2019-01-02 19:29:00 2020-08-31 16:15:00

FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery (SSRF) attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization.

Vector

NETWORK

Complexity

LOW

Authentication

NONE

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL
Redhat Openshift container platform 3.11 * * * (not an official CPE) Oracle Retail merchandising system 16.0 * * * (not an official CPE) Oracle Webcenter portal 12.2.1.3.0 * * * (not an official CPE) Redhat Jboss enterprise application platform 7.2.0 * * * (not an official CPE) Oracle Primavera unifier * * * * (not an official CPE) Oracle Primavera unifier 18.8 * * * (not an official CPE) Oracle Financial services analytical applications infrastructure 8.0.7 * * * (not an official CPE) Oracle Retail merchandising system 15.0 * * * (not an official CPE) Oracle Primavera unifier 16.2 * * * (not an official CPE) Oracle Jdeveloper 12.2.1.3.0 * * * (not an official CPE) Oracle Primavera unifier 16.1 * * * (not an official CPE) Oracle Jdeveloper 12.1.3.0.0 * * * (not an official CPE) Oracle Financial services analytical applications infrastructure 8.0.6 * * * (not an official CPE) Oracle Financial services analytical applications infrastructure 8.0.5 * * * (not an official CPE) Oracle Financial services analytical applications infrastructure 8.0.4 * * * (not an official CPE) Oracle Financial services analytical applications infrastructure 8.0.3 * * * (not an official CPE) Oracle Financial services analytical applications infrastructure 8.0.2 * * * (not an official CPE) Oracle Enterprise manager for virtualization 13.3.1 * * * (not an official CPE) Oracle Enterprise manager for virtualization 13.2.2 * * * (not an official CPE) Oracle Enterprise manager for virtualization 13.2.3 * * * (not an official CPE) Oracle Communications billing and revenue management 12.0 * * * (not an official CPE) Oracle Communications billing and revenue management 7.5 * * * (not an official CPE) Oracle Banking platform 2.6.2 * * * (not an official CPE) Oracle Banking platform 2.6.1 * * * (not an official CPE) Oracle Banking platform 2.6.0 * * * (not an official CPE) Oracle Banking platform 2.5.0 * * * (not an official CPE) Fasterxml Jackson-databind 2.9.0 Pr4 * * (not an official CPE) Fasterxml Jackson-databind 2.9.0 Pr3 * * (not an official CPE) Fasterxml Jackson-databind 2.9.0 Pr2 * * (not an official CPE) Fasterxml Jackson-databind 2.9.0 Pr1 * * (not an official CPE) Fasterxml Jackson-databind * * * * (not an official CPE) Fasterxml Jackson-databind 2.8.0 Rc2 * * (not an official CPE) Fasterxml Jackson-databind 2.8.0 Rc1 * * (not an official CPE) Fasterxml Jackson-databind * * * * (not an official CPE) Fasterxml Jackson-databind 2.7.0 Rc3 * * (not an official CPE) Fasterxml Jackson-databind 2.7.0 Rc2 * * (not an official CPE) Fasterxml Jackson-databind 2.7.0 Rc1 * * (not an official CPE) Fasterxml Jackson-databind * * * * (not an official CPE) Fasterxml Jackson-databind * * * * (not an official CPE)
Advisory Patch Confirmed Link
https://github.com/FasterXML/jackson-databind/commit/87d...
https://github.com/FasterXML/jackson-databind/issues/209...
https://lists.apache.org/thread.html/519eb0fd45642dcecd9...
https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1...
https://access.redhat.com/errata/RHSA-2019:3892
https://access.redhat.com/errata/RHSA-2019:4037
https://lists.apache.org/thread.html/b0656d359c7d40ec9f3...
https://access.redhat.com/errata/RHSA-2019:2858
https://github.com/FasterXML/jackson/wiki/Jackson-Releas...
https://access.redhat.com/errata/RHSA-2019:1823
https://access.redhat.com/errata/RHSA-2019:3149
https://access.redhat.com/errata/RHSA-2019:1822
https://access.redhat.com/errata/RHSA-2019:1140
https://access.redhat.com/errata/RHSA-2019:1108
https://access.redhat.com/errata/RHSA-2019:1107
https://access.redhat.com/errata/RHSA-2019:1106
https://access.redhat.com/errata/RHBA-2019:0959
https://access.redhat.com/errata/RHSA-2019:0782
https://lists.apache.org/thread.html/ff8dcfe29377088ab65...
https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf9...
https://lists.debian.org/debian-lts-announce/2019/03/msg...
https://seclists.org/bugtraq/2019/May/68
https://security.netapp.com/advisory/ntap-20190530-0003/
https://www.debian.org/security/2019/dsa-4452
https://www.oracle.com/security-alerts/cpuapr2020.html
https://www.oracle.com/technetwork/security-advisory/cpu...
https://www.oracle.com/technetwork/security-advisory/cpu...
https://www.oracle.com/technetwork/security-advisory/cpu...
https://www.oracle.com/technetwork/security-advisory/cpu...