9.8

CVE-2018-14719

FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the blaze-ds-opt and blaze-ds-core classes from polymorphic deserialization.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
FasterxmlJackson-databind Version >= 2.0.0 < 2.6.7.3
FasterxmlJackson-databind Version >= 2.7.0 < 2.7.9.5
FasterxmlJackson-databind Version >= 2.8.0 < 2.8.11.3
FasterxmlJackson-databind Version >= 2.9.0 < 2.9.7
DebianDebian Linux Version8.0
DebianDebian Linux Version9.0
OracleBanking Platform Version2.5.0
OracleBanking Platform Version2.6.0
OracleBanking Platform Version2.6.1
OracleBanking Platform Version2.6.2
OracleClusterware Version12.1.0.2.0
OracleDatabase Server Version11.2.0.4
OracleDatabase Server Version12.1.0.2
OracleDatabase Server Version12.2.0.1
OracleDatabase Server Version18c
OracleDatabase Server Version19c
OracleGlobal Lifecycle Management Opatch Version < 11.2.0.3.23
OracleGlobal Lifecycle Management Opatch Version >= 12.2.0.1.0 < 12.2.0.1.19
OracleGlobal Lifecycle Management Opatch Version >= 13.9.4.0.0 < 13.9.4.2.1
OracleJdeveloper Version12.1.3.0.0
OracleJdeveloper Version12.2.1.3.0
OraclePrimavera Unifier Version >= 17.7 <= 17.12
OraclePrimavera Unifier Version16.1
OraclePrimavera Unifier Version16.2
OraclePrimavera Unifier Version18.8
OracleWebcenter Portal Version12.2.1.3.0
RedhatOpenshift Container Platform Version >= 3.11 < 3.11.153
RedhatOpenshift Container Platform Version >= 4.6 < 4.6.26
RedhatOpenshift Container Platform Version >= 4.1 < 4.1.18
   RedhatEnterprise Linux Version7.0
NetappSnapcenter Version-
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 9.68% 0.949
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-502 Deserialization of Untrusted Data

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3E
https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E
https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
Patch
Third Party Advisory
https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
Patch
Third Party Advisory
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
Patch
Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2020.html
Third Party Advisory
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
Patch
Third Party Advisory
https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E
https://access.redhat.com/errata/RHSA-2019:1782
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:1797
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2858
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3149
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3892
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3140
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:0877
Third Party Advisory
https://access.redhat.com/errata/RHBA-2019:0959
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:0782
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:1822
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:1823
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2804
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3002
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:4037
Third Party Advisory
https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44
Patch
Third Party Advisory
https://github.com/FasterXML/jackson-databind/issues/2097
Patch
Third Party Advisory
https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.7
Patch
Third Party Advisory
Release Notes
https://lists.debian.org/debian-lts-announce/2019/03/msg00005.html
Third Party Advisory
Mailing List
https://seclists.org/bugtraq/2019/May/68
Third Party Advisory
Mailing List
Issue Tracking
https://security.netapp.com/advisory/ntap-20190530-0003/
Third Party Advisory
https://www.debian.org/security/2019/dsa-4452
Third Party Advisory