2019-01-02 19:29:00 2020-08-31 16:15:00

FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the axis2-transport-jms class from polymorphic deserialization.

Vector

NETWORK

Complexity

LOW

Authentication

NONE

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL
Redhat Openshift container platform 3.11 * * * (not an official CPE) Redhat Jboss brms 6.4.10 * * * (not an official CPE) Oracle Primavera p6 enterprise project portfolio management 15.2 * * * (not an official CPE) Oracle Primavera p6 enterprise project portfolio management 16.1 * * * (not an official CPE) Redhat Jboss bpm suite 6.4.11 * * * (not an official CPE) Redhat Decision manager 7.3.1 * * * (not an official CPE) Redhat Automation manager 7.3.1 * * * (not an official CPE) Oracle Webcenter portal 12.2.1.3.0 * * * (not an official CPE) Oracle Retail workforce management software 1.60.9.0.0 * * * (not an official CPE) Oracle Primavera unifier 18.8 * * * (not an official CPE) Oracle Primavera unifier 16.1 * * * (not an official CPE) Oracle Primavera unifier 16.2 * * * (not an official CPE) Oracle Primavera unifier * * * * (not an official CPE) Oracle Primavera p6 enterprise project portfolio management * * * * (not an official CPE) Oracle Primavera p6 enterprise project portfolio management 18.8 * * * (not an official CPE) Oracle Primavera p6 enterprise project portfolio management 16.2 * * * (not an official CPE) Oracle Primavera p6 enterprise project portfolio management 15.1 * * * (not an official CPE) Oracle Business process management suite 12.2.1.3.0 * * * (not an official CPE) Oracle Business process management suite 12.1.3.0.0 * * * (not an official CPE) Fasterxml Jackson-databind * * * * (not an official CPE) Fasterxml Jackson-databind * * * * (not an official CPE) Fasterxml Jackson-databind * * * * (not an official CPE) Fasterxml Jackson-databind * * * * (not an official CPE)
Advisory Patch Confirmed Link
https://security.netapp.com/advisory/ntap-20190530-0003/
https://www.debian.org/security/2019/dsa-4452
https://lists.apache.org/thread.html/c70da3cb6e3f03e0ad8...
https://seclists.org/bugtraq/2019/May/68
https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf9...
https://lists.apache.org/thread.html/ff8dcfe29377088ab65...
https://lists.apache.org/thread.html/r1b103833cb5bc8466e...
https://lists.apache.org/thread.html/rca37935d661f4689cb...
https://lists.debian.org/debian-lts-announce/2019/03/msg...
https://www.oracle.com/security-alerts/cpuapr2020.html
https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1...
https://lists.apache.org/thread.html/b0656d359c7d40ec9f3...
https://lists.apache.org/thread.html/37e1ed724a1b0e5d191...
https://lists.apache.org/thread.html/bcce5a9c532b386c68d...
https://lists.apache.org/thread.html/519eb0fd45642dcecd9...
https://github.com/FasterXML/jackson-databind/issues/218...
https://issues.apache.org/jira/browse/TINKERPOP-2121
https://github.com/FasterXML/jackson-databind/commit/429...
https://access.redhat.com/errata/RHSA-2019:4037
https://github.com/FasterXML/jackson/wiki/Jackson-Releas...
https://access.redhat.com/errata/RHSA-2019:3149
https://access.redhat.com/errata/RHSA-2019:3892
https://access.redhat.com/errata/RHSA-2019:3002
https://access.redhat.com/errata/RHSA-2019:3140
https://access.redhat.com/errata/RHSA-2019:2804
https://access.redhat.com/errata/RHSA-2019:2858
https://access.redhat.com/errata/RHSA-2019:1823
https://access.redhat.com/errata/RHSA-2019:1822
https://access.redhat.com/errata/RHSA-2019:1797
https://access.redhat.com/errata/RHSA-2019:1782
https://access.redhat.com/errata/RHSA-2019:0877
https://access.redhat.com/errata/RHSA-2019:0782
http://www.securityfocus.com/bid/107985
https://access.redhat.com/errata/RHBA-2019:0959
https://www.oracle.com/technetwork/security-advisory/cpu...
https://www.oracle.com/technetwork/security-advisory/cpu...
https://www.oracle.com/technetwork/security-advisory/cpu...