9.8

CVE-2017-7525

A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
FasterxmlJackson-databind Version < 2.6.7.1
FasterxmlJackson-databind Version >= 2.7.0 < 2.7.9.1
FasterxmlJackson-databind Version >= 2.8.0 < 2.8.9
FasterxmlJackson-databind Version2.9.0 Updateprerelease1
FasterxmlJackson-databind Version2.9.0 Updateprerelease2
DebianDebian Linux Version8.0
DebianDebian Linux Version9.0
NetappOncommand Balance Version-
NetappOncommand Performance Manager Version- SwPlatformlinux
NetappOncommand Performance Manager Version- SwPlatformvmware_vsphere
NetappOncommand Shift Version-
NetappSnapcenter Version-
RedhatVirtualization Version4.0
   RedhatEnterprise Linux Server Version7.0
RedhatVirtualization Host Version4.0
   RedhatEnterprise Linux Server Version7.0
OracleBanking Platform Version2.5.0
OracleBanking Platform Version2.6.0
OracleBanking Platform Version2.6.1
OracleBanking Platform Version2.6.2
OraclePrimavera Unifier Version >= 17.1 <= 17.12
OraclePrimavera Unifier Version16.1
OraclePrimavera Unifier Version16.2
OraclePrimavera Unifier Version18.8
OracleWebcenter Portal Version12.2.1.3.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 37.93% 0.984
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-184 Incomplete List of Disallowed Inputs

The product implements a protection mechanism that relies on a list of inputs (or properties of inputs) that are not allowed by policy or otherwise require other action to neutralize before additional processing takes place, but the list is incomplete.

CWE-502 Deserialization of Untrusted Data

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
Patch
Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
Patch
Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
Patch
Third Party Advisory
https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
Patch
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:0910
Third Party Advisory
https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
Patch
Third Party Advisory
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
Patch
Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2020.html
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3454
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3455
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3456
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3458
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1834
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1835
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1836
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1837
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1449
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1450
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2633
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2635
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2636
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2637
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2638
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2546
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2547
Third Party Advisory
http://www.securitytracker.com/id/1039744
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1040360
Third Party Advisory
VDB Entry
https://access.redhat.com/errata/RHSA-2017:3141
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:0294
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2477
Third Party Advisory
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03902en_us
Third Party Advisory
https://lists.apache.org/thread.html/4641ed8616ccc2c1fbddac2c3dc9900c96387bc226eaf0232d61909b%40%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/r42ac3e39e6265db12d9fc6ae1cd4b5fea7aed9830dc6f6d58228fed7%40%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/rf7f87810c38dc9abf9f93989f76008f504cbf7c1a355214640b2d04c%40%3Ccommits.cassandra.apache.org%3E
https://access.redhat.com/errata/RHSA-2018:0342
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2858
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3149
Third Party Advisory
https://lists.apache.org/thread.html/f095a791bda6c0595f691eddd0febb2d396987eec5cbd29120d8c629%40%3Csolr-user.lucene.apache.org%3E
https://lists.debian.org/debian-lts-announce/2020/01/msg00037.html
Third Party Advisory
Mailing List
http://www.securityfocus.com/bid/99623
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1039947
Third Party Advisory
VDB Entry
https://access.redhat.com/errata/RHSA-2017:1839
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1840
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1462702
Third Party Advisory
Issue Tracking
https://cwiki.apache.org/confluence/display/WW/S2-055
Third Party Advisory
https://github.com/FasterXML/jackson-databind/issues/1599
Patch
Third Party Advisory
Issue Tracking
https://github.com/FasterXML/jackson-databind/issues/1723
Third Party Advisory
Issue Tracking
https://lists.apache.org/thread.html/3c87dc8bca99a2b3b4743713b33d1de05b1d6b761fdf316224e9c81f%40%3Cdev.lucene.apache.org%3E
https://lists.apache.org/thread.html/5008bcbd45ee65ce39e4220b6ac53d28a24d6bc67d5804e9773a7399%40%3Csolr-user.lucene.apache.org%3E
https://lists.apache.org/thread.html/b1f33fe5ade396bb903fdcabe9f243f7692c7dfce5418d3743c2d346%40%3Cdev.lucene.apache.org%3E
https://lists.apache.org/thread.html/c10a2bf0fdc3d25faf17bd191d6ec46b29a353fa9c97bebd7c4e5913%40%3Cdev.lucene.apache.org%3E
https://lists.apache.org/thread.html/c2ed4c0126b43e324cf740012a0edd371fd36096fd777be7bfe7a2a6%40%3Cdev.lucene.apache.org%3E
https://lists.apache.org/thread.html/c9d5ff20929e8a3c8794facf4c4b326a9c10618812eec356caa20b87%40%3Csolr-user.lucene.apache.org%3E
https://lists.apache.org/thread.html/f60afd3c7e9ebaaf70fad4a4beb75cf8740ac959017a31e7006c7486%40%3Cdev.lucene.apache.org%3E
https://lists.apache.org/thread.html/r68acf97f4526ba59a33cc6e592261ea4f85d890f99e79c82d57dd589%40%3Cissues.spark.apache.org%3E
https://lists.debian.org/debian-lts-announce/2020/08/msg00039.html
Third Party Advisory
Mailing List
https://security.netapp.com/advisory/ntap-20171214-0002/
Third Party Advisory
https://www.debian.org/security/2017/dsa-4004
Third Party Advisory