9.8

CVE-2018-19360

FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the axis2-transport-jms class from polymorphic deserialization.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
FasterxmlJackson-databind Version >= 2.6.0 <= 2.6.7.2
FasterxmlJackson-databind Version >= 2.7.0 < 2.7.9.5
FasterxmlJackson-databind Version >= 2.8.0 < 2.8.11.3
FasterxmlJackson-databind Version >= 2.9.0 < 2.9.8
DebianDebian Linux Version8.0
OraclePrimavera Unifier Version >= 17.7 <= 17.12
OraclePrimavera Unifier Version16.1
OraclePrimavera Unifier Version16.2
OraclePrimavera Unifier Version18.8
OracleWebcenter Portal Version12.2.1.3.0
RedhatAutomation Manager Version7.3.1
RedhatDecision Manager Version7.3.1
RedhatJboss Bpm Suite Version6.4.11
RedhatJboss Brms Version6.4.10
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 10.6% 0.952
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-502 Deserialization of Untrusted Data

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3E
https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E
https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
Patch
Third Party Advisory
https://lists.apache.org/thread.html/37e1ed724a1b0e5d191d98c822c426670bdfde83804567131847d2a3%40%3Cdevnull.infra.apache.org%3E
https://lists.apache.org/thread.html/c70da3cb6e3f03e0ad8013e38b6959419d866c4a7c80fdd34b73f25c%40%3Ccommits.pulsar.apache.org%3E
https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
Patch
Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2020.html
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E
https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E
https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E
https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E
https://access.redhat.com/errata/RHSA-2019:1782
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:1797
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2858
https://access.redhat.com/errata/RHSA-2019:3149
https://access.redhat.com/errata/RHSA-2019:3892
https://access.redhat.com/errata/RHSA-2019:3140
https://access.redhat.com/errata/RHSA-2019:0877
Third Party Advisory
https://access.redhat.com/errata/RHBA-2019:0959
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:0782
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:1822
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:1823
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2804
https://access.redhat.com/errata/RHSA-2019:3002
https://access.redhat.com/errata/RHSA-2019:4037
https://lists.debian.org/debian-lts-announce/2019/03/msg00005.html
Third Party Advisory
Mailing List
https://seclists.org/bugtraq/2019/May/68
Third Party Advisory
Mailing List
https://security.netapp.com/advisory/ntap-20190530-0003/
Third Party Advisory
https://www.debian.org/security/2019/dsa-4452
Third Party Advisory
http://www.securityfocus.com/bid/107985
Third Party Advisory
VDB Entry
https://github.com/FasterXML/jackson-databind/commit/42912cac4753f3f718ece875e4d486f8264c2f2b
Patch
Third Party Advisory
https://github.com/FasterXML/jackson-databind/issues/2186
Patch
Third Party Advisory
Issue Tracking
https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.8
Patch
Third Party Advisory
Release Notes
https://issues.apache.org/jira/browse/TINKERPOP-2121
Third Party Advisory
Issue Tracking