CVE-2020-36518

Exploit

EPSS 0.6%
Veröffentlicht 11.03.2022 07:15:07
Zuletzt bearbeitet 27.08.2025 21:15:36
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 10

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Fasterxml ≫ Jackson-databind Version < 2.12.6.1

Fasterxml ≫ Jackson-databind Version >= 2.13.0 < 2.13.2.1

Oracle ≫ Big Data Spatial And Graph Version < 23.1

Oracle ≫ Coherence Version14.1.1.0.0

Oracle ≫ Commerce Platform Version11.3.0

Oracle ≫ Commerce Platform Version11.3.1

Oracle ≫ Commerce Platform Version11.3.2

Oracle ≫ Communications Billing And Revenue Management Version >= 12.0.0.4.0 <= 12.0.0.6.0

Oracle ≫ Communications Cloud Native Core Binding Support Function Version22.1.3

Oracle ≫ Communications Cloud Native Core Console Version1.9.0

Oracle ≫ Communications Cloud Native Core Network Repository Function Version22.1.2

Oracle ≫ Communications Cloud Native Core Network Repository Function Version22.2.0

Oracle ≫ Communications Cloud Native Core Network Slice Selection Function Version22.1.0

Oracle ≫ Communications Cloud Native Core Network Slice Selection Function Version22.1.1

Oracle ≫ Communications Cloud Native Core Security Edge Protection Proxy Version22.1.1

Oracle ≫ Communications Cloud Native Core Service Communication Proxy Version22.2.0

Oracle ≫ Communications Cloud Native Core Unified Data Repository Version22.2.0

Oracle ≫ Financial Services Analytical Applications Infrastructure Version >= 8.0.7 <= 8.1.0.0

Oracle ≫ Financial Services Analytical Applications Infrastructure Version8.1.1.0

Oracle ≫ Financial Services Analytical Applications Infrastructure Version8.1.2.0

Oracle ≫ Financial Services Analytical Applications Infrastructure Version8.1.2.1

Oracle ≫ Financial Services Behavior Detection Platform Version >= 8.1.1.0 <= 8.1.2.1

Oracle ≫ Financial Services Behavior Detection Platform Version8.0.7.0.0

Oracle ≫ Financial Services Behavior Detection Platform Version8.0.8

Oracle ≫ Financial Services Crime And Compliance Management Studio Version8.0.8.2.0

Oracle ≫ Financial Services Crime And Compliance Management Studio Version8.0.8.3.0

Oracle ≫ Financial Services Enterprise Case Management Version >= 8.1.1.0 <= 8.1.2.1

Oracle ≫ Financial Services Enterprise Case Management Version8.0.7.1

Oracle ≫ Financial Services Enterprise Case Management Version8.0.7.2

Oracle ≫ Financial Services Enterprise Case Management Version8.0.8.0

Oracle ≫ Financial Services Enterprise Case Management Version8.0.8.1

Oracle ≫ Financial Services Trade-based Anti Money Laundering Version8.0.7 SwEditionenterprise

Oracle ≫ Financial Services Trade-based Anti Money Laundering Version8.0.8 SwEditionenterprise

Oracle ≫ Global Lifecycle Management Nextgen Oui Framework Version < 13.9.4.2.2

Oracle ≫ Global Lifecycle Management Nextgen Oui Framework Version13.9.4.2.2

Oracle ≫ Global Lifecycle Management Opatch Version < 12.2.0.1.30

Oracle ≫ Graph Server And Client Version < 22.2.0

Oracle ≫ Health Sciences Empirica Signal Version9.1.0.5.2

Oracle ≫ Peoplesoft Enterprise Peopletools Version8.58

Oracle ≫ Peoplesoft Enterprise Peopletools Version8.59

Oracle ≫ Primavera Gateway Version >= 17.12.0 <= 17.12.11

Oracle ≫ Primavera Gateway Version >= 18.8.0 <= 18.8.14

Oracle ≫ Primavera Gateway Version >= 19.12.0 <= 19.12.13

Oracle ≫ Primavera Gateway Version >= 20.12.0 <= 20.12.18

Oracle ≫ Primavera Gateway Version >= 21.12.0 <= 21.12.1

Oracle ≫ Primavera P6 Enterprise Project Portfolio Management Version >= 17.12.0.0 <= 17.12.20.4

Oracle ≫ Primavera P6 Enterprise Project Portfolio Management Version >= 18.8.0.0 <= 18.8.25.4

Oracle ≫ Primavera P6 Enterprise Project Portfolio Management Version >= 19.12.0 <= 19.12.19.0

Oracle ≫ Primavera P6 Enterprise Project Portfolio Management Version >= 20.12.0.0 <= 21.12.4.0

Oracle ≫ Primavera Unifier Version >= 17.0 <= 17.12

Oracle ≫ Primavera Unifier Version18.0

Oracle ≫ Primavera Unifier Version19.12

Oracle ≫ Primavera Unifier Version20.12

Oracle ≫ Primavera Unifier Version21.12

Oracle ≫ Retail Sales Audit Version15.0.3.1

Oracle ≫ Sd-wan Edge Version9.0

Oracle ≫ Sd-wan Edge Version9.1

Oracle ≫ Spatial Studio Version < 20.1.0

Oracle ≫ Utilities Framework Version4.3.0.5.0

Oracle ≫ Utilities Framework Version4.3.0.6.0

Oracle ≫ Utilities Framework Version4.4.0.0.0

Oracle ≫ Utilities Framework Version4.4.0.2.0

Oracle ≫ Utilities Framework Version4.4.0.3.0

Oracle ≫ Utilities Framework Version4.4.0.5.0

Oracle ≫ Weblogic Server Version12.2.1.3.0

Oracle ≫ Weblogic Server Version12.2.1.4.0

Oracle ≫ Weblogic Server Version14.1.1.0.0

Debian ≫ Debian Linux Version9.0

Debian ≫ Debian Linux Version10.0

Debian ≫ Debian Linux Version11.0

Netapp ≫ Active Iq Unified Manager Version- SwPlatformlinux

Netapp ≫ Active Iq Unified Manager Version- SwPlatformvmware_vsphere

Netapp ≫ Active Iq Unified Manager Version- SwPlatformwindows

Netapp ≫ Cloud Insights Acquisition Unit Version-

Netapp ≫ Oncommand Insight Version-

Netapp ≫ Oncommand Workflow Automation Version-

Netapp ≫ Snap Creator Framework Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.6%	0.685

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H