2019-01-02 19:29:00 2019-05-30 10:29:02

FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization.

Vector

NETWORK

Complexity

LOW

Authentication

NONE

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL
Oracle Webcenter portal 12.2.1.3.0 (not an official CPE) Oracle Retail merchandising system 15.0 (not an official CPE) Oracle Retail merchandising system 16.0 (not an official CPE) Oracle Primavera unifier 18.8 (not an official CPE) Oracle Primavera unifier 16.2 (not an official CPE) Oracle Financial services analytical applications infrastructure 8.0.7 (not an official CPE) Oracle Jdeveloper 12.2.1.3.0 (not an official CPE) Oracle Primavera unifier 16.1 (not an official CPE) Oracle Financial services analytical applications infrastructure 8.0.6 (not an official CPE) Oracle Jdeveloper 12.1.3.0.0 (not an official CPE) Oracle Financial services analytical applications infrastructure 8.0.5 (not an official CPE) Oracle Financial services analytical applications infrastructure 8.0.4 (not an official CPE) Oracle Financial services analytical applications infrastructure 8.0.3 (not an official CPE) Oracle Financial services analytical applications infrastructure 8.0.2 (not an official CPE) Oracle Enterprise manager for virtualization 13.3.1 (not an official CPE) Oracle Enterprise manager for virtualization 13.2.3 (not an official CPE) Oracle Enterprise manager for virtualization 13.2.2 (not an official CPE) Oracle Communications billing and revenue management 12.0 (not an official CPE) Oracle Communications billing and revenue management 7.5 (not an official CPE) Oracle Banking platform 2.6.2 (not an official CPE) Oracle Banking platform 2.6.1 (not an official CPE) Oracle Banking platform 2.5.0 (not an official CPE) Oracle Banking platform 2.6.0 (not an official CPE) Fasterxml Jackson-databind 2.9.0 Pr4 (not an official CPE) Fasterxml Jackson-databind 2.9.0 Pr2 (not an official CPE) Fasterxml Jackson-databind 2.9.0 Pr3 (not an official CPE) Fasterxml Jackson-databind 2.9.0 Pr1 (not an official CPE) Fasterxml Jackson-databind 2.8.0 Rc2 (not an official CPE) Fasterxml Jackson-databind 2.8.0 Rc1 (not an official CPE) Fasterxml Jackson-databind 2.7.0 Rc3 (not an official CPE) Fasterxml Jackson-databind 2.7.0 Rc2 (not an official CPE) Fasterxml Jackson-databind 2.7.0 Rc1 (not an official CPE)