8.1
CVE-2020-35728
- EPSS 39.67%
- Published 27.12.2020 05:15:11
- Last modified 27.08.2025 21:15:36
- Source cve@mitre.org
- Teams watchlist Login
- Open Login
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).
Data is provided by the National Vulnerability Database (NVD)
Fasterxml ≫ Jackson-databind Version >= 2.9.0 < 2.9.10.8
Debian ≫ Debian Linux Version9.0
Netapp ≫ Service Level Manager Version-
Oracle ≫ Application Testing Suite Version13.3.0.1
Oracle ≫ Banking Corporate Lending Process Management Version14.2
Oracle ≫ Banking Corporate Lending Process Management Version14.3
Oracle ≫ Banking Corporate Lending Process Management Version14.5
Oracle ≫ Banking Credit Facilities Process Management Version14.2
Oracle ≫ Banking Credit Facilities Process Management Version14.3
Oracle ≫ Banking Credit Facilities Process Management Version14.5
Oracle ≫ Banking Extensibility Workbench Version14.2
Oracle ≫ Banking Extensibility Workbench Version14.3
Oracle ≫ Banking Extensibility Workbench Version14.5
Oracle ≫ Banking Supply Chain Finance Version14.2
Oracle ≫ Banking Supply Chain Finance Version14.3
Oracle ≫ Banking Supply Chain Finance Version14.5
Oracle ≫ Banking Treasury Management Version14.4
Oracle ≫ Banking Virtual Account Management Version14.2.0
Oracle ≫ Banking Virtual Account Management Version14.3.0
Oracle ≫ Banking Virtual Account Management Version14.5.0
Oracle ≫ Blockchain Platform Version <= 21.1.2
Oracle ≫ Commerce Platform Version >= 11.3.0 <= 11.3.2
Oracle ≫ Commerce Platform Version11.2.0
Oracle ≫ Communications Billing And Revenue Management Version7.5.0.23.0
Oracle ≫ Communications Billing And Revenue Management Version12.0.0.3.0
Oracle ≫ Communications Cloud Native Core Policy Version1.14.0
Oracle ≫ Communications Cloud Native Core Unified Data Repository Version1.4.0
Oracle ≫ Communications Convergent Charging Controller Version12.0.4.0.0
Oracle ≫ Communications Diameter Signaling Route Version >= 8.0.0.0 <= 8.5.0.0
Oracle ≫ Communications Element Manager Version >= 8.2.0.0 <= 8.2.4.0
Oracle ≫ Communications Network Charging And Control Version12.0.4.0.0
Oracle ≫ Communications Policy Management Version12.5.0
Oracle ≫ Communications Services Gatekeeper Version7.0
Oracle ≫ Communications Session Report Manager Version >= 8.0.0.0 <= 8.2.2.1
Oracle ≫ Communications Session Route Manager Version >= 8.2.0.0 <= 8.2.2.1
Oracle ≫ Communications Unified Inventory Management Version7.4.1
Oracle ≫ Data Integrator Version12.2.1.4.0
Oracle ≫ Goldengate Application Adapters Version19.1.0.0.0
Oracle ≫ Insurance Policy Administration Version >= 11.1.0 <= 11.3.0
Oracle ≫ Insurance Policy Administration Version11.0.2
Oracle ≫ Insurance Rules Palette Version >= 11.1.0 <= 11.3.0
Oracle ≫ Insurance Rules Palette Version11.0.2
Oracle ≫ Jd Edwards Enterpriseone Orchestrator Version < 9.2.5.3
Oracle ≫ Jd Edwards Enterpriseone Tools Version < 9.2.5.3
Oracle ≫ Primavera Gateway Version >= 17.12.0 <= 17.12.11
Oracle ≫ Primavera Gateway Version >= 18.8.0 <= 18.8.11
Oracle ≫ Primavera Gateway Version >= 19.12.0 <= 19.12.10
Oracle ≫ Primavera Gateway Version20.12.0
Oracle ≫ Primavera Unifier Version >= 17.7 <= 17.12
Oracle ≫ Primavera Unifier Version >= 18.8 <= 19.12
Oracle ≫ Primavera Unifier Version20.12
Oracle ≫ Retail Customer Management And Segmentation Foundation Version >= 16.0 <= 19.0
Oracle ≫ Retail Merchandising System Version15.0.3
Oracle ≫ Retail Service Backbone Version14.1.3.2
Oracle ≫ Retail Service Backbone Version15.0.3.1
Oracle ≫ Retail Service Backbone Version16.0.3.0
Oracle ≫ Retail Xstore Point Of Service Version16.0.6
Oracle ≫ Retail Xstore Point Of Service Version17.0.4
Oracle ≫ Retail Xstore Point Of Service Version18.0.3
Oracle ≫ Retail Xstore Point Of Service Version19.0.2
Oracle ≫ Webcenter Portal Version12.2.1.3.0
Oracle ≫ Webcenter Portal Version12.2.1.4.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 39.67% | 0.972 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 8.1 | 2.2 | 5.9 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6.8 | 8.6 | 6.4 |
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 8.1 | 2.2 | 5.9 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-502 Deserialization of Untrusted Data
The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.