CVE-2020-35728

EPSS 39.67%
Veröffentlicht 27.12.2020 05:15:11
Zuletzt bearbeitet 27.08.2025 21:15:36
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 13

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Fasterxml ≫ Jackson-databind Version >= 2.9.0 < 2.9.10.8

Debian ≫ Debian Linux Version9.0

Netapp ≫ Service Level Manager Version-

Oracle ≫ Agile Plm Version9.3.6

Oracle ≫ Application Testing Suite Version13.3.0.1

Oracle ≫ Autovue Version21.0.2

Oracle ≫ Banking Corporate Lending Process Management Version14.2

Oracle ≫ Banking Corporate Lending Process Management Version14.3

Oracle ≫ Banking Corporate Lending Process Management Version14.5

Oracle ≫ Banking Credit Facilities Process Management Version14.2

Oracle ≫ Banking Credit Facilities Process Management Version14.3

Oracle ≫ Banking Credit Facilities Process Management Version14.5

Oracle ≫ Banking Extensibility Workbench Version14.2

Oracle ≫ Banking Extensibility Workbench Version14.3

Oracle ≫ Banking Extensibility Workbench Version14.5

Oracle ≫ Banking Supply Chain Finance Version14.2

Oracle ≫ Banking Supply Chain Finance Version14.3

Oracle ≫ Banking Supply Chain Finance Version14.5

Oracle ≫ Banking Treasury Management Version14.4

Oracle ≫ Banking Virtual Account Management Version14.2.0

Oracle ≫ Banking Virtual Account Management Version14.3.0

Oracle ≫ Banking Virtual Account Management Version14.5.0

Oracle ≫ Blockchain Platform Version <= 21.1.2

Oracle ≫ Commerce Platform Version >= 11.3.0 <= 11.3.2

Oracle ≫ Commerce Platform Version11.2.0

Oracle ≫ Communications Billing And Revenue Management Version7.5.0.23.0

Oracle ≫ Communications Billing And Revenue Management Version12.0.0.3.0

Oracle ≫ Communications Cloud Native Core Policy Version1.14.0

Oracle ≫ Communications Cloud Native Core Unified Data Repository Version1.4.0

Oracle ≫ Communications Convergent Charging Controller Version12.0.4.0.0

Oracle ≫ Communications Diameter Signaling Route Version >= 8.0.0.0 <= 8.5.0.0

Oracle ≫ Communications Element Manager Version >= 8.2.0.0 <= 8.2.4.0

Oracle ≫ Communications Evolved Communications Application Server Version7.1

Oracle ≫ Communications Network Charging And Control Version12.0.4.0.0

Oracle ≫ Communications Policy Management Version12.5.0

Oracle ≫ Communications Services Gatekeeper Version7.0

Oracle ≫ Communications Session Report Manager Version >= 8.0.0.0 <= 8.2.2.1

Oracle ≫ Communications Session Route Manager Version >= 8.2.0.0 <= 8.2.2.1

Oracle ≫ Communications Unified Inventory Management Version7.4.1

Oracle ≫ Data Integrator Version12.2.1.4.0

Oracle ≫ Goldengate Application Adapters Version19.1.0.0.0

Oracle ≫ Insurance Policy Administration Version >= 11.1.0 <= 11.3.0

Oracle ≫ Insurance Policy Administration Version11.0.2

Oracle ≫ Insurance Rules Palette Version >= 11.1.0 <= 11.3.0

Oracle ≫ Insurance Rules Palette Version11.0.2

Oracle ≫ Jd Edwards Enterpriseone Orchestrator Version < 9.2.5.3

Oracle ≫ Jd Edwards Enterpriseone Tools Version < 9.2.5.3

Oracle ≫ Primavera Gateway Version >= 17.12.0 <= 17.12.11

Oracle ≫ Primavera Gateway Version >= 18.8.0 <= 18.8.11

Oracle ≫ Primavera Gateway Version >= 19.12.0 <= 19.12.10

Oracle ≫ Primavera Gateway Version20.12.0

Oracle ≫ Primavera Unifier Version >= 17.7 <= 17.12

Oracle ≫ Primavera Unifier Version >= 18.8 <= 19.12

Oracle ≫ Primavera Unifier Version20.12

Oracle ≫ Retail Customer Management And Segmentation Foundation Version >= 16.0 <= 19.0

Oracle ≫ Retail Merchandising System Version15.0.3

Oracle ≫ Retail Service Backbone Version14.1.3.2

Oracle ≫ Retail Service Backbone Version15.0.3.1

Oracle ≫ Retail Service Backbone Version16.0.3.0

Oracle ≫ Retail Xstore Point Of Service Version16.0.6

Oracle ≫ Retail Xstore Point Of Service Version17.0.4

Oracle ≫ Retail Xstore Point Of Service Version18.0.3

Oracle ≫ Retail Xstore Point Of Service Version19.0.2

Oracle ≫ Webcenter Portal Version12.2.1.3.0

Oracle ≫ Webcenter Portal Version12.2.1.4.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	39.67%	0.972

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.1	2.2	5.9	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P
134c704f-9b21-4f2e-91b3-4a467353bcc0	8.1	2.2	5.9	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H