2019-01-02 19:29:00 2020-08-31 16:15:00

FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity (XXE) attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization.

Vector

NETWORK

Complexity

LOW

Authentication

NONE

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL
Redhat Openshift container platform 3.11 * * * (not an official CPE) Redhat Jboss enterprise application platform 7.2.0 * * * (not an official CPE) Oracle Webcenter portal 12.2.1.3.0 * * * (not an official CPE) Oracle Retail merchandising system 16.0 * * * (not an official CPE) Oracle Retail merchandising system 15.0 * * * (not an official CPE) Oracle Primavera unifier 18.8 * * * (not an official CPE) Oracle Primavera unifier * * * * (not an official CPE) Oracle Primavera unifier 16.2 * * * (not an official CPE) Oracle Primavera unifier 16.1 * * * (not an official CPE) Oracle Jdeveloper 12.2.1.3.0 * * * (not an official CPE) Oracle Financial services analytical applications infrastructure 8.0.7 * * * (not an official CPE) Oracle Jdeveloper 12.1.3.0.0 * * * (not an official CPE) Oracle Financial services analytical applications infrastructure 8.0.6 * * * (not an official CPE) Oracle Financial services analytical applications infrastructure 8.0.5 * * * (not an official CPE) Oracle Financial services analytical applications infrastructure 8.0.4 * * * (not an official CPE) Oracle Financial services analytical applications infrastructure 8.0.3 * * * (not an official CPE) Oracle Financial services analytical applications infrastructure 8.0.2 * * * (not an official CPE) Oracle Enterprise manager for virtualization 13.3.1 * * * (not an official CPE) Oracle Banking platform 2.6.0 * * * (not an official CPE) Oracle Enterprise manager for virtualization 13.2.3 * * * (not an official CPE) Oracle Communications billing and revenue management 12.0 * * * (not an official CPE) Oracle Enterprise manager for virtualization 13.2.2 * * * (not an official CPE) Oracle Communications billing and revenue management 7.5 * * * (not an official CPE) Oracle Banking platform 2.6.2 * * * (not an official CPE) Oracle Banking platform 2.6.1 * * * (not an official CPE) Oracle Banking platform 2.5.0 * * * (not an official CPE) Fasterxml Jackson-databind 2.9.0 Pr4 * * (not an official CPE) Fasterxml Jackson-databind 2.9.0 Pr3 * * (not an official CPE) Fasterxml Jackson-databind 2.9.0 Pr2 * * (not an official CPE) Fasterxml Jackson-databind 2.8.0 Rc2 * * (not an official CPE) Fasterxml Jackson-databind 2.9.0 Pr1 * * (not an official CPE) Fasterxml Jackson-databind * * * * (not an official CPE) Fasterxml Jackson-databind 2.8.0 Rc1 * * (not an official CPE) Fasterxml Jackson-databind * * * * (not an official CPE) Fasterxml Jackson-databind 2.7.0 Rc2 * * (not an official CPE) Fasterxml Jackson-databind 2.7.0 Rc3 * * (not an official CPE) Fasterxml Jackson-databind 2.7.0 Rc1 * * (not an official CPE) Fasterxml Jackson-databind * * * * (not an official CPE) Fasterxml Jackson-databind * * * * (not an official CPE)
Advisory Patch Confirmed Link
https://access.redhat.com/errata/RHSA-2019:3892
https://access.redhat.com/errata/RHSA-2019:4037
https://github.com/FasterXML/jackson/wiki/Jackson-Releas...
https://github.com/FasterXML/jackson-databind/commit/87d...
https://www.oracle.com/technetwork/security-advisory/cpu...
https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf9...
https://lists.debian.org/debian-lts-announce/2019/03/msg...
https://seclists.org/bugtraq/2019/May/68
https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1...
https://lists.apache.org/thread.html/82b01bfb6787097427c...
https://lists.apache.org/thread.html/ff8dcfe29377088ab65...
https://www.oracle.com/security-alerts/cpuapr2020.html
https://www.debian.org/security/2019/dsa-4452
https://security.netapp.com/advisory/ntap-20190530-0003/
https://lists.apache.org/thread.html/ba973114605d936be27...
https://lists.apache.org/thread.html/b0656d359c7d40ec9f3...
https://www.oracle.com/technetwork/security-advisory/cpu...
https://lists.apache.org/thread.html/6a78f88716c3c57aa74...
https://lists.apache.org/thread.html/519eb0fd45642dcecd9...
https://access.redhat.com/errata/RHSA-2019:2858
https://github.com/FasterXML/jackson-databind/issues/209...
https://access.redhat.com/errata/RHSA-2019:3149
https://access.redhat.com/errata/RHSA-2019:1823
https://access.redhat.com/errata/RHSA-2019:1822
https://access.redhat.com/errata/RHSA-2019:1140
https://access.redhat.com/errata/RHSA-2019:1108
https://access.redhat.com/errata/RHSA-2019:1107
https://access.redhat.com/errata/RHSA-2019:1106
https://access.redhat.com/errata/RHSA-2019:0782
https://access.redhat.com/errata/RHBA-2019:0959
https://www.oracle.com/technetwork/security-advisory/cpu...
https://www.oracle.com/technetwork/security-advisory/cpu...