8.8
CVE-2020-36180
- EPSS 2.72%
- Veröffentlicht 07.01.2021 00:15:14
- Zuletzt bearbeitet 21.11.2024 05:28:54
- Quelle cve@mitre.org
- Teams Watchlist Login
- Unerledigt Login
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Netapp ≫ Cloud Backup Version-
Netapp ≫ Service Level Manager Version-
Debian ≫ Debian Linux Version9.0
Oracle ≫ Application Testing Suite Version13.3.0.1
Oracle ≫ Autovue For Agile Product Lifecycle Management Version21.0.2
Oracle ≫ Banking Corporate Lending Process Management Version14.2
Oracle ≫ Banking Corporate Lending Process Management Version14.3
Oracle ≫ Banking Corporate Lending Process Management Version14.5
Oracle ≫ Banking Credit Facilities Process Management Version14.2
Oracle ≫ Banking Credit Facilities Process Management Version14.3
Oracle ≫ Banking Credit Facilities Process Management Version14.5
Oracle ≫ Banking Extensibility Workbench Version14.2
Oracle ≫ Banking Extensibility Workbench Version14.3
Oracle ≫ Banking Extensibility Workbench Version14.5
Oracle ≫ Banking Supply Chain Finance Version14.2
Oracle ≫ Banking Supply Chain Finance Version14.3
Oracle ≫ Banking Supply Chain Finance Version14.5
Oracle ≫ Banking Treasury Management Version4.4
Oracle ≫ Banking Virtual Account Management Version14.2.0
Oracle ≫ Banking Virtual Account Management Version14.3.0
Oracle ≫ Banking Virtual Account Management Version14.5.0
Oracle ≫ Blockchain Platform Version <= 21.1.2
Oracle ≫ Commerce Platform Version >= 11.3.0 <= 11.3.2
Oracle ≫ Commerce Platform Version11.2.0
Oracle ≫ Communications Billing And Revenue Management Version7.5.0.23.0
Oracle ≫ Communications Billing And Revenue Management Version12.0.0.3.0
Oracle ≫ Communications Cloud Native Core Policy Version1.14.0
Oracle ≫ Communications Cloud Native Core Unified Data Repository Version1.4.0
Oracle ≫ Communications Convergent Charging Controller Version12.0.4.0.0
Oracle ≫ Communications Diameter Signaling Route Version >= 8.0.0.0 <= 8.5.0.0
Oracle ≫ Communications Element Manager Version >= 8.2.0.0 <= 8.2.4.0
Oracle ≫ Communications Instant Messaging Server Version10.0.1.5.0
Oracle ≫ Communications Network Charging And Control Version12.0.4.0.0
Oracle ≫ Communications Offline Mediation Controller Version12.0.0.3
Oracle ≫ Communications Policy Management Version12.5.0
Oracle ≫ Communications Pricing Design Center Version12.0.0.4.0
Oracle ≫ Communications Services Gatekeeper Version7.0
Oracle ≫ Communications Session Report Manager Version >= 8.0.0.0 <= 8.2.2.1
Oracle ≫ Communications Session Route Manager Version >= 8.2.0.0 <= 8.2.2.1
Oracle ≫ Communications Unified Inventory Management Version7.4.1
Oracle ≫ Data Integrator Version12.2.1.4.0
Oracle ≫ Goldengate Application Adapters Version19.1.0.0.0
Oracle ≫ Insurance Policy Administration Version >= 11.1.0 <= 11.3.0
Oracle ≫ Insurance Policy Administration Version11.0.2
Oracle ≫ Insurance Rules Palette Version >= 11.1.0 <= 11.3.0
Oracle ≫ Insurance Rules Palette Version11.0.2
Oracle ≫ Jd Edwards Enterpriseone Orchestrator Version < 9.2.5.3
Oracle ≫ Jd Edwards Enterpriseone Tools Version < 9.2.5.3
Oracle ≫ Primavera Gateway Version >= 17.12.0 <= 17.12.11
Oracle ≫ Primavera Gateway Version >= 18.8.0 <= 18.8.11
Oracle ≫ Primavera Gateway Version >= 19.12.0 <= 19.12.10
Oracle ≫ Primavera Gateway Version20.12.0
Oracle ≫ Primavera Unifier Version >= 17.7 <= 17.12
Oracle ≫ Primavera Unifier Version17.2
Oracle ≫ Primavera Unifier Version18.8
Oracle ≫ Primavera Unifier Version19.12
Oracle ≫ Primavera Unifier Version20.12
Oracle ≫ Retail Customer Management And Segmentation Foundation Version >= 16.0 <= 19.0
Oracle ≫ Retail Merchandising System Version15.0.3
Oracle ≫ Retail Service Backbone Version14.1.3.2
Oracle ≫ Retail Service Backbone Version15.0.3.1
Oracle ≫ Retail Service Backbone Version16.0.3.0
Oracle ≫ Retail Xstore Point Of Service Version16.0.6
Oracle ≫ Retail Xstore Point Of Service Version17.0.4
Oracle ≫ Retail Xstore Point Of Service Version18.0.3
Oracle ≫ Retail Xstore Point Of Service Version19.0.2
Oracle ≫ Webcenter Portal Version12.2.1.3.0
Oracle ≫ Webcenter Portal Version12.2.1.4.0
Fasterxml ≫ Jackson-databind Version >= 2.0.0 < 2.6.7.5
Fasterxml ≫ Jackson-databind Version >= 2.7.0 < 2.9.10.8
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.72% | 0.854 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.1 | 2.2 | 5.9 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6.8 | 8.6 | 6.4 |
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
CWE-502 Deserialization of Untrusted Data
The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.