2019-03-21 17:00:12 2019-09-17 19:15:11

An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Oracle JDBC jar in the classpath, and an attacker can provide an LDAP service to access, it is possible to make the service execute a malicious payload.

Vector

NETWORK

Complexity

HIGH

Authentication

NONE

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL
Redhat Single sign-on 7.3 (not an official CPE) Redhat Jboss brms 6.4.10 (not an official CPE) Redhat Jboss enterprise application platform 7.2.0 (not an official CPE) Redhat Openshift container platform 3.11 (not an official CPE) Redhat Decision manager 7.3.1 (not an official CPE) Redhat Automation manager 7.3.1 (not an official CPE) Oracle Retail merchandising system 15.0 (not an official CPE) Oracle Jd edwards enterpriseone tools 9.2 (not an official CPE) Fasterxml Jackson-databind 2.9.5 (not an official CPE) Fasterxml Jackson-databind 2.9.4 (not an official CPE) Fasterxml Jackson-databind 2.9.3 (not an official CPE) Fasterxml Jackson-databind 2.9.2 (not an official CPE) Fasterxml Jackson-databind 2.9.1 (not an official CPE) Fasterxml Jackson-databind 2.9.0 Prerelease3 (not an official CPE) Fasterxml Jackson-databind 2.9.0 Prerelease4 (not an official CPE) Fasterxml Jackson-databind 2.9.0 Prerelease2 (not an official CPE) Fasterxml Jackson-databind 2.9.0 Prerelease1 (not an official CPE) Fasterxml Jackson-databind 2.9.0 - (not an official CPE) Fasterxml Jackson-databind 2.9.0 (not an official CPE) Fasterxml Jackson-databind 2.8.11.1 (not an official CPE) Fasterxml Jackson-databind 2.8.11 (not an official CPE) Fasterxml Jackson-databind 2.8.10 (not an official CPE) Fasterxml Jackson-databind 2.8.9 (not an official CPE) Fasterxml Jackson-databind 2.8.8.1 (not an official CPE) Fasterxml Jackson-databind 2.8.8 (not an official CPE) Fasterxml Jackson-databind 2.8.7 (not an official CPE) Fasterxml Jackson-databind 2.8.6 (not an official CPE) Fasterxml Jackson-databind 2.8.5 (not an official CPE) Fasterxml Jackson-databind 2.8.4 (not an official CPE) Fasterxml Jackson-databind 2.8.3 (not an official CPE) Fasterxml Jackson-databind 2.8.2 (not an official CPE) Fasterxml Jackson-databind 2.8.1 (not an official CPE) Fasterxml Jackson-databind 2.8.0 (not an official CPE) Fasterxml Jackson-databind 2.7.9.3 (not an official CPE) Fasterxml Jackson-databind 2.7.9.2 (not an official CPE) Fasterxml Jackson-databind 2.7.9.1 (not an official CPE) Fasterxml Jackson-databind 2.7.9 (not an official CPE) Fasterxml Jackson-databind 2.7.8 (not an official CPE) Fasterxml Jackson-databind 2.7.7 (not an official CPE) Fasterxml Jackson-databind 2.7.6 (not an official CPE) Fasterxml Jackson-databind 2.7.5 (not an official CPE) Fasterxml Jackson-databind 2.7.4 (not an official CPE) Fasterxml Jackson-databind 2.7.3 (not an official CPE) Fasterxml Jackson-databind 2.7.2 (not an official CPE) Fasterxml Jackson-databind 2.7.1-1 (not an official CPE) Fasterxml Jackson-databind 2.7.1 (not an official CPE) Fasterxml Jackson-databind 2.7.0 Rc3 (not an official CPE) Fasterxml Jackson-databind 2.7.0 Rc1 (not an official CPE) Fasterxml Jackson-databind 2.7.0 Rc2 (not an official CPE) Fasterxml Jackson-databind 2.7.0 - (not an official CPE) Fasterxml Jackson-databind 2.7.0 (not an official CPE)