8.1
CVE-2020-11620
- EPSS 2.8%
- Veröffentlicht 07.04.2020 23:15:12
- Zuletzt bearbeitet 21.11.2024 04:58:15
- Quelle cve@mitre.org
- Teams Watchlist Login
- Unerledigt Login
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly).
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Fasterxml ≫ Jackson-databind Version >= 2.9.0 < 2.9.10.4
Debian ≫ Debian Linux Version8.0
Netapp ≫ Active Iq Unified Manager SwPlatformlinux Version >= 7.3
Netapp ≫ Active Iq Unified Manager SwPlatformwindows Version >= 7.3
Netapp ≫ Active Iq Unified Manager SwPlatformvmware_vsphere Version >= 9.5
Netapp ≫ Steelstore Cloud Integrated Storage Version-
Oracle ≫ Banking Platform Version >= 2.4.0 <= 2.9.0
Oracle ≫ Communications Contacts Server Version8.0.0.4.0
Oracle ≫ Communications Instant Messaging Server Version10.0.1.4.0
Oracle ≫ Communications Network Charging And Control Version >= 12.0.0 <= 12.0.3
Oracle ≫ Communications Network Charging And Control Version6.0.1
Oracle ≫ Enterprise Manager Base Platform Version13.3.0.0
Oracle ≫ Enterprise Manager Base Platform Version13.4.0.0
Oracle ≫ Global Lifecycle Management Opatch Version < 12.2.0.1.20
Oracle ≫ Jd Edwards Enterpriseone Orchestrator Version < 9.2.4.2
Oracle ≫ Jd Edwards Enterpriseone Tools Version < 9.2.4.2
Oracle ≫ Primavera Unifier Version >= 17.7 <= 17.12
Oracle ≫ Primavera Unifier Version16.1
Oracle ≫ Primavera Unifier Version16.2
Oracle ≫ Primavera Unifier Version18.8
Oracle ≫ Primavera Unifier Version19.12
Oracle ≫ Retail Merchandising System Version15.0
Oracle ≫ Retail Sales Audit Version14.1
Oracle ≫ Retail Xstore Point Of Service Version15.0
Oracle ≫ Retail Xstore Point Of Service Version16.0
Oracle ≫ Retail Xstore Point Of Service Version17.0
Oracle ≫ Retail Xstore Point Of Service Version18.0
Oracle ≫ Retail Xstore Point Of Service Version19.0
Oracle ≫ Weblogic Server Version12.2.1.3.0
Oracle ≫ Weblogic Server Version12.2.1.4.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.8% | 0.856 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.1 | 2.2 | 5.9 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6.8 | 8.6 | 6.4 |
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
CWE-502 Deserialization of Untrusted Data
The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.