F1F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.7\",\"versionEndIncluding\":\"17.12\",\"matchCriteriaId\":\"08FA59A8-6A62-4B33-8952-D6E658F8DAC9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D55A54FD-7DD1-49CD-BE81-0BE73990943C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"82EB08C0-2D46-4635-88DF-E54F6452D3A3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"202AD518-2E9B-4062-B063-9858AE1F9CE2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_workforce_management_software:1.60.9.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9967AAFD-2199-4668-9105-207D4866B707\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D6A4F71A-4269-40FC-8F61-1D1301F2B728\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:automation_manager:7.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D44D4F38-4028-4EAA-895C-1E2816FB36EA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:decision_manager:7.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D5CD928F-C9BA-443F-A46D-4FE7756D936B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_bpm_suite:6.4.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07E373FB-14EA-4EA2-8E4A-0B86A7184B85\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_brms:6.4.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"88C5E02F-C70E-41F4-B146-40C88439017A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F87326E-0B56-4356-A889-73D026DB1D4B\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/107985\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHBA-2019:0959\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:0782\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:0877\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:1782\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:1797\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:1822\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:1823\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2804\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2858\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3002\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3140\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3149\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3892\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:4037\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://github.com/FasterXML/jackson-databind/commit/42912cac4753f3f718ece875e4d486f8264c2f2b\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/FasterXML/jackson-databind/issues/2186\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.8\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://issues.apache.org/jira/browse/TINKERPOP-2121\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/37e1ed724a1b0e5d191d98c822c426670bdfde83804567131847d2a3%40%3Cdevnull.infra.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/c70da3cb6e3f03e0ad8013e38b6959419d866c4a7c80fdd34b73f25c%40%3Ccommits.pulsar.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2019/03/msg00005.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://seclists.org/bugtraq/2019/May/68\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20190530-0003/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2019/dsa-4452\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuapr2020.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.oracle.com/security-alerts/cpujan2020.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/107985\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHBA-2019:0959\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:0782\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:0877\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:1782\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:1797\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:1822\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:1823\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2804\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2858\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3002\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3140\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3149\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3892\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:4037\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/FasterXML/jackson-databind/commit/42912cac4753f3f718ece875e4d486f8264c2f2b\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/FasterXML/jackson-databind/issues/2186\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.8\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://issues.apache.org/jira/browse/TINKERPOP-2121\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/37e1ed724a1b0e5d191d98c822c426670bdfde83804567131847d2a3%40%3Cdevnull.infra.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/c70da3cb6e3f03e0ad8013e38b6959419d866c4a7c80fdd34b73f25c%40%3Ccommits.pulsar.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2019/03/msg00005.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://seclists.org/bugtraq/2019/May/68\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20190530-0003/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2019/dsa-4452\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuapr2020.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.oracle.com/security-alerts/cpujan2020.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
CERTFR-2022-AVI-650
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Juniper. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Juniper Networks | N/A | Junos Space Security Director Policy Enforcer versions antérieures à 22.1R1 | ||
| Juniper Networks | N/A | Juniper Networks Contrail Networking versions antérieures à 21.4.0 | ||
| Juniper Networks | N/A | Contrôleur Juniper Networks NorthStar versions antérieures à 5.1.0 Service Pack 6 | ||
| Juniper Networks | N/A | Contrôleur Juniper Networks NorthStar versions 6.x antérieures à 6.2.2 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes PTX versions 20.4.x antérieures à 20.4R3-S4 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes EX versions 20.1.x antérieures à 20.1R3-S4 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes PTX versions 20.2.x antérieures à 20.2R3-S5 | ||
| Juniper Networks | Junos OS | Junos OS versions 20.2.x antérieures à 20.2R3-S5 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes QFX versions 20.2.x antérieures à 20.2R3-S4 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes SRX versions 19.3.x antérieures à 19.3R3-S6 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes QFX versions 20.3.x antérieures à 20.3R3-S3 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes SRX versions 21.2.x antérieures à 21.2R2-S3, 21.2R3 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes EX versions 19.3.x antérieures à 19.3R3-S6 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes QFX versions 19.2.x antérieures à 19.2R1-S9, 19.2R3-S5 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes SRX versions 21.1.x antérieures à 21.1R3-S2 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes SRX versions 20.2.x antérieures à 20.2R3-S4 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes EX versions 21.1.x antérieures à 21.1R3-S1 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes EX versions 20.4.x antérieures à 20.4R3-S2, 20.4R3-S3 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes QFX versions 21.3.x antérieures à 21.3R2 | ||
| Juniper Networks | Junos OS | Junos OS versions 21.3.x antérieures à 21.3R2-S1, 21.3R3 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes QFX versions 20.4.x antérieures à 20.4R3-S2 | ||
| Juniper Networks | Junos OS | Junos OS versions 19.2.x antérieures à 19.2R1-S9, 19.2R3-S6 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes EX versions antérieures à 19.2R1-S9, 19.2R3-S5 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes EX versions 21.3.x antérieures à 21.3R1-S2, 21.3R2, 21.3R3 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes MX versions 21.2.x antérieures à 21.2R2-S2 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes PTX versions 20.3.x antérieures à 20.3R3-S4 | ||
| Juniper Networks | Junos OS | Junos OS versions 20.1.x antérieures à 20.1R3-S4 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes MX versions 21.4.x antérieures à 21.4R2 | ||
| Juniper Networks | Junos OS | Junos OS versions 20.4.x antérieures à 20.4R2-S2, 20.4R3-S3 | ||
| Juniper Networks | Junos OS | Junos OS versions 19.4.x antérieures à 19.4R2-S6, 19.4R3-S8 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes PTX versions 19.3.x antérieures à 19.3R3-S6 | ||
| Juniper Networks | Junos OS | Junos OS versions 18.4.x antérieures à 18.4R2-S10, 18.4R3-S9 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes QFX versions antérieures à 19.1R3-S9 | ||
| Juniper Networks | Junos OS | Junos OS versions 21.2.x antérieures à 21.2R2-S2, 21.2R3 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes SRX versions 21.4.x antérieures à 21.4R1-S1, 21.4R2 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes SRX versions 20.3.x antérieures à 20.3R3-S3 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes SRX versions antérieures à 19.2R1-S9, 19.2R3-S5 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes MX versions supérieures à 20.1R1 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes SRX versions 20.4.x antérieures à 20.4R3-S2, 20.4R3-S3 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes QFX versions 21.2.x antérieures à 21.2R2-S1, 21.2R3 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes MX versions 20.3.x antérieures à 20.3R3-S4 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes PTX versions 21.1.x antérieures à 21.1R2-S1, 21.1R3-S2 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes PTX versions 21.2.x antérieures à 21.2R1-S1, 21.2R2, 21.2R3-S1 | ||
| Juniper Networks | Junos OS | Junos OS versions 19.3.x antérieures à 19.3R2-S7, 19.3R3-S6 | ||
| Juniper Networks | Junos OS | Junos OS versions 17.3.x antérieures à 17.3R3-S12 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes EX versions 21.4.x antérieures à 21.4R1-S1, 21.4R2 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes SRX versions 19.4.x antérieures à 19.4R3-S8 | ||
| Juniper Networks | Junos OS | Junos OS versions 21.4.x antérieures à 21.4R1-S2, 21.4R2 | ||
| Juniper Networks | Junos OS | Junos OS versions 19.1.x antérieures à 19.1R2-S3, 19.1R3-S8 | ||
| Juniper Networks | Junos OS | Junos OS versions 15.1X49, 15.1X49-D100 et suivantes antérieures à 19.2R3-S5 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes QFX versions 20.1.x antérieures à 20.1R3-S4 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes PTX versions 21.3.x antérieures à 21.3R3 | ||
| Juniper Networks | Junos OS | Junos OS versions antérieures à 12.3R12-S21 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes SRX versions 21.3.x antérieures à 21.3R1-S2, 21.3R2, 21.3R3 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes PTX versions 19.2.x antérieures à 19.2R1-S8, 19.2R3-S6 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes EX versions 19.4.x antérieures à 19.4R3-S8 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes SRX versions 20.1.x antérieures à 20.1R3-S4 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes EX versions 20.3.x antérieures à 20.3R3-S3 | ||
| Juniper Networks | Junos OS | Junos OS versions 21.1.x antérieures à 21.1R3-S1 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes MX versions 20.4.x antérieures à 20.4R3-S2 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes PTX versions 21.4.x antérieures à 21.4R2 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes PTX versions 22.1.x antérieures à 22.1R2 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes MX versions 21.3.x antérieures à 21.3R2 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes PTX toutes versions antérieures à 19.1R3-S9 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes PTX versions 19.4.x antérieures à 19.4R2-S5, 19.4R3-S8 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes QFX versions 19.4.x antérieures à 19.4R2-S6, 19.4R3-S8 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes EX versions 20.2.x antérieures à 20.2R3-S4 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes MX versions 21.1.x antérieures à 21.1R2, 21.1R3-S2 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes QFX versions 21.1.x antérieures à 21.1R2-S1, 21.1R3 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes QFX versions 19.3.x antérieures à 19.3R3-S6 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes EX versions 21.2.x antérieures à 21.2R2-S2, 21.2R3 | ||
| Juniper Networks | Junos OS | Junos OS versions 20.3.x antérieures à 20.3R3-S4 | ||
| Juniper Networks | Junos OS | Junos OS versions 18.3.x antérieures à 18.3R3-S6 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes PTX versions 20.1.x antérieures à 20.1R3-S4 | ||
| Juniper Networks | Junos OS | Junos OS versions 15.1.x antérieures à 15.1R7-S10 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes MX versions 20.2.x antérieures à 20.2R3-S5 | ||
| Juniper Networks | Junos OS Evolved | Junos OS Evolved versions 21.3.x antérieures à 21.3R2-S1-EVO, 21.3R3-EVO | ||
| Juniper Networks | Junos OS Evolved | Junos OS Evolved versions 21.2.x antérieures à 21.2R1-S1-EVO, 21.2R3-EVO | ||
| Juniper Networks | Junos OS Evolved | Junos OS Evolved versions 21.4.x antérieures à 21.4R1-S1-EVO, 21.4R2-EVO | ||
| Juniper Networks | Junos OS Evolved | Junos OS Evolved versions antérieures à 20.4R3-S3-EVO | ||
| Juniper Networks | Junos OS Evolved | Junos OS Evolved versions 21.1.x aantérieures à 21.1R3-S1-EVO | ||
| Juniper Networks | Junos Space | Junos Space versions antérieures à 22.1R1 |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Junos Space Security Director Policy Enforcer versions ant\u00e9rieures \u00e0 22.1R1",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Contrail Networking versions ant\u00e9rieures \u00e0 21.4.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Contr\u00f4leur Juniper Networks NorthStar versions ant\u00e9rieures \u00e0 5.1.0 Service Pack 6",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Contr\u00f4leur Juniper Networks NorthStar versions 6.x ant\u00e9rieures \u00e0 6.2.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes PTX versions 20.4.x ant\u00e9rieures \u00e0 20.4R3-S4",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes EX versions 20.1.x ant\u00e9rieures \u00e0 20.1R3-S4",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes PTX versions 20.2.x ant\u00e9rieures \u00e0 20.2R3-S5",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 20.2.x ant\u00e9rieures \u00e0 20.2R3-S5",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes QFX versions 20.2.x ant\u00e9rieures \u00e0 20.2R3-S4",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes SRX versions 19.3.x ant\u00e9rieures \u00e0 19.3R3-S6",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes QFX versions 20.3.x ant\u00e9rieures \u00e0 20.3R3-S3",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes SRX versions 21.2.x ant\u00e9rieures \u00e0 21.2R2-S3, 21.2R3",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes EX versions 19.3.x ant\u00e9rieures \u00e0 19.3R3-S6",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes QFX versions 19.2.x ant\u00e9rieures \u00e0 19.2R1-S9, 19.2R3-S5",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes SRX versions 21.1.x ant\u00e9rieures \u00e0 21.1R3-S2",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes SRX versions 20.2.x ant\u00e9rieures \u00e0 20.2R3-S4",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes EX versions 21.1.x ant\u00e9rieures \u00e0 21.1R3-S1",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes EX versions 20.4.x ant\u00e9rieures \u00e0 20.4R3-S2, 20.4R3-S3",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes QFX versions 21.3.x ant\u00e9rieures \u00e0 21.3R2",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 21.3.x ant\u00e9rieures \u00e0 21.3R2-S1, 21.3R3",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes QFX versions 20.4.x ant\u00e9rieures \u00e0 20.4R3-S2",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 19.2.x ant\u00e9rieures \u00e0 19.2R1-S9, 19.2R3-S6",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes EX versions ant\u00e9rieures \u00e0 19.2R1-S9, 19.2R3-S5",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes EX versions 21.3.x ant\u00e9rieures \u00e0 21.3R1-S2, 21.3R2, 21.3R3",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes MX versions 21.2.x ant\u00e9rieures \u00e0 21.2R2-S2",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes PTX versions 20.3.x ant\u00e9rieures \u00e0 20.3R3-S4",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 20.1.x ant\u00e9rieures \u00e0 20.1R3-S4",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes MX versions 21.4.x ant\u00e9rieures \u00e0 21.4R2",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 20.4.x ant\u00e9rieures \u00e0 20.4R2-S2, 20.4R3-S3",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 19.4.x ant\u00e9rieures \u00e0 19.4R2-S6, 19.4R3-S8",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes PTX versions 19.3.x ant\u00e9rieures \u00e0 19.3R3-S6",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 18.4.x ant\u00e9rieures \u00e0 18.4R2-S10, 18.4R3-S9",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes QFX versions ant\u00e9rieures \u00e0 19.1R3-S9",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 21.2.x ant\u00e9rieures \u00e0 21.2R2-S2, 21.2R3",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes SRX versions 21.4.x ant\u00e9rieures \u00e0 21.4R1-S1, 21.4R2",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes SRX versions 20.3.x ant\u00e9rieures \u00e0 20.3R3-S3",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes SRX versions ant\u00e9rieures \u00e0 19.2R1-S9, 19.2R3-S5",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes MX versions sup\u00e9rieures \u00e0 20.1R1",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes SRX versions 20.4.x ant\u00e9rieures \u00e0 20.4R3-S2, 20.4R3-S3",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes QFX versions 21.2.x ant\u00e9rieures \u00e0 21.2R2-S1, 21.2R3",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes MX versions 20.3.x ant\u00e9rieures \u00e0 20.3R3-S4",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes PTX versions 21.1.x ant\u00e9rieures \u00e0 21.1R2-S1, 21.1R3-S2",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes PTX versions 21.2.x ant\u00e9rieures \u00e0 21.2R1-S1, 21.2R2, 21.2R3-S1",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 19.3.x ant\u00e9rieures \u00e0 19.3R2-S7, 19.3R3-S6",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 17.3.x ant\u00e9rieures \u00e0 17.3R3-S12",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes EX versions 21.4.x ant\u00e9rieures \u00e0 21.4R1-S1, 21.4R2",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes SRX versions 19.4.x ant\u00e9rieures \u00e0 19.4R3-S8",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 21.4.x ant\u00e9rieures \u00e0 21.4R1-S2, 21.4R2",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 19.1.x ant\u00e9rieures \u00e0 19.1R2-S3, 19.1R3-S8",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 15.1X49, 15.1X49-D100 et suivantes ant\u00e9rieures \u00e0 19.2R3-S5",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes QFX versions 20.1.x ant\u00e9rieures \u00e0 20.1R3-S4",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes PTX versions 21.3.x ant\u00e9rieures \u00e0 21.3R3",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions ant\u00e9rieures \u00e0 12.3R12-S21",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes SRX versions 21.3.x ant\u00e9rieures \u00e0 21.3R1-S2, 21.3R2, 21.3R3",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes PTX versions 19.2.x ant\u00e9rieures \u00e0 19.2R1-S8, 19.2R3-S6",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes EX versions 19.4.x ant\u00e9rieures \u00e0 19.4R3-S8",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes SRX versions 20.1.x ant\u00e9rieures \u00e0 20.1R3-S4",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes EX versions 20.3.x ant\u00e9rieures \u00e0 20.3R3-S3",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 21.1.x ant\u00e9rieures \u00e0 21.1R3-S1",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes MX versions 20.4.x ant\u00e9rieures \u00e0 20.4R3-S2",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes PTX versions 21.4.x ant\u00e9rieures \u00e0 21.4R2",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes PTX versions 22.1.x ant\u00e9rieures \u00e0 22.1R2",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes MX versions 21.3.x ant\u00e9rieures \u00e0 21.3R2",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes PTX toutes versions ant\u00e9rieures \u00e0 19.1R3-S9",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes PTX versions 19.4.x ant\u00e9rieures \u00e0 19.4R2-S5, 19.4R3-S8",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes QFX versions 19.4.x ant\u00e9rieures \u00e0 19.4R2-S6, 19.4R3-S8",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes EX versions 20.2.x ant\u00e9rieures \u00e0 20.2R3-S4",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes MX versions 21.1.x ant\u00e9rieures \u00e0 21.1R2, 21.1R3-S2",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes QFX versions 21.1.x ant\u00e9rieures \u00e0 21.1R2-S1, 21.1R3",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes QFX versions 19.3.x ant\u00e9rieures \u00e0 19.3R3-S6",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes EX versions 21.2.x ant\u00e9rieures \u00e0 21.2R2-S2, 21.2R3",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 20.3.x ant\u00e9rieures \u00e0 20.3R3-S4",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 18.3.x ant\u00e9rieures \u00e0 18.3R3-S6",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes PTX versions 20.1.x ant\u00e9rieures \u00e0 20.1R3-S4",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 15.1.x ant\u00e9rieures \u00e0 15.1R7-S10",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes MX versions 20.2.x ant\u00e9rieures \u00e0 20.2R3-S5",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 21.3.x ant\u00e9rieures \u00e0 21.3R2-S1-EVO, 21.3R3-EVO",
"product": {
"name": "Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 21.2.x ant\u00e9rieures \u00e0 21.2R1-S1-EVO, 21.2R3-EVO",
"product": {
"name": "Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 21.4.x ant\u00e9rieures \u00e0 21.4R1-S1-EVO, 21.4R2-EVO",
"product": {
"name": "Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions ant\u00e9rieures \u00e0 20.4R3-S3-EVO",
"product": {
"name": "Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 21.1.x aant\u00e9rieures \u00e0 21.1R3-S1-EVO",
"product": {
"name": "Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos Space versions ant\u00e9rieures \u00e0 22.1R1",
"product": {
"name": "Junos Space",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2012-0876",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0876"
},
{
"name": "CVE-2003-0001",
"url": "https://www.cve.org/CVERecord?id=CVE-2003-0001"
},
{
"name": "CVE-2015-2716",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2716"
},
{
"name": "CVE-2015-1283",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1283"
},
{
"name": "CVE-2013-7422",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-7422"
},
{
"name": "CVE-2015-7705",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7705"
},
{
"name": "CVE-2015-8035",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8035"
},
{
"name": "CVE-2016-2516",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2516"
},
{
"name": "CVE-2016-4612",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4612"
},
{
"name": "CVE-2016-4610",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4610"
},
{
"name": "CVE-2016-4608",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4608"
},
{
"name": "CVE-2016-4609",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4609"
},
{
"name": "CVE-2016-4607",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4607"
},
{
"name": "CVE-2016-5131",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5131"
},
{
"name": "CVE-2016-4658",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4658"
},
{
"name": "CVE-2016-4738",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4738"
},
{
"name": "CVE-2016-5300",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5300"
},
{
"name": "CVE-2016-9063",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9063"
},
{
"name": "CVE-2016-8618",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8618"
},
{
"name": "CVE-2016-8622",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8622"
},
{
"name": "CVE-2016-8619",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8619"
},
{
"name": "CVE-2016-5180",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5180"
},
{
"name": "CVE-2016-9538",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9538"
},
{
"name": "CVE-2016-9539",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9539"
},
{
"name": "CVE-2017-0553",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0553"
},
{
"name": "CVE-2017-7375",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7375"
},
{
"name": "CVE-2017-1000368",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000368"
},
{
"name": "CVE-2017-10989",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-10989"
},
{
"name": "CVE-2017-7525",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7525"
},
{
"name": "CVE-2017-15412",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15412"
},
{
"name": "CVE-2017-8817",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8817"
},
{
"name": "CVE-2015-8385",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8385"
},
{
"name": "CVE-2015-8388",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8388"
},
{
"name": "CVE-2015-2327",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2327"
},
{
"name": "CVE-2017-16931",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-16931"
},
{
"name": "CVE-2015-8394",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8394"
},
{
"name": "CVE-2015-8387",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8387"
},
{
"name": "CVE-2015-8391",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8391"
},
{
"name": "CVE-2015-8380",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8380"
},
{
"name": "CVE-2016-3191",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3191"
},
{
"name": "CVE-2015-8390",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8390"
},
{
"name": "CVE-2015-8386",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8386"
},
{
"name": "CVE-2015-2328",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2328"
},
{
"name": "CVE-2017-18258",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18258"
},
{
"name": "CVE-2018-9251",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9251"
},
{
"name": "CVE-2018-7489",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7489"
},
{
"name": "CVE-2017-15095",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15095"
},
{
"name": "CVE-2017-17485",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-17485"
},
{
"name": "CVE-2019-9518",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9518"
},
{
"name": "CVE-2018-14721",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14721"
},
{
"name": "CVE-2019-8457",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8457"
},
{
"name": "CVE-2019-1354",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1354"
},
{
"name": "CVE-2019-1352",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1352"
},
{
"name": "CVE-2019-1387",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1387"
},
{
"name": "CVE-2019-1349",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1349"
},
{
"name": "CVE-2019-1350",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1350"
},
{
"name": "CVE-2019-17267",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17267"
},
{
"name": "CVE-2020-2754",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2754"
},
{
"name": "CVE-2020-2756",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2756"
},
{
"name": "CVE-2020-2805",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2805"
},
{
"name": "CVE-2020-2830",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2830"
},
{
"name": "CVE-2020-2757",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2757"
},
{
"name": "CVE-2020-2800",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2800"
},
{
"name": "CVE-2020-2803",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2803"
},
{
"name": "CVE-2020-2755",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2755"
},
{
"name": "CVE-2020-2781",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2781"
},
{
"name": "CVE-2020-2773",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2773"
},
{
"name": "CVE-2020-8616",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8616"
},
{
"name": "CVE-2020-8617",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8617"
},
{
"name": "CVE-2019-17571",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17571"
},
{
"name": "CVE-2017-14867",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14867"
},
{
"name": "CVE-2019-16943",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16943"
},
{
"name": "CVE-2020-14579",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14579"
},
{
"name": "CVE-2020-14577",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14577"
},
{
"name": "CVE-2020-14578",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14578"
},
{
"name": "CVE-2020-14621",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14621"
},
{
"name": "CVE-2020-14583",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14583"
},
{
"name": "CVE-2020-14593",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14593"
},
{
"name": "CVE-2020-14556",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14556"
},
{
"name": "CVE-2020-11656",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11656"
},
{
"name": "CVE-2020-1968",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1968"
},
{
"name": "CVE-2020-15999",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15999"
},
{
"name": "CVE-2020-1747",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1747"
},
{
"name": "CVE-2020-25696",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25696"
},
{
"name": "CVE-2020-13631",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13631"
},
{
"name": "CVE-2020-13435",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13435"
},
{
"name": "CVE-2020-13434",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13434"
},
{
"name": "CVE-2020-15358",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15358"
},
{
"name": "CVE-2020-13630",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13630"
},
{
"name": "CVE-2020-25704",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25704"
},
{
"name": "CVE-2020-1971",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1971"
},
{
"name": "CVE-2021-23839",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23839"
},
{
"name": "CVE-2021-23841",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23841"
},
{
"name": "CVE-2021-23840",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23840"
},
{
"name": "CVE-2021-3177",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3177"
},
{
"name": "CVE-2019-25013",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-25013"
},
{
"name": "CVE-2021-28950",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28950"
},
{
"name": "CVE-2020-36322",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36322"
},
{
"name": "CVE-2021-23017",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23017"
},
{
"name": "CVE-2020-36385",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36385"
},
{
"name": "CVE-2020-10878",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10878"
},
{
"name": "CVE-2020-13632",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13632"
},
{
"name": "CVE-2020-11655",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11655"
},
{
"name": "CVE-2020-29573",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-29573"
},
{
"name": "CVE-2020-10029",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10029"
},
{
"name": "CVE-2021-3712",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3712"
},
{
"name": "CVE-2020-12049",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12049"
},
{
"name": "CVE-2020-14363",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14363"
},
{
"name": "CVE-2019-18276",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18276"
},
{
"name": "CVE-2021-3520",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3520"
},
{
"name": "CVE-2019-9169",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9169"
},
{
"name": "CVE-2021-3517",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3517"
},
{
"name": "CVE-2021-20271",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20271"
},
{
"name": "CVE-2020-27619",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27619"
},
{
"name": "CVE-2020-8492",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8492"
},
{
"name": "CVE-2021-20227",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20227"
},
{
"name": "CVE-2021-35603",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35603"
},
{
"name": "CVE-2021-35586",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35586"
},
{
"name": "CVE-2021-35559",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35559"
},
{
"name": "CVE-2021-35567",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35567"
},
{
"name": "CVE-2021-35578",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35578"
},
{
"name": "CVE-2021-35550",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35550"
},
{
"name": "CVE-2021-35561",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35561"
},
{
"name": "CVE-2021-35565",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35565"
},
{
"name": "CVE-2021-35588",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35588"
},
{
"name": "CVE-2021-35564",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35564"
},
{
"name": "CVE-2021-35556",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35556"
},
{
"name": "CVE-2021-22946",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22946"
},
{
"name": "CVE-2020-13871",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13871"
},
{
"name": "CVE-2020-25717",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25717"
},
{
"name": "CVE-2016-2124",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2124"
},
{
"name": "CVE-2021-42739",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42739"
},
{
"name": "CVE-2019-9924",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9924"
},
{
"name": "CVE-2019-14892",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14892"
},
{
"name": "CVE-2019-14893",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14893"
},
{
"name": "CVE-2022-21304",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21304"
},
{
"name": "CVE-2022-21245",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21245"
},
{
"name": "CVE-2022-21344",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21344"
},
{
"name": "CVE-2022-21270",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21270"
},
{
"name": "CVE-2022-21367",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21367"
},
{
"name": "CVE-2022-21303",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21303"
},
{
"name": "CVE-2020-9327",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9327"
},
{
"name": "CVE-2021-41617",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41617"
},
{
"name": "CVE-2019-14379",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14379"
},
{
"name": "CVE-2014-6272",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-6272"
},
{
"name": "CVE-2015-6525",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-6525"
},
{
"name": "CVE-2018-14404",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14404"
},
{
"name": "CVE-2017-1000158",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000158"
},
{
"name": "CVE-2020-14343",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14343"
},
{
"name": "CVE-2018-1000654",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000654"
},
{
"name": "CVE-2014-9471",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9471"
},
{
"name": "CVE-2019-14540",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14540"
},
{
"name": "CVE-2020-8840",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8840"
},
{
"name": "CVE-2019-16942",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16942"
},
{
"name": "CVE-2019-16335",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16335"
},
{
"name": "CVE-2019-17531",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17531"
},
{
"name": "CVE-2019-20330",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20330"
},
{
"name": "CVE-2019-0205",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0205"
},
{
"name": "CVE-2017-12562",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12562"
},
{
"name": "CVE-2018-14567",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14567"
},
{
"name": "CVE-2022-22217",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22217"
},
{
"name": "CVE-2016-4484",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4484"
},
{
"name": "CVE-2015-4042",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4042"
},
{
"name": "CVE-2016-7943",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7943"
},
{
"name": "CVE-2016-6318",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6318"
},
{
"name": "CVE-2017-7500",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7500"
},
{
"name": "CVE-2016-7942",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7942"
},
{
"name": "CVE-2017-9117",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9117"
},
{
"name": "CVE-2022-22203",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22203"
},
{
"name": "CVE-2015-5228",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5228"
},
{
"name": "CVE-2021-42574",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42574"
},
{
"name": "CVE-2022-22216",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22216"
},
{
"name": "CVE-2015-7805",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7805"
},
{
"name": "CVE-2017-8779",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8779"
},
{
"name": "CVE-2022-22206",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22206"
},
{
"name": "CVE-2016-7947",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7947"
},
{
"name": "CVE-2016-7951",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7951"
},
{
"name": "CVE-2018-8088",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8088"
},
{
"name": "CVE-2018-6954",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6954"
},
{
"name": "CVE-2014-9488",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9488"
},
{
"name": "CVE-2018-14720",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14720"
},
{
"name": "CVE-2017-15994",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15994"
},
{
"name": "CVE-2022-22209",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22209"
},
{
"name": "CVE-2015-8540",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8540"
},
{
"name": "CVE-2016-7950",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7950"
},
{
"name": "CVE-2017-14930",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14930"
},
{
"name": "CVE-2017-8105",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8105"
},
{
"name": "CVE-2016-7949",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7949"
},
{
"name": "CVE-2017-5225",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5225"
},
{
"name": "CVE-2016-1951",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1951"
},
{
"name": "CVE-2017-8871",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8871"
},
{
"name": "CVE-2018-19362",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19362"
},
{
"name": "CVE-2022-22215",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22215"
},
{
"name": "CVE-2015-7036",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7036"
},
{
"name": "CVE-2016-2779",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2779"
},
{
"name": "CVE-2022-22213",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22213"
},
{
"name": "CVE-2016-10195",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10195"
},
{
"name": "CVE-2014-5044",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-5044"
},
{
"name": "CVE-2016-7944",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7944"
},
{
"name": "CVE-2014-9114",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9114"
},
{
"name": "CVE-2014-9474",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9474"
},
{
"name": "CVE-2015-2059",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2059"
},
{
"name": "CVE-2022-22207",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22207"
},
{
"name": "CVE-2022-22205",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22205"
},
{
"name": "CVE-2022-22204",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22204"
},
{
"name": "CVE-2017-5929",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5929"
},
{
"name": "CVE-2018-19361",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19361"
},
{
"name": "CVE-2017-10685",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-10685"
},
{
"name": "CVE-2021-33574",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33574"
},
{
"name": "CVE-2015-8947",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8947"
},
{
"name": "CVE-2019-9893",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9893"
},
{
"name": "CVE-2016-1238",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1238"
},
{
"name": "CVE-2016-7948",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7948"
},
{
"name": "CVE-2014-9746",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9746"
},
{
"name": "CVE-2018-14719",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14719"
},
{
"name": "CVE-2016-2052",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2052"
},
{
"name": "CVE-2021-3487",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3487"
},
{
"name": "CVE-2022-22214",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22214"
},
{
"name": "CVE-2014-4043",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4043"
},
{
"name": "CVE-2022-22221",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22221"
},
{
"name": "CVE-2022-22212",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22212"
},
{
"name": "CVE-2017-16548",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-16548"
},
{
"name": "CVE-2021-36690",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36690"
},
{
"name": "CVE-2014-9939",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9939"
},
{
"name": "CVE-2017-11164",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11164"
},
{
"name": "CVE-2015-3308",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3308"
},
{
"name": "CVE-2017-7614",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7614"
},
{
"name": "CVE-2022-22202",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22202"
},
{
"name": "CVE-2017-8421",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8421"
},
{
"name": "CVE-2017-14062",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14062"
},
{
"name": "CVE-2018-14718",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14718"
},
{
"name": "CVE-2022-22218",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22218"
},
{
"name": "CVE-2017-10684",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-10684"
},
{
"name": "CVE-2022-22210",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22210"
},
{
"name": "CVE-2017-13716",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13716"
},
{
"name": "CVE-2021-37750",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37750"
},
{
"name": "CVE-2015-5602",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5602"
},
{
"name": "CVE-2018-11307",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11307"
},
{
"name": "CVE-2018-19360",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19360"
},
{
"name": "CVE-2017-17434",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-17434"
},
{
"name": "CVE-2017-8287",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8287"
},
{
"name": "CVE-2017-8804",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8804"
}
],
"links": [],
"reference": "CERTFR-2022-AVI-650",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-07-15T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nJuniper. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69723 du 13 juillet 2022",
"url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-Space-Security-Director-Policy-Enforcer-upgraded-to-CentOS-7-9"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69722 du 13 juillet 2022",
"url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-Space-Multiple-vulnerabilities-resolved-in-22-2R1-release-CVE-2022-22218"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69713 du 13 juillet 2022",
"url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-OS-RIB-and-PFEs-can-get-out-of-sync-due-to-a-memory-leak-caused-by-interface-flaps-or-route-churn-CVE-2022-22209"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69710 du 13 juillet 2022",
"url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-OS-SRX-series-The-PFE-will-crash-when-specific-traffic-is-scanned-by-Enhanced-Web-Filtering-safe-search-CVE-2022-22206"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69717 du 13 juillet 2022",
"url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Denial-of-Service-DoS-vulnerability-in-RPD-upon-receipt-of-specific-BGP-update-CVE-2022-22213"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69707 du 13 juillet 2022",
"url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-OS-EX4600-Series-and-QFX5000-Series-Receipt-of-specific-traffic-will-lead-to-an-fxpc-process-crash-followed-by-an-FPC-reboot-CVE-2022-22203"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69714 du 13 juillet 2022",
"url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-OS-QFX5000-Series-and-MX-Series-An-l2alm-crash-leading-to-an-FPC-crash-can-be-observed-in-VxLAN-scenario-CVE-2022-22210"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69718 du 13 juillet 2022",
"url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-In-an-MPLS-scenario-upon-receipt-of-a-specific-IPv6-packet-an-FPC-will-crash-CVE-2022-22214"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69726 du 13 juillet 2022",
"url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Contrail-Networking-Multiple-vulnerabilities-resolved-in-Contrail-Networking-21-4"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69711 du 13 juillet 2022",
"url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-OS-MX-Series-with-MPC11-In-a-GNF-node-slicing-scenario-gathering-AF-interface-statistics-can-lead-to-a-kernel-crash-CVE-2022-22207"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69715 du 13 juillet 2022",
"url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-OS-OpenSSL-security-fixes"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69708 du 13 juillet 2022",
"url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-OS-MX-Series-and-SRX-Series-When-receiving-a-specific-SIP-packets-stale-call-table-entries-are-created-which-eventually-leads-to-a-DoS-for-all-SIP-traffic-CVE-2022-22204"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69716 du 13 juillet 2022",
"url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-OS-Evolved-A-high-rate-of-specific-hostbound-traffic-will-cause-unexpected-hostbound-traffic-delays-or-drops-CVE-2022-22212"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69719 du 13 juillet 2022",
"url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-var-run-pid-env-files-are-potentially-not-deleted-during-termination-of-a-gRPC-connection-causing-inode-exhaustion-CVE-2022-22215"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69703 du 13 juillet 2022",
"url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Northstar-Controller-nginx-component-allows-remote-attacker-to-cause-worker-process-crash-or-potentially-arbitrary-code-execution-CVE-2021-23017-2"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69721 du 13 juillet 2022",
"url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-OS-QFX10k-Series-Denial-of-Service-DoS-upon-receipt-of-crafted-MLD-packets-on-multi-homing-ESI-in-VXLAN-CVE-2022-22217"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69720 du 13 juillet 2022",
"url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-OS-PTX-Series-and-QFX10000-Series-Etherleak-memory-disclosure-in-Ethernet-padding-data-CVE-2022-22216"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69725 du 13 juillet 2022",
"url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-OS-SRX-and-EX-Series-Local-privilege-escalation-flaw-in-download-functionality-CVE-2022-22221"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69705 du 13 juillet 2022",
"url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Multiple-vulnerabilities-in-SQLite-resolved"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69709 du 13 juillet 2022",
"url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-OS-SRX-Series-An-FPC-memory-leak-can-occur-in-an-APBR-scenario-CVE-2022-22205"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69706 du 13 juillet 2022",
"url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-OS-PTX-Series-FPCs-may-restart-unexpectedly-upon-receipt-of-specific-MPLS-packets-with-certain-multi-unit-interface-configurations-CVE-2022-22202"
}
]
}
CERTFR-2022-AVI-650
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Juniper. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Juniper Networks | N/A | Junos Space Security Director Policy Enforcer versions antérieures à 22.1R1 | ||
| Juniper Networks | N/A | Juniper Networks Contrail Networking versions antérieures à 21.4.0 | ||
| Juniper Networks | N/A | Contrôleur Juniper Networks NorthStar versions antérieures à 5.1.0 Service Pack 6 | ||
| Juniper Networks | N/A | Contrôleur Juniper Networks NorthStar versions 6.x antérieures à 6.2.2 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes PTX versions 20.4.x antérieures à 20.4R3-S4 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes EX versions 20.1.x antérieures à 20.1R3-S4 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes PTX versions 20.2.x antérieures à 20.2R3-S5 | ||
| Juniper Networks | Junos OS | Junos OS versions 20.2.x antérieures à 20.2R3-S5 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes QFX versions 20.2.x antérieures à 20.2R3-S4 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes SRX versions 19.3.x antérieures à 19.3R3-S6 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes QFX versions 20.3.x antérieures à 20.3R3-S3 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes SRX versions 21.2.x antérieures à 21.2R2-S3, 21.2R3 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes EX versions 19.3.x antérieures à 19.3R3-S6 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes QFX versions 19.2.x antérieures à 19.2R1-S9, 19.2R3-S5 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes SRX versions 21.1.x antérieures à 21.1R3-S2 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes SRX versions 20.2.x antérieures à 20.2R3-S4 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes EX versions 21.1.x antérieures à 21.1R3-S1 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes EX versions 20.4.x antérieures à 20.4R3-S2, 20.4R3-S3 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes QFX versions 21.3.x antérieures à 21.3R2 | ||
| Juniper Networks | Junos OS | Junos OS versions 21.3.x antérieures à 21.3R2-S1, 21.3R3 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes QFX versions 20.4.x antérieures à 20.4R3-S2 | ||
| Juniper Networks | Junos OS | Junos OS versions 19.2.x antérieures à 19.2R1-S9, 19.2R3-S6 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes EX versions antérieures à 19.2R1-S9, 19.2R3-S5 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes EX versions 21.3.x antérieures à 21.3R1-S2, 21.3R2, 21.3R3 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes MX versions 21.2.x antérieures à 21.2R2-S2 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes PTX versions 20.3.x antérieures à 20.3R3-S4 | ||
| Juniper Networks | Junos OS | Junos OS versions 20.1.x antérieures à 20.1R3-S4 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes MX versions 21.4.x antérieures à 21.4R2 | ||
| Juniper Networks | Junos OS | Junos OS versions 20.4.x antérieures à 20.4R2-S2, 20.4R3-S3 | ||
| Juniper Networks | Junos OS | Junos OS versions 19.4.x antérieures à 19.4R2-S6, 19.4R3-S8 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes PTX versions 19.3.x antérieures à 19.3R3-S6 | ||
| Juniper Networks | Junos OS | Junos OS versions 18.4.x antérieures à 18.4R2-S10, 18.4R3-S9 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes QFX versions antérieures à 19.1R3-S9 | ||
| Juniper Networks | Junos OS | Junos OS versions 21.2.x antérieures à 21.2R2-S2, 21.2R3 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes SRX versions 21.4.x antérieures à 21.4R1-S1, 21.4R2 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes SRX versions 20.3.x antérieures à 20.3R3-S3 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes SRX versions antérieures à 19.2R1-S9, 19.2R3-S5 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes MX versions supérieures à 20.1R1 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes SRX versions 20.4.x antérieures à 20.4R3-S2, 20.4R3-S3 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes QFX versions 21.2.x antérieures à 21.2R2-S1, 21.2R3 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes MX versions 20.3.x antérieures à 20.3R3-S4 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes PTX versions 21.1.x antérieures à 21.1R2-S1, 21.1R3-S2 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes PTX versions 21.2.x antérieures à 21.2R1-S1, 21.2R2, 21.2R3-S1 | ||
| Juniper Networks | Junos OS | Junos OS versions 19.3.x antérieures à 19.3R2-S7, 19.3R3-S6 | ||
| Juniper Networks | Junos OS | Junos OS versions 17.3.x antérieures à 17.3R3-S12 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes EX versions 21.4.x antérieures à 21.4R1-S1, 21.4R2 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes SRX versions 19.4.x antérieures à 19.4R3-S8 | ||
| Juniper Networks | Junos OS | Junos OS versions 21.4.x antérieures à 21.4R1-S2, 21.4R2 | ||
| Juniper Networks | Junos OS | Junos OS versions 19.1.x antérieures à 19.1R2-S3, 19.1R3-S8 | ||
| Juniper Networks | Junos OS | Junos OS versions 15.1X49, 15.1X49-D100 et suivantes antérieures à 19.2R3-S5 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes QFX versions 20.1.x antérieures à 20.1R3-S4 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes PTX versions 21.3.x antérieures à 21.3R3 | ||
| Juniper Networks | Junos OS | Junos OS versions antérieures à 12.3R12-S21 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes SRX versions 21.3.x antérieures à 21.3R1-S2, 21.3R2, 21.3R3 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes PTX versions 19.2.x antérieures à 19.2R1-S8, 19.2R3-S6 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes EX versions 19.4.x antérieures à 19.4R3-S8 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes SRX versions 20.1.x antérieures à 20.1R3-S4 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes EX versions 20.3.x antérieures à 20.3R3-S3 | ||
| Juniper Networks | Junos OS | Junos OS versions 21.1.x antérieures à 21.1R3-S1 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes MX versions 20.4.x antérieures à 20.4R3-S2 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes PTX versions 21.4.x antérieures à 21.4R2 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes PTX versions 22.1.x antérieures à 22.1R2 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes MX versions 21.3.x antérieures à 21.3R2 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes PTX toutes versions antérieures à 19.1R3-S9 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes PTX versions 19.4.x antérieures à 19.4R2-S5, 19.4R3-S8 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes QFX versions 19.4.x antérieures à 19.4R2-S6, 19.4R3-S8 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes EX versions 20.2.x antérieures à 20.2R3-S4 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes MX versions 21.1.x antérieures à 21.1R2, 21.1R3-S2 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes QFX versions 21.1.x antérieures à 21.1R2-S1, 21.1R3 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes QFX versions 19.3.x antérieures à 19.3R3-S6 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes EX versions 21.2.x antérieures à 21.2R2-S2, 21.2R3 | ||
| Juniper Networks | Junos OS | Junos OS versions 20.3.x antérieures à 20.3R3-S4 | ||
| Juniper Networks | Junos OS | Junos OS versions 18.3.x antérieures à 18.3R3-S6 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes PTX versions 20.1.x antérieures à 20.1R3-S4 | ||
| Juniper Networks | Junos OS | Junos OS versions 15.1.x antérieures à 15.1R7-S10 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes MX versions 20.2.x antérieures à 20.2R3-S5 | ||
| Juniper Networks | Junos OS Evolved | Junos OS Evolved versions 21.3.x antérieures à 21.3R2-S1-EVO, 21.3R3-EVO | ||
| Juniper Networks | Junos OS Evolved | Junos OS Evolved versions 21.2.x antérieures à 21.2R1-S1-EVO, 21.2R3-EVO | ||
| Juniper Networks | Junos OS Evolved | Junos OS Evolved versions 21.4.x antérieures à 21.4R1-S1-EVO, 21.4R2-EVO | ||
| Juniper Networks | Junos OS Evolved | Junos OS Evolved versions antérieures à 20.4R3-S3-EVO | ||
| Juniper Networks | Junos OS Evolved | Junos OS Evolved versions 21.1.x aantérieures à 21.1R3-S1-EVO | ||
| Juniper Networks | Junos Space | Junos Space versions antérieures à 22.1R1 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Junos Space Security Director Policy Enforcer versions ant\u00e9rieures \u00e0 22.1R1",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Contrail Networking versions ant\u00e9rieures \u00e0 21.4.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Contr\u00f4leur Juniper Networks NorthStar versions ant\u00e9rieures \u00e0 5.1.0 Service Pack 6",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Contr\u00f4leur Juniper Networks NorthStar versions 6.x ant\u00e9rieures \u00e0 6.2.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes PTX versions 20.4.x ant\u00e9rieures \u00e0 20.4R3-S4",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes EX versions 20.1.x ant\u00e9rieures \u00e0 20.1R3-S4",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes PTX versions 20.2.x ant\u00e9rieures \u00e0 20.2R3-S5",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 20.2.x ant\u00e9rieures \u00e0 20.2R3-S5",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes QFX versions 20.2.x ant\u00e9rieures \u00e0 20.2R3-S4",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes SRX versions 19.3.x ant\u00e9rieures \u00e0 19.3R3-S6",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes QFX versions 20.3.x ant\u00e9rieures \u00e0 20.3R3-S3",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes SRX versions 21.2.x ant\u00e9rieures \u00e0 21.2R2-S3, 21.2R3",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes EX versions 19.3.x ant\u00e9rieures \u00e0 19.3R3-S6",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes QFX versions 19.2.x ant\u00e9rieures \u00e0 19.2R1-S9, 19.2R3-S5",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes SRX versions 21.1.x ant\u00e9rieures \u00e0 21.1R3-S2",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes SRX versions 20.2.x ant\u00e9rieures \u00e0 20.2R3-S4",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes EX versions 21.1.x ant\u00e9rieures \u00e0 21.1R3-S1",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes EX versions 20.4.x ant\u00e9rieures \u00e0 20.4R3-S2, 20.4R3-S3",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes QFX versions 21.3.x ant\u00e9rieures \u00e0 21.3R2",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 21.3.x ant\u00e9rieures \u00e0 21.3R2-S1, 21.3R3",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes QFX versions 20.4.x ant\u00e9rieures \u00e0 20.4R3-S2",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 19.2.x ant\u00e9rieures \u00e0 19.2R1-S9, 19.2R3-S6",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes EX versions ant\u00e9rieures \u00e0 19.2R1-S9, 19.2R3-S5",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes EX versions 21.3.x ant\u00e9rieures \u00e0 21.3R1-S2, 21.3R2, 21.3R3",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes MX versions 21.2.x ant\u00e9rieures \u00e0 21.2R2-S2",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes PTX versions 20.3.x ant\u00e9rieures \u00e0 20.3R3-S4",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 20.1.x ant\u00e9rieures \u00e0 20.1R3-S4",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes MX versions 21.4.x ant\u00e9rieures \u00e0 21.4R2",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 20.4.x ant\u00e9rieures \u00e0 20.4R2-S2, 20.4R3-S3",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 19.4.x ant\u00e9rieures \u00e0 19.4R2-S6, 19.4R3-S8",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes PTX versions 19.3.x ant\u00e9rieures \u00e0 19.3R3-S6",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 18.4.x ant\u00e9rieures \u00e0 18.4R2-S10, 18.4R3-S9",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes QFX versions ant\u00e9rieures \u00e0 19.1R3-S9",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 21.2.x ant\u00e9rieures \u00e0 21.2R2-S2, 21.2R3",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes SRX versions 21.4.x ant\u00e9rieures \u00e0 21.4R1-S1, 21.4R2",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes SRX versions 20.3.x ant\u00e9rieures \u00e0 20.3R3-S3",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes SRX versions ant\u00e9rieures \u00e0 19.2R1-S9, 19.2R3-S5",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes MX versions sup\u00e9rieures \u00e0 20.1R1",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes SRX versions 20.4.x ant\u00e9rieures \u00e0 20.4R3-S2, 20.4R3-S3",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes QFX versions 21.2.x ant\u00e9rieures \u00e0 21.2R2-S1, 21.2R3",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes MX versions 20.3.x ant\u00e9rieures \u00e0 20.3R3-S4",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes PTX versions 21.1.x ant\u00e9rieures \u00e0 21.1R2-S1, 21.1R3-S2",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes PTX versions 21.2.x ant\u00e9rieures \u00e0 21.2R1-S1, 21.2R2, 21.2R3-S1",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 19.3.x ant\u00e9rieures \u00e0 19.3R2-S7, 19.3R3-S6",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 17.3.x ant\u00e9rieures \u00e0 17.3R3-S12",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes EX versions 21.4.x ant\u00e9rieures \u00e0 21.4R1-S1, 21.4R2",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes SRX versions 19.4.x ant\u00e9rieures \u00e0 19.4R3-S8",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 21.4.x ant\u00e9rieures \u00e0 21.4R1-S2, 21.4R2",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 19.1.x ant\u00e9rieures \u00e0 19.1R2-S3, 19.1R3-S8",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 15.1X49, 15.1X49-D100 et suivantes ant\u00e9rieures \u00e0 19.2R3-S5",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes QFX versions 20.1.x ant\u00e9rieures \u00e0 20.1R3-S4",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes PTX versions 21.3.x ant\u00e9rieures \u00e0 21.3R3",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions ant\u00e9rieures \u00e0 12.3R12-S21",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes SRX versions 21.3.x ant\u00e9rieures \u00e0 21.3R1-S2, 21.3R2, 21.3R3",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes PTX versions 19.2.x ant\u00e9rieures \u00e0 19.2R1-S8, 19.2R3-S6",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes EX versions 19.4.x ant\u00e9rieures \u00e0 19.4R3-S8",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes SRX versions 20.1.x ant\u00e9rieures \u00e0 20.1R3-S4",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes EX versions 20.3.x ant\u00e9rieures \u00e0 20.3R3-S3",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 21.1.x ant\u00e9rieures \u00e0 21.1R3-S1",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes MX versions 20.4.x ant\u00e9rieures \u00e0 20.4R3-S2",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes PTX versions 21.4.x ant\u00e9rieures \u00e0 21.4R2",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes PTX versions 22.1.x ant\u00e9rieures \u00e0 22.1R2",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes MX versions 21.3.x ant\u00e9rieures \u00e0 21.3R2",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes PTX toutes versions ant\u00e9rieures \u00e0 19.1R3-S9",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes PTX versions 19.4.x ant\u00e9rieures \u00e0 19.4R2-S5, 19.4R3-S8",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes QFX versions 19.4.x ant\u00e9rieures \u00e0 19.4R2-S6, 19.4R3-S8",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes EX versions 20.2.x ant\u00e9rieures \u00e0 20.2R3-S4",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes MX versions 21.1.x ant\u00e9rieures \u00e0 21.1R2, 21.1R3-S2",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes QFX versions 21.1.x ant\u00e9rieures \u00e0 21.1R2-S1, 21.1R3",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes QFX versions 19.3.x ant\u00e9rieures \u00e0 19.3R3-S6",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes EX versions 21.2.x ant\u00e9rieures \u00e0 21.2R2-S2, 21.2R3",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 20.3.x ant\u00e9rieures \u00e0 20.3R3-S4",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 18.3.x ant\u00e9rieures \u00e0 18.3R3-S6",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes PTX versions 20.1.x ant\u00e9rieures \u00e0 20.1R3-S4",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 15.1.x ant\u00e9rieures \u00e0 15.1R7-S10",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes MX versions 20.2.x ant\u00e9rieures \u00e0 20.2R3-S5",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 21.3.x ant\u00e9rieures \u00e0 21.3R2-S1-EVO, 21.3R3-EVO",
"product": {
"name": "Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 21.2.x ant\u00e9rieures \u00e0 21.2R1-S1-EVO, 21.2R3-EVO",
"product": {
"name": "Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 21.4.x ant\u00e9rieures \u00e0 21.4R1-S1-EVO, 21.4R2-EVO",
"product": {
"name": "Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions ant\u00e9rieures \u00e0 20.4R3-S3-EVO",
"product": {
"name": "Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 21.1.x aant\u00e9rieures \u00e0 21.1R3-S1-EVO",
"product": {
"name": "Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos Space versions ant\u00e9rieures \u00e0 22.1R1",
"product": {
"name": "Junos Space",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2012-0876",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0876"
},
{
"name": "CVE-2003-0001",
"url": "https://www.cve.org/CVERecord?id=CVE-2003-0001"
},
{
"name": "CVE-2015-2716",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2716"
},
{
"name": "CVE-2015-1283",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1283"
},
{
"name": "CVE-2013-7422",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-7422"
},
{
"name": "CVE-2015-7705",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7705"
},
{
"name": "CVE-2015-8035",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8035"
},
{
"name": "CVE-2016-2516",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2516"
},
{
"name": "CVE-2016-4612",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4612"
},
{
"name": "CVE-2016-4610",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4610"
},
{
"name": "CVE-2016-4608",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4608"
},
{
"name": "CVE-2016-4609",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4609"
},
{
"name": "CVE-2016-4607",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4607"
},
{
"name": "CVE-2016-5131",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5131"
},
{
"name": "CVE-2016-4658",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4658"
},
{
"name": "CVE-2016-4738",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4738"
},
{
"name": "CVE-2016-5300",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5300"
},
{
"name": "CVE-2016-9063",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9063"
},
{
"name": "CVE-2016-8618",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8618"
},
{
"name": "CVE-2016-8622",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8622"
},
{
"name": "CVE-2016-8619",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8619"
},
{
"name": "CVE-2016-5180",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5180"
},
{
"name": "CVE-2016-9538",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9538"
},
{
"name": "CVE-2016-9539",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9539"
},
{
"name": "CVE-2017-0553",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0553"
},
{
"name": "CVE-2017-7375",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7375"
},
{
"name": "CVE-2017-1000368",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000368"
},
{
"name": "CVE-2017-10989",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-10989"
},
{
"name": "CVE-2017-7525",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7525"
},
{
"name": "CVE-2017-15412",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15412"
},
{
"name": "CVE-2017-8817",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8817"
},
{
"name": "CVE-2015-8385",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8385"
},
{
"name": "CVE-2015-8388",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8388"
},
{
"name": "CVE-2015-2327",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2327"
},
{
"name": "CVE-2017-16931",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-16931"
},
{
"name": "CVE-2015-8394",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8394"
},
{
"name": "CVE-2015-8387",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8387"
},
{
"name": "CVE-2015-8391",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8391"
},
{
"name": "CVE-2015-8380",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8380"
},
{
"name": "CVE-2016-3191",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3191"
},
{
"name": "CVE-2015-8390",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8390"
},
{
"name": "CVE-2015-8386",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8386"
},
{
"name": "CVE-2015-2328",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2328"
},
{
"name": "CVE-2017-18258",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18258"
},
{
"name": "CVE-2018-9251",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9251"
},
{
"name": "CVE-2018-7489",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7489"
},
{
"name": "CVE-2017-15095",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15095"
},
{
"name": "CVE-2017-17485",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-17485"
},
{
"name": "CVE-2019-9518",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9518"
},
{
"name": "CVE-2018-14721",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14721"
},
{
"name": "CVE-2019-8457",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8457"
},
{
"name": "CVE-2019-1354",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1354"
},
{
"name": "CVE-2019-1352",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1352"
},
{
"name": "CVE-2019-1387",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1387"
},
{
"name": "CVE-2019-1349",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1349"
},
{
"name": "CVE-2019-1350",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1350"
},
{
"name": "CVE-2019-17267",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17267"
},
{
"name": "CVE-2020-2754",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2754"
},
{
"name": "CVE-2020-2756",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2756"
},
{
"name": "CVE-2020-2805",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2805"
},
{
"name": "CVE-2020-2830",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2830"
},
{
"name": "CVE-2020-2757",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2757"
},
{
"name": "CVE-2020-2800",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2800"
},
{
"name": "CVE-2020-2803",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2803"
},
{
"name": "CVE-2020-2755",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2755"
},
{
"name": "CVE-2020-2781",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2781"
},
{
"name": "CVE-2020-2773",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2773"
},
{
"name": "CVE-2020-8616",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8616"
},
{
"name": "CVE-2020-8617",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8617"
},
{
"name": "CVE-2019-17571",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17571"
},
{
"name": "CVE-2017-14867",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14867"
},
{
"name": "CVE-2019-16943",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16943"
},
{
"name": "CVE-2020-14579",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14579"
},
{
"name": "CVE-2020-14577",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14577"
},
{
"name": "CVE-2020-14578",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14578"
},
{
"name": "CVE-2020-14621",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14621"
},
{
"name": "CVE-2020-14583",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14583"
},
{
"name": "CVE-2020-14593",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14593"
},
{
"name": "CVE-2020-14556",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14556"
},
{
"name": "CVE-2020-11656",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11656"
},
{
"name": "CVE-2020-1968",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1968"
},
{
"name": "CVE-2020-15999",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15999"
},
{
"name": "CVE-2020-1747",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1747"
},
{
"name": "CVE-2020-25696",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25696"
},
{
"name": "CVE-2020-13631",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13631"
},
{
"name": "CVE-2020-13435",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13435"
},
{
"name": "CVE-2020-13434",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13434"
},
{
"name": "CVE-2020-15358",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15358"
},
{
"name": "CVE-2020-13630",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13630"
},
{
"name": "CVE-2020-25704",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25704"
},
{
"name": "CVE-2020-1971",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1971"
},
{
"name": "CVE-2021-23839",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23839"
},
{
"name": "CVE-2021-23841",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23841"
},
{
"name": "CVE-2021-23840",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23840"
},
{
"name": "CVE-2021-3177",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3177"
},
{
"name": "CVE-2019-25013",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-25013"
},
{
"name": "CVE-2021-28950",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28950"
},
{
"name": "CVE-2020-36322",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36322"
},
{
"name": "CVE-2021-23017",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23017"
},
{
"name": "CVE-2020-36385",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36385"
},
{
"name": "CVE-2020-10878",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10878"
},
{
"name": "CVE-2020-13632",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13632"
},
{
"name": "CVE-2020-11655",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11655"
},
{
"name": "CVE-2020-29573",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-29573"
},
{
"name": "CVE-2020-10029",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10029"
},
{
"name": "CVE-2021-3712",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3712"
},
{
"name": "CVE-2020-12049",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12049"
},
{
"name": "CVE-2020-14363",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14363"
},
{
"name": "CVE-2019-18276",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18276"
},
{
"name": "CVE-2021-3520",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3520"
},
{
"name": "CVE-2019-9169",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9169"
},
{
"name": "CVE-2021-3517",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3517"
},
{
"name": "CVE-2021-20271",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20271"
},
{
"name": "CVE-2020-27619",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27619"
},
{
"name": "CVE-2020-8492",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8492"
},
{
"name": "CVE-2021-20227",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20227"
},
{
"name": "CVE-2021-35603",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35603"
},
{
"name": "CVE-2021-35586",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35586"
},
{
"name": "CVE-2021-35559",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35559"
},
{
"name": "CVE-2021-35567",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35567"
},
{
"name": "CVE-2021-35578",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35578"
},
{
"name": "CVE-2021-35550",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35550"
},
{
"name": "CVE-2021-35561",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35561"
},
{
"name": "CVE-2021-35565",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35565"
},
{
"name": "CVE-2021-35588",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35588"
},
{
"name": "CVE-2021-35564",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35564"
},
{
"name": "CVE-2021-35556",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35556"
},
{
"name": "CVE-2021-22946",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22946"
},
{
"name": "CVE-2020-13871",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13871"
},
{
"name": "CVE-2020-25717",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25717"
},
{
"name": "CVE-2016-2124",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2124"
},
{
"name": "CVE-2021-42739",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42739"
},
{
"name": "CVE-2019-9924",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9924"
},
{
"name": "CVE-2019-14892",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14892"
},
{
"name": "CVE-2019-14893",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14893"
},
{
"name": "CVE-2022-21304",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21304"
},
{
"name": "CVE-2022-21245",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21245"
},
{
"name": "CVE-2022-21344",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21344"
},
{
"name": "CVE-2022-21270",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21270"
},
{
"name": "CVE-2022-21367",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21367"
},
{
"name": "CVE-2022-21303",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21303"
},
{
"name": "CVE-2020-9327",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9327"
},
{
"name": "CVE-2021-41617",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41617"
},
{
"name": "CVE-2019-14379",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14379"
},
{
"name": "CVE-2014-6272",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-6272"
},
{
"name": "CVE-2015-6525",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-6525"
},
{
"name": "CVE-2018-14404",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14404"
},
{
"name": "CVE-2017-1000158",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000158"
},
{
"name": "CVE-2020-14343",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14343"
},
{
"name": "CVE-2018-1000654",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000654"
},
{
"name": "CVE-2014-9471",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9471"
},
{
"name": "CVE-2019-14540",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14540"
},
{
"name": "CVE-2020-8840",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8840"
},
{
"name": "CVE-2019-16942",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16942"
},
{
"name": "CVE-2019-16335",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16335"
},
{
"name": "CVE-2019-17531",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17531"
},
{
"name": "CVE-2019-20330",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20330"
},
{
"name": "CVE-2019-0205",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0205"
},
{
"name": "CVE-2017-12562",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12562"
},
{
"name": "CVE-2018-14567",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14567"
},
{
"name": "CVE-2022-22217",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22217"
},
{
"name": "CVE-2016-4484",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4484"
},
{
"name": "CVE-2015-4042",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4042"
},
{
"name": "CVE-2016-7943",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7943"
},
{
"name": "CVE-2016-6318",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6318"
},
{
"name": "CVE-2017-7500",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7500"
},
{
"name": "CVE-2016-7942",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7942"
},
{
"name": "CVE-2017-9117",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9117"
},
{
"name": "CVE-2022-22203",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22203"
},
{
"name": "CVE-2015-5228",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5228"
},
{
"name": "CVE-2021-42574",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42574"
},
{
"name": "CVE-2022-22216",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22216"
},
{
"name": "CVE-2015-7805",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7805"
},
{
"name": "CVE-2017-8779",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8779"
},
{
"name": "CVE-2022-22206",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22206"
},
{
"name": "CVE-2016-7947",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7947"
},
{
"name": "CVE-2016-7951",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7951"
},
{
"name": "CVE-2018-8088",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8088"
},
{
"name": "CVE-2018-6954",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6954"
},
{
"name": "CVE-2014-9488",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9488"
},
{
"name": "CVE-2018-14720",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14720"
},
{
"name": "CVE-2017-15994",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15994"
},
{
"name": "CVE-2022-22209",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22209"
},
{
"name": "CVE-2015-8540",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8540"
},
{
"name": "CVE-2016-7950",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7950"
},
{
"name": "CVE-2017-14930",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14930"
},
{
"name": "CVE-2017-8105",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8105"
},
{
"name": "CVE-2016-7949",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7949"
},
{
"name": "CVE-2017-5225",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5225"
},
{
"name": "CVE-2016-1951",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1951"
},
{
"name": "CVE-2017-8871",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8871"
},
{
"name": "CVE-2018-19362",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19362"
},
{
"name": "CVE-2022-22215",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22215"
},
{
"name": "CVE-2015-7036",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7036"
},
{
"name": "CVE-2016-2779",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2779"
},
{
"name": "CVE-2022-22213",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22213"
},
{
"name": "CVE-2016-10195",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10195"
},
{
"name": "CVE-2014-5044",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-5044"
},
{
"name": "CVE-2016-7944",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7944"
},
{
"name": "CVE-2014-9114",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9114"
},
{
"name": "CVE-2014-9474",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9474"
},
{
"name": "CVE-2015-2059",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2059"
},
{
"name": "CVE-2022-22207",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22207"
},
{
"name": "CVE-2022-22205",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22205"
},
{
"name": "CVE-2022-22204",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22204"
},
{
"name": "CVE-2017-5929",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5929"
},
{
"name": "CVE-2018-19361",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19361"
},
{
"name": "CVE-2017-10685",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-10685"
},
{
"name": "CVE-2021-33574",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33574"
},
{
"name": "CVE-2015-8947",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8947"
},
{
"name": "CVE-2019-9893",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9893"
},
{
"name": "CVE-2016-1238",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1238"
},
{
"name": "CVE-2016-7948",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7948"
},
{
"name": "CVE-2014-9746",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9746"
},
{
"name": "CVE-2018-14719",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14719"
},
{
"name": "CVE-2016-2052",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2052"
},
{
"name": "CVE-2021-3487",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3487"
},
{
"name": "CVE-2022-22214",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22214"
},
{
"name": "CVE-2014-4043",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4043"
},
{
"name": "CVE-2022-22221",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22221"
},
{
"name": "CVE-2022-22212",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22212"
},
{
"name": "CVE-2017-16548",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-16548"
},
{
"name": "CVE-2021-36690",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36690"
},
{
"name": "CVE-2014-9939",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9939"
},
{
"name": "CVE-2017-11164",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11164"
},
{
"name": "CVE-2015-3308",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3308"
},
{
"name": "CVE-2017-7614",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7614"
},
{
"name": "CVE-2022-22202",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22202"
},
{
"name": "CVE-2017-8421",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8421"
},
{
"name": "CVE-2017-14062",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14062"
},
{
"name": "CVE-2018-14718",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14718"
},
{
"name": "CVE-2022-22218",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22218"
},
{
"name": "CVE-2017-10684",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-10684"
},
{
"name": "CVE-2022-22210",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22210"
},
{
"name": "CVE-2017-13716",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13716"
},
{
"name": "CVE-2021-37750",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37750"
},
{
"name": "CVE-2015-5602",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5602"
},
{
"name": "CVE-2018-11307",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11307"
},
{
"name": "CVE-2018-19360",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19360"
},
{
"name": "CVE-2017-17434",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-17434"
},
{
"name": "CVE-2017-8287",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8287"
},
{
"name": "CVE-2017-8804",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8804"
}
],
"links": [],
"reference": "CERTFR-2022-AVI-650",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-07-15T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nJuniper. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69723 du 13 juillet 2022",
"url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-Space-Security-Director-Policy-Enforcer-upgraded-to-CentOS-7-9"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69722 du 13 juillet 2022",
"url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-Space-Multiple-vulnerabilities-resolved-in-22-2R1-release-CVE-2022-22218"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69713 du 13 juillet 2022",
"url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-OS-RIB-and-PFEs-can-get-out-of-sync-due-to-a-memory-leak-caused-by-interface-flaps-or-route-churn-CVE-2022-22209"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69710 du 13 juillet 2022",
"url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-OS-SRX-series-The-PFE-will-crash-when-specific-traffic-is-scanned-by-Enhanced-Web-Filtering-safe-search-CVE-2022-22206"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69717 du 13 juillet 2022",
"url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Denial-of-Service-DoS-vulnerability-in-RPD-upon-receipt-of-specific-BGP-update-CVE-2022-22213"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69707 du 13 juillet 2022",
"url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-OS-EX4600-Series-and-QFX5000-Series-Receipt-of-specific-traffic-will-lead-to-an-fxpc-process-crash-followed-by-an-FPC-reboot-CVE-2022-22203"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69714 du 13 juillet 2022",
"url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-OS-QFX5000-Series-and-MX-Series-An-l2alm-crash-leading-to-an-FPC-crash-can-be-observed-in-VxLAN-scenario-CVE-2022-22210"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69718 du 13 juillet 2022",
"url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-In-an-MPLS-scenario-upon-receipt-of-a-specific-IPv6-packet-an-FPC-will-crash-CVE-2022-22214"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69726 du 13 juillet 2022",
"url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Contrail-Networking-Multiple-vulnerabilities-resolved-in-Contrail-Networking-21-4"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69711 du 13 juillet 2022",
"url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-OS-MX-Series-with-MPC11-In-a-GNF-node-slicing-scenario-gathering-AF-interface-statistics-can-lead-to-a-kernel-crash-CVE-2022-22207"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69715 du 13 juillet 2022",
"url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-OS-OpenSSL-security-fixes"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69708 du 13 juillet 2022",
"url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-OS-MX-Series-and-SRX-Series-When-receiving-a-specific-SIP-packets-stale-call-table-entries-are-created-which-eventually-leads-to-a-DoS-for-all-SIP-traffic-CVE-2022-22204"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69716 du 13 juillet 2022",
"url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-OS-Evolved-A-high-rate-of-specific-hostbound-traffic-will-cause-unexpected-hostbound-traffic-delays-or-drops-CVE-2022-22212"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69719 du 13 juillet 2022",
"url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-var-run-pid-env-files-are-potentially-not-deleted-during-termination-of-a-gRPC-connection-causing-inode-exhaustion-CVE-2022-22215"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69703 du 13 juillet 2022",
"url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Northstar-Controller-nginx-component-allows-remote-attacker-to-cause-worker-process-crash-or-potentially-arbitrary-code-execution-CVE-2021-23017-2"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69721 du 13 juillet 2022",
"url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-OS-QFX10k-Series-Denial-of-Service-DoS-upon-receipt-of-crafted-MLD-packets-on-multi-homing-ESI-in-VXLAN-CVE-2022-22217"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69720 du 13 juillet 2022",
"url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-OS-PTX-Series-and-QFX10000-Series-Etherleak-memory-disclosure-in-Ethernet-padding-data-CVE-2022-22216"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69725 du 13 juillet 2022",
"url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-OS-SRX-and-EX-Series-Local-privilege-escalation-flaw-in-download-functionality-CVE-2022-22221"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69705 du 13 juillet 2022",
"url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Multiple-vulnerabilities-in-SQLite-resolved"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69709 du 13 juillet 2022",
"url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-OS-SRX-Series-An-FPC-memory-leak-can-occur-in-an-APBR-scenario-CVE-2022-22205"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69706 du 13 juillet 2022",
"url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-OS-PTX-Series-FPCs-may-restart-unexpectedly-upon-receipt-of-specific-MPLS-packets-with-certain-multi-unit-interface-configurations-CVE-2022-22202"
}
]
}
CERTFR-2026-AVI-0500
Vulnerability from certfr_avis - Published: 2026-04-27 - Updated: 2026-04-27
De multiples vulnérabilités ont été découvertes dans VMware Tanzu. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Tanzu Greenplum Platform Extension Framework versions ant\u00e9rieures \u00e0 8.0.0",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Data Lake versions ant\u00e9rieures \u00e0 4.0.0",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2019-12384",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12384"
},
{
"name": "CVE-2019-17267",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17267"
},
{
"name": "CVE-2026-2229",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2229"
},
{
"name": "CVE-2018-19362",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19362"
},
{
"name": "CVE-2026-33871",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33871"
},
{
"name": "CVE-2026-22737",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22737"
},
{
"name": "CVE-2026-3449",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3449"
},
{
"name": "CVE-2023-43642",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43642"
},
{
"name": "CVE-2021-21409",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21409"
},
{
"name": "CVE-2026-22036",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22036"
},
{
"name": "CVE-2023-1370",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1370"
},
{
"name": "CVE-2023-33201",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33201"
},
{
"name": "CVE-2022-46175",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46175"
},
{
"name": "CVE-2026-24098",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24098"
},
{
"name": "CVE-2018-14719",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14719"
},
{
"name": "CVE-2026-24734",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24734"
},
{
"name": "CVE-2021-0341",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0341"
},
{
"name": "CVE-2025-66614",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66614"
},
{
"name": "CVE-2020-9546",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9546"
},
{
"name": "CVE-2025-56200",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-56200"
},
{
"name": "CVE-2020-10673",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10673"
},
{
"name": "CVE-2020-35728",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35728"
},
{
"name": "CVE-2020-36181",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36181"
},
{
"name": "CVE-2026-1527",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1527"
},
{
"name": "CVE-2020-9548",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9548"
},
{
"name": "CVE-2020-36182",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36182"
},
{
"name": "CVE-2020-24616",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24616"
},
{
"name": "CVE-2026-41239",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41239"
},
{
"name": "CVE-2020-36185",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36185"
},
{
"name": "CVE-2022-37603",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37603"
},
{
"name": "CVE-2023-34610",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34610"
},
{
"name": "CVE-2024-47561",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47561"
},
{
"name": "CVE-2019-16942",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16942"
},
{
"name": "CVE-2022-25883",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25883"
},
{
"name": "CVE-2026-34486",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34486"
},
{
"name": "CVE-2026-1525",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1525"
},
{
"name": "CVE-2018-1320",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1320"
},
{
"name": "CVE-2020-9547",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9547"
},
{
"name": "CVE-2026-29145",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-29145"
},
{
"name": "CVE-2025-24970",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24970"
},
{
"name": "CVE-2025-49128",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49128"
},
{
"name": "CVE-2020-36179",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36179"
},
{
"name": "CVE-2018-14718",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14718"
},
{
"name": "CVE-2020-10650",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10650"
},
{
"name": "CVE-2025-1647",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1647"
},
{
"name": "CVE-2020-36186",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36186"
},
{
"name": "CVE-2026-23745",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23745"
},
{
"name": "CVE-2025-7962",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7962"
},
{
"name": "CVE-2020-36189",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36189"
},
{
"name": "CVE-2019-20444",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20444"
},
{
"name": "CVE-2020-35490",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35490"
},
{
"name": "CVE-2023-34462",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34462"
},
{
"name": "CVE-2026-33870",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33870"
},
{
"name": "CVE-2023-34454",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34454"
},
{
"name": "CVE-2021-20190",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20190"
},
{
"name": "CVE-2024-29857",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29857"
},
{
"name": "CVE-2020-13949",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13949"
},
{
"name": "CVE-2023-33202",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33202"
},
{
"name": "CVE-2024-13009",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-13009"
},
{
"name": "CVE-2023-26115",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26115"
},
{
"name": "CVE-2025-54550",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54550"
},
{
"name": "CVE-2025-54920",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54920"
},
{
"name": "CVE-2024-34447",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34447"
},
{
"name": "CVE-2019-16335",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16335"
},
{
"name": "CVE-2023-34453",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34453"
},
{
"name": "CVE-2025-33042",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-33042"
},
{
"name": "CVE-2024-11831",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11831"
},
{
"name": "CVE-2018-7489",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7489"
},
{
"name": "CVE-2025-58057",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58057"
},
{
"name": "CVE-2026-34500",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34500"
},
{
"name": "CVE-2025-9624",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9624"
},
{
"name": "CVE-2026-34043",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34043"
},
{
"name": "CVE-2024-26308",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26308"
},
{
"name": "CVE-2025-64718",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64718"
},
{
"name": "CVE-2020-11113",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11113"
},
{
"name": "CVE-2025-62718",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62718"
},
{
"name": "CVE-2026-4800",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4800"
},
{
"name": "CVE-2026-33671",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33671"
},
{
"name": "CVE-2026-33532",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33532"
},
{
"name": "CVE-2025-68470",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68470"
},
{
"name": "CVE-2025-67721",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-67721"
},
{
"name": "CVE-2024-23454",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23454"
},
{
"name": "CVE-2020-10672",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10672"
},
{
"name": "CVE-2022-3510",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3510"
},
{
"name": "CVE-2022-3509",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3509"
},
{
"name": "CVE-2021-37137",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37137"
},
{
"name": "CVE-2019-14439",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14439"
},
{
"name": "CVE-2026-33750",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33750"
},
{
"name": "CVE-2025-66236",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66236"
},
{
"name": "CVE-2020-10969",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10969"
},
{
"name": "CVE-2024-48910",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48910"
},
{
"name": "CVE-2024-8184",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8184"
},
{
"name": "CVE-2025-11143",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11143"
},
{
"name": "CVE-2026-34480",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34480"
},
{
"name": "CVE-2025-52999",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52999"
},
{
"name": "CVE-2025-7783",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7783"
},
{
"name": "CVE-2026-33228",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33228"
},
{
"name": "CVE-2025-12758",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12758"
},
{
"name": "CVE-2024-21538",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21538"
},
{
"name": "CVE-2020-36187",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36187"
},
{
"name": "CVE-2026-40175",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40175"
},
{
"name": "CVE-2024-57083",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57083"
},
{
"name": "CVE-2022-38749",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38749"
},
{
"name": "CVE-2024-23953",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23953"
},
{
"name": "CVE-2026-29074",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-29074"
},
{
"name": "CVE-2025-68161",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68161"
},
{
"name": "CVE-2023-34455",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34455"
},
{
"name": "CVE-2024-29131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29131"
},
{
"name": "CVE-2026-41240",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41240"
},
{
"name": "CVE-2026-26960",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26960"
},
{
"name": "CVE-2020-11620",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11620"
},
{
"name": "CVE-2024-53382",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53382"
},
{
"name": "CVE-2018-12022",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12022"
},
{
"name": "CVE-2024-47554",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47554"
},
{
"name": "CVE-2022-37601",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37601"
},
{
"name": "CVE-2018-5968",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5968"
},
{
"name": "CVE-2025-61795",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61795"
},
{
"name": "CVE-2026-27903",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27903"
},
{
"name": "CVE-2021-21295",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21295"
},
{
"name": "CVE-2024-45801",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45801"
},
{
"name": "CVE-2020-24750",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24750"
},
{
"name": "CVE-2025-27821",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27821"
},
{
"name": "CVE-2022-41404",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41404"
},
{
"name": "CVE-2023-39410",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39410"
},
{
"name": "CVE-2024-25710",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25710"
},
{
"name": "CVE-2024-7254",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7254"
},
{
"name": "CVE-2026-22732",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22732"
},
{
"name": "CVE-2024-29133",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29133"
},
{
"name": "CVE-2025-55163",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55163"
},
{
"name": "CVE-2026-34487",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34487"
},
{
"name": "CVE-2025-27555",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27555"
},
{
"name": "CVE-2025-65995",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-65995"
},
{
"name": "CVE-2022-3517",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3517"
},
{
"name": "CVE-2019-16943",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16943"
},
{
"name": "CVE-2021-43797",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43797"
},
{
"name": "CVE-2026-24842",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24842"
},
{
"name": "CVE-2017-7525",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7525"
},
{
"name": "CVE-2026-23950",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23950"
},
{
"name": "CVE-2019-20330",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20330"
},
{
"name": "CVE-2026-2950",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2950"
},
{
"name": "CVE-2020-14195",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14195"
},
{
"name": "CVE-2018-10237",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10237"
},
{
"name": "CVE-2019-12814",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12814"
},
{
"name": "CVE-2020-35491",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35491"
},
{
"name": "CVE-2019-17531",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17531"
},
{
"name": "CVE-2026-32280",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32280"
},
{
"name": "CVE-2023-52428",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52428"
},
{
"name": "CVE-2025-69873",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69873"
},
{
"name": "CVE-2020-14061",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14061"
},
{
"name": "CVE-2024-6485",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6485"
},
{
"name": "CVE-2025-67735",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-67735"
},
{
"name": "CVE-2022-42004",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42004"
},
{
"name": "CVE-2025-68458",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68458"
},
{
"name": "CVE-2021-22569",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22569"
},
{
"name": "CVE-2020-11619",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11619"
},
{
"name": "CVE-2026-29786",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-29786"
},
{
"name": "CVE-2025-26791",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-26791"
},
{
"name": "CVE-2020-36183",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36183"
},
{
"name": "CVE-2026-25854",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25854"
},
{
"name": "CVE-2021-22573",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22573"
},
{
"name": "CVE-2020-8840",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8840"
},
{
"name": "CVE-2026-2332",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2332"
},
{
"name": "CVE-2025-58056",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58056"
},
{
"name": "CVE-2026-1526",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1526"
},
{
"name": "CVE-2019-0205",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0205"
},
{
"name": "CVE-2024-47875",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47875"
},
{
"name": "CVE-2022-41854",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41854"
},
{
"name": "CVE-2026-33672",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33672"
},
{
"name": "CVE-2020-8908",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8908"
},
{
"name": "CVE-2024-37890",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37890"
},
{
"name": "CVE-2020-36184",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36184"
},
{
"name": "CVE-2023-42503",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42503"
},
{
"name": "CVE-2024-56373",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56373"
},
{
"name": "CVE-2026-25639",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25639"
},
{
"name": "CVE-2020-36180",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36180"
},
{
"name": "CVE-2024-28863",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28863"
},
{
"name": "CVE-2021-31684",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31684"
},
{
"name": "CVE-2022-25857",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25857"
},
{
"name": "CVE-2022-38751",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38751"
},
{
"name": "CVE-2025-25193",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25193"
},
{
"name": "CVE-2020-36518",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36518"
},
{
"name": "CVE-2026-22735",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22735"
},
{
"name": "CVE-2025-5889",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5889"
},
{
"name": "CVE-2024-30171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30171"
},
{
"name": "CVE-2026-24733",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24733"
},
{
"name": "CVE-2022-38900",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38900"
},
{
"name": "CVE-2025-68157",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68157"
},
{
"name": "CVE-2017-15095",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15095"
},
{
"name": "CVE-2019-14540",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14540"
},
{
"name": "CVE-2024-36114",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36114"
},
{
"name": "CVE-2025-27789",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27789"
},
{
"name": "CVE-2019-12086",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12086"
},
{
"name": "CVE-2025-48924",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48924"
},
{
"name": "CVE-2022-38752",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38752"
},
{
"name": "CVE-2025-8916",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8916"
},
{
"name": "CVE-2025-8885",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8885"
},
{
"name": "CVE-2025-41249",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41249"
},
{
"name": "CVE-2022-38750",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38750"
},
{
"name": "CVE-2021-21290",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21290"
},
{
"name": "CVE-2018-11307",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11307"
},
{
"name": "CVE-2026-26996",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26996"
},
{
"name": "CVE-2020-10968",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10968"
},
{
"name": "CVE-2022-42003",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42003"
},
{
"name": "CVE-2020-25649",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25649"
},
{
"name": "CVE-2025-68675",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68675"
},
{
"name": "CVE-2023-2976",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2976"
},
{
"name": "CVE-2017-17485",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-17485"
},
{
"name": "CVE-2026-34483",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34483"
},
{
"name": "CVE-2022-37599",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37599"
},
{
"name": "CVE-2026-32141",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32141"
},
{
"name": "CVE-2025-59419",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59419"
},
{
"name": "CVE-2022-1471",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1471"
},
{
"name": "CVE-2019-14379",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14379"
},
{
"name": "CVE-2023-26136",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26136"
},
{
"name": "CVE-2026-33816",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33816"
},
{
"name": "CVE-2022-3171",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3171"
},
{
"name": "CVE-2026-25219",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25219"
},
{
"name": "CVE-2020-11112",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11112"
},
{
"name": "CVE-2020-11111",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11111"
},
{
"name": "CVE-2026-31802",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31802"
},
{
"name": "CVE-2025-13465",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13465"
},
{
"name": "CVE-2025-22227",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22227"
},
{
"name": "CVE-2026-27904",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27904"
},
{
"name": "CVE-2026-1225",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1225"
},
{
"name": "CVE-2020-14060",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14060"
},
{
"name": "CVE-2020-36188",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36188"
},
{
"name": "CVE-2016-1000027",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000027"
},
{
"name": "CVE-2024-57699",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57699"
},
{
"name": "CVE-2019-14892",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14892"
},
{
"name": "CVE-2019-20445",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20445"
},
{
"name": "CVE-2025-48734",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48734"
},
{
"name": "CVE-2025-11226",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11226"
},
{
"name": "CVE-2020-14062",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14062"
}
],
"initial_release_date": "2026-04-27T00:00:00",
"last_revision_date": "2026-04-27T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0500",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-04-27T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans VMware Tanzu. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans VMware Tanzu",
"vendor_advisories": [
{
"published_at": "2026-04-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37405",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37405"
},
{
"published_at": "2026-04-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37404",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37404"
}
]
}
CERTFR-2026-AVI-0556
Vulnerability from certfr_avis - Published: 2026-05-11 - Updated: 2026-05-11
De multiples vulnérabilités ont été découvertes dans les produits VMware. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| VMware | Tanzu | Tanzu RabbitMQ on Kubernetes versions 31.3.x antérieures à 3.13.15 | ||
| VMware | Tanzu Greenplum | Tanzu Greenplum Streaming Server For Kubernetes versions antérieures à 1.3.0 | ||
| VMware | Tanzu | Tanzu Data Flow on Kubernetes versions antérieures à 2.1.0 | ||
| VMware | Tanzu | Tanzu RabbitMQ on Kubernetes versions 4.0.x antérieures à 4.0.20 | ||
| VMware | Tanzu Greenplum | Tanzu Greenplum Backup and Restore versions antérieures à1.33.0 | ||
| VMware | Tanzu Greenplum | Tanzu Greenplum Data Copy Utility versions antérieures à 2.9.3 | ||
| VMware | Tanzu | Tanzu for Valkey on Kubernetes versions antérieures à 3.3.4 | ||
| VMware | Tanzu Greenplum | Tanzu Greenplum Command Center versions 6.17.x antérieures à 6.17.0 | ||
| VMware | Tanzu Greenplum | Tanzu Greenplum on Kubernetes versions antérieures à 1.1.0 | ||
| VMware | Tanzu Greenplum | Tanzu Greenplum Platform Extension Framework versions antérieures à 8.0.0 | ||
| VMware | Tanzu | Tanzu RabbitMQ on Kubernetes versions 4.2.x antérieures à 4.2.6 | ||
| VMware | Tanzu Greenplum | Tanzu Greenplum Text versions antérieures à 4.0.0 | ||
| VMware | Tanzu Greenplum | Tanzu Greenplum Streaming Server versions antérieures à 2.3.0 | ||
| VMware | Tanzu | Tanzu RabbitMQ on Kubernetes versions 4.3.x antérieures à 4.3.0 | ||
| VMware | Tanzu | Tanzu for Valkey on Kubernetes versions antérieures à 3.4.0 | ||
| VMware | Tanzu Gemfire | Tanzu GemFire versions antérieures à 10.2.3 | ||
| VMware | Tanzu Greenplum | Tanzu Greenplum Upgrade versions antérieures à 2.0.0 | ||
| VMware | Tanzu Greenplum | Tanzu Greenplumversions antérieures à 7.8.0 | ||
| VMware | Tanzu Gemfire | Tanzu GemFire Vector Database versions antérieures à 1.2.2 | ||
| VMware | Tanzu Greenplum | Tanzu Greenplum versions antérieures à 6.33.0 | ||
| VMware | Tanzu Greenplum | Tanzu Greenplum Command Center versions 7.7.x antérieures à 7.7.0 | ||
| VMware | Tanzu | Tanzu RabbitMQ on Kubernetes versions 4.1.x antérieures à 4.1.11 | ||
| VMware | Tanzu | Tanzu for MySQL on Kubernetes versions antérieures à 2.0.3 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Tanzu RabbitMQ on Kubernetes versions 31.3.x ant\u00e9rieures \u00e0 3.13.15",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Greenplum Streaming Server For Kubernetes versions ant\u00e9rieures \u00e0 1.3.0",
"product": {
"name": "Tanzu Greenplum",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Data Flow on Kubernetes versions ant\u00e9rieures \u00e0 2.1.0",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu RabbitMQ on Kubernetes versions 4.0.x ant\u00e9rieures \u00e0 4.0.20",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Greenplum Backup and Restore versions ant\u00e9rieures \u00e01.33.0",
"product": {
"name": "Tanzu Greenplum",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Greenplum Data Copy Utility versions ant\u00e9rieures \u00e0 2.9.3",
"product": {
"name": "Tanzu Greenplum",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu for Valkey on Kubernetes versions ant\u00e9rieures \u00e0 3.3.4",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Greenplum Command Center versions 6.17.x ant\u00e9rieures \u00e0 6.17.0",
"product": {
"name": "Tanzu Greenplum",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Greenplum on Kubernetes versions ant\u00e9rieures \u00e0 1.1.0",
"product": {
"name": "Tanzu Greenplum",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Greenplum Platform Extension Framework versions ant\u00e9rieures \u00e0 8.0.0",
"product": {
"name": "Tanzu Greenplum",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu RabbitMQ on Kubernetes versions 4.2.x ant\u00e9rieures \u00e0 4.2.6",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Greenplum Text versions ant\u00e9rieures \u00e0 4.0.0",
"product": {
"name": "Tanzu Greenplum",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Greenplum Streaming Server versions ant\u00e9rieures \u00e0 2.3.0",
"product": {
"name": "Tanzu Greenplum",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu RabbitMQ on Kubernetes versions 4.3.x ant\u00e9rieures \u00e0 4.3.0",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu for Valkey on Kubernetes versions ant\u00e9rieures \u00e0 3.4.0",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": " Tanzu GemFire versions ant\u00e9rieures \u00e0 10.2.3",
"product": {
"name": "Tanzu Gemfire",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Greenplum Upgrade versions ant\u00e9rieures \u00e0 2.0.0",
"product": {
"name": "Tanzu Greenplum",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Greenplumversions ant\u00e9rieures \u00e0 7.8.0",
"product": {
"name": "Tanzu Greenplum",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu GemFire Vector Database versions ant\u00e9rieures \u00e0 1.2.2",
"product": {
"name": "Tanzu Gemfire",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Greenplum versions ant\u00e9rieures \u00e0 6.33.0",
"product": {
"name": "Tanzu Greenplum",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Greenplum Command Center versions 7.7.x ant\u00e9rieures \u00e0 7.7.0",
"product": {
"name": "Tanzu Greenplum",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu RabbitMQ on Kubernetes versions 4.1.x ant\u00e9rieures \u00e0 4.1.11",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu for MySQL on Kubernetes versions ant\u00e9rieures \u00e0 2.0.3\n",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-8715",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8715"
},
{
"name": "CVE-2025-30681",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30681"
},
{
"name": "CVE-2018-19361",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19361"
},
{
"name": "CVE-2019-12384",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12384"
},
{
"name": "CVE-2025-69534",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69534"
},
{
"name": "CVE-2025-61730",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61730"
},
{
"name": "CVE-2026-27135",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27135"
},
{
"name": "CVE-2019-17267",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17267"
},
{
"name": "CVE-2025-3264",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3264"
},
{
"name": "CVE-2018-19362",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19362"
},
{
"name": "CVE-2025-15282",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15282"
},
{
"name": "CVE-2026-33871",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33871"
},
{
"name": "CVE-2026-22737",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22737"
},
{
"name": "CVE-2020-26939",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26939"
},
{
"name": "CVE-2021-29425",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29425"
},
{
"name": "CVE-2025-53042",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53042"
},
{
"name": "CVE-2026-4878",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4878"
},
{
"name": "CVE-2026-35238",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-35238"
},
{
"name": "CVE-2025-30689",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30689"
},
{
"name": "CVE-2026-27205",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27205"
},
{
"name": "CVE-2025-9231",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9231"
},
{
"name": "CVE-2025-30715",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30715"
},
{
"name": "CVE-2024-37891",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37891"
},
{
"name": "CVE-2025-30682",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30682"
},
{
"name": "CVE-2026-32990",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32990"
},
{
"name": "CVE-2022-30973",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30973"
},
{
"name": "CVE-2025-50102",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50102"
},
{
"name": "CVE-2026-1669",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1669"
},
{
"name": "CVE-2026-39892",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39892"
},
{
"name": "CVE-2023-33201",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33201"
},
{
"name": "CVE-2026-33186",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33186"
},
{
"name": "CVE-2021-27906",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27906"
},
{
"name": "CVE-2025-27516",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27516"
},
{
"name": "CVE-2018-14719",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14719"
},
{
"name": "CVE-2026-34267",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34267"
},
{
"name": "CVE-2023-50386",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50386"
},
{
"name": "CVE-2026-21936",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21936"
},
{
"name": "CVE-2026-21937",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21937"
},
{
"name": "CVE-2025-66614",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66614"
},
{
"name": "CVE-2020-15250",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15250"
},
{
"name": "CVE-2016-1000341",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000341"
},
{
"name": "CVE-2026-32286",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32286"
},
{
"name": "CVE-2025-50100",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50100"
},
{
"name": "CVE-2020-9546",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9546"
},
{
"name": "CVE-2020-13956",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13956"
},
{
"name": "CVE-2026-35239",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-35239"
},
{
"name": "CVE-2026-3497",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3497"
},
{
"name": "CVE-2025-53062",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53062"
},
{
"name": "CVE-2026-25990",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25990"
},
{
"name": "CVE-2026-32288",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32288"
},
{
"name": "CVE-2021-36373",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36373"
},
{
"name": "CVE-2020-10673",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10673"
},
{
"name": "CVE-2024-12797",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12797"
},
{
"name": "CVE-2025-12084",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12084"
},
{
"name": "CVE-2020-35728",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35728"
},
{
"name": "CVE-2026-0897",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0897"
},
{
"name": "CVE-2025-5197",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5197"
},
{
"name": "CVE-2026-34271",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34271"
},
{
"name": "CVE-2019-10094",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10094"
},
{
"name": "CVE-2026-24308",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24308"
},
{
"name": "CVE-2025-11468",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11468"
},
{
"name": "CVE-2025-30703",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30703"
},
{
"name": "CVE-2020-36181",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36181"
},
{
"name": "CVE-2020-9548",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9548"
},
{
"name": "CVE-2026-3446",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3446"
},
{
"name": "CVE-2026-32875",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32875"
},
{
"name": "CVE-2020-36182",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36182"
},
{
"name": "CVE-2025-6069",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6069"
},
{
"name": "CVE-2016-1000343",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000343"
},
{
"name": "CVE-2020-24616",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24616"
},
{
"name": "CVE-2020-10683",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10683"
},
{
"name": "CVE-2022-24613",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24613"
},
{
"name": "CVE-2025-50080",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50080"
},
{
"name": "CVE-2025-6075",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6075"
},
{
"name": "CVE-2026-27456",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27456"
},
{
"name": "CVE-2026-22701",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22701"
},
{
"name": "CVE-2026-34270",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34270"
},
{
"name": "CVE-2026-34303",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34303"
},
{
"name": "CVE-2025-4330",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4330"
},
{
"name": "CVE-2025-2953",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2953"
},
{
"name": "CVE-2020-36185",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36185"
},
{
"name": "CVE-2025-50078",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50078"
},
{
"name": "CVE-2025-3933",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3933"
},
{
"name": "CVE-2025-4138",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4138"
},
{
"name": "CVE-2025-61731",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61731"
},
{
"name": "CVE-2018-8036",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8036"
},
{
"name": "CVE-2023-36632",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36632"
},
{
"name": "CVE-2022-26612",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26612"
},
{
"name": "CVE-2022-36364",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36364"
},
{
"name": "CVE-2026-27143",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27143"
},
{
"name": "CVE-2019-16942",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16942"
},
{
"name": "CVE-2025-30696",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30696"
},
{
"name": "CVE-2026-22009",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22009"
},
{
"name": "CVE-2018-1320",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1320"
},
{
"name": "CVE-2025-13837",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13837"
},
{
"name": "CVE-2020-9547",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9547"
},
{
"name": "CVE-2026-29145",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-29145"
},
{
"name": "CVE-2025-24970",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24970"
},
{
"name": "CVE-2025-49128",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49128"
},
{
"name": "CVE-2026-21998",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21998"
},
{
"name": "CVE-2019-17558",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17558"
},
{
"name": "CVE-2020-36179",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36179"
},
{
"name": "CVE-2026-35469",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-35469"
},
{
"name": "CVE-2020-13955",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13955"
},
{
"name": "CVE-2018-14718",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14718"
},
{
"name": "CVE-2020-10650",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10650"
},
{
"name": "CVE-2025-21584",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21584"
},
{
"name": "CVE-2025-66516",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66516"
},
{
"name": "CVE-2025-15367",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15367"
},
{
"name": "CVE-2016-1000346",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000346"
},
{
"name": "CVE-2020-36186",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36186"
},
{
"name": "CVE-2020-36189",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36189"
},
{
"name": "CVE-2025-9820",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9820"
},
{
"name": "CVE-2026-2006",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2006"
},
{
"name": "CVE-2020-35490",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35490"
},
{
"name": "CVE-2026-35236",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-35236"
},
{
"name": "CVE-2026-33870",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33870"
},
{
"name": "CVE-2020-13936",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13936"
},
{
"name": "CVE-2025-50085",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50085"
},
{
"name": "CVE-2021-20190",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20190"
},
{
"name": "CVE-2021-35516",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35516"
},
{
"name": "CVE-2024-29857",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29857"
},
{
"name": "CVE-2018-19360",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19360"
},
{
"name": "CVE-2023-33202",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33202"
},
{
"name": "CVE-2025-41248",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41248"
},
{
"name": "CVE-2024-13009",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-13009"
},
{
"name": "CVE-2026-5121",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5121"
},
{
"name": "CVE-2024-12798",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12798"
},
{
"name": "CVE-2025-0938",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0938"
},
{
"name": "CVE-2026-35237",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-35237"
},
{
"name": "CVE-2014-0114",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0114"
},
{
"name": "CVE-2026-33236",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33236"
},
{
"name": "CVE-2022-32287",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32287"
},
{
"name": "CVE-2026-2005",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2005"
},
{
"name": "CVE-2019-16335",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16335"
},
{
"name": "CVE-2016-1000345",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000345"
},
{
"name": "CVE-2026-24051",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24051"
},
{
"name": "CVE-2022-39135",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39135"
},
{
"name": "CVE-2025-33042",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-33042"
},
{
"name": "CVE-2026-34073",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34073"
},
{
"name": "CVE-2026-27144",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27144"
},
{
"name": "CVE-2018-7489",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7489"
},
{
"name": "CVE-2025-58057",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58057"
},
{
"name": "CVE-2025-8291",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8291"
},
{
"name": "CVE-2026-22017",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22017"
},
{
"name": "CVE-2022-26336",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26336"
},
{
"name": "CVE-2024-21244",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21244"
},
{
"name": "CVE-2026-32283",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32283"
},
{
"name": "CVE-2025-30683",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30683"
},
{
"name": "CVE-2025-30699",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30699"
},
{
"name": "CVE-2019-14893",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14893"
},
{
"name": "CVE-2018-1338",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1338"
},
{
"name": "CVE-2025-61727",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61727"
},
{
"name": "CVE-2023-50298",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50298"
},
{
"name": "CVE-2024-26308",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26308"
},
{
"name": "CVE-2021-29262",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29262"
},
{
"name": "CVE-2020-11113",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11113"
},
{
"name": "CVE-2024-21503",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21503"
},
{
"name": "CVE-2016-1000338",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000338"
},
{
"name": "CVE-2026-0861",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0861"
},
{
"name": "CVE-2026-1703",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1703"
},
{
"name": "CVE-2026-25645",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25645"
},
{
"name": "CVE-2026-21860",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21860"
},
{
"name": "CVE-2026-3479",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3479"
},
{
"name": "CVE-2024-52012",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52012"
},
{
"name": "CVE-2021-35517",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35517"
},
{
"name": "CVE-2025-50098",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50098"
},
{
"name": "CVE-2026-39883",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39883"
},
{
"name": "CVE-2026-4424",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4424"
},
{
"name": "CVE-2019-10088",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10088"
},
{
"name": "CVE-2025-50086",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50086"
},
{
"name": "CVE-2026-32281",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32281"
},
{
"name": "CVE-2026-1839",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1839"
},
{
"name": "CVE-2026-27142",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27142"
},
{
"name": "CVE-2026-34515",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34515"
},
{
"name": "CVE-2026-5598",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5598"
},
{
"name": "CVE-2026-34519",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34519"
},
{
"name": "CVE-2018-11797",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11797"
},
{
"name": "CVE-2026-22022",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22022"
},
{
"name": "CVE-2025-8194",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8194"
},
{
"name": "CVE-2026-34304",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34304"
},
{
"name": "CVE-2025-50082",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50082"
},
{
"name": "CVE-2024-23454",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23454"
},
{
"name": "CVE-2025-50097",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50097"
},
{
"name": "CVE-2026-30922",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-30922"
},
{
"name": "CVE-2025-50181",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50181"
},
{
"name": "CVE-2020-10672",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10672"
},
{
"name": "CVE-2024-21742",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21742"
},
{
"name": "CVE-2022-3510",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3510"
},
{
"name": "CVE-2025-50084",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50084"
},
{
"name": "CVE-2022-3509",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3509"
},
{
"name": "CVE-2025-50079",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50079"
},
{
"name": "CVE-2025-1795",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1795"
},
{
"name": "CVE-2019-14439",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14439"
},
{
"name": "CVE-2025-4517",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4517"
},
{
"name": "CVE-2021-37533",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37533"
},
{
"name": "CVE-2025-21574",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21574"
},
{
"name": "CVE-2018-8017",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8017"
},
{
"name": "CVE-2020-10969",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10969"
},
{
"name": "CVE-2024-8184",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8184"
},
{
"name": "CVE-2026-21948",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21948"
},
{
"name": "CVE-2025-11143",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11143"
},
{
"name": "CVE-2025-52999",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52999"
},
{
"name": "CVE-2025-21580",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21580"
},
{
"name": "CVE-2026-34986",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34986"
},
{
"name": "CVE-2025-53023",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53023"
},
{
"name": "CVE-2025-21575",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21575"
},
{
"name": "CVE-2020-36187",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36187"
},
{
"name": "CVE-2025-4435",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4435"
},
{
"name": "CVE-2017-15691",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15691"
},
{
"name": "CVE-2024-21634",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21634"
},
{
"name": "CVE-2025-21577",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21577"
},
{
"name": "CVE-2022-38749",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38749"
},
{
"name": "CVE-2026-22002",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22002"
},
{
"name": "CVE-2021-36090",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36090"
},
{
"name": "CVE-2026-34518",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34518"
},
{
"name": "CVE-2025-68161",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68161"
},
{
"name": "CVE-2016-1000342",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000342"
},
{
"name": "CVE-2024-5535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5535"
},
{
"name": "CVE-2024-29131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29131"
},
{
"name": "CVE-2018-17197",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-17197"
},
{
"name": "CVE-2024-12718",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12718"
},
{
"name": "CVE-2025-62813",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62813"
},
{
"name": "CVE-2020-11620",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11620"
},
{
"name": "CVE-2024-12801",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12801"
},
{
"name": "CVE-2024-5642",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5642"
},
{
"name": "CVE-2026-34308",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34308"
},
{
"name": "CVE-2016-1000339",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000339"
},
{
"name": "CVE-2018-12022",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12022"
},
{
"name": "CVE-2026-3219",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3219"
},
{
"name": "CVE-2025-50096",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50096"
},
{
"name": "CVE-2024-47554",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47554"
},
{
"name": "CVE-2023-50291",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50291"
},
{
"name": "CVE-2018-5968",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5968"
},
{
"name": "CVE-2025-61732",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61732"
},
{
"name": "CVE-2025-21499",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21499"
},
{
"name": "CVE-2023-45803",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45803"
},
{
"name": "CVE-2024-6763",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6763"
},
{
"name": "CVE-2026-27199",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27199"
},
{
"name": "CVE-2025-48976",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48976"
},
{
"name": "CVE-2020-1945",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1945"
},
{
"name": "CVE-2025-30705",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30705"
},
{
"name": "CVE-2021-23926",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23926"
},
{
"name": "CVE-2026-21964",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21964"
},
{
"name": "CVE-2025-8713",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8713"
},
{
"name": "CVE-2025-50088",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50088"
},
{
"name": "CVE-2026-22731",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22731"
},
{
"name": "CVE-2025-66471",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66471"
},
{
"name": "CVE-2025-68146",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68146"
},
{
"name": "CVE-2020-24750",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24750"
},
{
"name": "CVE-2026-25679",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25679"
},
{
"name": "CVE-2026-21441",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21441"
},
{
"name": "CVE-2025-3730",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3730"
},
{
"name": "CVE-2025-13836",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13836"
},
{
"name": "CVE-2024-25710",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25710"
},
{
"name": "CVE-2026-34525",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34525"
},
{
"name": "CVE-2024-7254",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7254"
},
{
"name": "CVE-2026-22732",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22732"
},
{
"name": "CVE-2025-50077",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50077"
},
{
"name": "CVE-2020-9492",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9492"
},
{
"name": "CVE-2025-54988",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54988"
},
{
"name": "CVE-2026-32274",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32274"
},
{
"name": "CVE-2026-40192",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40192"
},
{
"name": "CVE-2026-35240",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-35240"
},
{
"name": "CVE-2024-29133",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29133"
},
{
"name": "CVE-2026-22004",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22004"
},
{
"name": "CVE-2025-55163",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55163"
},
{
"name": "CVE-2018-1324",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1324"
},
{
"name": "CVE-2025-10158",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-10158"
},
{
"name": "CVE-2025-50092",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50092"
},
{
"name": "CVE-2025-50099",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50099"
},
{
"name": "CVE-2026-22001",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22001"
},
{
"name": "CVE-2026-32874",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32874"
},
{
"name": "CVE-2025-3263",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3263"
},
{
"name": "CVE-2025-12818",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12818"
},
{
"name": "CVE-2024-35195",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35195"
},
{
"name": "CVE-2026-4539",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4539"
},
{
"name": "CVE-2019-16943",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16943"
},
{
"name": "CVE-2021-31812",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31812"
},
{
"name": "CVE-2026-4519",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4519"
},
{
"name": "CVE-2025-15366",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15366"
},
{
"name": "CVE-2025-13462",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13462"
},
{
"name": "CVE-2025-30684",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30684"
},
{
"name": "CVE-2026-32289",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32289"
},
{
"name": "CVE-2026-0865",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0865"
},
{
"name": "CVE-2021-37404",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37404"
},
{
"name": "CVE-2024-9143",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9143"
},
{
"name": "CVE-2025-66221",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66221"
},
{
"name": "CVE-2017-7525",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7525"
},
{
"name": "CVE-2025-6051",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6051"
},
{
"name": "CVE-2026-4111",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4111"
},
{
"name": "CVE-2025-50093",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50093"
},
{
"name": "CVE-2025-53069",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53069"
},
{
"name": "CVE-2024-28085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28085"
},
{
"name": "CVE-2025-66034",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66034"
},
{
"name": "CVE-2019-20330",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20330"
},
{
"name": "CVE-2020-14195",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14195"
},
{
"name": "CVE-2025-21579",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21579"
},
{
"name": "CVE-2018-10237",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10237"
},
{
"name": "CVE-2019-12814",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12814"
},
{
"name": "CVE-2020-35491",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35491"
},
{
"name": "CVE-2019-17531",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17531"
},
{
"name": "CVE-2025-53044",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53044"
},
{
"name": "CVE-2026-3298",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3298"
},
{
"name": "CVE-2026-6100",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6100"
},
{
"name": "CVE-2026-21968",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21968"
},
{
"name": "CVE-2026-32280",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32280"
},
{
"name": "CVE-2025-50087",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50087"
},
{
"name": "CVE-2023-43804",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43804"
},
{
"name": "CVE-2024-47535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47535"
},
{
"name": "CVE-2024-21232",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21232"
},
{
"name": "CVE-2020-14061",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14061"
},
{
"name": "CVE-2024-9823",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9823"
},
{
"name": "CVE-2025-61728",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61728"
},
{
"name": "CVE-2022-42004",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42004"
},
{
"name": "CVE-2026-4224",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4224"
},
{
"name": "CVE-2021-22569",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22569"
},
{
"name": "CVE-2025-8714",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8714"
},
{
"name": "CVE-2020-11619",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11619"
},
{
"name": "CVE-2019-12415",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12415"
},
{
"name": "CVE-2025-8869",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8869"
},
{
"name": "CVE-2020-36183",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36183"
},
{
"name": "CVE-2026-25854",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25854"
},
{
"name": "CVE-2026-22015",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22015"
},
{
"name": "CVE-2025-12817",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12817"
},
{
"name": "CVE-2021-22573",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22573"
},
{
"name": "CVE-2026-23949",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23949"
},
{
"name": "CVE-2020-8840",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8840"
},
{
"name": "CVE-2026-1519",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1519"
},
{
"name": "CVE-2026-2332",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2332"
},
{
"name": "CVE-2025-31672",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31672"
},
{
"name": "CVE-2018-11761",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11761"
},
{
"name": "CVE-2025-30721",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30721"
},
{
"name": "CVE-2025-58056",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58056"
},
{
"name": "CVE-2018-11771",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11771"
},
{
"name": "CVE-2025-50091",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50091"
},
{
"name": "CVE-2018-1335",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1335"
},
{
"name": "CVE-2024-47081",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47081"
},
{
"name": "CVE-2026-0915",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0915"
},
{
"name": "CVE-2025-15281",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15281"
},
{
"name": "CVE-2025-21493",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21493"
},
{
"name": "CVE-2022-41854",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41854"
},
{
"name": "CVE-2018-11762",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11762"
},
{
"name": "CVE-2020-8908",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8908"
},
{
"name": "CVE-2024-6119",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6119"
},
{
"name": "CVE-2026-22733",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22733"
},
{
"name": "CVE-2026-2297",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2297"
},
{
"name": "CVE-2025-58181",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58181"
},
{
"name": "CVE-2025-53054",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53054"
},
{
"name": "CVE-2020-36184",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36184"
},
{
"name": "CVE-2025-47914",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47914"
},
{
"name": "CVE-2026-22005",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22005"
},
{
"name": "CVE-2025-4516",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4516"
},
{
"name": "CVE-2016-1000340",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000340"
},
{
"name": "CVE-2026-34516",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34516"
},
{
"name": "CVE-2026-1299",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1299"
},
{
"name": "CVE-2020-36180",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36180"
},
{
"name": "CVE-2018-12023",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12023"
},
{
"name": "CVE-2026-3644",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3644"
},
{
"name": "CVE-2026-27140",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27140"
},
{
"name": "CVE-2022-25857",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25857"
},
{
"name": "CVE-2022-38751",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38751"
},
{
"name": "CVE-2025-50104",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50104"
},
{
"name": "CVE-2025-25193",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25193"
},
{
"name": "CVE-2018-14720",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14720"
},
{
"name": "CVE-2020-36518",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36518"
},
{
"name": "CVE-2026-29129",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-29129"
},
{
"name": "CVE-2022-31159",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31159"
},
{
"name": "CVE-2026-22735",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22735"
},
{
"name": "CVE-2026-34517",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34517"
},
{
"name": "CVE-2025-30687",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30687"
},
{
"name": "CVE-2020-15522",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15522"
},
{
"name": "CVE-2025-50101",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50101"
},
{
"name": "CVE-2024-30171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30171"
},
{
"name": "CVE-2018-1339",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1339"
},
{
"name": "CVE-2016-1000352",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000352"
},
{
"name": "CVE-2026-27139",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27139"
},
{
"name": "CVE-2025-4207",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4207"
},
{
"name": "CVE-2025-9230",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9230"
},
{
"name": "CVE-2025-14009",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14009"
},
{
"name": "CVE-2025-53040",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53040"
},
{
"name": "CVE-2017-15095",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15095"
},
{
"name": "CVE-2019-14540",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14540"
},
{
"name": "CVE-2024-36114",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36114"
},
{
"name": "CVE-2019-12086",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12086"
},
{
"name": "CVE-2026-24049",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24049"
},
{
"name": "CVE-2018-14721",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14721"
},
{
"name": "CVE-2025-48924",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48924"
},
{
"name": "CVE-2026-33810",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33810"
},
{
"name": "CVE-2022-38752",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38752"
},
{
"name": "CVE-2026-34278",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34278"
},
{
"name": "CVE-2025-8916",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8916"
},
{
"name": "CVE-2026-34513",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34513"
},
{
"name": "CVE-2023-24998",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24998"
},
{
"name": "CVE-2026-2003",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2003"
},
{
"name": "CVE-2025-30704",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30704"
},
{
"name": "CVE-2022-38750",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38750"
},
{
"name": "CVE-2026-32282",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32282"
},
{
"name": "CVE-2026-34514",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34514"
},
{
"name": "CVE-2018-11307",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11307"
},
{
"name": "CVE-2024-3651",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3651"
},
{
"name": "CVE-2025-68121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68121"
},
{
"name": "CVE-2025-53045",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53045"
},
{
"name": "CVE-2019-10086",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10086"
},
{
"name": "CVE-2020-10968",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10968"
},
{
"name": "CVE-2025-30693",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30693"
},
{
"name": "CVE-2025-2099",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2099"
},
{
"name": "CVE-2025-1194",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1194"
},
{
"name": "CVE-2025-6638",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6638"
},
{
"name": "CVE-2025-21585",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21585"
},
{
"name": "CVE-2025-14819",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14819"
},
{
"name": "CVE-2022-42003",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42003"
},
{
"name": "CVE-2026-4786",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4786"
},
{
"name": "CVE-2020-25649",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25649"
},
{
"name": "CVE-2026-27141",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27141"
},
{
"name": "CVE-2023-2976",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2976"
},
{
"name": "CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"name": "CVE-2016-1000344",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000344"
},
{
"name": "CVE-2017-17485",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-17485"
},
{
"name": "CVE-2025-1094",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1094"
},
{
"name": "CVE-2025-53864",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53864"
},
{
"name": "CVE-2017-3164",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3164"
},
{
"name": "CVE-2026-41066",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41066"
},
{
"name": "CVE-2026-34520",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34520"
},
{
"name": "CVE-2025-53053",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53053"
},
{
"name": "CVE-2025-59419",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59419"
},
{
"name": "CVE-2022-1471",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1471"
},
{
"name": "CVE-2019-14379",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14379"
},
{
"name": "CVE-2026-24880",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24880"
},
{
"name": "CVE-2021-35515",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35515"
},
{
"name": "CVE-2026-33816",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33816"
},
{
"name": "CVE-2026-2004",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2004"
},
{
"name": "CVE-2026-0672",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0672"
},
{
"name": "CVE-2017-7669",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7669"
},
{
"name": "CVE-2023-32681",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32681"
},
{
"name": "CVE-2025-21581",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21581"
},
{
"name": "CVE-2017-8806",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8806"
},
{
"name": "CVE-2025-41242",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41242"
},
{
"name": "CVE-2019-0193",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0193"
},
{
"name": "CVE-2022-3171",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3171"
},
{
"name": "CVE-2026-33231",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33231"
},
{
"name": "CVE-2022-30126",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30126"
},
{
"name": "CVE-2025-46392",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46392"
},
{
"name": "CVE-2020-11112",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11112"
},
{
"name": "CVE-2025-30685",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30685"
},
{
"name": "CVE-2018-1000180",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000180"
},
{
"name": "CVE-2025-6921",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6921"
},
{
"name": "CVE-2025-30695",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30695"
},
{
"name": "CVE-2025-30688",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30688"
},
{
"name": "CVE-2023-5752",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5752"
},
{
"name": "CVE-2026-34276",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34276"
},
{
"name": "CVE-2022-24614",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24614"
},
{
"name": "CVE-2026-22815",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22815"
},
{
"name": "CVE-2020-13959",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13959"
},
{
"name": "CVE-2025-24814",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24814"
},
{
"name": "CVE-2020-11111",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11111"
},
{
"name": "CVE-2020-11979",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11979"
},
{
"name": "CVE-2025-67221",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-67221"
},
{
"name": "CVE-2024-21243",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21243"
},
{
"name": "CVE-2026-33230",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33230"
},
{
"name": "CVE-2021-31811",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31811"
},
{
"name": "CVE-2021-27807",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27807"
},
{
"name": "CVE-2026-1225",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1225"
},
{
"name": "CVE-2026-24281",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24281"
},
{
"name": "CVE-2026-1462",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1462"
},
{
"name": "CVE-2025-50083",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50083"
},
{
"name": "CVE-2022-25168",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25168"
},
{
"name": "CVE-2026-34293",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34293"
},
{
"name": "CVE-2020-14060",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14060"
},
{
"name": "CVE-2020-36188",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36188"
},
{
"name": "CVE-2016-1000027",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000027"
},
{
"name": "CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"name": "CVE-2018-11802",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11802"
},
{
"name": "CVE-2025-3777",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3777"
},
{
"name": "CVE-2025-14831",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14831"
},
{
"name": "CVE-2018-11796",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11796"
},
{
"name": "CVE-2020-13957",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13957"
},
{
"name": "CVE-2019-14892",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14892"
},
{
"name": "CVE-2025-66418",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66418"
},
{
"name": "CVE-2018-1000632",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000632"
},
{
"name": "CVE-2026-0846",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0846"
},
{
"name": "CVE-2025-48734",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48734"
},
{
"name": "CVE-2025-11226",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11226"
},
{
"name": "CVE-2020-14062",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14062"
}
],
"initial_release_date": "2026-05-11T00:00:00",
"last_revision_date": "2026-05-11T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0556",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-05-11T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits VMware. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware",
"vendor_advisories": [
{
"published_at": "2026-05-07",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37451",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37451"
},
{
"published_at": "2026-05-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37445",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37445"
},
{
"published_at": "2026-05-07",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37460",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37460"
},
{
"published_at": "2026-05-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37449",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37449"
},
{
"published_at": "2026-05-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37450",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37450"
},
{
"published_at": "2026-05-07",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37466",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37466"
},
{
"published_at": "2026-05-08",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37468",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37468"
},
{
"published_at": "2026-05-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37444",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37444"
},
{
"published_at": "2026-05-07",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37461",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37461"
},
{
"published_at": "2026-05-07",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2016-11",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37459"
},
{
"published_at": "2026-05-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37446",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37446"
},
{
"published_at": "2026-05-07",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37465",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37465"
},
{
"published_at": "2026-05-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37448",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37448"
},
{
"published_at": "2026-05-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37447",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37447"
},
{
"published_at": "2026-05-07",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37463",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37463"
},
{
"published_at": "2026-05-07",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37452",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37452"
},
{
"published_at": "2026-05-07",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37462",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37462"
},
{
"published_at": "2026-05-07",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37464",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37464"
}
]
}
BDU:2019-02898
Vulnerability from fstec - Published: 02.01.2019
VLAI Severity ?
Title
Уязвимость функции FasterXML Java-библиотеки для грамматического разбора JSON файлов jackson-databind, позволяющая нарушителю оказать воздействие на целостность данных, получить доступ к конфиденциальным данным, а также вызвать отказ в обслуживании
Description
Уязвимость функции FasterXML Java-библиотеки для грамматического разбора JSON файлов jackson-databind связана с блокировкой класса jboss-common-core от полиморфной десериализации. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, оказать воздействие на целостность данных, получить доступ к конфиденциальным данным, а также вызвать отказ в обслуживании
Severity ?
Vendor
Red Hat Inc., Сообщество свободного программного обеспечения, Oracle Corp., FasterXML, LLC
Software Name
Red Hat Enterprise Linux, Debian GNU/Linux, Business Process Management Suite, JD Edwards EnterpriseOne Tools, Primavera Unifier, Primavera P6 Enterprise Project Portfolio Management, WebCenter Portal, Retail Xstore Point of Service, Jackson-databind, OpenShift Container Platform, Communications Billing and Revenue Management, Retail Workforce Management Software, Jboss BRMS, Communications Unified, Primavera Gateway, Enterprise Manager for Virtualization, Retail Customer Management and Segmentation Foundation, Insurance Performance Insight, Insurance Allocation Manager for Enterprise Profitability, Financial Services Retail Customer Analytics, Financial Services Profitability Management, Financial Services Price Creation and Discovery, Financial Services Institutional Performance Analytics, Financial Services Funds Transfer Pricing, Financial Services Analytical Applications Infrastructure, Banking Platform, Jboss Fuse, JBoss A-MQ, OpenShift Application Runtimes, Automation Manager
Software Version
7 (Red Hat Enterprise Linux), 9 (Debian GNU/Linux), 12.1.3.0.0 (Business Process Management Suite), 12.2.1.3.0 (Business Process Management Suite), 9.2 (JD Edwards EnterpriseOne Tools), 16.2 (Primavera Unifier), 16.1 (Primavera Unifier), 15.1 (Primavera P6 Enterprise Project Portfolio Management), 15.2 (Primavera P6 Enterprise Project Portfolio Management), 16.1 (Primavera P6 Enterprise Project Portfolio Management), 16.2 (Primavera P6 Enterprise Project Portfolio Management), 18.8 (Primavera P6 Enterprise Project Portfolio Management), 12.2.1.3.0 (WebCenter Portal), от 17.7 до 17.12 (Primavera P6 Enterprise Project Portfolio Management), 7.0 (Retail Xstore Point of Service), 7.4 EUS (Red Hat Enterprise Linux), 7.5 EUS (Red Hat Enterprise Linux), 7.6 EUS (Red Hat Enterprise Linux), от 2.0.0 до 2.9.8 (Jackson-databind), 8 (Debian GNU/Linux), 3.11 (OpenShift Container Platform), 7.5 (Communications Billing and Revenue Management), 12.0 (Communications Billing and Revenue Management), 1.60.9.0.0 (Retail Workforce Management Software), 6.4 (Jboss BRMS), от 17.7 до 17.12 (Primavera Unifier), 18.8 (Primavera Unifier), 8.0.0.2.0 (Communications Unified), 15.2 (Primavera Gateway), 16.2 (Primavera Gateway), 17.12 (Primavera Gateway), 18.8 (Primavera Gateway), 13.1 (Enterprise Manager for Virtualization), 13.2 (Enterprise Manager for Virtualization), 13.3 (Enterprise Manager for Virtualization), 16.0 (Retail Customer Management and Segmentation Foundation), 17.0 (Retail Customer Management and Segmentation Foundation), 18.0 (Retail Customer Management and Segmentation Foundation), 7.1 (Retail Xstore Point of Service), 15.0 (Retail Xstore Point of Service), 16.0 (Retail Xstore Point of Service), 17.0 (Retail Xstore Point of Service), 18.0 (Retail Xstore Point of Service), 8.0.7 (Insurance Performance Insight), 8.0.8 (Insurance Allocation Manager for Enterprise Profitability), от 8.0.4 до 8.0.6 включительно (Financial Services Retail Customer Analytics), от 8.0.4 до 8.0.7 включительно (Financial Services Profitability Management), от 8.0.4 до 8.0.7 включительно (Financial Services Price Creation and Discovery), от 8.0.4 до 8.0.7 включительно (Financial Services Institutional Performance Analytics), от 8.0.6 до 8.0.7 включительно (Financial Services Funds Transfer Pricing), от 8.0.2 до 8.0.8 включительно (Financial Services Analytical Applications Infrastructure), от 2.4.0 до 2.7.1 включительно (Banking Platform), 6.3 (Jboss Fuse), 7.4 (Jboss BRMS), 6.3 (JBoss A-MQ), 1.0 (OpenShift Application Runtimes), 7.3.1 (Automation Manager)
Possible Mitigations
Использование рекомендаций:
Для jackson-databind:
https://github.com/FasterXML/jackson-databind/commit/42912cac4753f3f718ece875e4d486f8264c2f2b
Для программных продуктов Oracle Corp.:
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
Для Debian GNU/Linux:
https://www.debian.org/security/2019/dsa-4452
Для программных продуктов Red Hat Inc.:
https://bugzilla.redhat.com/show_bug.cgi?id=1666489
https://access.redhat.com/security/cve/cve-2018-19362
https://access.redhat.com/errata/RHBA-2019:0959
Reference
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
https://nvd.nist.gov/vuln/detail/CVE-2018-19362
https://www.debian.org/security/2019/dsa-4452
https://github.com/FasterXML/jackson-databind/commit/42912cac4753f3f718ece875e4d486f8264c2f2b
https://bugzilla.redhat.com/show_bug.cgi?id=1666489
https://access.redhat.com/security/cve/cve-2018-19362
https://access.redhat.com/errata/RHBA-2019:0959
CWE
CWE-502
{
"CVSS 2.0": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Red Hat Inc., \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, Oracle Corp., FasterXML, LLC",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "7 (Red Hat Enterprise Linux), 9 (Debian GNU/Linux), 12.1.3.0.0 (Business Process Management Suite), 12.2.1.3.0 (Business Process Management Suite), 9.2 (JD Edwards EnterpriseOne Tools), 16.2 (Primavera Unifier), 16.1 (Primavera Unifier), 15.1 (Primavera P6 Enterprise Project Portfolio Management), 15.2 (Primavera P6 Enterprise Project Portfolio Management), 16.1 (Primavera P6 Enterprise Project Portfolio Management), 16.2 (Primavera P6 Enterprise Project Portfolio Management), 18.8 (Primavera P6 Enterprise Project Portfolio Management), 12.2.1.3.0 (WebCenter Portal), \u043e\u0442 17.7 \u0434\u043e 17.12 (Primavera P6 Enterprise Project Portfolio Management), 7.0 (Retail Xstore Point of Service), 7.4 EUS (Red Hat Enterprise Linux), 7.5 EUS (Red Hat Enterprise Linux), 7.6 EUS (Red Hat Enterprise Linux), \u043e\u0442 2.0.0 \u0434\u043e 2.9.8 (Jackson-databind), 8 (Debian GNU/Linux), 3.11 (OpenShift Container Platform), 7.5 (Communications Billing and Revenue Management), 12.0 (Communications Billing and Revenue Management), 1.60.9.0.0 (Retail Workforce Management Software), 6.4 (Jboss BRMS), \u043e\u0442 17.7 \u0434\u043e 17.12 (Primavera Unifier), 18.8 (Primavera Unifier), 8.0.0.2.0 (Communications Unified), 15.2 (Primavera Gateway), 16.2 (Primavera Gateway), 17.12 (Primavera Gateway), 18.8 (Primavera Gateway), 13.1 (Enterprise Manager for Virtualization), 13.2 (Enterprise Manager for Virtualization), 13.3 (Enterprise Manager for Virtualization), 16.0 (Retail Customer Management and Segmentation Foundation), 17.0 (Retail Customer Management and Segmentation Foundation), 18.0 (Retail Customer Management and Segmentation Foundation), 7.1 (Retail Xstore Point of Service), 15.0 (Retail Xstore Point of Service), 16.0 (Retail Xstore Point of Service), 17.0 (Retail Xstore Point of Service), 18.0 (Retail Xstore Point of Service), 8.0.7 (Insurance Performance Insight), 8.0.8 (Insurance Allocation Manager for Enterprise Profitability), \u043e\u0442 8.0.4 \u0434\u043e 8.0.6 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Financial Services Retail Customer Analytics), \u043e\u0442 8.0.4 \u0434\u043e 8.0.7 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Financial Services Profitability Management), \u043e\u0442 8.0.4 \u0434\u043e 8.0.7 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Financial Services Price Creation and Discovery), \u043e\u0442 8.0.4 \u0434\u043e 8.0.7 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Financial Services Institutional Performance Analytics), \u043e\u0442 8.0.6 \u0434\u043e 8.0.7 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Financial Services Funds Transfer Pricing), \u043e\u0442 8.0.2 \u0434\u043e 8.0.8 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Financial Services Analytical Applications Infrastructure), \u043e\u0442 2.4.0 \u0434\u043e 2.7.1 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Banking Platform), 6.3 (Jboss Fuse), 7.4 (Jboss BRMS), 6.3 (JBoss A-MQ), 1.0 (OpenShift Application Runtimes), 7.3.1 (Automation Manager)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f jackson-databind:\nhttps://github.com/FasterXML/jackson-databind/commit/42912cac4753f3f718ece875e4d486f8264c2f2b\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Oracle Corp.:\nhttps://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html\nhttps://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html\n\n\u0414\u043b\u044f Debian GNU/Linux:\nhttps://www.debian.org/security/2019/dsa-4452\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Red Hat Inc.:\nhttps://bugzilla.redhat.com/show_bug.cgi?id=1666489\nhttps://access.redhat.com/security/cve/cve-2018-19362\nhttps://access.redhat.com/errata/RHBA-2019:0959",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "02.01.2019",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "23.03.2021",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "16.08.2019",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2019-02898",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2018-19362",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440\u044b",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Red Hat Enterprise Linux, Debian GNU/Linux, Business Process Management Suite, JD Edwards EnterpriseOne Tools, Primavera Unifier, Primavera P6 Enterprise Project Portfolio Management, WebCenter Portal, Retail Xstore Point of Service, Jackson-databind, OpenShift Container Platform, Communications Billing and Revenue Management, Retail Workforce Management Software, Jboss BRMS, Communications Unified, Primavera Gateway, Enterprise Manager for Virtualization, Retail Customer Management and Segmentation Foundation, Insurance Performance Insight, Insurance Allocation Manager for Enterprise Profitability, Financial Services Retail Customer Analytics, Financial Services Profitability Management, Financial Services Price Creation and Discovery, Financial Services Institutional Performance Analytics, Financial Services Funds Transfer Pricing, Financial Services Analytical Applications Infrastructure, Banking Platform, Jboss Fuse, JBoss A-MQ, OpenShift Application Runtimes, Automation Manager",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux . ",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 FasterXML Java-\u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 \u0434\u043b\u044f \u0433\u0440\u0430\u043c\u043c\u0430\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0433\u043e \u0440\u0430\u0437\u0431\u043e\u0440\u0430 JSON \u0444\u0430\u0439\u043b\u043e\u0432 jackson-databind, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043e\u043a\u0430\u0437\u0430\u0442\u044c \u0432\u043e\u0437\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0435 \u043d\u0430 \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c \u0434\u0430\u043d\u043d\u044b\u0445, \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u043c \u0434\u0430\u043d\u043d\u044b\u043c, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0412\u043e\u0441\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0432 \u043f\u0430\u043c\u044f\u0442\u0438 \u043d\u0435\u0434\u043e\u0441\u0442\u043e\u0432\u0435\u0440\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 (CWE-502)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 FasterXML Java-\u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 \u0434\u043b\u044f \u0433\u0440\u0430\u043c\u043c\u0430\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0433\u043e \u0440\u0430\u0437\u0431\u043e\u0440\u0430 JSON \u0444\u0430\u0439\u043b\u043e\u0432 jackson-databind \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0431\u043b\u043e\u043a\u0438\u0440\u043e\u0432\u043a\u043e\u0439 \u043a\u043b\u0430\u0441\u0441\u0430 jboss-common-core \u043e\u0442 \u043f\u043e\u043b\u0438\u043c\u043e\u0440\u0444\u043d\u043e\u0439 \u0434\u0435\u0441\u0435\u0440\u0438\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u043e\u043a\u0430\u0437\u0430\u0442\u044c \u0432\u043e\u0437\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0435 \u043d\u0430 \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c \u0434\u0430\u043d\u043d\u044b\u0445, \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u043c \u0434\u0430\u043d\u043d\u044b\u043c, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": "-",
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html\nhttps://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-19362\nhttps://www.debian.org/security/2019/dsa-4452\nhttps://github.com/FasterXML/jackson-databind/commit/42912cac4753f3f718ece875e4d486f8264c2f2b\nhttps://bugzilla.redhat.com/show_bug.cgi?id=1666489\nhttps://access.redhat.com/security/cve/cve-2018-19362\nhttps://access.redhat.com/errata/RHBA-2019:0959",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c, \u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-502",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 10)\n\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 9,8)"
}
CNVD-2019-37152
Vulnerability from cnvd - Published: 2019-10-24
VLAI Severity ?
Title
FasterXML Jackson-databind代码问题漏洞(CNVD-2019-37152)
Description
FasterXML Jackson是美国FasterXML公司的一款用于Java的数据处理工具。Jackson-databind是其中的一个具有数据绑定功能的组件。
FasterXML Jackson-databind 2.9.8之前的2.x版本中存在安全漏洞。攻击者可利用该漏洞执行代码。
Severity
高
Patch Name
FasterXML Jackson-databind代码问题漏洞(CNVD-2019-37152)的补丁
Patch Description
FasterXML Jackson是美国FasterXML公司的一款用于Java的数据处理工具。Jackson-databind是其中的一个具有数据绑定功能的组件。
FasterXML Jackson-databind 2.9.8之前的2.x版本中存在安全漏洞。攻击者可利用该漏洞执行代码。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
目前厂商已发布升级补丁以修复漏洞,补丁获取链接: https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.8
Reference
https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.8
Impacted products
| Name | FasterXML jackson-databind 2.*,<2.9.8 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2018-19362",
"cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19362"
}
},
"description": "FasterXML Jackson\u662f\u7f8e\u56fdFasterXML\u516c\u53f8\u7684\u4e00\u6b3e\u7528\u4e8eJava\u7684\u6570\u636e\u5904\u7406\u5de5\u5177\u3002Jackson-databind\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u5177\u6709\u6570\u636e\u7ed1\u5b9a\u529f\u80fd\u7684\u7ec4\u4ef6\u3002\n\nFasterXML Jackson-databind 2.9.8\u4e4b\u524d\u76842.x\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4ee3\u7801\u3002",
"formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.8",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2019-37152",
"openTime": "2019-10-24",
"patchDescription": "FasterXML Jackson\u662f\u7f8e\u56fdFasterXML\u516c\u53f8\u7684\u4e00\u6b3e\u7528\u4e8eJava\u7684\u6570\u636e\u5904\u7406\u5de5\u5177\u3002Jackson-databind\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u5177\u6709\u6570\u636e\u7ed1\u5b9a\u529f\u80fd\u7684\u7ec4\u4ef6\u3002\r\n\r\nFasterXML Jackson-databind 2.9.8\u4e4b\u524d\u76842.x\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "FasterXML Jackson-databind\u4ee3\u7801\u95ee\u9898\u6f0f\u6d1e\uff08CNVD-2019-37152\uff09\u7684\u8865\u4e01",
"products": {
"product": "FasterXML jackson-databind 2.*\uff0c\u003c2.9.8"
},
"referenceLink": "https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.8",
"serverity": "\u9ad8",
"submitTime": "2019-01-04",
"title": "FasterXML Jackson-databind\u4ee3\u7801\u95ee\u9898\u6f0f\u6d1e\uff08CNVD-2019-37152\uff09"
}
FKIE_CVE-2018-19362
Vulnerability from fkie_nvd - Published: 2019-01-02 18:29 - Updated: 2024-11-21 03:57
Severity ?
Summary
FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the jboss-common-core class from polymorphic deserialization.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/107985 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://access.redhat.com/errata/RHBA-2019:0959 | Third Party Advisory | |
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2019:0782 | Third Party Advisory | |
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2019:0877 | Third Party Advisory | |
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2019:1782 | Third Party Advisory | |
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2019:1797 | Third Party Advisory | |
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2019:1822 | Third Party Advisory | |
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2019:1823 | Third Party Advisory | |
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2019:2804 | ||
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2019:2858 | ||
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2019:3002 | ||
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2019:3140 | ||
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2019:3149 | ||
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2019:3892 | ||
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2019:4037 | ||
| cve@mitre.org | https://github.com/FasterXML/jackson-databind/commit/42912cac4753f3f718ece875e4d486f8264c2f2b | Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/FasterXML/jackson-databind/issues/2186 | Issue Tracking, Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.8 | Patch, Release Notes, Third Party Advisory | |
| cve@mitre.org | https://issues.apache.org/jira/browse/TINKERPOP-2121 | Issue Tracking, Third Party Advisory | |
| cve@mitre.org | https://lists.apache.org/thread.html/37e1ed724a1b0e5d191d98c822c426670bdfde83804567131847d2a3%40%3Cdevnull.infra.apache.org%3E | ||
| cve@mitre.org | https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E | ||
| cve@mitre.org | https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E | ||
| cve@mitre.org | https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E | ||
| cve@mitre.org | https://lists.apache.org/thread.html/c70da3cb6e3f03e0ad8013e38b6959419d866c4a7c80fdd34b73f25c%40%3Ccommits.pulsar.apache.org%3E | ||
| cve@mitre.org | https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E | ||
| cve@mitre.org | https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3E | ||
| cve@mitre.org | https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E | ||
| cve@mitre.org | https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E | ||
| cve@mitre.org | https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E | ||
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2019/03/msg00005.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://seclists.org/bugtraq/2019/May/68 | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://security.netapp.com/advisory/ntap-20190530-0003/ | Third Party Advisory | |
| cve@mitre.org | https://www.debian.org/security/2019/dsa-4452 | Third Party Advisory | |
| cve@mitre.org | https://www.oracle.com/security-alerts/cpuapr2020.html | ||
| cve@mitre.org | https://www.oracle.com/security-alerts/cpujan2020.html | ||
| cve@mitre.org | https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html | Patch, Third Party Advisory | |
| cve@mitre.org | https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | Patch, Third Party Advisory | |
| cve@mitre.org | https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/107985 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHBA-2019:0959 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:0782 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:0877 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:1782 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:1797 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:1822 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:1823 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:2804 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:2858 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:3002 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:3140 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:3149 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:3892 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:4037 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/FasterXML/jackson-databind/commit/42912cac4753f3f718ece875e4d486f8264c2f2b | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/FasterXML/jackson-databind/issues/2186 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.8 | Patch, Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://issues.apache.org/jira/browse/TINKERPOP-2121 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/37e1ed724a1b0e5d191d98c822c426670bdfde83804567131847d2a3%40%3Cdevnull.infra.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/c70da3cb6e3f03e0ad8013e38b6959419d866c4a7c80fdd34b73f25c%40%3Ccommits.pulsar.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2019/03/msg00005.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://seclists.org/bugtraq/2019/May/68 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20190530-0003/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2019/dsa-4452 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpuapr2020.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpujan2020.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fasterxml | jackson-databind | * | |
| fasterxml | jackson-databind | * | |
| fasterxml | jackson-databind | * | |
| fasterxml | jackson-databind | * | |
| debian | debian_linux | 8.0 | |
| oracle | business_process_management_suite | 12.1.3.0.0 | |
| oracle | business_process_management_suite | 12.2.1.3.0 | |
| oracle | primavera_p6_enterprise_project_portfolio_management | * | |
| oracle | primavera_p6_enterprise_project_portfolio_management | 15.1 | |
| oracle | primavera_p6_enterprise_project_portfolio_management | 15.2 | |
| oracle | primavera_p6_enterprise_project_portfolio_management | 16.1 | |
| oracle | primavera_p6_enterprise_project_portfolio_management | 16.2 | |
| oracle | primavera_p6_enterprise_project_portfolio_management | 18.8 | |
| oracle | primavera_unifier | * | |
| oracle | primavera_unifier | 16.1 | |
| oracle | primavera_unifier | 16.2 | |
| oracle | primavera_unifier | 18.8 | |
| oracle | retail_workforce_management_software | 1.60.9.0.0 | |
| oracle | webcenter_portal | 12.2.1.3.0 | |
| redhat | automation_manager | 7.3.1 | |
| redhat | decision_manager | 7.3.1 | |
| redhat | jboss_bpm_suite | 6.4.11 | |
| redhat | jboss_brms | 6.4.10 | |
| redhat | openshift_container_platform | 3.11 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5128ECDA-6F9A-42AC-9063-CDFC4C256537",
"versionEndIncluding": "2.6.7.2",
"versionStartIncluding": "2.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B99066EB-FF79-4D9D-9466-B04AD4D3A814",
"versionEndExcluding": "2.7.9.5",
"versionStartIncluding": "2.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F4D3858C-DAF3-4522-90EC-EFCD13BD121E",
"versionEndExcluding": "2.8.11.3",
"versionStartIncluding": "2.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E92778FA-5912-46E8-A33B-4BD14935647B",
"versionEndExcluding": "2.9.8",
"versionStartIncluding": "2.9.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:business_process_management_suite:12.1.3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B887E174-57AB-449D-AEE4-82DD1A3E5C84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E869C417-C0E6-4FC3-B406-45598A1D1906",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7A1E1023-2EB9-4334-9B74-CA71480F71C2",
"versionEndIncluding": "17.12",
"versionStartIncluding": "17.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "93A4E178-0082-45C5-BBC0-0A4E51C8B1DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3F021C23-AB9B-4877-833F-D01359A98762",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2F8ED016-32A1-42EE-844E-3E6B2C116B74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:16.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A046CC2C-445F-4336-8810-930570B4FEC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:18.8:*:*:*:*:*:*:*",
"matchCriteriaId": "0745445C-EC43-4091-BA7C-5105AFCC6F1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*",
"matchCriteriaId": "08FA59A8-6A62-4B33-8952-D6E658F8DAC9",
"versionEndIncluding": "17.12",
"versionStartIncluding": "17.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D55A54FD-7DD1-49CD-BE81-0BE73990943C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*",
"matchCriteriaId": "82EB08C0-2D46-4635-88DF-E54F6452D3A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*",
"matchCriteriaId": "202AD518-2E9B-4062-B063-9858AE1F9CE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_workforce_management_software:1.60.9.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9967AAFD-2199-4668-9105-207D4866B707",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D6A4F71A-4269-40FC-8F61-1D1301F2B728",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:automation_manager:7.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D44D4F38-4028-4EAA-895C-1E2816FB36EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:decision_manager:7.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D5CD928F-C9BA-443F-A46D-4FE7756D936B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_bpm_suite:6.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "07E373FB-14EA-4EA2-8E4A-0B86A7184B85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_brms:6.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "88C5E02F-C70E-41F4-B146-40C88439017A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "2F87326E-0B56-4356-A889-73D026DB1D4B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the jboss-common-core class from polymorphic deserialization."
},
{
"lang": "es",
"value": "Las versiones 2.x de FasterXML jackson-databind anteriores a la 2.9.8 podr\u00edan permitir a los atacantes remotos tener un impacto no especificado aprovechando un fallo para bloquear la clase jboss-common-core de deserializaci\u00f3n polim\u00f3rfica."
}
],
"id": "CVE-2018-19362",
"lastModified": "2024-11-21T03:57:48.657",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-01-02T18:29:00.933",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/107985"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHBA-2019:0959"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0782"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0877"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1782"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1797"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1822"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1823"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2019:2804"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2019:2858"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2019:3002"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2019:3140"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2019:3149"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2019:3892"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2019:4037"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/FasterXML/jackson-databind/commit/42912cac4753f3f718ece875e4d486f8264c2f2b"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/FasterXML/jackson-databind/issues/2186"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.8"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://issues.apache.org/jira/browse/TINKERPOP-2121"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/37e1ed724a1b0e5d191d98c822c426670bdfde83804567131847d2a3%40%3Cdevnull.infra.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/c70da3cb6e3f03e0ad8013e38b6959419d866c4a7c80fdd34b73f25c%40%3Ccommits.pulsar.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00005.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/May/68"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190530-0003/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4452"
},
{
"source": "cve@mitre.org",
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/107985"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHBA-2019:0959"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0782"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0877"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1782"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1797"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1822"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1823"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2019:2804"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2019:2858"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2019:3002"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2019:3140"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2019:3149"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2019:3892"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2019:4037"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/FasterXML/jackson-databind/commit/42912cac4753f3f718ece875e4d486f8264c2f2b"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/FasterXML/jackson-databind/issues/2186"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://issues.apache.org/jira/browse/TINKERPOP-2121"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/37e1ed724a1b0e5d191d98c822c426670bdfde83804567131847d2a3%40%3Cdevnull.infra.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/c70da3cb6e3f03e0ad8013e38b6959419d866c4a7c80fdd34b73f25c%40%3Ccommits.pulsar.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/May/68"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190530-0003/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4452"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-502"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-C8HM-7HPQ-7JHG
Vulnerability from github – Published: 2019-01-04 19:07 – Updated: 2024-03-15 01:11
VLAI?
Summary
com.fasterxml.jackson.core:jackson-databind vulnerable to Deserialization of Untrusted Data
Details
FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the jboss-common-core class from polymorphic deserialization.
Severity ?
9.8 (Critical)
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "com.fasterxml.jackson.core:jackson-databind"
},
"ranges": [
{
"events": [
{
"introduced": "2.9.0"
},
{
"fixed": "2.9.8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 2.8.11.2"
},
"package": {
"ecosystem": "Maven",
"name": "com.fasterxml.jackson.core:jackson-databind"
},
"ranges": [
{
"events": [
{
"introduced": "2.8.0"
},
{
"fixed": "2.8.11.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 2.7.9.4"
},
"package": {
"ecosystem": "Maven",
"name": "com.fasterxml.jackson.core:jackson-databind"
},
"ranges": [
{
"events": [
{
"introduced": "2.7.0"
},
{
"fixed": "2.7.9.5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "com.fasterxml.jackson.core:jackson-databind"
},
"ranges": [
{
"events": [
{
"introduced": "2.0.0"
},
{
"fixed": "2.6.7.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2018-19362"
],
"database_specific": {
"cwe_ids": [
"CWE-502"
],
"github_reviewed": true,
"github_reviewed_at": "2020-06-16T21:30:35Z",
"nvd_published_at": null,
"severity": "CRITICAL"
},
"details": "FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the jboss-common-core class from polymorphic deserialization.",
"id": "GHSA-c8hm-7hpq-7jhg",
"modified": "2024-03-15T01:11:21Z",
"published": "2019-01-04T19:07:03Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-19362"
},
{
"type": "WEB",
"url": "https://github.com/FasterXML/jackson-databind/issues/2186"
},
{
"type": "WEB",
"url": "https://github.com/FasterXML/jackson-databind/commit/72cd4025a229fb28ec133235003dd4616f70afaa"
},
{
"type": "WEB",
"url": "https://github.com/FasterXML/jackson-databind/commit/42912cac4753f3f718ece875e4d486f8264c2f2b"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/c70da3cb6e3f03e0ad8013e38b6959419d866c4a7c80fdd34b73f25c@%3Ccommits.pulsar.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8@%3Ccommits.pulsar.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00005.html"
},
{
"type": "WEB",
"url": "https://seclists.org/bugtraq/2019/May/68"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20190530-0003"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2019/dsa-4452"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHBA-2019:0959"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:0782"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:0877"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:1782"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:1797"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:1822"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:1823"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:2804"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:2858"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:3002"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:3140"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:3149"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:3892"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:4037"
},
{
"type": "PACKAGE",
"url": "https://github.com/FasterXML/jackson-databind"
},
{
"type": "WEB",
"url": "https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.8"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-c8hm-7hpq-7jhg"
},
{
"type": "WEB",
"url": "https://issues.apache.org/jira/browse/TINKERPOP-2121"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/37e1ed724a1b0e5d191d98c822c426670bdfde83804567131847d2a3@%3Cdevnull.infra.apache.org%3E"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/107985"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "com.fasterxml.jackson.core:jackson-databind vulnerable to Deserialization of Untrusted Data"
}
GSD-2018-19362
Vulnerability from gsd - Updated: 2023-12-13 01:22Details
FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the jboss-common-core class from polymorphic deserialization.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2018-19362",
"description": "FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the jboss-common-core class from polymorphic deserialization.",
"id": "GSD-2018-19362",
"references": [
"https://www.suse.com/security/cve/CVE-2018-19362.html",
"https://www.debian.org/security/2019/dsa-4452",
"https://access.redhat.com/errata/RHSA-2021:1515",
"https://access.redhat.com/errata/RHSA-2021:1230",
"https://access.redhat.com/errata/RHSA-2020:2564",
"https://access.redhat.com/errata/RHSA-2019:4037",
"https://access.redhat.com/errata/RHSA-2019:3892",
"https://access.redhat.com/errata/RHSA-2019:3149",
"https://access.redhat.com/errata/RHSA-2019:3140",
"https://access.redhat.com/errata/RHSA-2019:3002",
"https://access.redhat.com/errata/RHSA-2019:2858",
"https://access.redhat.com/errata/RHSA-2019:2804",
"https://access.redhat.com/errata/RHSA-2019:1823",
"https://access.redhat.com/errata/RHSA-2019:1822",
"https://access.redhat.com/errata/RHSA-2019:1797",
"https://access.redhat.com/errata/RHSA-2019:1782",
"https://access.redhat.com/errata/RHSA-2019:0877",
"https://access.redhat.com/errata/RHSA-2019:0782",
"https://ubuntu.com/security/CVE-2018-19362"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2018-19362"
],
"details": "FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the jboss-common-core class from polymorphic deserialization.",
"id": "GSD-2018-19362",
"modified": "2023-12-13T01:22:39.368344Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19362",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the jboss-common-core class from polymorphic deserialization."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/FasterXML/jackson-databind/issues/2186",
"refsource": "CONFIRM",
"url": "https://github.com/FasterXML/jackson-databind/issues/2186"
},
{
"name": "[debian-lts-announce] 20190304 [SECURITY] [DLA 1703-1] jackson-databind security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00005.html"
},
{
"name": "https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.8",
"refsource": "CONFIRM",
"url": "https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.8"
},
{
"name": "https://issues.apache.org/jira/browse/TINKERPOP-2121",
"refsource": "CONFIRM",
"url": "https://issues.apache.org/jira/browse/TINKERPOP-2121"
},
{
"name": "https://github.com/FasterXML/jackson-databind/commit/42912cac4753f3f718ece875e4d486f8264c2f2b",
"refsource": "CONFIRM",
"url": "https://github.com/FasterXML/jackson-databind/commit/42912cac4753f3f718ece875e4d486f8264c2f2b"
},
{
"name": "[infra-devnull] 20190329 [GitHub] [pulsar] massakam opened pull request #3938: Upgrade third party libraries with security vulnerabilities",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/37e1ed724a1b0e5d191d98c822c426670bdfde83804567131847d2a3@%3Cdevnull.infra.apache.org%3E"
},
{
"name": "[pulsar-commits] 20190329 [GitHub] [pulsar] massakam opened a new pull request #3938: Upgrade third party libraries with security vulnerabilities",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/c70da3cb6e3f03e0ad8013e38b6959419d866c4a7c80fdd34b73f25c@%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8@%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"name": "RHSA-2019:0782",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0782"
},
{
"name": "RHSA-2019:0877",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0877"
},
{
"name": "RHBA-2019:0959",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHBA-2019:0959"
},
{
"name": "DSA-4452",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4452"
},
{
"name": "20190527 [SECURITY] [DSA 4452-1] jackson-databind security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/May/68"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190530-0003/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190530-0003/"
},
{
"name": "RHSA-2019:1782",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1782"
},
{
"name": "RHSA-2019:1797",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1797"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"name": "107985",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107985"
},
{
"name": "RHSA-2019:1822",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1822"
},
{
"name": "RHSA-2019:1823",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1823"
},
{
"name": "RHSA-2019:2804",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2804"
},
{
"name": "RHSA-2019:2858",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2858"
},
{
"name": "RHSA-2019:3002",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3002"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
"refsource": "MISC",
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"name": "RHSA-2019:3140",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3140"
},
{
"name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E"
},
{
"name": "RHSA-2019:3149",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3149"
},
{
"name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E"
},
{
"name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E"
},
{
"name": "RHSA-2019:3892",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3892"
},
{
"name": "RHSA-2019:4037",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:4037"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"name": "[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E"
}
]
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "[2.6.0,2.6.7.2],[2.7.0,2.7.9.5),[2.8.0,2.8.11.3),[2.9.0,2.9.8)",
"affected_versions": "All versions starting from 2.6.0 up to 2.6.7.2, all versions starting from 2.7.0 before 2.7.9.5, all versions starting from 2.8.0 before 2.8.11.3, all versions starting from 2.9.0 before 2.9.8",
"cvss_v2": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-502",
"CWE-937"
],
"date": "2019-09-17",
"description": "FasterXML jackson-databind might allow attackers to have unspecified impact by leveraging failure to block the `jboss-common-core` class from polymorphic deserialization.",
"fixed_versions": [
"2.6.7.3",
"2.7.9.5",
"2.8.11.3",
"2.9.8"
],
"identifier": "CVE-2018-19362",
"identifiers": [
"CVE-2018-19362"
],
"not_impacted": "All versions before 2.6.0, all versions after 2.6.7.2 before 2.7.0, all versions starting from 2.7.9.5 before 2.8.0, all versions starting from 2.8.11.3 before 2.9.0, all versions starting from 2.9.8",
"package_slug": "maven/com.fasterxml.jackson.core/jackson-databind",
"pubdate": "2019-01-02",
"solution": "Upgrade to versions 2.6.7.3, 2.7.9.5, 2.8.11.3, 2.9.8 or above.",
"title": "Deserialization of Untrusted Data",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2018-19362",
"http://www.securityfocus.com/bid/107985",
"https://github.com/FasterXML/jackson-databind/issues/2186",
"https://issues.apache.org/jira/browse/TINKERPOP-2121"
],
"uuid": "7c40ccdb-6610-4214-a217-e8ee78ac4122"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.6.7.2",
"versionStartIncluding": "2.6.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.7.9.5",
"versionStartIncluding": "2.7.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.8.11.3",
"versionStartIncluding": "2.8.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.9.8",
"versionStartIncluding": "2.9.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:business_process_management_suite:12.1.3.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:16.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:18.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:15.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:15.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:16.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "17.12",
"versionStartIncluding": "17.7",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_workforce_management_software:1.60.9.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "17.12",
"versionStartIncluding": "17.7",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:redhat:decision_manager:7.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:jboss_brms:6.4.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:automation_manager:7.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:jboss_bpm_suite:6.4.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19362"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the jboss-common-core class from polymorphic deserialization."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://issues.apache.org/jira/browse/TINKERPOP-2121",
"refsource": "CONFIRM",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://issues.apache.org/jira/browse/TINKERPOP-2121"
},
{
"name": "https://github.com/FasterXML/jackson-databind/issues/2186",
"refsource": "CONFIRM",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/FasterXML/jackson-databind/issues/2186"
},
{
"name": "https://github.com/FasterXML/jackson-databind/commit/42912cac4753f3f718ece875e4d486f8264c2f2b",
"refsource": "CONFIRM",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/FasterXML/jackson-databind/commit/42912cac4753f3f718ece875e4d486f8264c2f2b"
},
{
"name": "https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.8",
"refsource": "CONFIRM",
"tags": [
"Patch",
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.8"
},
{
"name": "[debian-lts-announce] 20190304 [SECURITY] [DLA 1703-1] jackson-databind security update",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00005.html"
},
{
"name": "[pulsar-commits] 20190329 [GitHub] [pulsar] massakam opened a new pull request #3938: Upgrade third party libraries with security vulnerabilities",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/c70da3cb6e3f03e0ad8013e38b6959419d866c4a7c80fdd34b73f25c@%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[infra-devnull] 20190329 [GitHub] [pulsar] massakam opened pull request #3938: Upgrade third party libraries with security vulnerabilities",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/37e1ed724a1b0e5d191d98c822c426670bdfde83804567131847d2a3@%3Cdevnull.infra.apache.org%3E"
},
{
"name": "[pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1",
"refsource": "MLIST",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8@%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "RHSA-2019:0782",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0782"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"name": "RHSA-2019:0877",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0877"
},
{
"name": "RHBA-2019:0959",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHBA-2019:0959"
},
{
"name": "DSA-4452",
"refsource": "DEBIAN",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4452"
},
{
"name": "20190527 [SECURITY] [DSA 4452-1] jackson-databind security update",
"refsource": "BUGTRAQ",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/May/68"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190530-0003/",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190530-0003/"
},
{
"name": "RHSA-2019:1782",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1782"
},
{
"name": "RHSA-2019:1797",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1797"
},
{
"name": "107985",
"refsource": "BID",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/107985"
},
{
"name": "RHSA-2019:1823",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1823"
},
{
"name": "RHSA-2019:1822",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1822"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"name": "RHSA-2019:2804",
"refsource": "REDHAT",
"tags": [],
"url": "https://access.redhat.com/errata/RHSA-2019:2804"
},
{
"name": "RHSA-2019:2858",
"refsource": "REDHAT",
"tags": [],
"url": "https://access.redhat.com/errata/RHSA-2019:2858"
},
{
"name": "RHSA-2019:3002",
"refsource": "REDHAT",
"tags": [],
"url": "https://access.redhat.com/errata/RHSA-2019:3002"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
"refsource": "MISC",
"tags": [],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"name": "RHSA-2019:3140",
"refsource": "REDHAT",
"tags": [],
"url": "https://access.redhat.com/errata/RHSA-2019:3140"
},
{
"name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E"
},
{
"name": "RHSA-2019:3149",
"refsource": "REDHAT",
"tags": [],
"url": "https://access.redhat.com/errata/RHSA-2019:3149"
},
{
"name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E"
},
{
"name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E"
},
{
"name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E"
},
{
"name": "RHSA-2019:3892",
"refsource": "REDHAT",
"tags": [],
"url": "https://access.redhat.com/errata/RHSA-2019:3892"
},
{
"name": "RHSA-2019:4037",
"refsource": "REDHAT",
"tags": [],
"url": "https://access.redhat.com/errata/RHSA-2019:4037"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2020.html",
"refsource": "MISC",
"tags": [],
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E"
},
{
"name": "N/A",
"refsource": "N/A",
"tags": [],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"name": "[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
},
"lastModifiedDate": "2020-08-31T14:15Z",
"publishedDate": "2019-01-02T18:29Z"
}
}
}
RHSA-2019:0782
Vulnerability from csaf_redhat - Published: 2019-04-17 21:03 - Updated: 2026-05-14 22:24Summary
Red Hat Security Advisory: rh-maven35-jackson-databind security update
Severity
Important
Notes
Topic: An update for rh-maven35-jackson-databind is now available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The jackson-databind package provides general data-binding functionality for Jackson, which works on top of Jackson core streaming API.
Security Fix(es):
* jackson-databind: Potential information exfiltration with default typing, serialization gadget from MyBatis (CVE-2018-11307)
* jackson-databind: improper polymorphic deserialization of types from Jodd-db library (CVE-2018-12022)
* jackson-databind: improper polymorphic deserialization of types from Oracle JDBC driver (CVE-2018-12023)
* jackson-databind: arbitrary code execution in slf4j-ext class (CVE-2018-14718)
* jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes (CVE-2018-14719)
* jackson-databind: improper polymorphic deserialization in axis2-transport-jms class (CVE-2018-19360)
* jackson-databind: improper polymorphic deserialization in openjpa class (CVE-2018-19361)
* jackson-databind: improper polymorphic deserialization in jboss-common-core class (CVE-2018-19362)
* jackson-databind: exfiltration/XXE in some JDK classes (CVE-2018-14720)
* jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class (CVE-2018-14721)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A vulnerability was discovered in jackson-databind where it would permit deserialization of a malicious object using MyBatis classes when using DefaultTyping. An attacker could use this flaw to achieve content exfiltration and possibly conduct further attacks.
5.6 (Medium)
Affected products
Fixed
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-Alt-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-Alt-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-Alt-RHSCL-3.2:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.2-7.4.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.2-7.4.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.2-7.4.Z:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.2-7.5.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.2-7.5.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.2-7.5.Z:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.2-7.6.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.2-7.6.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.2-7.6.Z:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.2:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-3.2:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Important
A vulnerability was discovered in jackson-databind where it would permit deserialization of a malicious object using Jodd DB connection classes when using DefaultTyping. An attacker could use this flaw to achieve remote code execution under certain circumstances.
7.3 (High)
Affected products
Fixed
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-Alt-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-Alt-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-Alt-RHSCL-3.2:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.2-7.4.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.2-7.4.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.2-7.4.Z:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.2-7.5.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.2-7.5.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.2-7.5.Z:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.2-7.6.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.2-7.6.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.2-7.6.Z:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.2:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-3.2:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Important
A vulnerability was discovered in jackson-databind where it would permit deserialization of a malicious object using Oracle JDBC classes when using DefaultTyping. An attacker could use this flaw to achieve remote code execution under certain circumstances.
5.6 (Medium)
Affected products
Fixed
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-Alt-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-Alt-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-Alt-RHSCL-3.2:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.2-7.4.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.2-7.4.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.2-7.4.Z:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.2-7.5.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.2-7.5.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.2-7.5.Z:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.2-7.6.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.2-7.6.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.2-7.6.Z:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.2:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-3.2:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was discovered in jackson-databind, where it would permit polymorphic deserialization of a malicious object using slf4j classes. An attacker could use this flaw to execute arbitrary code.
8.1 (High)
Affected products
Fixed
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-Alt-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-Alt-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-Alt-RHSCL-3.2:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.2-7.4.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.2-7.4.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.2-7.4.Z:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.2-7.5.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.2-7.5.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.2-7.5.Z:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.2-7.6.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.2-7.6.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.2-7.6.Z:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.2:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-3.2:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was discovered in jackson-databind, where it would permit polymorphic deserialization of a malicious object using blaze classes. An attacker could use this flaw to execute arbitrary code.
8.1 (High)
Affected products
Fixed
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-Alt-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-Alt-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-Alt-RHSCL-3.2:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.2-7.4.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.2-7.4.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.2-7.4.Z:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.2-7.5.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.2-7.5.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.2-7.5.Z:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.2-7.6.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.2-7.6.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.2-7.6.Z:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.2:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-3.2:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the slf4j, flex messaging, sun DRSHelper and JAX-WS gadgets when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.
7.5 (High)
Affected products
Fixed
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-Alt-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-Alt-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-Alt-RHSCL-3.2:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.2-7.4.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.2-7.4.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.2-7.4.Z:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.2-7.5.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.2-7.5.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.2-7.5.Z:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.2-7.6.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.2-7.6.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.2-7.6.Z:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.2:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-3.2:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery (SSRF) attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization.
6.8 (Medium)
Affected products
Fixed
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-Alt-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-Alt-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-Alt-RHSCL-3.2:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.2-7.4.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.2-7.4.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.2-7.4.Z:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.2-7.5.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.2-7.5.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.2-7.5.Z:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.2-7.6.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.2-7.6.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.2-7.6.Z:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.2:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-3.2:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was discovered in jackson-databind, where it would permit polymorphic deserialization of a malicious object using the axis2-transport-jms class. An attacker could use this flaw to execute arbitrary code.
7.3 (High)
Affected products
Fixed
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-Alt-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-Alt-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-Alt-RHSCL-3.2:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.2-7.4.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.2-7.4.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.2-7.4.Z:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.2-7.5.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.2-7.5.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.2-7.5.Z:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.2-7.6.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.2-7.6.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.2-7.6.Z:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.2:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-3.2:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was discovered in jackson-databind, where it would permit polymorphic deserialization of a malicious object using the OpenJPA class. An attacker could use this flaw to execute arbitrary code.
7.3 (High)
Affected products
Fixed
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-Alt-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-Alt-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-Alt-RHSCL-3.2:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.2-7.4.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.2-7.4.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.2-7.4.Z:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.2-7.5.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.2-7.5.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.2-7.5.Z:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.2-7.6.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.2-7.6.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.2-7.6.Z:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.2:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-3.2:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was discovered in jackson-databind, where it would permit polymorphic deserialization of a malicious object using the jboss-common-core class. An attacker could use this flaw to execute arbitrary code.
7.3 (High)
Affected products
Fixed
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-Alt-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-Alt-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-Alt-RHSCL-3.2:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.2-7.4.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.2-7.4.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.2-7.4.Z:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.2-7.5.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.2-7.5.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.2-7.5.Z:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.2-7.6.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.2-7.6.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.2-7.6.Z:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.2:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-3.2:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Important
References
53 references
| URL | Category |
|---|---|
| https://access.redhat.com/errata/RHSA-2019:0782 | self |
| https://access.redhat.com/security/updates/classi… | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1666415 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1666418 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1666423 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1666428 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1666482 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1666484 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1666489 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1671096 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1671097 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1677341 | external |
| https://security.access.redhat.com/data/csaf/v2/a… | self |
| https://access.redhat.com/security/cve/CVE-2018-11307 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=1677341 | external |
| https://www.cve.org/CVERecord?id=CVE-2018-11307 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2018-11307 | external |
| https://access.redhat.com/security/cve/CVE-2018-12022 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=1671097 | external |
| https://www.cve.org/CVERecord?id=CVE-2018-12022 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2018-12022 | external |
| https://access.redhat.com/security/cve/CVE-2018-12023 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=1671096 | external |
| https://www.cve.org/CVERecord?id=CVE-2018-12023 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2018-12023 | external |
| https://access.redhat.com/security/cve/CVE-2018-14718 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=1666415 | external |
| https://www.cve.org/CVERecord?id=CVE-2018-14718 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2018-14718 | external |
| https://access.redhat.com/security/cve/CVE-2018-14719 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=1666418 | external |
| https://www.cve.org/CVERecord?id=CVE-2018-14719 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2018-14719 | external |
| https://access.redhat.com/security/cve/CVE-2018-14720 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=1666423 | external |
| https://www.cve.org/CVERecord?id=CVE-2018-14720 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2018-14720 | external |
| https://access.redhat.com/security/cve/CVE-2018-14721 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=1666428 | external |
| https://www.cve.org/CVERecord?id=CVE-2018-14721 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2018-14721 | external |
| https://access.redhat.com/security/cve/CVE-2018-19360 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=1666482 | external |
| https://www.cve.org/CVERecord?id=CVE-2018-19360 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2018-19360 | external |
| https://access.redhat.com/security/cve/CVE-2018-19361 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=1666484 | external |
| https://www.cve.org/CVERecord?id=CVE-2018-19361 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2018-19361 | external |
| https://access.redhat.com/security/cve/CVE-2018-19362 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=1666489 | external |
| https://www.cve.org/CVERecord?id=CVE-2018-19362 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2018-19362 | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for rh-maven35-jackson-databind is now available for Red Hat Software Collections.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The jackson-databind package provides general data-binding functionality for Jackson, which works on top of Jackson core streaming API.\n\nSecurity Fix(es):\n\n* jackson-databind: Potential information exfiltration with default typing, serialization gadget from MyBatis (CVE-2018-11307)\n\n* jackson-databind: improper polymorphic deserialization of types from Jodd-db library (CVE-2018-12022)\n\n* jackson-databind: improper polymorphic deserialization of types from Oracle JDBC driver (CVE-2018-12023)\n\n* jackson-databind: arbitrary code execution in slf4j-ext class (CVE-2018-14718)\n\n* jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes (CVE-2018-14719)\n\n* jackson-databind: improper polymorphic deserialization in axis2-transport-jms class (CVE-2018-19360)\n\n* jackson-databind: improper polymorphic deserialization in openjpa class (CVE-2018-19361)\n\n* jackson-databind: improper polymorphic deserialization in jboss-common-core class (CVE-2018-19362)\n\n* jackson-databind: exfiltration/XXE in some JDK classes (CVE-2018-14720)\n\n* jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class (CVE-2018-14721)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2019:0782",
"url": "https://access.redhat.com/errata/RHSA-2019:0782"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1666415",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666415"
},
{
"category": "external",
"summary": "1666418",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666418"
},
{
"category": "external",
"summary": "1666423",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666423"
},
{
"category": "external",
"summary": "1666428",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666428"
},
{
"category": "external",
"summary": "1666482",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666482"
},
{
"category": "external",
"summary": "1666484",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666484"
},
{
"category": "external",
"summary": "1666489",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666489"
},
{
"category": "external",
"summary": "1671096",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1671096"
},
{
"category": "external",
"summary": "1671097",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1671097"
},
{
"category": "external",
"summary": "1677341",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1677341"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhsa-2019_0782.json"
}
],
"title": "Red Hat Security Advisory: rh-maven35-jackson-databind security update",
"tracking": {
"current_release_date": "2026-05-14T22:24:23+00:00",
"generator": {
"date": "2026-05-14T22:24:23+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.0"
}
},
"id": "RHSA-2019:0782",
"initial_release_date": "2019-04-17T21:03:00+00:00",
"revision_history": [
{
"date": "2019-04-17T21:03:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2019-04-17T21:03:00+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-14T22:24:23+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-Alt-RHSCL-3.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:3::el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:3::el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:3::el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.2-7.4.Z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:3::el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)",
"product_id": "7Server-RHSCL-3.2-7.5.Z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:3::el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)",
"product_id": "7Server-RHSCL-3.2-7.6.Z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:3::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat Software Collections"
},
{
"branches": [
{
"category": "product_version",
"name": "rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"product": {
"name": "rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"product_id": "rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-maven35-jackson-databind-javadoc@2.7.6-2.5.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"product": {
"name": "rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"product_id": "rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-maven35-jackson-databind@2.7.6-2.5.el7?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"product": {
"name": "rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"product_id": "rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-maven35-jackson-databind@2.7.6-2.5.el7?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-Alt-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch"
},
"product_reference": "rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"relates_to_product_reference": "7Server-Alt-RHSCL-3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-Alt-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src"
},
"product_reference": "rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"relates_to_product_reference": "7Server-Alt-RHSCL-3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-Alt-RHSCL-3.2:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch"
},
"product_reference": "rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"relates_to_product_reference": "7Server-Alt-RHSCL-3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.2-7.4.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch"
},
"product_reference": "rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-3.2-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.2-7.4.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src"
},
"product_reference": "rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"relates_to_product_reference": "7Server-RHSCL-3.2-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.2-7.4.Z:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch"
},
"product_reference": "rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-3.2-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)",
"product_id": "7Server-RHSCL-3.2-7.5.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch"
},
"product_reference": "rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-3.2-7.5.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)",
"product_id": "7Server-RHSCL-3.2-7.5.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src"
},
"product_reference": "rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"relates_to_product_reference": "7Server-RHSCL-3.2-7.5.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)",
"product_id": "7Server-RHSCL-3.2-7.5.Z:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch"
},
"product_reference": "rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-3.2-7.5.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)",
"product_id": "7Server-RHSCL-3.2-7.6.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch"
},
"product_reference": "rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-3.2-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)",
"product_id": "7Server-RHSCL-3.2-7.6.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src"
},
"product_reference": "rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"relates_to_product_reference": "7Server-RHSCL-3.2-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)",
"product_id": "7Server-RHSCL-3.2-7.6.Z:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch"
},
"product_reference": "rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-3.2-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch"
},
"product_reference": "rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src"
},
"product_reference": "rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"relates_to_product_reference": "7Server-RHSCL-3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.2:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch"
},
"product_reference": "rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch"
},
"product_reference": "rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"relates_to_product_reference": "7Workstation-RHSCL-3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src"
},
"product_reference": "rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"relates_to_product_reference": "7Workstation-RHSCL-3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.2:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch"
},
"product_reference": "rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"relates_to_product_reference": "7Workstation-RHSCL-3.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-11307",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2019-02-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1677341"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was discovered in jackson-databind where it would permit deserialization of a malicious object using MyBatis classes when using DefaultTyping. An attacker could use this flaw to achieve content exfiltration and possibly conduct further attacks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Potential information exfiltration with default typing, serialization gadget from MyBatis",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Satellite 6 is not affected by this issue, since Candlepin\u0027s java runtime environment does not load MyBatis classes.\n\nRed Hat Virtualization 4 is not affected by this issue, since it does not include MyBatis classes.\n\nRed Hat Fuse 6 and 7 are not directly affected by this issue, as although they do ship the vulnerable jackson-databind component, they do not enable polymorphic deserialization or default typing which are required for exploitability. Their impacts have correspondingly been reduced to Moderate. Future updates may address this flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Alt-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-Alt-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-Alt-RHSCL-3.2:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.4.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.4.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-RHSCL-3.2-7.4.Z:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.5.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.5.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-RHSCL-3.2-7.5.Z:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.6.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.6.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-RHSCL-3.2-7.6.Z:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-RHSCL-3.2:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Workstation-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Workstation-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Workstation-RHSCL-3.2:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-11307"
},
{
"category": "external",
"summary": "RHBZ#1677341",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1677341"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-11307",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11307"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-11307",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-11307"
}
],
"release_date": "2018-05-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-04-17T21:03:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-Alt-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-Alt-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-Alt-RHSCL-3.2:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.4.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.4.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-RHSCL-3.2-7.4.Z:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.5.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.5.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-RHSCL-3.2-7.5.Z:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.6.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.6.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-RHSCL-3.2-7.6.Z:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-RHSCL-3.2:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Workstation-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Workstation-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Workstation-RHSCL-3.2:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:0782"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"7Server-Alt-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-Alt-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-Alt-RHSCL-3.2:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.4.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.4.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-RHSCL-3.2-7.4.Z:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.5.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.5.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-RHSCL-3.2-7.5.Z:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.6.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.6.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-RHSCL-3.2-7.6.Z:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-RHSCL-3.2:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Workstation-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Workstation-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Workstation-RHSCL-3.2:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jackson-databind: Potential information exfiltration with default typing, serialization gadget from MyBatis"
},
{
"cve": "CVE-2018-12022",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2019-01-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1671097"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was discovered in jackson-databind where it would permit deserialization of a malicious object using Jodd DB connection classes when using DefaultTyping. An attacker could use this flaw to achieve remote code execution under certain circumstances.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: improper polymorphic deserialization of types from Jodd-db library",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Satellite 6 is not affected by this issue, since Candlepin\u0027s java runtime environment does not load Jodd classes.\n\nRed Hat Virtualization 4 is not affected by this issue, since it does not load Jodd classes.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Alt-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-Alt-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-Alt-RHSCL-3.2:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.4.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.4.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-RHSCL-3.2-7.4.Z:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.5.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.5.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-RHSCL-3.2-7.5.Z:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.6.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.6.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-RHSCL-3.2-7.6.Z:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-RHSCL-3.2:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Workstation-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Workstation-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Workstation-RHSCL-3.2:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-12022"
},
{
"category": "external",
"summary": "RHBZ#1671097",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1671097"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-12022",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12022"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-12022",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12022"
}
],
"release_date": "2018-05-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-04-17T21:03:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-Alt-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-Alt-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-Alt-RHSCL-3.2:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.4.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.4.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-RHSCL-3.2-7.4.Z:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.5.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.5.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-RHSCL-3.2-7.5.Z:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.6.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.6.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-RHSCL-3.2-7.6.Z:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-RHSCL-3.2:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Workstation-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Workstation-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Workstation-RHSCL-3.2:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:0782"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"7Server-Alt-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-Alt-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-Alt-RHSCL-3.2:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.4.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.4.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-RHSCL-3.2-7.4.Z:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.5.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.5.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-RHSCL-3.2-7.5.Z:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.6.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.6.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-RHSCL-3.2-7.6.Z:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-RHSCL-3.2:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Workstation-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Workstation-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Workstation-RHSCL-3.2:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jackson-databind: improper polymorphic deserialization of types from Jodd-db library"
},
{
"cve": "CVE-2018-12023",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2019-01-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1671096"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was discovered in jackson-databind where it would permit deserialization of a malicious object using Oracle JDBC classes when using DefaultTyping. An attacker could use this flaw to achieve remote code execution under certain circumstances.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: improper polymorphic deserialization of types from Oracle JDBC driver",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Satellite 6 is not affected by this issue, since Candlepin\u0027s java runtime environment does not load Oracle\u0027s JDBC classes.\n\nRed Hat Virtualization 4 is not affected by this issue, since it does not load Oracle\u0027s JDBC classes.\n\nRed Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Alt-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-Alt-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-Alt-RHSCL-3.2:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.4.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.4.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-RHSCL-3.2-7.4.Z:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.5.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.5.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-RHSCL-3.2-7.5.Z:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.6.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.6.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-RHSCL-3.2-7.6.Z:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-RHSCL-3.2:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Workstation-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Workstation-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Workstation-RHSCL-3.2:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-12023"
},
{
"category": "external",
"summary": "RHBZ#1671096",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1671096"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-12023",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12023"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-12023",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12023"
}
],
"release_date": "2018-06-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-04-17T21:03:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-Alt-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-Alt-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-Alt-RHSCL-3.2:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.4.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.4.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-RHSCL-3.2-7.4.Z:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.5.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.5.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-RHSCL-3.2-7.5.Z:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.6.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.6.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-RHSCL-3.2-7.6.Z:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-RHSCL-3.2:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Workstation-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Workstation-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Workstation-RHSCL-3.2:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:0782"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"7Server-Alt-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-Alt-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-Alt-RHSCL-3.2:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.4.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.4.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-RHSCL-3.2-7.4.Z:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.5.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.5.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-RHSCL-3.2-7.5.Z:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.6.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.6.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-RHSCL-3.2-7.6.Z:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-RHSCL-3.2:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Workstation-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Workstation-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Workstation-RHSCL-3.2:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jackson-databind: improper polymorphic deserialization of types from Oracle JDBC driver"
},
{
"cve": "CVE-2018-14718",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2019-01-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1666415"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in jackson-databind, where it would permit polymorphic deserialization of a malicious object using slf4j classes. An attacker could use this flaw to execute arbitrary code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: arbitrary code execution in slf4j-ext class",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in jackson-databind involves exploiting CVE-2018-1088 against slf4j, which was fixed in Red Hat products through the errata referenced at https://access.redhat.com/security/cve/cve-2018-8088. Applications that link only slf4j versions including that fix are not vulnerable to this vulnerability.\n\nRed Hat Satellite 6 is not affected by this issue, since its candlepin component doesn\u0027t bundle slf4j-ext jar.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Alt-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-Alt-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-Alt-RHSCL-3.2:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.4.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.4.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-RHSCL-3.2-7.4.Z:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.5.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.5.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-RHSCL-3.2-7.5.Z:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.6.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.6.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-RHSCL-3.2-7.6.Z:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-RHSCL-3.2:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Workstation-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Workstation-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Workstation-RHSCL-3.2:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-14718"
},
{
"category": "external",
"summary": "RHBZ#1666415",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666415"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-14718",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14718"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14718",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14718"
}
],
"release_date": "2018-07-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-04-17T21:03:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-Alt-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-Alt-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-Alt-RHSCL-3.2:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.4.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.4.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-RHSCL-3.2-7.4.Z:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.5.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.5.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-RHSCL-3.2-7.5.Z:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.6.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.6.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-RHSCL-3.2-7.6.Z:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-RHSCL-3.2:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Workstation-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Workstation-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Workstation-RHSCL-3.2:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:0782"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Server-Alt-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-Alt-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-Alt-RHSCL-3.2:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.4.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.4.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-RHSCL-3.2-7.4.Z:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.5.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.5.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-RHSCL-3.2-7.5.Z:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.6.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.6.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-RHSCL-3.2-7.6.Z:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-RHSCL-3.2:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Workstation-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Workstation-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Workstation-RHSCL-3.2:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jackson-databind: arbitrary code execution in slf4j-ext class"
},
{
"cve": "CVE-2018-14719",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2019-01-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1666418"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in jackson-databind, where it would permit polymorphic deserialization of a malicious object using blaze classes. An attacker could use this flaw to execute arbitrary code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The following Red Hat products are not affected by this issue as they do not bundle or provide the requisite gadget jars to exploit this vulnerability:\nRed Hat Satellite 6\nRed Hat Enterprise Virtualization 4\nRed Hat Fuse 6, 7, and Fuse Integration Services 2\nRed Hat A-MQ 6",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Alt-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-Alt-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-Alt-RHSCL-3.2:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.4.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.4.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-RHSCL-3.2-7.4.Z:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.5.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.5.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-RHSCL-3.2-7.5.Z:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.6.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.6.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-RHSCL-3.2-7.6.Z:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-RHSCL-3.2:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Workstation-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Workstation-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Workstation-RHSCL-3.2:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-14719"
},
{
"category": "external",
"summary": "RHBZ#1666418",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666418"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-14719",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14719"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14719",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14719"
}
],
"release_date": "2018-07-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-04-17T21:03:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-Alt-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-Alt-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-Alt-RHSCL-3.2:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.4.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.4.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-RHSCL-3.2-7.4.Z:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.5.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.5.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-RHSCL-3.2-7.5.Z:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.6.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.6.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-RHSCL-3.2-7.6.Z:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-RHSCL-3.2:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Workstation-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Workstation-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Workstation-RHSCL-3.2:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:0782"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Server-Alt-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-Alt-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-Alt-RHSCL-3.2:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.4.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.4.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-RHSCL-3.2-7.4.Z:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.5.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.5.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-RHSCL-3.2-7.5.Z:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.6.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.6.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-RHSCL-3.2-7.6.Z:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-RHSCL-3.2:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Workstation-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Workstation-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Workstation-RHSCL-3.2:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes"
},
{
"cve": "CVE-2018-14720",
"cwe": {
"id": "CWE-611",
"name": "Improper Restriction of XML External Entity Reference"
},
"discovery_date": "2019-01-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1666423"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the slf4j, flex messaging, sun DRSHelper and JAX-WS gadgets when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: exfiltration/XXE in some JDK classes",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Satellite 6 is not affected by this issue, since its only supported Java runtime (openJDK) doesn\u0027t bundle the com.sun.deploy.security.ruleset.DRSHelper class.\n\nRed Hat Enterprise Virtualization 4 is not affected by this issue, since its only supported Java runtime (openJDK) doesn\u0027t bundle the com.sun.deploy.security.ruleset.DRSHelper class.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Alt-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-Alt-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-Alt-RHSCL-3.2:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.4.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.4.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-RHSCL-3.2-7.4.Z:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.5.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.5.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-RHSCL-3.2-7.5.Z:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.6.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.6.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-RHSCL-3.2-7.6.Z:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-RHSCL-3.2:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Workstation-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Workstation-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Workstation-RHSCL-3.2:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-14720"
},
{
"category": "external",
"summary": "RHBZ#1666423",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666423"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-14720",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14720"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14720",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14720"
}
],
"release_date": "2018-07-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-04-17T21:03:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-Alt-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-Alt-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-Alt-RHSCL-3.2:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.4.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.4.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-RHSCL-3.2-7.4.Z:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.5.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.5.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-RHSCL-3.2-7.5.Z:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.6.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.6.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-RHSCL-3.2-7.6.Z:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-RHSCL-3.2:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Workstation-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Workstation-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Workstation-RHSCL-3.2:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:0782"
},
{
"category": "workaround",
"details": "The following conditions are needed for an exploit, we recommend avoiding all if possible \n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`",
"product_ids": [
"7Server-Alt-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-Alt-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-Alt-RHSCL-3.2:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.4.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.4.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-RHSCL-3.2-7.4.Z:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.5.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.5.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-RHSCL-3.2-7.5.Z:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.6.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.6.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-RHSCL-3.2-7.6.Z:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-RHSCL-3.2:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Workstation-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Workstation-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Workstation-RHSCL-3.2:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"7Server-Alt-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-Alt-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-Alt-RHSCL-3.2:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.4.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.4.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-RHSCL-3.2-7.4.Z:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.5.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.5.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-RHSCL-3.2-7.5.Z:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.6.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.6.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-RHSCL-3.2-7.6.Z:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-RHSCL-3.2:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Workstation-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Workstation-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Workstation-RHSCL-3.2:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: exfiltration/XXE in some JDK classes"
},
{
"cve": "CVE-2018-14721",
"cwe": {
"id": "CWE-352",
"name": "Cross-Site Request Forgery (CSRF)"
},
"discovery_date": "2019-01-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1666428"
}
],
"notes": [
{
"category": "description",
"text": "FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery (SSRF) attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Satellite 6 is not affected by this issue, since its candlepin component doesn\u0027t bundle axis2-jaxws jar.\n\nRed Hat Virtualization is not affected by this issue, since its does not bundle axis2-jaxws jar.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Alt-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-Alt-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-Alt-RHSCL-3.2:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.4.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.4.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-RHSCL-3.2-7.4.Z:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.5.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.5.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-RHSCL-3.2-7.5.Z:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.6.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.6.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-RHSCL-3.2-7.6.Z:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-RHSCL-3.2:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Workstation-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Workstation-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Workstation-RHSCL-3.2:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-14721"
},
{
"category": "external",
"summary": "RHBZ#1666428",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666428"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-14721",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14721"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14721",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14721"
}
],
"release_date": "2018-07-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-04-17T21:03:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-Alt-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-Alt-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-Alt-RHSCL-3.2:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.4.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.4.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-RHSCL-3.2-7.4.Z:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.5.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.5.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-RHSCL-3.2-7.5.Z:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.6.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.6.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-RHSCL-3.2-7.6.Z:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-RHSCL-3.2:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Workstation-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Workstation-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Workstation-RHSCL-3.2:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:0782"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"7Server-Alt-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-Alt-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-Alt-RHSCL-3.2:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.4.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.4.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-RHSCL-3.2-7.4.Z:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.5.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.5.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-RHSCL-3.2-7.5.Z:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.6.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.6.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-RHSCL-3.2-7.6.Z:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-RHSCL-3.2:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Workstation-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Workstation-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Workstation-RHSCL-3.2:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class"
},
{
"cve": "CVE-2018-19360",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2019-01-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1666482"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in jackson-databind, where it would permit polymorphic deserialization of a malicious object using the axis2-transport-jms class. An attacker could use this flaw to execute arbitrary code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: improper polymorphic deserialization in axis2-transport-jms class",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Satellite 6 is not affected by this issue, since its candlepin component doesn\u0027t include axis2-transport-jms jar.\n\nRed Hat Virtualization 4 is not affected by this issue, since it does not include axis2-transport-jms jar.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Alt-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-Alt-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-Alt-RHSCL-3.2:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.4.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.4.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-RHSCL-3.2-7.4.Z:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.5.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.5.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-RHSCL-3.2-7.5.Z:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.6.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.6.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-RHSCL-3.2-7.6.Z:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-RHSCL-3.2:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Workstation-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Workstation-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Workstation-RHSCL-3.2:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-19360"
},
{
"category": "external",
"summary": "RHBZ#1666482",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666482"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-19360",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19360"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-19360",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-19360"
}
],
"release_date": "2018-11-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-04-17T21:03:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-Alt-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-Alt-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-Alt-RHSCL-3.2:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.4.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.4.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-RHSCL-3.2-7.4.Z:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.5.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.5.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-RHSCL-3.2-7.5.Z:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.6.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.6.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-RHSCL-3.2-7.6.Z:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-RHSCL-3.2:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Workstation-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Workstation-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Workstation-RHSCL-3.2:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:0782"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"7Server-Alt-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-Alt-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-Alt-RHSCL-3.2:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.4.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.4.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-RHSCL-3.2-7.4.Z:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.5.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.5.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-RHSCL-3.2-7.5.Z:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.6.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.6.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-RHSCL-3.2-7.6.Z:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-RHSCL-3.2:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Workstation-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Workstation-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Workstation-RHSCL-3.2:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jackson-databind: improper polymorphic deserialization in axis2-transport-jms class"
},
{
"cve": "CVE-2018-19361",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2019-01-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1666484"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in jackson-databind, where it would permit polymorphic deserialization of a malicious object using the OpenJPA class. An attacker could use this flaw to execute arbitrary code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: improper polymorphic deserialization in openjpa class",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Satellite 6 is not affected by this issue, since its candlepin component doesn\u0027t bundle openjpa jar.\n\nRed Hat Virtualization 4 is not affected by this issue, since its candlepin component doesn\u0027t bundle openjpa jar.\n\nRed Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Alt-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-Alt-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-Alt-RHSCL-3.2:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.4.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.4.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-RHSCL-3.2-7.4.Z:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.5.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.5.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-RHSCL-3.2-7.5.Z:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.6.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.6.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-RHSCL-3.2-7.6.Z:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-RHSCL-3.2:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Workstation-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Workstation-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Workstation-RHSCL-3.2:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-19361"
},
{
"category": "external",
"summary": "RHBZ#1666484",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666484"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-19361",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19361"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-19361",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-19361"
}
],
"release_date": "2018-11-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-04-17T21:03:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-Alt-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-Alt-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-Alt-RHSCL-3.2:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.4.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.4.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-RHSCL-3.2-7.4.Z:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.5.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.5.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-RHSCL-3.2-7.5.Z:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.6.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.6.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-RHSCL-3.2-7.6.Z:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-RHSCL-3.2:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Workstation-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Workstation-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Workstation-RHSCL-3.2:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:0782"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"7Server-Alt-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-Alt-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-Alt-RHSCL-3.2:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.4.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.4.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-RHSCL-3.2-7.4.Z:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.5.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.5.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-RHSCL-3.2-7.5.Z:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.6.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.6.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-RHSCL-3.2-7.6.Z:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-RHSCL-3.2:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Workstation-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Workstation-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Workstation-RHSCL-3.2:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jackson-databind: improper polymorphic deserialization in openjpa class"
},
{
"cve": "CVE-2018-19362",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2019-01-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1666489"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in jackson-databind, where it would permit polymorphic deserialization of a malicious object using the jboss-common-core class. An attacker could use this flaw to execute arbitrary code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: improper polymorphic deserialization in jboss-common-core class",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Satellite 6 is not affected by this issue, since its candlepin component doesn\u0027t bundle jboss-common-core jar.\n\nRed Hat Virtualization 4 is not affected by this issue, since its candlepin component doesn\u0027t bundle jboss-common-core jar.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Alt-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-Alt-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-Alt-RHSCL-3.2:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.4.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.4.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-RHSCL-3.2-7.4.Z:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.5.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.5.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-RHSCL-3.2-7.5.Z:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.6.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.6.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-RHSCL-3.2-7.6.Z:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-RHSCL-3.2:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Workstation-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Workstation-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Workstation-RHSCL-3.2:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-19362"
},
{
"category": "external",
"summary": "RHBZ#1666489",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666489"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-19362",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19362"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-19362",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-19362"
}
],
"release_date": "2018-11-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-04-17T21:03:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-Alt-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-Alt-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-Alt-RHSCL-3.2:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.4.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.4.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-RHSCL-3.2-7.4.Z:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.5.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.5.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-RHSCL-3.2-7.5.Z:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.6.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.6.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-RHSCL-3.2-7.6.Z:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-RHSCL-3.2:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Workstation-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Workstation-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Workstation-RHSCL-3.2:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:0782"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"7Server-Alt-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-Alt-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-Alt-RHSCL-3.2:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.4.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.4.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-RHSCL-3.2-7.4.Z:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.5.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.5.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-RHSCL-3.2-7.5.Z:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.6.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2-7.6.Z:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-RHSCL-3.2-7.6.Z:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Server-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Server-RHSCL-3.2:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch",
"7Workstation-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.noarch",
"7Workstation-RHSCL-3.2:rh-maven35-jackson-databind-0:2.7.6-2.5.el7.src",
"7Workstation-RHSCL-3.2:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.5.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jackson-databind: improper polymorphic deserialization in jboss-common-core class"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…