8.1

CVE-2020-35490

Exploit
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
FasterxmlJackson-databind Version >= 2.0.0 < 2.9.10.8
DebianDebian Linux Version9.0
OracleAgile Plm Version9.3.6
OracleApplication Testing Suite Version13.3.0.1
OracleBanking Platform Version2.6.2
OracleBanking Platform Version2.7.0
OracleBanking Platform Version2.7.1
OracleBanking Platform Version2.8.0
OracleBanking Platform Version2.9.0
OracleBanking Platform Version2.10.0
OracleBlockchain Platform Version <= 21.1.2
OracleCommunications Diameter Signaling Router Version >= 8.0.0 <= 8.5.0
OracleDocumaker Version12.6.3
OracleDocumaker Version12.6.4
OracleWebcenter Portal Version12.2.1.3.0
OracleWebcenter Portal Version12.2.1.4.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 7.69% 0.938
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.1 2.2 5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE-502 Deserialization of Untrusted Data

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

https://www.oracle.com/security-alerts/cpuapr2022.html
Patch
Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2022.html
Patch
Third Party Advisory
https://www.oracle.com//security-alerts/cpujul2021.html
Patch
Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2021.html
Patch
Third Party Advisory
https://www.oracle.com/security-alerts/cpuApr2021.html
Patch
Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2022.html
Patch
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html
Third Party Advisory
Mailing List
https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
Third Party Advisory
Exploit
Technical Description
https://github.com/FasterXML/jackson-databind/issues/2986
Third Party Advisory
https://security.netapp.com/advisory/ntap-20210122-0005/
Third Party Advisory