var-202009-1633
Vulnerability from variot
FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration. FasterXML jackson-databind There is a vulnerability in deserialization of untrusted data.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. FasterXML jackson-databind is a library based on JAVA that can convert data formats such as XML and JSON to JAVA objects. Jackson can easily convert Java objects into json objects and xml documents, as well as convert json and xml into Java objects. FasterXML jackson-databind 2.0 series prior to 2.9.10.6 has a security vulnerability, which originates from com.pastdev.httpcomponents.configuration.JndiConfiguration. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: rh-maven35-jackson-databind security update Advisory ID: RHSA-2020:4173-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2020:4173 Issue date: 2020-10-05 CVE Names: CVE-2020-24750 ==================================================================== 1. Summary:
An update for rh-maven35-jackson-databind is now available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch
- Description:
The jackson-databind package provides general data-binding functionality for Jackson, which works on top of Jackson core streaming API.
Security Fix(es):
- jackson-databind: Serialization gadgets in com.pastdev.httpcomponents.configuration.JndiConfiguration (CVE-2020-24750)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1882310 - CVE-2020-24750 jackson-databind: Serialization gadgets in com.pastdev.httpcomponents.configuration.JndiConfiguration
- Package List:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source: rh-maven35-jackson-databind-2.7.6-2.11.el7.src.rpm
noarch: rh-maven35-jackson-databind-2.7.6-2.11.el7.noarch.rpm rh-maven35-jackson-databind-javadoc-2.7.6-2.11.el7.noarch.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source: rh-maven35-jackson-databind-2.7.6-2.11.el7.src.rpm
noarch: rh-maven35-jackson-databind-2.7.6-2.11.el7.noarch.rpm rh-maven35-jackson-databind-javadoc-2.7.6-2.11.el7.noarch.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):
Source: rh-maven35-jackson-databind-2.7.6-2.11.el7.src.rpm
noarch: rh-maven35-jackson-databind-2.7.6-2.11.el7.noarch.rpm rh-maven35-jackson-databind-javadoc-2.7.6-2.11.el7.noarch.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7):
Source: rh-maven35-jackson-databind-2.7.6-2.11.el7.src.rpm
noarch: rh-maven35-jackson-databind-2.7.6-2.11.el7.noarch.rpm rh-maven35-jackson-databind-javadoc-2.7.6-2.11.el7.noarch.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-maven35-jackson-databind-2.7.6-2.11.el7.src.rpm
noarch: rh-maven35-jackson-databind-2.7.6-2.11.el7.noarch.rpm rh-maven35-jackson-databind-javadoc-2.7.6-2.11.el7.noarch.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2020-24750 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBX3s4DtzjgjWX9erEAQhtzQ/+KJm3W2dfbUqCVcdtymA4f4UfDt0LFXTP T5AuDJQk5evqIQWpnV/bgbpnIhkGLFVW6AWAQK0pnT5Zl4HK33+sNOTRHKpey0PR j3C43AuFL68XeWVKX8iJdAo42s/a3K4QjEgofXiXfDipPxg356zb8lm4RiXlx9db LMgXAL0uKDzv+4HYcEmOY7A+8rDB4GwLLDmj2J6ZyahNLOECJbO7CdPVEUeT/cFN 32vYBoxmLw1CahI5RcpiebibLA2SRss84iG+/NceptBTfqQzcHVipBHzryOUNsVz PHCcgDAi0KiNR8ugj142CBcVmW6nu3WCipqxjQ86cRx3r2yu5B3yTlAMxjaBxHIC usxO7BPuiK+6Cizw0Qd/DaI0e2YkEvGJ6OwDxEB27j3id9IB9Q1n6qucZH8vahAi gJv/W+Ij1Ff1OaNVZIfXLFAnloVZAy6jBXvwzZNJWOkbHPRjbcz8JJWOt5v4AbsR DKKLs+EoxE+3GPJdTL1EAgA+rrEmbtXVHyuqamf89H5LD2yGjJF8IJkk1ei9b3FJ /hj8UXrfKYnfSM0Q/UnqQbTWXYjqhjJpkrTXTIFR2zZxnaYNOaH/lmMfBpvBEYBW K0I0Y47LoZnt2P+kaJnHWu+uuuETIkrThNZK+JH1qFzhjYfc2AGcB9r2SMAWEARI LOeqeMsgpVs=jbsa -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Bugs fixed (https://bugzilla.redhat.com/):
1666415 - CVE-2018-14718 jackson-databind: arbitrary code execution in slf4j-ext class 1666418 - CVE-2018-14719 jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes 1666423 - CVE-2018-14720 jackson-databind: exfiltration/XXE in some JDK classes 1666428 - CVE-2018-14721 jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class 1666482 - CVE-2018-19360 jackson-databind: improper polymorphic deserialization in axis2-transport-jms class 1666484 - CVE-2018-19361 jackson-databind: improper polymorphic deserialization in openjpa class 1666489 - CVE-2018-19362 jackson-databind: improper polymorphic deserialization in jboss-common-core class 1737517 - CVE-2019-14379 jackson-databind: default typing mishandling leading to remote code execution 1859004 - Sometimes the eventrouter couldn't gather event logs.
Bug Fix(es):
-
Gather image registry config (backport to 4.3) (BZ#1836815)
-
Builds fail after running postCommit script if OCP cluster is configured with a container registry whitelist (BZ#1849176)
-
Login with OpenShift not working after cluster upgrade (BZ#1852429)
-
Limit the size of gathered federated metrics from alerts in Insights Operator (BZ#1874018)
-
[4.3] Storage operator stops reconciling when going Upgradeable=False on v1alpha1 CRDs (BZ#1879110)
-
[release 4.3] OpenShift APIs become unavailable for more than 15 minutes after one of master nodes went down(OAuth) (BZ#1880293)
You may download the oc tool and use it to inspect release image metadata as follows:
(For x86_64 architecture)
$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.3.40-x86_64
The image digest is sha256:9ff90174a170379e90a9ead6e0d8cf6f439004191f80762764a5ca3dbaab01dc
(For s390x architecture)
$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.3.40-s390x The image digest is sha256:605ddde0442e604cfe2d6bd1541ce48df5956fe626edf9cc95b1fca75d231b64
(For ppc64le architecture)
$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.3.40-ppc64le
The image digest is sha256:d3c9e391c145338eae3feb7f6a4e487dadc8139a353117d642fe686d277bcccc
- Bugs fixed (https://bugzilla.redhat.com/):
1804533 - CVE-2020-9283 golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic 1836815 - Gather image registry config (backport to 4.3) 1849176 - Builds fail after running postCommit script if OCP cluster is configured with a container registry whitelist 1874018 - Limit the size of gathered federated metrics from alerts in Insights Operator 1874399 - [DR] etcd-member-recover.sh fails to pull image with unauthorized 1879110 - [4.3] Storage operator stops reconciling when going Upgradeable=False on v1alpha1 CRDs
- JIRA issues fixed (https://issues.jboss.org/):
LOG-1224 - Release 5.0 - ClusterLogForwarder namespace-specific log forwarding does not work as expected LOG-1232 - 5.0 - Bug 1859004 - Sometimes the eventrouter couldn't gather event logs. LOG-1234 - CVE-2020-15586 CVE-2020-16845 openshift-eventrouter: various flaws [openshift-4] LOG-1299 - Release 5.0 Forwarding logs to Kafka using Chained certificates fails with error "state=error: certificate verify failed (unable to get local issuer certificate)"
- Description:
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. See the following advisory for the container images for this release:
https://access.redhat.com/errata/RHEA-2020:5633
All OpenShift Container Platform users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.7/updating/updating-cluster - -between-minor.html#understanding-upgrade-channels_updating-cluster-between - -minor. Solution:
For OpenShift Container Platform 4.7 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel ease-notes.html
Details on how to access this content are available at https://docs.openshift.com/container-platform/4.7/updating/updating-cluster - -cli.html. Bugs fixed (https://bugzilla.redhat.com/):
1823765 - nfd-workers crash under an ipv6 environment 1838802 - mysql8 connector from operatorhub does not work with metering operator 1838845 - Metering operator can't connect to postgres DB from Operator Hub 1841883 - namespace-persistentvolumeclaim-usage query returns unexpected values 1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash 1868294 - NFD operator does not allow customisation of nfd-worker.conf 1882310 - CVE-2020-24750 jackson-databind: Serialization gadgets in com.pastdev.httpcomponents.configuration.JndiConfiguration 1890672 - NFD is missing a build flag to build correctly 1890741 - path to the CA trust bundle ConfigMap is broken in report operator 1897346 - NFD worker pods not scheduler on a 3 node master/worker cluster 1898373 - Metering operator failing upgrade from 4.4 to 4.6 channel 1900125 - FIPS error while generating RSA private key for CA 1906129 - OCP 4.7: Node Feature Discovery (NFD) Operator in CrashLoopBackOff when deployed from OperatorHub 1908492 - OCP 4.7: Node Feature Discovery (NFD) Operator Custom Resource Definition file in olm-catalog is not in sync with the one in manifests dir leading to failed deployment from OperatorHub 1913837 - The CI and ART 4.7 metering images are not mirrored 1914869 - OCP 4.7 NFD - Operand configuration options for NodeFeatureDiscovery are empty, no supported image for ppc64le 1916010 - olm skip range is set to the wrong range 1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation 1923998 - NFD Operator is failing to update and remains in Replacing state
5
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202009-1633", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "ucosminexus application server", "scope": null, "trust": 1.6, "vendor": "\u65e5\u7acb", "version": null }, { "model": "ucosminexus service platform", "scope": null, "trust": 1.6, "vendor": "\u65e5\u7acb", "version": null }, { "model": "siebel ui framework", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "21.2" }, { "model": "communications session report manager", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.2.2.1" }, { "model": "communications session report manager", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "8.0.0.0" }, { "model": "communications contacts server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.0" }, { "model": "jackson-databind", "scope": "gte", "trust": 1.0, "vendor": "fasterxml", "version": "2.7.0" }, { "model": "communications diameter signaling router", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.2.2" }, { "model": "communications diameter signaling router", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "8.0.0" }, { "model": "communications policy management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.5.0" }, { "model": "communications session route manager", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.2.2.1" }, { "model": "jackson-databind", "scope": "lt", "trust": 1.0, "vendor": "fasterxml", "version": "2.9.10.6" }, { "model": "communications pricing design center", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.0.0.4.0" }, { "model": "banking liquidity management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.3" }, { "model": "jackson-databind", "scope": "lt", "trust": 1.0, "vendor": "fasterxml", "version": "2.6.7.5" }, { "model": "communications instant messaging server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "10.0.1.5.0" }, { "model": "banking supply chain finance", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.3.0" }, { "model": "banking liquidity management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.2" }, { "model": "siebel core - server framework", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "21.5" }, { "model": "banking corporate lending process management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.3.0" }, { "model": "banking supply chain finance", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.5.0" }, { "model": "communications offline mediation controller", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.0.0.3.0" }, { "model": "communications calendar server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.0.0.4.0" }, { "model": "communications element manager", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.2.4.0" }, { "model": "communications calendar server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.0" }, { "model": "banking corporate lending process management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.5.0" }, { "model": "communications unified inventory management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "7.4.1" }, { "model": "banking credit facilities process management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.3.0" }, { "model": "agile plm", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "9.3.6" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "9.0" }, { "model": "banking supply chain finance", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.2.0" }, { "model": "autovue for agile product lifecycle management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "21.0.2" }, { "model": "jackson-databind", "scope": "gte", "trust": 1.0, "vendor": "fasterxml", "version": "2.0.0" }, { "model": "banking credit facilities process management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.5.0" }, { "model": "banking corporate lending process management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.2.0" }, { "model": "identity manager connector", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "11.1.1.5.0" }, { "model": "communications contacts server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.0.0.5.0" }, { "model": "communications element manager", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "8.2.0" }, { "model": "banking credit facilities process management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.2.0" }, { "model": "application testing suite", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "13.3.0.1" }, { "model": "banking liquidity management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.5" }, { "model": "blockchain platform", "scope": "lt", "trust": 1.0, "vendor": "oracle", "version": "21.1.2" }, { "model": "communications messaging server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.1" }, { "model": "communications session route manager", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "8.2.0" }, { "model": "communications services gatekeeper", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "7.0" }, { "model": "jackson-databind", "scope": null, "trust": 0.8, "vendor": "fasterxml", "version": null }, { "model": "ucosminexus application server-r", "scope": null, "trust": 0.8, "vendor": "\u65e5\u7acb", "version": null }, { "model": "ucosminexus developer", "scope": null, "trust": 0.8, "vendor": "\u65e5\u7acb", "version": null }, { "model": "ucosminexus service architect", "scope": null, "trust": 0.8, "vendor": "\u65e5\u7acb", "version": null }, { "model": "agile product lifecycle management", "scope": null, "trust": 0.8, "vendor": "\u30aa\u30e9\u30af\u30eb", "version": null }, { "model": "oracle communications calendar server", "scope": null, "trust": 0.8, "vendor": "\u30aa\u30e9\u30af\u30eb", "version": null }, { "model": "oracle communications contacts server", "scope": null, "trust": 0.8, "vendor": "\u30aa\u30e9\u30af\u30eb", "version": null }, { "model": "oracle communications diameter signaling router", "scope": null, "trust": 0.8, "vendor": "\u30aa\u30e9\u30af\u30eb", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-011430" }, { "db": "NVD", "id": "CVE-2020-24750" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.9.10.6", "versionStartIncluding": "2.9.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_policy_management:12.5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.2.2", "versionStartIncluding": "8.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_contacts_server:8.0.0.5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_liquidity_management:14.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_liquidity_management:14.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_liquidity_management:14.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_supply_chain_finance:14.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_supply_chain_finance:14.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_supply_chain_finance:14.5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_calendar_server:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_contacts_server:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.2.4.0", "versionStartIncluding": "8.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_messaging_server:8.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.2.2.1", "versionStartIncluding": "8.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:identity_manager_connector:11.1.1.5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:siebel_core_-_server_framework:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "21.5", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:siebel_ui_framework:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "21.2", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "21.1.2", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.2.2.1", "versionStartIncluding": "8.0.0.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2020-24750" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Red Hat", "sources": [ { "db": "PACKETSTORM", "id": "159466" }, { "db": "PACKETSTORM", "id": "162350" }, { "db": "PACKETSTORM", "id": "159661" }, { "db": "PACKETSTORM", "id": "162493" }, { "db": "PACKETSTORM", "id": "161536" }, { "db": "CNNVD", "id": "CNNVD-202009-1066" } ], "trust": 1.1 }, "cve": "CVE-2020-24750", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 6.8, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2020-24750", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "VHN-178660", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "HIGH", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.2, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "High", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 8.1, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2020-24750", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2020-24750", "trust": 1.8, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202009-1066", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-178660", "trust": 0.1, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2020-24750", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-178660" }, { "db": "VULMON", "id": "CVE-2020-24750" }, { "db": "JVNDB", "id": "JVNDB-2020-011430" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202009-1066" }, { "db": "NVD", "id": "CVE-2020-24750" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration. FasterXML jackson-databind There is a vulnerability in deserialization of untrusted data.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. FasterXML jackson-databind is a library based on JAVA that can convert data formats such as XML and JSON to JAVA objects. Jackson can easily convert Java objects into json objects and xml documents, as well as convert json and xml into Java objects. FasterXML jackson-databind 2.0 series prior to 2.9.10.6 has a security vulnerability, which originates from com.pastdev.httpcomponents.configuration.JndiConfiguration. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: rh-maven35-jackson-databind security update\nAdvisory ID: RHSA-2020:4173-01\nProduct: Red Hat Software Collections\nAdvisory URL: https://access.redhat.com/errata/RHSA-2020:4173\nIssue date: 2020-10-05\nCVE Names: CVE-2020-24750\n====================================================================\n1. Summary:\n\nAn update for rh-maven35-jackson-databind is now available for Red Hat\nSoftware Collections. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - noarch\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - noarch\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch\n\n3. Description:\n\nThe jackson-databind package provides general data-binding functionality\nfor Jackson, which works on top of Jackson core streaming API. \n\nSecurity Fix(es):\n\n* jackson-databind: Serialization gadgets in\ncom.pastdev.httpcomponents.configuration.JndiConfiguration (CVE-2020-24750)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1882310 - CVE-2020-24750 jackson-databind: Serialization gadgets in com.pastdev.httpcomponents.configuration.JndiConfiguration\n\n6. Package List:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-maven35-jackson-databind-2.7.6-2.11.el7.src.rpm\n\nnoarch:\nrh-maven35-jackson-databind-2.7.6-2.11.el7.noarch.rpm\nrh-maven35-jackson-databind-javadoc-2.7.6-2.11.el7.noarch.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-maven35-jackson-databind-2.7.6-2.11.el7.src.rpm\n\nnoarch:\nrh-maven35-jackson-databind-2.7.6-2.11.el7.noarch.rpm\nrh-maven35-jackson-databind-javadoc-2.7.6-2.11.el7.noarch.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):\n\nSource:\nrh-maven35-jackson-databind-2.7.6-2.11.el7.src.rpm\n\nnoarch:\nrh-maven35-jackson-databind-2.7.6-2.11.el7.noarch.rpm\nrh-maven35-jackson-databind-javadoc-2.7.6-2.11.el7.noarch.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7):\n\nSource:\nrh-maven35-jackson-databind-2.7.6-2.11.el7.src.rpm\n\nnoarch:\nrh-maven35-jackson-databind-2.7.6-2.11.el7.noarch.rpm\nrh-maven35-jackson-databind-javadoc-2.7.6-2.11.el7.noarch.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-maven35-jackson-databind-2.7.6-2.11.el7.src.rpm\n\nnoarch:\nrh-maven35-jackson-databind-2.7.6-2.11.el7.noarch.rpm\nrh-maven35-jackson-databind-javadoc-2.7.6-2.11.el7.noarch.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2020-24750\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2020 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBX3s4DtzjgjWX9erEAQhtzQ/+KJm3W2dfbUqCVcdtymA4f4UfDt0LFXTP\nT5AuDJQk5evqIQWpnV/bgbpnIhkGLFVW6AWAQK0pnT5Zl4HK33+sNOTRHKpey0PR\nj3C43AuFL68XeWVKX8iJdAo42s/a3K4QjEgofXiXfDipPxg356zb8lm4RiXlx9db\nLMgXAL0uKDzv+4HYcEmOY7A+8rDB4GwLLDmj2J6ZyahNLOECJbO7CdPVEUeT/cFN\n32vYBoxmLw1CahI5RcpiebibLA2SRss84iG+/NceptBTfqQzcHVipBHzryOUNsVz\nPHCcgDAi0KiNR8ugj142CBcVmW6nu3WCipqxjQ86cRx3r2yu5B3yTlAMxjaBxHIC\nusxO7BPuiK+6Cizw0Qd/DaI0e2YkEvGJ6OwDxEB27j3id9IB9Q1n6qucZH8vahAi\ngJv/W+Ij1Ff1OaNVZIfXLFAnloVZAy6jBXvwzZNJWOkbHPRjbcz8JJWOt5v4AbsR\nDKKLs+EoxE+3GPJdTL1EAgA+rrEmbtXVHyuqamf89H5LD2yGjJF8IJkk1ei9b3FJ\n/hj8UXrfKYnfSM0Q/UnqQbTWXYjqhjJpkrTXTIFR2zZxnaYNOaH/lmMfBpvBEYBW\nK0I0Y47LoZnt2P+kaJnHWu+uuuETIkrThNZK+JH1qFzhjYfc2AGcB9r2SMAWEARI\nLOeqeMsgpVs=jbsa\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. Bugs fixed (https://bugzilla.redhat.com/):\n\n1666415 - CVE-2018-14718 jackson-databind: arbitrary code execution in slf4j-ext class\n1666418 - CVE-2018-14719 jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes\n1666423 - CVE-2018-14720 jackson-databind: exfiltration/XXE in some JDK classes\n1666428 - CVE-2018-14721 jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class\n1666482 - CVE-2018-19360 jackson-databind: improper polymorphic deserialization in axis2-transport-jms class\n1666484 - CVE-2018-19361 jackson-databind: improper polymorphic deserialization in openjpa class\n1666489 - CVE-2018-19362 jackson-databind: improper polymorphic deserialization in jboss-common-core class\n1737517 - CVE-2019-14379 jackson-databind: default typing mishandling leading to remote code execution\n1859004 - Sometimes the eventrouter couldn\u0027t gather event logs. \n\nBug Fix(es):\n\n* Gather image registry config (backport to 4.3) (BZ#1836815)\n\n* Builds fail after running postCommit script if OCP cluster is configured\nwith a container registry whitelist (BZ#1849176)\n\n* Login with OpenShift not working after cluster upgrade (BZ#1852429)\n\n* Limit the size of gathered federated metrics from alerts in Insights\nOperator (BZ#1874018)\n\n* [4.3] Storage operator stops reconciling when going Upgradeable=False on\nv1alpha1 CRDs (BZ#1879110)\n\n* [release 4.3] OpenShift APIs become unavailable for more than 15 minutes\nafter one of master nodes went down(OAuth) (BZ#1880293)\n\nYou may download the oc tool and use it to inspect release image metadata\nas follows:\n\n(For x86_64 architecture)\n\n $ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.3.40-x86_64\n\nThe image digest is\nsha256:9ff90174a170379e90a9ead6e0d8cf6f439004191f80762764a5ca3dbaab01dc\n\n(For s390x architecture)\n\n $ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.3.40-s390x\nThe image digest is\nsha256:605ddde0442e604cfe2d6bd1541ce48df5956fe626edf9cc95b1fca75d231b64\n\n(For ppc64le architecture)\n\n $ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.3.40-ppc64le\n\nThe image digest is\nsha256:d3c9e391c145338eae3feb7f6a4e487dadc8139a353117d642fe686d277bcccc\n\n3. Bugs fixed (https://bugzilla.redhat.com/):\n\n1804533 - CVE-2020-9283 golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic\n1836815 - Gather image registry config (backport to 4.3)\n1849176 - Builds fail after running postCommit script if OCP cluster is configured with a container registry whitelist\n1874018 - Limit the size of gathered federated metrics from alerts in Insights Operator\n1874399 - [DR] etcd-member-recover.sh fails to pull image with unauthorized\n1879110 - [4.3] Storage operator stops reconciling when going Upgradeable=False on v1alpha1 CRDs\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nLOG-1224 - Release 5.0 - ClusterLogForwarder namespace-specific log forwarding does not work as expected\nLOG-1232 - 5.0 - Bug 1859004 - Sometimes the eventrouter couldn\u0027t gather event logs. \nLOG-1234 - CVE-2020-15586 CVE-2020-16845 openshift-eventrouter: various flaws [openshift-4]\nLOG-1299 - Release 5.0 Forwarding logs to Kafka using Chained certificates fails with error \"state=error: certificate verify failed (unable to get local issuer certificate)\"\n\n5. Description:\n\nRed Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments. See the following advisory for the container images for\nthis release:\n\nhttps://access.redhat.com/errata/RHEA-2020:5633\n\nAll OpenShift Container Platform users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift Console\nor the CLI oc command. Instructions for upgrading a cluster are available\nat\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster\n- -between-minor.html#understanding-upgrade-channels_updating-cluster-between\n- -minor. Solution:\n\nFor OpenShift Container Platform 4.7 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel\nease-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster\n- -cli.html. Bugs fixed (https://bugzilla.redhat.com/):\n\n1823765 - nfd-workers crash under an ipv6 environment\n1838802 - mysql8 connector from operatorhub does not work with metering operator\n1838845 - Metering operator can\u0027t connect to postgres DB from Operator Hub\n1841883 - namespace-persistentvolumeclaim-usage query returns unexpected values\n1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash\n1868294 - NFD operator does not allow customisation of nfd-worker.conf\n1882310 - CVE-2020-24750 jackson-databind: Serialization gadgets in com.pastdev.httpcomponents.configuration.JndiConfiguration\n1890672 - NFD is missing a build flag to build correctly\n1890741 - path to the CA trust bundle ConfigMap is broken in report operator\n1897346 - NFD worker pods not scheduler on a 3 node master/worker cluster\n1898373 - Metering operator failing upgrade from 4.4 to 4.6 channel\n1900125 - FIPS error while generating RSA private key for CA\n1906129 - OCP 4.7: Node Feature Discovery (NFD) Operator in CrashLoopBackOff when deployed from OperatorHub\n1908492 - OCP 4.7: Node Feature Discovery (NFD) Operator Custom Resource Definition file in olm-catalog is not in sync with the one in manifests dir leading to failed deployment from OperatorHub\n1913837 - The CI and ART 4.7 metering images are not mirrored\n1914869 - OCP 4.7 NFD - Operand configuration options for NodeFeatureDiscovery are empty, no supported image for ppc64le\n1916010 - olm skip range is set to the wrong range\n1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation\n1923998 - NFD Operator is failing to update and remains in Replacing state\n\n5", "sources": [ { "db": "NVD", "id": "CVE-2020-24750" }, { "db": "JVNDB", "id": "JVNDB-2020-011430" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "VULHUB", "id": "VHN-178660" }, { "db": "VULMON", "id": "CVE-2020-24750" }, { "db": "PACKETSTORM", "id": "159466" }, { "db": "PACKETSTORM", "id": "162350" }, { "db": "PACKETSTORM", "id": "159661" }, { "db": "PACKETSTORM", "id": "162493" }, { "db": "PACKETSTORM", "id": "161536" } ], "trust": 2.79 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2020-24750", "trust": 3.1 }, { "db": "PACKETSTORM", "id": "162493", "trust": 0.8 }, { "db": "PACKETSTORM", "id": "159466", "trust": 0.8 }, { "db": "PACKETSTORM", "id": "162350", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2020-011430", "trust": 0.8 }, { "db": "CS-HELP", "id": "SB2021041363", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.3631", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.0691", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.3449", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.1397", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.1437", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.0616", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.1573", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022060909", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021072820", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021042534", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021050708", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022041931", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022012315", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021072725", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021042826", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021042318", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022021426", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202009-1066", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-178660", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2020-24750", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "159661", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "161536", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-178660" }, { "db": "VULMON", "id": "CVE-2020-24750" }, { "db": "JVNDB", "id": "JVNDB-2020-011430" }, { "db": "PACKETSTORM", "id": "159466" }, { "db": "PACKETSTORM", "id": "162350" }, { "db": "PACKETSTORM", "id": "159661" }, { "db": "PACKETSTORM", "id": "162493" }, { "db": "PACKETSTORM", "id": "161536" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202009-1066" }, { "db": "NVD", "id": "CVE-2020-24750" } ] }, "id": "VAR-202009-1633", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-178660" } ], "trust": 0.01 }, "last_update_date": "2024-02-19T22:54:37.042000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "hitachi-sec-2021-109", "trust": 0.8, "url": "https://github.com/fasterxml/jackson-databind/commit/ad5a630174f08d279504bc51ebba8772fd71b86b" }, { "title": "FasterXML jackson-databind Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=129712" }, { "title": "Red Hat: Important: rh-maven35-jackson-databind security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20204173 - security advisory" }, { "title": "Red Hat: Low: OpenShift Container Platform 4.3.40 security and bug fix update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20204264 - security advisory" }, { "title": "Hitachi Security Advisories: Multiple Vulnerabilities in Cosminexus", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2021-109" }, { "title": "CVE-2020-24750", "trust": 0.1, "url": "https://github.com/al1ex/cve-2020-24750 " }, { "title": "", "trust": 0.1, "url": "https://github.com/pctf/vulnerable-app " } ], "sources": [ { "db": "VULMON", "id": "CVE-2020-24750" }, { "db": "JVNDB", "id": "JVNDB-2020-011430" }, { "db": "CNNVD", "id": "CNNVD-202009-1066" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-502", "trust": 1.1 }, { "problemtype": "Deserialization of untrusted data (CWE-502) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "VULHUB", "id": "VHN-178660" }, { "db": "JVNDB", "id": "JVNDB-2020-011430" }, { "db": "NVD", "id": "CVE-2020-24750" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.3, "url": "https://www.oracle.com/security-alerts/cpuapr2021.html" }, { "trust": 2.3, "url": "https://www.oracle.com/security-alerts/cpujan2021.html" }, { "trust": 2.3, "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "trust": 1.7, "url": "https://github.com/fasterxml/jackson-databind/commit/ad5a630174f08d279504bc51ebba8772fd71b86b" }, { "trust": 1.7, "url": "https://security.netapp.com/advisory/ntap-20201009-0003/" }, { "trust": 1.7, "url": "https://github.com/fasterxml/jackson-databind/issues/2798" }, { "trust": 1.7, "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "trust": 1.7, "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "trust": 1.7, "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "trust": 1.7, "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html" }, { "trust": 1.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-24750" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-identified-in-jackson-databind-shipped-with-ibm-cloud-pak-system-cve-2020-24750/" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022060909" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/159466/red-hat-security-advisory-2020-4173-01.html" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021072820" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022021426" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022041931" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021042826" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cognos-business-intelligence-has-addressed-multiple-vulnerabilities-q12021/" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022012315" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021042318" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-ibm-cloud-pak-for-data-affected-by-vulnerability-in-fasterxml-jackson-databind-8/" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021042534" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.1397" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.1573" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/6525182" }, { "trust": 0.6, "url": "https://www.oracle.com/security-alerts/cpujul2021.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.0616" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021050708" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/162493/red-hat-security-advisory-2021-1515-01.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.3449/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.1437" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/6528214" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.0691" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-jquery-spring-dom4j-mongodb-linux-kernel-targetcli-fb-jackson-node-js-and-apache-commons-affect-ibm-spectrum-protect-plus/" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021072725" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.3631/" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/162350/red-hat-security-advisory-2021-1230-01.html" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2020-24750" }, { "trust": 0.5, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.4, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.3, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.3, "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.2, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36189" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-19360" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36188" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14379" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14720" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-14718" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-20190" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14718" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36179" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-19361" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36185" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35490" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-14719" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14719" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36180" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-14720" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-35491" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-35490" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-35728" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36180" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36181" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35491" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36182" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36183" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36186" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-19360" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36187" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-19362" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36183" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-19362" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36188" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-14721" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36179" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36182" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36185" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14721" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36186" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36187" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36189" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36184" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36181" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36184" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20190" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-19361" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35728" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-14379" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-20388" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-7595" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19956" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-16935" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-19956" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-17546" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-15903" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-16935" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-8492" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-20843" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-20843" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17546" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20388" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-15903" }, { "trust": 0.2, "url": "https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2020:4173" }, { "trust": 0.1, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.1, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3449" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3449" }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/4.6/updating/updating-cluster" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:1230" }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhba-2021:1232" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2020:4264" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17006" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-12749" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-2974" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-19126" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14866" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-17023" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17023" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-6829" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-12652" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-12403" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11756" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-11756" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-12243" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11068" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-18197" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-5482" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-14973" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-17498" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-18197" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12749" }, { "trust": 0.1, "url": "https://access.redhat.com/security/updates/classification/#low" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-17006" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-2226" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-2780" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-5094" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-12450" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-2974" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-2752" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-20386" }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/4.3/release_notes/ocp-4-3-rel" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-2574" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-14352" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-14822" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14822" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-12400" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-11727" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11719" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-2225" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-5482" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-12825" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-18190" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14973" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-12402" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8696" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-2181" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-5188" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2017-12652" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-12401" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12450" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-2182" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-11719" }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/4.3/updating/updating-cluster" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8675" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-14866" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20386" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2017-18190" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-2224" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-5094" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11727" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-5188" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-9283" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19126" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-11068" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17498" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-2812" }, { "trust": 0.1, "url": "https://issues.jboss.org/):" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-2163" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-15586" }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/4.7/logging/cluster-logging-u" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-16845" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-16845" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-15586" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:1515" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhea-2020:5633" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-20907" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-8624" }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/4.7/updating/updating-cluster" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-13050" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17450" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-9925" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-9802" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-20218" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-9895" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8625" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-13225" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-15165" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-14382" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8812" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-3899" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8819" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-3867" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-1971" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20454" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8720" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-9893" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-19221" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8808" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-3902" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-8623" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20907" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-1751" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-3900" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-8566" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8743" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-25211" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-9805" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19906" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8820" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-9807" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8769" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8710" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8813" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-9850" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8710" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8811" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2020:5635" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-5018" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-16168" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-9803" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-9862" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-24659" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-9327" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-3885" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-17450" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-15503" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20807" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-20916" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-5018" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-10018" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-14422" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14889" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-15157" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8835" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-25658" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8764" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8844" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-3865" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-1730" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-3864" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-19906" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20387" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-20387" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13627" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-14391" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-15999" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-3862" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-3901" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20916" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-3884" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-3884" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8823" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-1752" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-8622" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13225" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19221" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-3895" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-15165" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-11793" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-20454" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8720" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-9894" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8816" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-9843" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-13627" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-6405" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8771" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13050" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-3897" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-9806" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8814" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-14889" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8743" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3121" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-9915" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-16168" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8815" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-13632" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20218" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8625" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-10029" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8783" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-20807" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-13630" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-14040" }, { "trust": 0.1, "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-8619" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-13631" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8766" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-3868" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8846" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-3894" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8782" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-3898" } ], "sources": [ { "db": "VULHUB", "id": "VHN-178660" }, { "db": "JVNDB", "id": "JVNDB-2020-011430" }, { "db": "PACKETSTORM", "id": "159466" }, { "db": "PACKETSTORM", "id": "162350" }, { "db": "PACKETSTORM", "id": "159661" }, { "db": "PACKETSTORM", "id": "162493" }, { "db": "PACKETSTORM", "id": "161536" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202009-1066" }, { "db": "NVD", "id": "CVE-2020-24750" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-178660" }, { "db": "VULMON", "id": "CVE-2020-24750" }, { "db": "JVNDB", "id": "JVNDB-2020-011430" }, { "db": "PACKETSTORM", "id": "159466" }, { "db": "PACKETSTORM", "id": "162350" }, { "db": "PACKETSTORM", "id": "159661" }, { "db": "PACKETSTORM", "id": "162493" }, { "db": "PACKETSTORM", "id": "161536" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202009-1066" }, { "db": "NVD", "id": "CVE-2020-24750" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-09-17T00:00:00", "db": "VULHUB", "id": "VHN-178660" }, { "date": "2020-09-17T00:00:00", "db": "VULMON", "id": "CVE-2020-24750" }, { "date": "2021-04-02T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-011430" }, { "date": "2020-10-05T17:20:49", "db": "PACKETSTORM", "id": "159466" }, { "date": "2021-04-27T15:37:46", "db": "PACKETSTORM", "id": "162350" }, { "date": "2020-10-21T15:40:32", "db": "PACKETSTORM", "id": "159661" }, { "date": "2021-05-06T15:03:00", "db": "PACKETSTORM", "id": "162493" }, { "date": "2021-02-25T15:26:54", "db": "PACKETSTORM", "id": "161536" }, { "date": "2021-04-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975" }, { "date": "2020-09-17T00:00:00", "db": "CNNVD", "id": "CNNVD-202009-1066" }, { "date": "2020-09-17T19:15:13.580000", "db": "NVD", "id": "CVE-2020-24750" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-05-12T00:00:00", "db": "VULHUB", "id": "VHN-178660" }, { "date": "2023-09-13T00:00:00", "db": "VULMON", "id": "CVE-2020-24750" }, { "date": "2021-04-02T05:20:00", "db": "JVNDB", "id": "JVNDB-2020-011430" }, { "date": "2021-04-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975" }, { "date": "2022-06-10T00:00:00", "db": "CNNVD", "id": "CNNVD-202009-1066" }, { "date": "2023-09-13T14:56:17.593000", "db": "NVD", "id": "CVE-2020-24750" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202009-1066" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "FasterXML\u00a0jackson-databind\u00a0 Untrusted Data Deserialization Vulnerability in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-011430" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-202104-975" } ], "trust": 0.6 } }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.