cve-2020-11111
Vulnerability from cvelistv5
Published
2020-03-31 04:37
Modified
2024-08-04 11:21
Summary
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).
References
cve@mitre.orghttps://github.com/FasterXML/jackson-databind/issues/2664Patch, Third Party Advisory
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2020/04/msg00012.htmlMailing List, Third Party Advisory
cve@mitre.orghttps://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
cve@mitre.orghttps://security.netapp.com/advisory/ntap-20200403-0002/Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpujan2021.htmlPatch, Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpujul2020.htmlPatch, Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpuoct2020.htmlPatch, Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpuoct2021.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/FasterXML/jackson-databind/issues/2664Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2020/04/msg00012.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20200403-0002/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujan2021.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujul2020.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuoct2020.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuoct2021.htmlPatch, Third Party Advisory
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            affected: [
               {
                  cpes: [
                     "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "financial_services_analytical_applications_infrastructure",
                  vendor: "oracle",
                  versions: [
                     {
                        lessThanOrEqual: "8.1.0",
                        status: "affected",
                        version: "8.0.6",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "jackson-databind",
                  vendor: "fasterxml",
                  versions: [
                     {
                        lessThan: "2.9.10.4",
                        status: "affected",
                        version: "0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "debian_linux",
                  vendor: "debian",
                  versions: [
                     {
                        status: "affected",
                        version: "8.0",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "steelstore_cloud_integrated_storage",
                  vendor: "netapp",
                  versions: [
                     {
                        status: "affected",
                        version: "*",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "agile_plm",
                  vendor: "oracle",
                  versions: [
                     {
                        status: "affected",
                        version: "9.3.6",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "autovue_for_agile_product_lifecycle_management",
                  vendor: "oracle",
                  versions: [
                     {
                        status: "affected",
                        version: "21.0.2",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "banking_digital_experience",
                  vendor: "oracle",
                  versions: [
                     {
                        lessThanOrEqual: "18.3",
                        status: "affected",
                        version: "18.1",
                        versionType: "custom",
                     },
                     {
                        lessThanOrEqual: "19.2",
                        status: "affected",
                        version: "19.1",
                        versionType: "custom",
                     },
                     {
                        status: "affected",
                        version: "20.1",
                     },
                     {
                        lessThanOrEqual: "2.9.0",
                        status: "affected",
                        version: "2.4.0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "communications_calendar_server",
                  vendor: "oracle",
                  versions: [
                     {
                        lessThanOrEqual: "8.0.0.5.0",
                        status: "affected",
                        version: "8.0.0.4.0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:communications_diameter_signaling_router:-:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "communications_diameter_signaling_router",
                  vendor: "oracle",
                  versions: [
                     {
                        lessThanOrEqual: "8.2.2",
                        status: "affected",
                        version: "8.0.0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "communications_element_manager",
                  vendor: "oracle",
                  versions: [
                     {
                        lessThanOrEqual: "8.2.2",
                        status: "affected",
                        version: "8.2.0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "communications_evolved_communications_application_server",
                  vendor: "oracle",
                  versions: [
                     {
                        status: "affected",
                        version: "7.1",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "communications_instant_messaging_server",
                  vendor: "oracle",
                  versions: [
                     {
                        status: "affected",
                        version: "10.0.1.4.0",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "communications_network_charging_and_control",
                  vendor: "oracle",
                  versions: [
                     {
                        status: "affected",
                        version: "6.0.1",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.0:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "communications_network_charging_and_control",
                  vendor: "oracle",
                  versions: [
                     {
                        lessThanOrEqual: "12.0.3",
                        status: "affected",
                        version: "12.0.0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:communications_session_route_manager:-:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "communications_session_route_manager",
                  vendor: "oracle",
                  versions: [
                     {
                        lessThanOrEqual: "8.2.2",
                        status: "affected",
                        version: "8.2.0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "enterprise_manager_base_platform",
                  vendor: "oracle",
                  versions: [
                     {
                        lessThanOrEqual: "13.4.0.0",
                        status: "affected",
                        version: "13.3.0.0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "financial_services_institutional_performance_analytics",
                  vendor: "oracle",
                  versions: [
                     {
                        status: "affected",
                        version: "8.0.6",
                     },
                     {
                        status: "affected",
                        version: "8.0.7",
                     },
                     {
                        status: "affected",
                        version: "8.1.0",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "financial_services_price_creation_and_discovery",
                  vendor: "oracle",
                  versions: [
                     {
                        lessThanOrEqual: "8.0.7",
                        status: "affected",
                        version: "8.0.6",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "financial_services_retail_customer_analytics",
                  vendor: "oracle",
                  versions: [
                     {
                        status: "affected",
                        version: "8.0.6",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "global_lifecycle_management_opatch",
                  vendor: "oracle",
                  versions: [
                     {
                        lessThanOrEqual: "12.2.0.1.20",
                        status: "affected",
                        version: "0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "insurance_policy_administration_j2ee",
                  vendor: "oracle",
                  versions: [
                     {
                        lessThan: "11.1.0.15",
                        status: "affected",
                        version: "11.0.2.25",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:-:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "jd_edwards_enterpriseone_orchestrator",
                  vendor: "oracle",
                  versions: [
                     {
                        lessThanOrEqual: "9.2.4.2",
                        status: "affected",
                        version: "0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "primavera_unifier",
                  vendor: "oracle",
                  versions: [
                     {
                        status: "affected",
                        version: "16.1",
                     },
                     {
                        status: "affected",
                        version: "16.2",
                     },
                     {
                        lessThanOrEqual: "17.12",
                        status: "affected",
                        version: "17.7",
                        versionType: "custom",
                     },
                     {
                        status: "affected",
                        version: "18.8",
                     },
                     {
                        status: "affected",
                        version: "19.12",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "retail_merchandising_system",
                  vendor: "oracle",
                  versions: [
                     {
                        status: "affected",
                        version: "15.0",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "retail_sales_audit",
                  vendor: "oracle",
                  versions: [
                     {
                        status: "affected",
                        version: "14.1",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:retail_service_backbone:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "retail_service_backbone",
                  vendor: "oracle",
                  versions: [
                     {
                        status: "affected",
                        version: "14.1",
                     },
                     {
                        status: "affected",
                        version: "15.0",
                     },
                     {
                        status: "affected",
                        version: "16.0",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "retail_xstore_point_of_service",
                  vendor: "oracle",
                  versions: [
                     {
                        lessThanOrEqual: "19.0",
                        status: "affected",
                        version: "15.0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:weblogic_server:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "weblogic_server",
                  vendor: "oracle",
                  versions: [
                     {
                        lessThanOrEqual: "12.2.1.4.0",
                        status: "affected",
                        version: "12.2.1.3.0",
                        versionType: "custom",
                     },
                  ],
               },
            ],
            metrics: [
               {
                  cvssV3_1: {
                     attackComplexity: "LOW",
                     attackVector: "NETWORK",
                     availabilityImpact: "HIGH",
                     baseScore: 8.8,
                     baseSeverity: "HIGH",
                     confidentialityImpact: "HIGH",
                     integrityImpact: "HIGH",
                     privilegesRequired: "NONE",
                     scope: "UNCHANGED",
                     userInteraction: "REQUIRED",
                     vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                     version: "3.1",
                  },
               },
               {
                  other: {
                     content: {
                        id: "CVE-2020-11111",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "total",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-05-25T04:00:44.621248Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            problemTypes: [
               {
                  descriptions: [
                     {
                        cweId: "CWE-502",
                        description: "CWE-502 Deserialization of Untrusted Data",
                        lang: "en",
                        type: "CWE",
                     },
                  ],
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-06-04T17:12:18.053Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T11:21:14.611Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "[debian-lts-announce] 20200417 [SECURITY] [DLA 2179-1] jackson-databind security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpujul2020.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20200403-0002/",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/FasterXML/jackson-databind/issues/2664",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpuoct2020.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpujan2021.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpuoct2021.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2021-10-20T10:38:48",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "[debian-lts-announce] 20200417 [SECURITY] [DLA 2179-1] jackson-databind security update",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com/security-alerts/cpujul2020.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://security.netapp.com/advisory/ntap-20200403-0002/",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/FasterXML/jackson-databind/issues/2664",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com/security-alerts/cpuoct2020.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com/security-alerts/cpujan2021.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com/security-alerts/cpuoct2021.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2020-11111",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "[debian-lts-announce] 20200417 [SECURITY] [DLA 2179-1] jackson-databind security update",
                     refsource: "MLIST",
                     url: "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html",
                  },
                  {
                     name: "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
                     refsource: "MISC",
                     url: "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
                  },
                  {
                     name: "https://www.oracle.com/security-alerts/cpujul2020.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com/security-alerts/cpujul2020.html",
                  },
                  {
                     name: "https://security.netapp.com/advisory/ntap-20200403-0002/",
                     refsource: "CONFIRM",
                     url: "https://security.netapp.com/advisory/ntap-20200403-0002/",
                  },
                  {
                     name: "https://github.com/FasterXML/jackson-databind/issues/2664",
                     refsource: "MISC",
                     url: "https://github.com/FasterXML/jackson-databind/issues/2664",
                  },
                  {
                     name: "https://www.oracle.com/security-alerts/cpuoct2020.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com/security-alerts/cpuoct2020.html",
                  },
                  {
                     name: "https://www.oracle.com/security-alerts/cpujan2021.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com/security-alerts/cpujan2021.html",
                  },
                  {
                     name: "https://www.oracle.com/security-alerts/cpuoct2021.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com/security-alerts/cpuoct2021.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2020-11111",
      datePublished: "2020-03-31T04:37:49",
      dateReserved: "2020-03-31T00:00:00",
      dateUpdated: "2024-08-04T11:21:14.611Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
   "vulnerability-lookup:meta": {
      fkie_nvd: {
         configurations: "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"2.9.0\", \"versionEndExcluding\": \"2.9.10.4\", \"matchCriteriaId\": \"77F8EDB1-5890-4054-84FF-2034C7D2ED96\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E94F7F59-1785-493F-91A7-5F5EA5E87E4D\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C650FEDB-E903-4C2D-AD40-282AB5F2E3C2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"97994257-C9A4-4491-B362-E8B25B7187AB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BBE7BF09-B89C-4590-821E-6C0587E096B5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"ADAE8A71-0BCD-42D5-B38C-9B2A27CC1E6B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E7231D2D-4092-44F3-B60A-D7C9ED78AFDF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F7BDFC10-45A0-46D8-AB92-4A5E2C1C76ED\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"18127694-109C-4E7E-AE79-0BA351849291\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"33F68878-BC19-4DB8-8A72-BD9FE3D0ACEC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"2.4.0\", \"versionEndIncluding\": \"2.9.0\", \"matchCriteriaId\": \"5343F8F8-E8B4-49E9-A304-9C8A608B8027\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"46059231-E7F6-4402-8119-1C7FE4ABEA96\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_contacts_server:8.0.0.4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"113E281E-977E-4195-B131-B7C7A2933B6E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_contacts_server:8.0.0.5.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D01A0BBC-DA0E-4AFE-83BF-4F3BA01653EC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"8.0.0\", \"versionEndIncluding\": \"8.2.2\", \"matchCriteriaId\": \"526E2FE5-263F-416F-8628-6CD40B865780\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"8.2.0\", \"versionEndIncluding\": \"8.2.2\", \"matchCriteriaId\": \"B51F78F4-8D7E-48C2-86D1-D53A6EB348A7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"987811D5-DA5E-493D-8709-F9231A84E5F9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0DB23B9A-571E-4B77-B432-23F3DC9B67D1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"12.0.0\", \"versionEndIncluding\": \"12.0.3\", \"matchCriteriaId\": \"2AB443D1-D8E0-4253-9E1C-B62AEBBE582A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"ECC00750-1DBF-401F-886E-E0E65A277409\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"8.2.0\", \"versionEndIncluding\": \"8.2.2\", \"matchCriteriaId\": \"3E5416A1-EE58-415D-9645-B6A875EBAED2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"8.2.0\", \"versionEndIncluding\": \"8.2.2\", \"matchCriteriaId\": \"11B0C37E-D7C7-45F2-A8D8-5A3B1B191430\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7582B307-3899-4BBB-B868-BC912A4D0109\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D26F3E23-F1A9-45E7-9E5F-0C0A24EE3783\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"12.2.0.1.20\", \"matchCriteriaId\": \"A8200D5C-D3C7-4936-84A7-37864DEEC62B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"9.2.4.2\", \"matchCriteriaId\": \"6E46AE88-E9F8-41CB-B15F-12F5127A1E8D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"9.2.4.2\", \"matchCriteriaId\": \"A3D635AE-5E4A-47FB-9FCA-D82D52A61367\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"17.7\", \"versionEndIncluding\": \"17.12\", \"matchCriteriaId\": \"08FA59A8-6A62-4B33-8952-D6E658F8DAC9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D55A54FD-7DD1-49CD-BE81-0BE73990943C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"82EB08C0-2D46-4635-88DF-E54F6452D3A3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"202AD518-2E9B-4062-B063-9858AE1F9CE2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"10864586-270E-4ACF-BDCC-ECFCD299305F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"792DF04A-2D1B-40B5-B960-3E7152732EB8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7DA6E92C-AC3B-40CF-96AE-22CD8769886F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"11DA6839-849D-4CEF-85F3-38FE75E07183\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BCE78490-A4BE-40BD-8C72-0A4526BBD4A4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"55AE3629-4A66-49E4-A33D-6D81CC94962F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4CB39A1A-AD29-45DD-9EB5-5E2053A01B9A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"27C26705-6D1F-4D5E-B64D-B479108154FF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F14A818F-AA16-4438-A3E4-E64C9287AC66\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418\"}]}]}]",
         descriptions: "[{\"lang\": \"en\", \"value\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).\"}, {\"lang\": \"es\", \"value\": \"FasterXML jackson-databind versiones 2.x anteriores a 2.9.10.4, maneja inapropiadamente la interacci\\u00f3n entre los gadgets de serializaci\\u00f3n y la escritura, relacionado con org.apache.activemq.* (tambi\\u00e9n se conoce como activemq-jms, activemq-core, activemq-pool, y activemq-pool-jms).\"}]",
         id: "CVE-2020-11111",
         lastModified: "2024-11-21T04:56:48.703",
         metrics: "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}, {\"source\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:P/A:P\", \"baseScore\": 6.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
         published: "2020-03-31T05:15:13.007",
         references: "[{\"url\": \"https://github.com/FasterXML/jackson-databind/issues/2664\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20200403-0002/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpujan2021.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpujul2020.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuoct2020.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuoct2021.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/FasterXML/jackson-databind/issues/2664\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20200403-0002/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpujan2021.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpujul2020.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuoct2020.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuoct2021.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}]",
         sourceIdentifier: "cve@mitre.org",
         vulnStatus: "Modified",
         weaknesses: "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-502\"}]}, {\"source\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-502\"}]}]",
      },
      nvd: "{\"cve\":{\"id\":\"CVE-2020-11111\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2020-03-31T05:15:13.007\",\"lastModified\":\"2024-11-21T04:56:48.703\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).\"},{\"lang\":\"es\",\"value\":\"FasterXML jackson-databind versiones 2.x anteriores a 2.9.10.4, maneja inapropiadamente la interacción entre los gadgets de serialización y la escritura, relacionado con org.apache.activemq.* (también se conoce como activemq-jms, activemq-core, activemq-pool, y activemq-pool-jms).\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-502\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-502\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.9.0\",\"versionEndExcluding\":\"2.9.10.4\",\"matchCriteriaId\":\"77F8EDB1-5890-4054-84FF-2034C7D2ED96\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E94F7F59-1785-493F-91A7-5F5EA5E87E4D\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C650FEDB-E903-4C2D-AD40-282AB5F2E3C2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"97994257-C9A4-4491-B362-E8B25B7187AB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BBE7BF09-B89C-4590-821E-6C0587E096B5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ADAE8A71-0BCD-42D5-B38C-9B2A27CC1E6B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E7231D2D-4092-44F3-B60A-D7C9ED78AFDF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F7BDFC10-45A0-46D8-AB92-4A5E2C1C76ED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"18127694-109C-4E7E-AE79-0BA351849291\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"33F68878-BC19-4DB8-8A72-BD9FE3D0ACEC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.4.0\",\"versionEndIncluding\":\"2.9.0\",\"matchCriteriaId\":\"5343F8F8-E8B4-49E9-A304-9C8A608B8027\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"46059231-E7F6-4402-8119-1C7FE4ABEA96\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_contacts_server:8.0.0.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"113E281E-977E-4195-B131-B7C7A2933B6E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_contacts_server:8.0.0.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D01A0BBC-DA0E-4AFE-83BF-4F3BA01653EC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0.0\",\"versionEndIncluding\":\"8.2.2\",\"matchCriteriaId\":\"526E2FE5-263F-416F-8628-6CD40B865780\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.2.0\",\"versionEndIncluding\":\"8.2.2\",\"matchCriteriaId\":\"B51F78F4-8D7E-48C2-86D1-D53A6EB348A7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"987811D5-DA5E-493D-8709-F9231A84E5F9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0DB23B9A-571E-4B77-B432-23F3DC9B67D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.0.0\",\"versionEndIncluding\":\"12.0.3\",\"matchCriteriaId\":\"2AB443D1-D8E0-4253-9E1C-B62AEBBE582A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ECC00750-1DBF-401F-886E-E0E65A277409\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.2.0\",\"versionEndIncluding\":\"8.2.2\",\"matchCriteriaId\":\"3E5416A1-EE58-415D-9645-B6A875EBAED2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.2.0\",\"versionEndIncluding\":\"8.2.2\",\"matchCriteriaId\":\"11B0C37E-D7C7-45F2-A8D8-5A3B1B191430\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7582B307-3899-4BBB-B868-BC912A4D0109\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D26F3E23-F1A9-45E7-9E5F-0C0A24EE3783\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"12.2.0.1.20\",\"matchCriteriaId\":\"A8200D5C-D3C7-4936-84A7-37864DEEC62B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"9.2.4.2\",\"matchCriteriaId\":\"6E46AE88-E9F8-41CB-B15F-12F5127A1E8D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"9.2.4.2\",\"matchCriteriaId\":\"A3D635AE-5E4A-47FB-9FCA-D82D52A61367\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.7\",\"versionEndIncluding\":\"17.12\",\"matchCriteriaId\":\"08FA59A8-6A62-4B33-8952-D6E658F8DAC9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D55A54FD-7DD1-49CD-BE81-0BE73990943C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"82EB08C0-2D46-4635-88DF-E54F6452D3A3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"202AD518-2E9B-4062-B063-9858AE1F9CE2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"10864586-270E-4ACF-BDCC-ECFCD299305F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"792DF04A-2D1B-40B5-B960-3E7152732EB8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7DA6E92C-AC3B-40CF-96AE-22CD8769886F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"11DA6839-849D-4CEF-85F3-38FE75E07183\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BCE78490-A4BE-40BD-8C72-0A4526BBD4A4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"55AE3629-4A66-49E4-A33D-6D81CC94962F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4CB39A1A-AD29-45DD-9EB5-5E2053A01B9A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"27C26705-6D1F-4D5E-B64D-B479108154FF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F14A818F-AA16-4438-A3E4-E64C9287AC66\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418\"}]}]}],\"references\":[{\"url\":\"https://github.com/FasterXML/jackson-databind/issues/2664\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20200403-0002/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujan2021.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujul2020.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuoct2020.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuoct2021.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/FasterXML/jackson-databind/issues/2664\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20200403-0002/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujan2021.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujul2020.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuoct2020.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuoct2021.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]}]}}",
      vulnrichment: {
         containers: "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html\", \"name\": \"[debian-lts-announce] 20200417 [SECURITY] [DLA 2179-1] jackson-databind security update\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpujul2020.html\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20200403-0002/\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://github.com/FasterXML/jackson-databind/issues/2664\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuoct2020.html\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpujan2021.html\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuoct2021.html\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-04T11:21:14.611Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2020-11111\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-05-25T04:00:44.621248Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6:*:*:*:*:*:*:*\"], \"vendor\": \"oracle\", \"product\": \"financial_services_analytical_applications_infrastructure\", \"versions\": [{\"status\": \"affected\", \"version\": \"8.0.6\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"8.1.0\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*\"], \"vendor\": \"fasterxml\", \"product\": \"jackson-databind\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"2.9.10.4\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\"], \"vendor\": \"debian\", \"product\": \"debian_linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"8.0\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*\"], \"vendor\": \"netapp\", \"product\": \"steelstore_cloud_integrated_storage\", \"versions\": [{\"status\": \"affected\", \"version\": \"*\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*\"], \"vendor\": \"oracle\", \"product\": \"agile_plm\", \"versions\": [{\"status\": \"affected\", \"version\": \"9.3.6\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*\"], \"vendor\": \"oracle\", \"product\": \"autovue_for_agile_product_lifecycle_management\", \"versions\": [{\"status\": \"affected\", \"version\": \"21.0.2\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:*\"], \"vendor\": \"oracle\", \"product\": \"banking_digital_experience\", \"versions\": [{\"status\": \"affected\", \"version\": \"18.1\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"18.3\"}, {\"status\": \"affected\", \"version\": \"19.1\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"19.2\"}, {\"status\": \"affected\", \"version\": \"20.1\"}, {\"status\": \"affected\", \"version\": \"2.4.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"2.9.0\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*\"], \"vendor\": \"oracle\", \"product\": \"communications_calendar_server\", \"versions\": [{\"status\": \"affected\", \"version\": \"8.0.0.4.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"8.0.0.5.0\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:oracle:communications_diameter_signaling_router:-:*:*:*:*:*:*:*\"], \"vendor\": \"oracle\", \"product\": \"communications_diameter_signaling_router\", \"versions\": [{\"status\": \"affected\", \"version\": \"8.0.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"8.2.2\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*\"], \"vendor\": \"oracle\", \"product\": \"communications_element_manager\", \"versions\": [{\"status\": \"affected\", \"version\": \"8.2.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"8.2.2\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*\"], \"vendor\": \"oracle\", \"product\": \"communications_evolved_communications_application_server\", \"versions\": [{\"status\": \"affected\", \"version\": \"7.1\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*\"], \"vendor\": \"oracle\", \"product\": \"communications_instant_messaging_server\", \"versions\": [{\"status\": \"affected\", \"version\": \"10.0.1.4.0\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*\"], \"vendor\": \"oracle\", \"product\": \"communications_network_charging_and_control\", \"versions\": [{\"status\": \"affected\", \"version\": \"6.0.1\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.0:*:*:*:*:*:*:*\"], \"vendor\": \"oracle\", \"product\": \"communications_network_charging_and_control\", \"versions\": [{\"status\": \"affected\", \"version\": \"12.0.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"12.0.3\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:oracle:communications_session_route_manager:-:*:*:*:*:*:*:*\"], \"vendor\": \"oracle\", \"product\": \"communications_session_route_manager\", \"versions\": [{\"status\": \"affected\", \"version\": \"8.2.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"8.2.2\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*\"], \"vendor\": \"oracle\", \"product\": \"enterprise_manager_base_platform\", \"versions\": [{\"status\": \"affected\", \"version\": \"13.3.0.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"13.4.0.0\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*\"], \"vendor\": \"oracle\", \"product\": \"financial_services_institutional_performance_analytics\", \"versions\": [{\"status\": \"affected\", \"version\": \"8.0.6\"}, {\"status\": \"affected\", \"version\": \"8.0.7\"}, {\"status\": \"affected\", \"version\": \"8.1.0\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*\"], \"vendor\": \"oracle\", \"product\": \"financial_services_price_creation_and_discovery\", \"versions\": [{\"status\": \"affected\", \"version\": \"8.0.6\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"8.0.7\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:*\"], \"vendor\": \"oracle\", \"product\": \"financial_services_retail_customer_analytics\", \"versions\": [{\"status\": \"affected\", \"version\": \"8.0.6\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*\"], \"vendor\": \"oracle\", \"product\": \"global_lifecycle_management_opatch\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"12.2.0.1.20\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:oracle:insurance_policy_administration_j2ee:*:*:*:*:*:*:*:*\"], \"vendor\": \"oracle\", \"product\": \"insurance_policy_administration_j2ee\", \"versions\": [{\"status\": \"affected\", \"version\": \"11.0.2.25\", \"lessThan\": \"11.1.0.15\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:-:*:*:*:*:*:*:*\"], \"vendor\": \"oracle\", \"product\": \"jd_edwards_enterpriseone_orchestrator\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"9.2.4.2\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*\"], \"vendor\": \"oracle\", \"product\": \"primavera_unifier\", \"versions\": [{\"status\": \"affected\", \"version\": \"16.1\"}, {\"status\": \"affected\", \"version\": \"16.2\"}, {\"status\": \"affected\", \"version\": \"17.7\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"17.12\"}, {\"status\": \"affected\", \"version\": \"18.8\"}, {\"status\": \"affected\", \"version\": \"19.12\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*\"], \"vendor\": \"oracle\", \"product\": \"retail_merchandising_system\", \"versions\": [{\"status\": \"affected\", \"version\": \"15.0\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*\"], \"vendor\": \"oracle\", \"product\": \"retail_sales_audit\", \"versions\": [{\"status\": \"affected\", \"version\": \"14.1\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:oracle:retail_service_backbone:*:*:*:*:*:*:*:*\"], \"vendor\": \"oracle\", \"product\": \"retail_service_backbone\", \"versions\": [{\"status\": \"affected\", \"version\": \"14.1\"}, {\"status\": \"affected\", \"version\": \"15.0\"}, {\"status\": \"affected\", \"version\": \"16.0\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*\"], \"vendor\": \"oracle\", \"product\": \"retail_xstore_point_of_service\", \"versions\": [{\"status\": \"affected\", \"version\": \"15.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"19.0\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:oracle:weblogic_server:*:*:*:*:*:*:*:*\"], \"vendor\": \"oracle\", \"product\": \"weblogic_server\", \"versions\": [{\"status\": \"affected\", \"version\": \"12.2.1.3.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"12.2.1.4.0\"}], \"defaultStatus\": \"unknown\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-502\", \"description\": \"CWE-502 Deserialization of Untrusted Data\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-05-26T13:42:26.785Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"n/a\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"references\": [{\"url\": \"https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html\", \"name\": \"[debian-lts-announce] 20200417 [SECURITY] [DLA 2179-1] jackson-databind security update\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpujul2020.html\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20200403-0002/\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/FasterXML/jackson-databind/issues/2664\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuoct2020.html\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpujan2021.html\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuoct2021.html\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"n/a\"}]}], \"providerMetadata\": {\"orgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"shortName\": \"mitre\", \"dateUpdated\": \"2021-10-20T10:38:48\"}, \"x_legacyV4Record\": {\"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"n/a\"}]}, \"product_name\": \"n/a\"}]}, \"vendor_name\": \"n/a\"}]}}, \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html\", \"name\": \"[debian-lts-announce] 20200417 [SECURITY] [DLA 2179-1] jackson-databind security update\", \"refsource\": \"MLIST\"}, {\"url\": \"https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062\", \"name\": \"https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062\", \"refsource\": \"MISC\"}, {\"url\": \"https://www.oracle.com/security-alerts/cpujul2020.html\", \"name\": \"https://www.oracle.com/security-alerts/cpujul2020.html\", \"refsource\": \"MISC\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20200403-0002/\", \"name\": \"https://security.netapp.com/advisory/ntap-20200403-0002/\", \"refsource\": \"CONFIRM\"}, {\"url\": \"https://github.com/FasterXML/jackson-databind/issues/2664\", \"name\": \"https://github.com/FasterXML/jackson-databind/issues/2664\", \"refsource\": \"MISC\"}, {\"url\": \"https://www.oracle.com/security-alerts/cpuoct2020.html\", \"name\": \"https://www.oracle.com/security-alerts/cpuoct2020.html\", \"refsource\": \"MISC\"}, {\"url\": \"https://www.oracle.com/security-alerts/cpujan2021.html\", \"name\": \"https://www.oracle.com/security-alerts/cpujan2021.html\", \"refsource\": \"MISC\"}, {\"url\": \"https://www.oracle.com/security-alerts/cpuoct2021.html\", \"name\": \"https://www.oracle.com/security-alerts/cpuoct2021.html\", \"refsource\": \"MISC\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"n/a\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2020-11111\", \"STATE\": \"PUBLIC\", \"ASSIGNER\": \"cve@mitre.org\"}}}}",
         cveMetadata: "{\"cveId\": \"CVE-2020-11111\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-04T11:21:14.611Z\", \"dateReserved\": \"2020-03-31T00:00:00\", \"assignerOrgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"datePublished\": \"2020-03-31T04:37:49\", \"assignerShortName\": \"mitre\"}",
         dataType: "CVE_RECORD",
         dataVersion: "5.1",
      },
   },
}


Log in or create an account to share your comment.

Security Advisory comment format.

This schema specifies the format of a comment related to a security advisory.

UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).



Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.