9.8
CVE-2019-14379
- EPSS 1.46%
- Published 29.07.2019 12:15:16
- Last modified 21.11.2024 04:26:37
- Source cve@mitre.org
- Teams watchlist Login
- Open Login
SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code execution.
Data is provided by the National Vulnerability Database (NVD)
Fasterxml ≫ Jackson-databind Version >= 2.0.0 < 2.6.7.3
Fasterxml ≫ Jackson-databind Version >= 2.7.0 < 2.7.9.6
Fasterxml ≫ Jackson-databind Version >= 2.8.0 < 2.8.11.4
Fasterxml ≫ Jackson-databind Version >= 2.9.0 < 2.9.9.2
Debian ≫ Debian Linux Version8.0
Netapp ≫ Active Iq Unified Manager SwPlatformlinux Version >= 7.3
Netapp ≫ Active Iq Unified Manager SwPlatformwindows Version >= 7.3
Netapp ≫ Active Iq Unified Manager SwPlatformvmware_vsphere Version >= 9.5
Netapp ≫ Oncommand Workflow Automation Version-
Netapp ≫ Service Level Manager Version-
Netapp ≫ Snapcenter Version-
Fedoraproject ≫ Fedora Version29
Fedoraproject ≫ Fedora Version30
Fedoraproject ≫ Fedora Version31
Redhat ≫ Jboss Enterprise Application Platform Version7.2
Redhat ≫ Jboss Enterprise Application Platform Version7.3
Redhat ≫ Openshift Container Platform Version4.1
Redhat ≫ Single Sign-on Version7.3
Redhat ≫ Openshift Container Platform Version3.11
Redhat ≫ Jboss Enterprise Application Platform Version7.2
Redhat ≫ Jboss Enterprise Application Platform Version7.3
Redhat ≫ Single Sign-on Version7.3
Redhat ≫ Jboss Enterprise Application Platform Version7.2
Redhat ≫ Jboss Enterprise Application Platform Version7.3
Redhat ≫ Single Sign-on Version7.3
Oracle ≫ Banking Platform Version2.4.0
Oracle ≫ Banking Platform Version2.4.1
Oracle ≫ Banking Platform Version2.5.0
Oracle ≫ Banking Platform Version2.6.0
Oracle ≫ Banking Platform Version2.6.1
Oracle ≫ Banking Platform Version2.7.0
Oracle ≫ Banking Platform Version2.7.1
Oracle ≫ Communications Diameter Signaling Router Version8.0.0
Oracle ≫ Communications Diameter Signaling Router Version8.1
Oracle ≫ Communications Diameter Signaling Router Version8.2
Oracle ≫ Communications Diameter Signaling Router Version8.2.1
Oracle ≫ Communications Instant Messaging Server Version10.0.1.3.0
Oracle ≫ Financial Services Analytical Applications Infrastructure Version >= 8.0.2 <= 8.0.8
Oracle ≫ Goldengate Stream Analytics Version < 19.1.0.0.1
Oracle ≫ Jd Edwards Enterpriseone Orchestrator Version9.2
Oracle ≫ Jd Edwards Enterpriseone Tools Version9.2
Oracle ≫ Primavera Gateway Version15.2
Oracle ≫ Primavera Gateway Version16.2
Oracle ≫ Primavera Gateway Version17.12
Oracle ≫ Primavera Gateway Version18.8.0
Oracle ≫ Primavera Unifier Version >= 17.7 <= 17.12
Oracle ≫ Primavera Unifier Version16.1
Oracle ≫ Primavera Unifier Version16.2
Oracle ≫ Primavera Unifier Version18.8
Oracle ≫ Retail Customer Management And Segmentation Foundation Version17.0
Oracle ≫ Retail Xstore Point Of Service Version7.1
Oracle ≫ Retail Xstore Point Of Service Version15.0
Oracle ≫ Retail Xstore Point Of Service Version16.0
Oracle ≫ Retail Xstore Point Of Service Version17.0
Oracle ≫ Retail Xstore Point Of Service Version18.0
Oracle ≫ Siebel Engineering - Installer & Deployment Version <= 19.8
Oracle ≫ Siebel Ui Framework Version <= 19.10
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.46% | 0.8 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
CWE-1321 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
The product receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes of the object prototype.