ID CVE-2018-12023
Summary An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Oracle JDBC jar in the classpath, and an attacker can provide an LDAP service to access, it is possible to make the service execute a malicious payload.
References
Vulnerable Configurations
  • FasterXML Jackson-databind 2.7.0
    cpe:2.3:a:fasterxml:jackson-databind:2.7.0
  • FasterXML Jackson-databind 2.7.0 Release Candidate 1
    cpe:2.3:a:fasterxml:jackson-databind:2.7.0:rc1
  • FasterXML Jackson-databind 2.7.0 Release Candidate 2
    cpe:2.3:a:fasterxml:jackson-databind:2.7.0:rc2
  • FasterXML Jackson-databind 2.7.0 Release Candidate 3
    cpe:2.3:a:fasterxml:jackson-databind:2.7.0:rc3
  • FasterXML Jackson-databind 2.7.1
    cpe:2.3:a:fasterxml:jackson-databind:2.7.1
  • FasterXML Jackson-databind 2.7.1-1
    cpe:2.3:a:fasterxml:jackson-databind:2.7.1-1
  • FasterXML Jackson-databind 2.7.2
    cpe:2.3:a:fasterxml:jackson-databind:2.7.2
  • FasterXML Jackson-databind 2.7.3
    cpe:2.3:a:fasterxml:jackson-databind:2.7.3
  • FasterXML Jackson-databind 2.7.4
    cpe:2.3:a:fasterxml:jackson-databind:2.7.4
  • FasterXML Jackson-databind 2.7.5
    cpe:2.3:a:fasterxml:jackson-databind:2.7.5
  • FasterXML Jackson-databind 2.7.6
    cpe:2.3:a:fasterxml:jackson-databind:2.7.6
  • FasterXML Jackson-databind 2.7.7
    cpe:2.3:a:fasterxml:jackson-databind:2.7.7
  • FasterXML Jackson-databind 2.7.8
    cpe:2.3:a:fasterxml:jackson-databind:2.7.8
  • FasterXML Jackson-databind 2.7.9
    cpe:2.3:a:fasterxml:jackson-databind:2.7.9
  • FasterXML Jackson-databind 2.7.9.1
    cpe:2.3:a:fasterxml:jackson-databind:2.7.9.1
  • FasterXML Jackson-databind 2.7.9.2
    cpe:2.3:a:fasterxml:jackson-databind:2.7.9.2
  • FasterXML Jackson-databind 2.7.9.3
    cpe:2.3:a:fasterxml:jackson-databind:2.7.9.3
  • FasterXML Jackson-databind 2.8.0
    cpe:2.3:a:fasterxml:jackson-databind:2.8.0
  • FasterXML Jackson-databind 2.8.1
    cpe:2.3:a:fasterxml:jackson-databind:2.8.1
  • FasterXML Jackson-databind 2.8.2
    cpe:2.3:a:fasterxml:jackson-databind:2.8.2
  • FasterXML Jackson-databind 2.8.3
    cpe:2.3:a:fasterxml:jackson-databind:2.8.3
  • FasterXML Jackson-databind 2.8.4
    cpe:2.3:a:fasterxml:jackson-databind:2.8.4
  • FasterXML Jackson-databind 2.8.5
    cpe:2.3:a:fasterxml:jackson-databind:2.8.5
  • FasterXML Jackson-databind 2.8.6
    cpe:2.3:a:fasterxml:jackson-databind:2.8.6
  • FasterXML Jackson-databind 2.8.7
    cpe:2.3:a:fasterxml:jackson-databind:2.8.7
  • FasterXML Jackson-databind 2.8.8
    cpe:2.3:a:fasterxml:jackson-databind:2.8.8
  • FasterXML Jackson-databind 2.8.8.1
    cpe:2.3:a:fasterxml:jackson-databind:2.8.8.1
  • FasterXML Jackson-databind 2.8.9
    cpe:2.3:a:fasterxml:jackson-databind:2.8.9
  • FasterXML Jackson-databind 2.8.10
    cpe:2.3:a:fasterxml:jackson-databind:2.8.10
  • FasterXML Jackson-Databind 2.8.11
    cpe:2.3:a:fasterxml:jackson-databind:2.8.11
  • FasterXML Jackson-databind 2.8.11.1
    cpe:2.3:a:fasterxml:jackson-databind:2.8.11.1
  • FasterXML Jackson-Databind 2.9.0
    cpe:2.3:a:fasterxml:jackson-databind:2.9.0
  • FasterXML Jackson-Databind 2.9.1
    cpe:2.3:a:fasterxml:jackson-databind:2.9.1
  • FasterXML Jackson-Databind 2.9.2
    cpe:2.3:a:fasterxml:jackson-databind:2.9.2
  • FasterXML Jackson-Databind 2.9.3
    cpe:2.3:a:fasterxml:jackson-databind:2.9.3
  • FasterXML Jackson-databind 2.9.4
    cpe:2.3:a:fasterxml:jackson-databind:2.9.4
  • FasterXML Jackson-databind 2.9.5
    cpe:2.3:a:fasterxml:jackson-databind:2.9.5
  • Fedora 29
    cpe:2.3:o:fedoraproject:fedora:29
  • cpe:2.3:a:oracle:banking_platform:2.5.0
    cpe:2.3:a:oracle:banking_platform:2.5.0
  • cpe:2.3:a:oracle:banking_platform:2.6.0
    cpe:2.3:a:oracle:banking_platform:2.6.0
  • cpe:2.3:a:oracle:banking_platform:2.6.1
    cpe:2.3:a:oracle:banking_platform:2.6.1
  • cpe:2.3:a:oracle:banking_platform:2.6.2
    cpe:2.3:a:oracle:banking_platform:2.6.2
  • cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5
    cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5
  • cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0
    cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0
  • cpe:2.3:a:oracle:enterprise_manager_for_virtualization:13.2.2
    cpe:2.3:a:oracle:enterprise_manager_for_virtualization:13.2.2
  • cpe:2.3:a:oracle:enterprise_manager_for_virtualization:13.2.3
    cpe:2.3:a:oracle:enterprise_manager_for_virtualization:13.2.3
  • cpe:2.3:a:oracle:enterprise_manager_for_virtualization:13.3.1
    cpe:2.3:a:oracle:enterprise_manager_for_virtualization:13.3.1
  • cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.2
    cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.2
  • cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.3
    cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.3
  • cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.4
    cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.4
  • cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.5
    cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.5
  • cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6
    cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6
  • cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.7
    cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.7
  • Oracle Identity Manager 11.1.2.3.0
    cpe:2.3:a:oracle:identity_manager:11.1.2.3.0
  • Oracle Identity Manager 12.2.1.3.0
    cpe:2.3:a:oracle:identity_manager:12.2.1.3.0
  • cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:9.2
    cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:9.2
  • Oracle JD Edwards EnterpriseOne Tools 9.2
    cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2
  • Oracle Primavera Gateway 15.2
    cpe:2.3:a:oracle:primavera_gateway:15.2
  • Oracle Primavera Gateway 16.2
    cpe:2.3:a:oracle:primavera_gateway:16.2
  • cpe:2.3:a:oracle:primavera_gateway:17.12
    cpe:2.3:a:oracle:primavera_gateway:17.12
  • Oracle Primavera Unifier 15.1
    cpe:2.3:a:oracle:primavera_unifier:15.1
  • Oracle Primavera Unifier 15.2
    cpe:2.3:a:oracle:primavera_unifier:15.2
  • Oracle Primavera Unifier 16.1
    cpe:2.3:a:oracle:primavera_unifier:16.1
  • Oracle Primavera Unifier 16.2
    cpe:2.3:a:oracle:primavera_unifier:16.2
  • cpe:2.3:a:oracle:rapid_home_provisioning:18c
    cpe:2.3:a:oracle:rapid_home_provisioning:18c
  • cpe:2.3:a:oracle:retail_allocation:15.0
    cpe:2.3:a:oracle:retail_allocation:15.0
  • cpe:2.3:a:oracle:retail_allocation:16.0
    cpe:2.3:a:oracle:retail_allocation:16.0
  • cpe:2.3:a:oracle:retail_assortment_planning:15.0
    cpe:2.3:a:oracle:retail_assortment_planning:15.0
  • cpe:2.3:a:oracle:retail_merchandising_system:15.0
    cpe:2.3:a:oracle:retail_merchandising_system:15.0
  • cpe:2.3:a:oracle:retail_open_commerce_platform:5.3.0
    cpe:2.3:a:oracle:retail_open_commerce_platform:5.3.0
  • cpe:2.3:a:oracle:retail_open_commerce_platform:6.0.0
    cpe:2.3:a:oracle:retail_open_commerce_platform:6.0.0
  • Oracle Retail Open Commerce Platform 6.0.1
    cpe:2.3:a:oracle:retail_open_commerce_platform:6.0.1
  • cpe:2.3:a:oracle:retail_retail_invoice_matching:15.0
    cpe:2.3:a:oracle:retail_retail_invoice_matching:15.0
  • cpe:2.3:a:oracle:retail_retail_invoice_matching:16.0
    cpe:2.3:a:oracle:retail_retail_invoice_matching:16.0
  • cpe:2.3:a:oracle:retail_xstore_point_of_service:6.5.12
    cpe:2.3:a:oracle:retail_xstore_point_of_service:6.5.12
  • cpe:2.3:a:oracle:retail_xstore_point_of_service:7.0.7
    cpe:2.3:a:oracle:retail_xstore_point_of_service:7.0.7
  • cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1.7
    cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1.7
  • cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0.2
    cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0.2
  • cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.4
    cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.4
  • cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.2
    cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.2
  • Oracle WebCenter Portal 12.2.1.3.0
    cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0
CVSS
Base: 5.1
Impact:
Exploitability:
CWE CWE-502
CAPEC
nessus via4
  • NASL family CGI abuses
    NASL id ORACLE_PRIMAVERA_UNIFIER_CPU_OCT_2018.NASL
    description According to its self-reported version number, the Oracle Primavera Unifier installation running on the remote web server is 15.x, 16.x prior to 16.2.15.4, 17.x prior to 17.12.8.2, or 18.x prior to 18.8.2.2. It is, therefore, affected by multiple vulnerabilities. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
    last seen 2019-02-21
    modified 2019-01-18
    plugin id 118594
    published 2018-11-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=118594
    title Oracle Primavera Unifier Multiple Vulnerabilities (Oct 2018 CPU)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2019-DF57551F6D.NASL
    description Fixes CVE-2018-14718 CVE-2018-14719 CVE-2018-19360 CVE-2018-19361 CVE-2018-19362 CVE-2018-12022 CVE-2018-12023 CVE-2018-14720 CVE-2018-14721 and CVE-2016-7051. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-02-19
    plugin id 122290
    published 2019-02-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=122290
    title Fedora 29 : bouncycastle / eclipse-jgit / eclipse-linuxtools / etc (2019-df57551f6d)
  • NASL family Misc.
    NASL id ORACLE_OATS_CPU_JAN_2019.NASL
    description The version of Oracle Application Testing Suite installed on the remote host is affected by multiple vulnerabilities : - Enterprise Manager Base Platform Agent Next Gen (Jython) component of Oracle Enterprise Manager Products Suite is easily exploited and can allow an unauthenticated attacker the ability to takeover the Enterprise Manager Base Platform. (CVE-2016-4000) - Enterprise Manager Base Platform Discovery Framework (OpenSSL) component of Oracle Enterprise Manager Products Suite is easily exploited and can allow an unauthenticated attacker the ability to cause a frequent crash (DoS) of the Enterprise Manager Base Platform. (CVE-2018-0732) - Enterprise Manager Ops Center Networking (OpenSSL) component of Oracle Enterprise Manager Products Suite is easily exploited and can allow an unauthenticated attacker the ability to cause a frequent crash (DoS) of the Enterprise Manager Ops Center Platform. (CVE-2018-0732) - Oracle Application Testing Suite Load Testing for Web Apps (Spring Framework) component of Oracle Enterprise Manager Products Suite is easily exploited and can allow an unauthenticated attacker the ability to takeover the Enterprise Manager Base Platform. (CVE-2018-1258) - Enterprise Manager Base Platform EM Console component is easily exploited by an unauthenticated attacker. Successful attacks can result in unauthorized update, insert, or delete access. (CVE-2018-3303) - Oracle Application Testing Suite Load Testing for Web Apps component is easily exploited by an unauthenticated attacker. Successful attacks can result in unauthorized update, insert, or delete access and a partial denial of service. (CVE-2018-3304) - Oracle Application Testing Suite Load Testing for Web Apps component is easily exploited by an unauthenticated attacker. Successful attacks can result in unauthorized update, insert, or delete access and a partial denial of service. (CVE-2018-3305) - Enterprise Manager for Virtualization Plug-In Lifecycle (jackson-databind) component of Oracle Enterprise Manager allows an unauthenticated attacker the ability to takeover Enterprise Manager for Virtualization. (CVE-2018-12023) - Enterprise Manager for Virtualization Plug-In Lifecycle (jackson-databind) component of Oracle Enterprise Manager allows an unauthenticated attacker the ability to takeover Enterprise Manager for Virtualization. (CVE-2018-14718) - Enterprise Manager Ops Center Networking (cURL) component of Oracle Enterprise Manager allows an unauthenticated attacker the ability to takeover Enterprise Manager Ops Center. (CVE-2018-1000300)
    last seen 2019-02-21
    modified 2019-01-21
    plugin id 121257
    published 2019-01-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=121257
    title Oracle Application Testing Suite Multiple Vulnerabilities (Jan 2019 CPU)
redhat via4
advisories
  • rhsa
    id RHBA-2019:0959
  • rhsa
    id RHSA-2019:0782
  • rhsa
    id RHSA-2019:0877
  • rhsa
    id RHSA-2019:1106
  • rhsa
    id RHSA-2019:1107
  • rhsa
    id RHSA-2019:1108
  • rhsa
    id RHSA-2019:1140
refmap via4
confirm
misc
Last major update 21-03-2019 - 12:00
Published 21-03-2019 - 12:00
Last modified 09-05-2019 - 17:29
Back to Top