2019-01-02 19:29:00 2019-09-27 05:15:13

FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery (SSRF) attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization.

Vector

NETWORK

Complexity

LOW

Authentication

NONE

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL
Oracle Primavera unifier 17.6 (not an official CPE) Oracle Primavera unifier 17.5 (not an official CPE) Oracle Primavera unifier 17.4 (not an official CPE) Oracle Primavera unifier 17.3 (not an official CPE) Oracle Primavera unifier 17.2 (not an official CPE) Oracle Primavera unifier 17.1 (not an official CPE) Oracle Primavera unifier 16.2 (not an official CPE) Oracle Primavera unifier 16.1 (not an official CPE) Oracle Jdeveloper 12.2.1.3.0 (not an official CPE) Oracle Jdeveloper 12.1.3.0.0 (not an official CPE) Oracle Financial services analytical applications infrastructure 8.0.7 (not an official CPE) Oracle Financial services analytical applications infrastructure 8.0.6 (not an official CPE) Oracle Financial services analytical applications infrastructure 8.0.5 (not an official CPE) Oracle Financial services analytical applications infrastructure 8.0.4 (not an official CPE) Oracle Financial services analytical applications infrastructure 8.0.3 (not an official CPE) Oracle Financial services analytical applications infrastructure 8.0.2 (not an official CPE) Oracle Enterprise manager for virtualization 13.2.2 (not an official CPE) Oracle Enterprise manager for virtualization 13.2.3 (not an official CPE) Oracle Enterprise manager for virtualization 13.3.1 (not an official CPE) Oracle Communications billing and revenue management 12.0 (not an official CPE) Oracle Banking platform 2.6.1 (not an official CPE) Oracle Banking platform 2.6.2 (not an official CPE) Oracle Communications billing and revenue management 7.5 (not an official CPE) Oracle Banking platform 2.5.0 (not an official CPE) Oracle Banking platform 2.6.0 (not an official CPE) Fasterxml Jackson-databind 2.9.6 (not an official CPE) Fasterxml Jackson-databind 2.9.5 (not an official CPE) Fasterxml Jackson-databind 2.9.4 (not an official CPE) Fasterxml Jackson-databind 2.9.3 (not an official CPE) Fasterxml Jackson-databind 2.9.2 (not an official CPE) Fasterxml Jackson-databind 2.9.1 (not an official CPE) Fasterxml Jackson-databind 2.9.0 Prerelease4 (not an official CPE) Fasterxml Jackson-databind 2.9.0 Prerelease3 (not an official CPE) Fasterxml Jackson-databind 2.9.0 Prerelease2 (not an official CPE) Fasterxml Jackson-databind 2.9.0 Prerelease1 (not an official CPE) Fasterxml Jackson-databind 2.9.0 Pr4 (not an official CPE) Fasterxml Jackson-databind 2.9.0 Pr1 (not an official CPE) Fasterxml Jackson-databind 2.9.0 Pr2 (not an official CPE) Fasterxml Jackson-databind 2.9.0 Pr3 (not an official CPE) Fasterxml Jackson-databind 2.9.0 - (not an official CPE) Fasterxml Jackson-databind 2.9.0 (not an official CPE) Fasterxml Jackson-databind 2.8.11.2 (not an official CPE) Fasterxml Jackson-databind 2.8.11.1 (not an official CPE) Fasterxml Jackson-databind 2.8.11 (not an official CPE) Fasterxml Jackson-databind 2.8.10 (not an official CPE) Fasterxml Jackson-databind 2.8.9 (not an official CPE) Fasterxml Jackson-databind 2.8.8.1 (not an official CPE) Fasterxml Jackson-databind 2.8.8 (not an official CPE) Fasterxml Jackson-databind 2.8.7 (not an official CPE) Fasterxml Jackson-databind 2.8.6 (not an official CPE) Fasterxml Jackson-databind 2.8.5 (not an official CPE) Fasterxml Jackson-databind 2.8.3 (not an official CPE) Fasterxml Jackson-databind 2.8.4 (not an official CPE) Fasterxml Jackson-databind 2.8.2 (not an official CPE) Fasterxml Jackson-databind 2.8.1 (not an official CPE) Fasterxml Jackson-databind 2.8.0 Rc2 (not an official CPE) Fasterxml Jackson-databind 2.8.0 Rc1 (not an official CPE) Fasterxml Jackson-databind 2.8.0 (not an official CPE) Fasterxml Jackson-databind 2.7.9.2 (not an official CPE) Fasterxml Jackson-databind 2.7.9.4 (not an official CPE) Fasterxml Jackson-databind 2.7.9.3 (not an official CPE) Fasterxml Jackson-databind 2.7.9.1 (not an official CPE) Fasterxml Jackson-databind 2.7.9 (not an official CPE) Fasterxml Jackson-databind 2.7.8 (not an official CPE) Fasterxml Jackson-databind 2.7.6 (not an official CPE) Fasterxml Jackson-databind 2.7.3 (not an official CPE) Fasterxml Jackson-databind 2.7.7 (not an official CPE) Fasterxml Jackson-databind 2.7.5 (not an official CPE) Fasterxml Jackson-databind 2.7.1-1 (not an official CPE) Fasterxml Jackson-databind 2.7.4 (not an official CPE) Fasterxml Jackson-databind 2.7.2 (not an official CPE) Fasterxml Jackson-databind 2.7.1 (not an official CPE) Fasterxml Jackson-databind 2.7.0 Rc3 (not an official CPE) Fasterxml Jackson-databind 2.7.0 Rc2 (not an official CPE) Fasterxml Jackson-databind 2.7.0 Rc1 (not an official CPE) Fasterxml Jackson-databind 2.7.0 - (not an official CPE) Fasterxml Jackson-databind 2.7.0 (not an official CPE) Fasterxml Jackson-databind 2.6.7.1 (not an official CPE) Fasterxml Jackson-databind 2.6.7 (not an official CPE) Fasterxml Jackson-databind 2.6.6 (not an official CPE) Fasterxml Jackson-databind 2.6.4 (not an official CPE) Fasterxml Jackson-databind 2.6.5 (not an official CPE) Fasterxml Jackson-databind 2.6.3 (not an official CPE) Fasterxml Jackson-databind 2.6.2 (not an official CPE) Fasterxml Jackson-databind 2.6.1 (not an official CPE) Fasterxml Jackson-databind 2.6.0 Rc3 (not an official CPE) Fasterxml Jackson-databind 2.6.0 Rc4 (not an official CPE) Fasterxml Jackson-databind 2.6.0 Rc2 (not an official CPE) Fasterxml Jackson-databind 2.6.0 Rc1 (not an official CPE) Fasterxml Jackson-databind 2.6.0 - (not an official CPE) Fasterxml Jackson-databind 2.6.0 (not an official CPE) Oracle Primavera unifier 17.7 (not an official CPE) Oracle Primavera unifier 17.8 (not an official CPE) Oracle Primavera unifier 17.9 (not an official CPE) Oracle Primavera unifier 17.10 (not an official CPE) Oracle Primavera unifier 17.11 (not an official CPE) Oracle Primavera unifier 17.12 (not an official CPE) Oracle Primavera unifier 18.8 (not an official CPE) Oracle Retail merchandising system 15.0 (not an official CPE) Oracle Retail merchandising system 16.0 (not an official CPE) Oracle Webcenter portal 12.2.1.3.0 (not an official CPE) Redhat Jboss enterprise application platform 7.2.0 (not an official CPE) Redhat Openshift container platform 3.11 (not an official CPE)