CVE-2019-14379

EPSS 1.46%
Veröffentlicht 29.07.2019 12:15:16
Zuletzt bearbeitet 21.11.2024 04:26:37
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code execution.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 62

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Fasterxml ≫ Jackson-databind Version >= 2.0.0 < 2.6.7.3

Fasterxml ≫ Jackson-databind Version >= 2.7.0 < 2.7.9.6

Fasterxml ≫ Jackson-databind Version >= 2.8.0 < 2.8.11.4

Fasterxml ≫ Jackson-databind Version >= 2.9.0 < 2.9.9.2

Debian ≫ Debian Linux Version8.0

Netapp ≫ Active Iq Unified Manager SwPlatformlinux Version >= 7.3

Netapp ≫ Active Iq Unified Manager SwPlatformwindows Version >= 7.3

Netapp ≫ Active Iq Unified Manager SwPlatformvmware_vsphere Version >= 9.5

Netapp ≫ Oncommand Workflow Automation Version-

Netapp ≫ Service Level Manager Version-

Netapp ≫ Snapcenter Version-

Fedoraproject ≫ Fedora Version29

Fedoraproject ≫ Fedora Version30

Fedoraproject ≫ Fedora Version31

Redhat ≫ Jboss Enterprise Application Platform Version7.2

Redhat ≫ Enterprise Linux Version7.0

Redhat ≫ Jboss Enterprise Application Platform Version7.3

Redhat ≫ Enterprise Linux Version7.0

Redhat ≫ Openshift Container Platform Version4.1

Redhat ≫ Enterprise Linux Version7.0

Redhat ≫ Single Sign-on Version7.3

Redhat ≫ Enterprise Linux Version7.0

Redhat ≫ Openshift Container Platform Version3.11

Redhat ≫ Jboss Enterprise Application Platform Version7.2

Redhat ≫ Enterprise Linux Version6.0

Redhat ≫ Jboss Enterprise Application Platform Version7.3

Redhat ≫ Enterprise Linux Version6.0

Redhat ≫ Single Sign-on Version7.3

Redhat ≫ Enterprise Linux Version6.0

Redhat ≫ Jboss Enterprise Application Platform Version7.2

Redhat ≫ Enterprise Linux Version8.0

Redhat ≫ Jboss Enterprise Application Platform Version7.3

Redhat ≫ Enterprise Linux Version8.0

Redhat ≫ Single Sign-on Version7.3

Redhat ≫ Enterprise Linux Version8.0

Oracle ≫ Banking Platform Version2.4.0

Oracle ≫ Banking Platform Version2.4.1

Oracle ≫ Banking Platform Version2.5.0

Oracle ≫ Banking Platform Version2.6.0

Oracle ≫ Banking Platform Version2.6.1

Oracle ≫ Banking Platform Version2.7.0

Oracle ≫ Banking Platform Version2.7.1

Oracle ≫ Communications Diameter Signaling Router Version8.0.0

Oracle ≫ Communications Diameter Signaling Router Version8.1

Oracle ≫ Communications Diameter Signaling Router Version8.2

Oracle ≫ Communications Diameter Signaling Router Version8.2.1

Oracle ≫ Communications Instant Messaging Server Version10.0.1.3.0

Oracle ≫ Financial Services Analytical Applications Infrastructure Version >= 8.0.2 <= 8.0.8

Oracle ≫ Goldengate Stream Analytics Version < 19.1.0.0.1

Oracle ≫ Jd Edwards Enterpriseone Orchestrator Version9.2

Oracle ≫ Jd Edwards Enterpriseone Tools Version9.2

Oracle ≫ Primavera Gateway Version15.2

Oracle ≫ Primavera Gateway Version16.2

Oracle ≫ Primavera Gateway Version17.12

Oracle ≫ Primavera Gateway Version18.8.0

Oracle ≫ Primavera Unifier Version >= 17.7 <= 17.12

Oracle ≫ Primavera Unifier Version16.1

Oracle ≫ Primavera Unifier Version16.2

Oracle ≫ Primavera Unifier Version18.8

Oracle ≫ Retail Customer Management And Segmentation Foundation Version17.0

Oracle ≫ Retail Xstore Point Of Service Version7.1

Oracle ≫ Retail Xstore Point Of Service Version15.0

Oracle ≫ Retail Xstore Point Of Service Version16.0

Oracle ≫ Retail Xstore Point Of Service Version17.0

Oracle ≫ Retail Xstore Point Of Service Version18.0

Oracle ≫ Siebel Engineering - Installer & Deployment Version <= 19.8

Oracle ≫ Siebel Ui Framework Version <= 19.10

Apple ≫ XCode Version < 13.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.46%	0.8

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-1321 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

The product receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes of the object prototype.

https://www.oracle.com/security-alerts/cpujan2020.html

Third Party Advisory

https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E

https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E

https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E

https://www.oracle.com/security-alerts/cpuapr2020.html

Third Party Advisory

https://www.oracle.com/security-alerts/cpujul2020.html

Third Party Advisory

https://www.oracle.com/security-alerts/cpuoct2020.html

Patch

Third Party Advisory