ID CVE-2018-14718
Summary FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization.
References
Vulnerable Configurations
  • FasterXML Jackson-databind 2.0.0
    cpe:2.3:a:fasterxml:jackson-databind:2.0.0
  • FasterXML Jackson-databind 2.0.0 Release Candidate 1
    cpe:2.3:a:fasterxml:jackson-databind:2.0.0:rc1
  • FasterXML Jackson-databind 2.0.0 Release Candidate 2
    cpe:2.3:a:fasterxml:jackson-databind:2.0.0:rc2
  • FasterXML Jackson-databind 2.0.0 Release Candidate 3
    cpe:2.3:a:fasterxml:jackson-databind:2.0.0:rc3
  • FasterXML Jackson-databind 2.0.1
    cpe:2.3:a:fasterxml:jackson-databind:2.0.1
  • FasterXML Jackson-databind 2.0.2
    cpe:2.3:a:fasterxml:jackson-databind:2.0.2
  • FasterXML Jackson-databind 2.0.4
    cpe:2.3:a:fasterxml:jackson-databind:2.0.4
  • FasterXML Jackson-databind 2.0.5
    cpe:2.3:a:fasterxml:jackson-databind:2.0.5
  • FasterXML Jackson-databind 2.0.6
    cpe:2.3:a:fasterxml:jackson-databind:2.0.6
  • FasterXML Jackson-databind 2.1.0
    cpe:2.3:a:fasterxml:jackson-databind:2.1.0
  • FasterXML Jackson-databind 2.1.1
    cpe:2.3:a:fasterxml:jackson-databind:2.1.1
  • FasterXML Jackson-databind 2.1.2
    cpe:2.3:a:fasterxml:jackson-databind:2.1.2
  • FasterXML Jackson-databind 2.1.3
    cpe:2.3:a:fasterxml:jackson-databind:2.1.3
  • FasterXML Jackson-databind 2.1.4
    cpe:2.3:a:fasterxml:jackson-databind:2.1.4
  • FasterXML Jackson-databind 2.1.5
    cpe:2.3:a:fasterxml:jackson-databind:2.1.5
  • FasterXML Jackson-databind 2.2.0
    cpe:2.3:a:fasterxml:jackson-databind:2.2.0
  • FasterXML Jackson-databind 2.2.0 Release Candidate 1
    cpe:2.3:a:fasterxml:jackson-databind:2.2.0:rc1
  • FasterXML Jackson-databind 2.2.1
    cpe:2.3:a:fasterxml:jackson-databind:2.2.1
  • FasterXML Jackson-databind 2.2.2
    cpe:2.3:a:fasterxml:jackson-databind:2.2.2
  • FasterXML Jackson-databind 2.2.3
    cpe:2.3:a:fasterxml:jackson-databind:2.2.3
  • FasterXML Jackson-databind 2.2.4
    cpe:2.3:a:fasterxml:jackson-databind:2.2.4
  • FasterXML Jackson-databind 2.3.0
    cpe:2.3:a:fasterxml:jackson-databind:2.3.0
  • FasterXML Jackson-databind 2.3.0 Release Candidate 1
    cpe:2.3:a:fasterxml:jackson-databind:2.3.0:rc1
  • FasterXML Jackson-databind 2.3.1
    cpe:2.3:a:fasterxml:jackson-databind:2.3.1
  • FasterXML Jackson-databind 2.3.2
    cpe:2.3:a:fasterxml:jackson-databind:2.3.2
  • FasterXML Jackson-databind 2.3.3
    cpe:2.3:a:fasterxml:jackson-databind:2.3.3
  • FasterXML Jackson-databind 2.3.4
    cpe:2.3:a:fasterxml:jackson-databind:2.3.4
  • FasterXML Jackson-databind 2.3.5
    cpe:2.3:a:fasterxml:jackson-databind:2.3.5
  • FasterXML Jackson-databind 2.4.0
    cpe:2.3:a:fasterxml:jackson-databind:2.4.0
  • FasterXML Jackson-databind 2.4.0 Release Candidate 1
    cpe:2.3:a:fasterxml:jackson-databind:2.4.0:rc1
  • FasterXML Jackson-databind 2.4.0 Release Candidate 2
    cpe:2.3:a:fasterxml:jackson-databind:2.4.0:rc2
  • FasterXML Jackson-databind 2.4.0 Release Candidate 3
    cpe:2.3:a:fasterxml:jackson-databind:2.4.0:rc3
  • FasterXML Jackson-databind 2.4.1
    cpe:2.3:a:fasterxml:jackson-databind:2.4.1
  • FasterXML Jackson-databind 2.4.1.1
    cpe:2.3:a:fasterxml:jackson-databind:2.4.1.1
  • FasterXML Jackson-databind 2.4.1.2
    cpe:2.3:a:fasterxml:jackson-databind:2.4.1.2
  • FasterXML Jackson-databind 2.4.1.3
    cpe:2.3:a:fasterxml:jackson-databind:2.4.1.3
  • FasterXML Jackson-databind 2.4.2
    cpe:2.3:a:fasterxml:jackson-databind:2.4.2
  • FasterXML Jackson-databind 2.4.3
    cpe:2.3:a:fasterxml:jackson-databind:2.4.3
  • FasterXML Jackson-databind 2.4.4
    cpe:2.3:a:fasterxml:jackson-databind:2.4.4
  • FasterXML Jackson-databind 2.4.5
    cpe:2.3:a:fasterxml:jackson-databind:2.4.5
  • FasterXML Jackson-databind 2.4.5.1
    cpe:2.3:a:fasterxml:jackson-databind:2.4.5.1
  • FasterXML Jackson-databind 2.4.6
    cpe:2.3:a:fasterxml:jackson-databind:2.4.6
  • FasterXML Jackson-databind 2.4.6.1
    cpe:2.3:a:fasterxml:jackson-databind:2.4.6.1
  • FasterXML Jackson-databind 2.5.0
    cpe:2.3:a:fasterxml:jackson-databind:2.5.0
  • FasterXML Jackson-databind 2.5.0 Release Candidate 1
    cpe:2.3:a:fasterxml:jackson-databind:2.5.0:rc1
  • FasterXML Jackson-databind 2.5.1
    cpe:2.3:a:fasterxml:jackson-databind:2.5.1
  • FasterXML Jackson-databind 2.5.2
    cpe:2.3:a:fasterxml:jackson-databind:2.5.2
  • FasterXML Jackson-databind 2.5.3
    cpe:2.3:a:fasterxml:jackson-databind:2.5.3
  • FasterXML Jackson-databind 2.5.4
    cpe:2.3:a:fasterxml:jackson-databind:2.5.4
  • FasterXML Jackson-databind 2.5.5
    cpe:2.3:a:fasterxml:jackson-databind:2.5.5
  • FasterXML Jackson-databind 2.6.0
    cpe:2.3:a:fasterxml:jackson-databind:2.6.0
  • FasterXML Jackson-databind 2.6.0 Release Candidate 1
    cpe:2.3:a:fasterxml:jackson-databind:2.6.0:rc1
  • FasterXML Jackson-databind 2.6.0 Release Candidate 2
    cpe:2.3:a:fasterxml:jackson-databind:2.6.0:rc2
  • FasterXML Jackson-databind 2.6.0 Release Candidate 3
    cpe:2.3:a:fasterxml:jackson-databind:2.6.0:rc3
  • FasterXML Jackson-databind 2.6.0 Release Candidate 4
    cpe:2.3:a:fasterxml:jackson-databind:2.6.0:rc4
  • FasterXML Jackson-databind 2.6.1
    cpe:2.3:a:fasterxml:jackson-databind:2.6.1
  • FasterXML Jackson-databind 2.6.2
    cpe:2.3:a:fasterxml:jackson-databind:2.6.2
  • FasterXML Jackson-databind 2.6.3
    cpe:2.3:a:fasterxml:jackson-databind:2.6.3
  • FasterXML Jackson-databind 2.6.4
    cpe:2.3:a:fasterxml:jackson-databind:2.6.4
  • FasterXML Jackson-databind 2.6.5
    cpe:2.3:a:fasterxml:jackson-databind:2.6.5
  • FasterXML Jackson-databind 2.6.6
    cpe:2.3:a:fasterxml:jackson-databind:2.6.6
  • FasterXML Jackson-databind 2.6.7
    cpe:2.3:a:fasterxml:jackson-databind:2.6.7
  • FasterXML Jackson-databind 2.6.7.1
    cpe:2.3:a:fasterxml:jackson-databind:2.6.7.1
  • FasterXML Jackson-databind 2.7.0
    cpe:2.3:a:fasterxml:jackson-databind:2.7.0
  • FasterXML Jackson-databind 2.7.0 Release Candidate 1
    cpe:2.3:a:fasterxml:jackson-databind:2.7.0:rc1
  • FasterXML Jackson-databind 2.7.0 Release Candidate 2
    cpe:2.3:a:fasterxml:jackson-databind:2.7.0:rc2
  • FasterXML Jackson-databind 2.7.0 Release Candidate 3
    cpe:2.3:a:fasterxml:jackson-databind:2.7.0:rc3
  • FasterXML Jackson-databind 2.7.1
    cpe:2.3:a:fasterxml:jackson-databind:2.7.1
  • FasterXML Jackson-databind 2.7.1-1
    cpe:2.3:a:fasterxml:jackson-databind:2.7.1-1
  • FasterXML Jackson-databind 2.7.2
    cpe:2.3:a:fasterxml:jackson-databind:2.7.2
  • FasterXML Jackson-databind 2.7.3
    cpe:2.3:a:fasterxml:jackson-databind:2.7.3
  • FasterXML Jackson-databind 2.7.4
    cpe:2.3:a:fasterxml:jackson-databind:2.7.4
  • FasterXML Jackson-databind 2.7.5
    cpe:2.3:a:fasterxml:jackson-databind:2.7.5
  • FasterXML Jackson-databind 2.7.6
    cpe:2.3:a:fasterxml:jackson-databind:2.7.6
  • FasterXML Jackson-databind 2.7.7
    cpe:2.3:a:fasterxml:jackson-databind:2.7.7
  • FasterXML Jackson-databind 2.7.8
    cpe:2.3:a:fasterxml:jackson-databind:2.7.8
  • FasterXML Jackson-databind 2.7.9
    cpe:2.3:a:fasterxml:jackson-databind:2.7.9
  • FasterXML Jackson-databind 2.7.9.1
    cpe:2.3:a:fasterxml:jackson-databind:2.7.9.1
  • FasterXML Jackson-databind 2.7.9.2
    cpe:2.3:a:fasterxml:jackson-databind:2.7.9.2
  • FasterXML Jackson-databind 2.7.9.3
    cpe:2.3:a:fasterxml:jackson-databind:2.7.9.3
  • FasterXML Jackson-databind 2.7.9.4
    cpe:2.3:a:fasterxml:jackson-databind:2.7.9.4
  • FasterXML Jackson-databind 2.8.0
    cpe:2.3:a:fasterxml:jackson-databind:2.8.0
  • cpe:2.3:a:fasterxml:jackson-databind:2.8.0:rc1
    cpe:2.3:a:fasterxml:jackson-databind:2.8.0:rc1
  • cpe:2.3:a:fasterxml:jackson-databind:2.8.0:rc2
    cpe:2.3:a:fasterxml:jackson-databind:2.8.0:rc2
  • FasterXML Jackson-databind 2.8.1
    cpe:2.3:a:fasterxml:jackson-databind:2.8.1
  • FasterXML Jackson-databind 2.8.2
    cpe:2.3:a:fasterxml:jackson-databind:2.8.2
  • FasterXML Jackson-databind 2.8.3
    cpe:2.3:a:fasterxml:jackson-databind:2.8.3
  • FasterXML Jackson-databind 2.8.4
    cpe:2.3:a:fasterxml:jackson-databind:2.8.4
  • FasterXML Jackson-databind 2.8.5
    cpe:2.3:a:fasterxml:jackson-databind:2.8.5
  • FasterXML Jackson-databind 2.8.6
    cpe:2.3:a:fasterxml:jackson-databind:2.8.6
  • FasterXML Jackson-databind 2.8.7
    cpe:2.3:a:fasterxml:jackson-databind:2.8.7
  • FasterXML Jackson-databind 2.8.8
    cpe:2.3:a:fasterxml:jackson-databind:2.8.8
  • FasterXML Jackson-databind 2.8.8.1
    cpe:2.3:a:fasterxml:jackson-databind:2.8.8.1
  • FasterXML Jackson-databind 2.8.9
    cpe:2.3:a:fasterxml:jackson-databind:2.8.9
  • FasterXML Jackson-databind 2.8.10
    cpe:2.3:a:fasterxml:jackson-databind:2.8.10
  • FasterXML Jackson-Databind 2.8.11
    cpe:2.3:a:fasterxml:jackson-databind:2.8.11
  • FasterXML Jackson-databind 2.8.11.1
    cpe:2.3:a:fasterxml:jackson-databind:2.8.11.1
  • FasterXML Jackson-databind 2.8.11.2
    cpe:2.3:a:fasterxml:jackson-databind:2.8.11.2
  • FasterXML Jackson-Databind 2.9.0
    cpe:2.3:a:fasterxml:jackson-databind:2.9.0
  • cpe:2.3:a:fasterxml:jackson-databind:2.9.0:pr1
    cpe:2.3:a:fasterxml:jackson-databind:2.9.0:pr1
  • cpe:2.3:a:fasterxml:jackson-databind:2.9.0:pr2
    cpe:2.3:a:fasterxml:jackson-databind:2.9.0:pr2
  • cpe:2.3:a:fasterxml:jackson-databind:2.9.0:pr3
    cpe:2.3:a:fasterxml:jackson-databind:2.9.0:pr3
  • cpe:2.3:a:fasterxml:jackson-databind:2.9.0:pr4
    cpe:2.3:a:fasterxml:jackson-databind:2.9.0:pr4
  • FasterXML Jackson-Databind 2.9.1
    cpe:2.3:a:fasterxml:jackson-databind:2.9.1
  • FasterXML Jackson-Databind 2.9.2
    cpe:2.3:a:fasterxml:jackson-databind:2.9.2
  • FasterXML Jackson-Databind 2.9.3
    cpe:2.3:a:fasterxml:jackson-databind:2.9.3
  • FasterXML Jackson-databind 2.9.4
    cpe:2.3:a:fasterxml:jackson-databind:2.9.4
  • FasterXML Jackson-databind 2.9.5
    cpe:2.3:a:fasterxml:jackson-databind:2.9.5
  • FasterXML Jackson-databind 2.9.6
    cpe:2.3:a:fasterxml:jackson-databind:2.9.6
  • Debian Linux 8.0 (Jessie)
    cpe:2.3:o:debian:debian_linux:8.0
  • cpe:2.3:a:oracle:banking_platform:2.5.0
    cpe:2.3:a:oracle:banking_platform:2.5.0
  • cpe:2.3:a:oracle:banking_platform:2.6.0
    cpe:2.3:a:oracle:banking_platform:2.6.0
  • cpe:2.3:a:oracle:banking_platform:2.6.1
    cpe:2.3:a:oracle:banking_platform:2.6.1
  • cpe:2.3:a:oracle:banking_platform:2.6.2
    cpe:2.3:a:oracle:banking_platform:2.6.2
  • cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5
    cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5
  • cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0
    cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0
  • cpe:2.3:a:oracle:enterprise_manager_for_virtualization:13.2.2
    cpe:2.3:a:oracle:enterprise_manager_for_virtualization:13.2.2
  • cpe:2.3:a:oracle:enterprise_manager_for_virtualization:13.2.3
    cpe:2.3:a:oracle:enterprise_manager_for_virtualization:13.2.3
  • cpe:2.3:a:oracle:enterprise_manager_for_virtualization:13.3.1
    cpe:2.3:a:oracle:enterprise_manager_for_virtualization:13.3.1
  • cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.2
    cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.2
  • cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.3
    cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.3
  • cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.4
    cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.4
  • cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.5
    cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.5
  • cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6
    cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6
  • cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.7
    cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.7
  • cpe:2.3:a:oracle:jdeveloper:12.1.3.0.0
    cpe:2.3:a:oracle:jdeveloper:12.1.3.0.0
  • cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0
    cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0
  • Oracle Primavera Unifier 16.1
    cpe:2.3:a:oracle:primavera_unifier:16.1
  • Oracle Primavera Unifier 16.2
    cpe:2.3:a:oracle:primavera_unifier:16.2
  • cpe:2.3:a:oracle:primavera_unifier:18.8
    cpe:2.3:a:oracle:primavera_unifier:18.8
  • cpe:2.3:a:oracle:retail_merchandising_system:15.0
    cpe:2.3:a:oracle:retail_merchandising_system:15.0
  • Oracle Retail Merchandising System 16.0
    cpe:2.3:a:oracle:retail_merchandising_system:16.0
  • Oracle WebCenter Portal 12.2.1.3.0
    cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0
CVSS
Base: 7.5
Impact:
Exploitability:
CWE CWE-502
CAPEC
nessus via4
  • NASL family CGI abuses
    NASL id ORACLE_PRIMAVERA_UNIFIER_CPU_JAN_2019.NASL
    description According to its self-reported version number, the Oracle Primavera Unifier installation running on the remote web server is 16.x prior to 16.2.15.6 or 17.x prior to 17.12.9.2 or 18.x prior to 18.8.4.1. It is, therefore, affected by multiple vulnerabilities: - An arbitrary file upload vulnerability exists in Blueimp jQuery-File-Upload. An unauthenticated, remote attacker can exploit this to upload arbitrary files on the remote host subject to the privileges of the user. - A remote command execution vulnerability exists in jackson-databind due to a failure to block various classes from polymorphic deserialization. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2018-14718, CVE-2018-14719 CVE-2018-14720, CVE-2018-14721) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
    last seen 2019-02-21
    modified 2019-01-18
    plugin id 121251
    published 2019-01-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=121251
    title Oracle Primavera Unifier Multiple Vulnerabilities (Jan 2019 CPU)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2019-DF57551F6D.NASL
    description Fixes CVE-2018-14718 CVE-2018-14719 CVE-2018-19360 CVE-2018-19361 CVE-2018-19362 CVE-2018-12022 CVE-2018-12023 CVE-2018-14720 CVE-2018-14721 and CVE-2016-7051. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-02-19
    plugin id 122290
    published 2019-02-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=122290
    title Fedora 29 : bouncycastle / eclipse-jgit / eclipse-linuxtools / etc (2019-df57551f6d)
  • NASL family Misc.
    NASL id ORACLE_OATS_CPU_JAN_2019.NASL
    description The version of Oracle Application Testing Suite installed on the remote host is affected by multiple vulnerabilities : - Enterprise Manager Base Platform Agent Next Gen (Jython) component of Oracle Enterprise Manager Products Suite is easily exploited and can allow an unauthenticated attacker the ability to takeover the Enterprise Manager Base Platform. (CVE-2016-4000) - Enterprise Manager Base Platform Discovery Framework (OpenSSL) component of Oracle Enterprise Manager Products Suite is easily exploited and can allow an unauthenticated attacker the ability to cause a frequent crash (DoS) of the Enterprise Manager Base Platform. (CVE-2018-0732) - Enterprise Manager Ops Center Networking (OpenSSL) component of Oracle Enterprise Manager Products Suite is easily exploited and can allow an unauthenticated attacker the ability to cause a frequent crash (DoS) of the Enterprise Manager Ops Center Platform. (CVE-2018-0732) - Oracle Application Testing Suite Load Testing for Web Apps (Spring Framework) component of Oracle Enterprise Manager Products Suite is easily exploited and can allow an unauthenticated attacker the ability to takeover the Enterprise Manager Base Platform. (CVE-2018-1258) - Enterprise Manager Base Platform EM Console component is easily exploited by an unauthenticated attacker. Successful attacks can result in unauthorized update, insert, or delete access. (CVE-2018-3303) - Oracle Application Testing Suite Load Testing for Web Apps component is easily exploited by an unauthenticated attacker. Successful attacks can result in unauthorized update, insert, or delete access and a partial denial of service. (CVE-2018-3304) - Oracle Application Testing Suite Load Testing for Web Apps component is easily exploited by an unauthenticated attacker. Successful attacks can result in unauthorized update, insert, or delete access and a partial denial of service. (CVE-2018-3305) - Enterprise Manager for Virtualization Plug-In Lifecycle (jackson-databind) component of Oracle Enterprise Manager allows an unauthenticated attacker the ability to takeover Enterprise Manager for Virtualization. (CVE-2018-12023) - Enterprise Manager for Virtualization Plug-In Lifecycle (jackson-databind) component of Oracle Enterprise Manager allows an unauthenticated attacker the ability to takeover Enterprise Manager for Virtualization. (CVE-2018-14718) - Enterprise Manager Ops Center Networking (cURL) component of Oracle Enterprise Manager allows an unauthenticated attacker the ability to takeover Enterprise Manager Ops Center. (CVE-2018-1000300)
    last seen 2019-02-21
    modified 2019-01-21
    plugin id 121257
    published 2019-01-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=121257
    title Oracle Application Testing Suite Multiple Vulnerabilities (Jan 2019 CPU)
redhat via4
advisories
  • rhsa
    id RHBA-2019:0959
  • rhsa
    id RHSA-2019:0782
  • rhsa
    id RHSA-2019:0877
refmap via4
bid 106601
bugtraq 20190527 [SECURITY] [DSA 4452-1] jackson-databind security update
confirm
debian DSA-4452
misc https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
mlist
  • [debian-lts-announce] 20190304 [SECURITY] [DLA 1703-1] jackson-databind security update
  • [lucene-dev] 20190325 [jira] [Assigned] (SOLR-13112) CVE-2018-14718(-14719),sonatype-2017-0312, CVE-2018-14720(-14721) Threat Level 8 Against Solr v7.6. com.fasterxml.jackson.core : jackson-databind : 2.9.6. FasterXML jackson-databind 2.x before 2.9.7 Remote Hackers...
  • [lucene-dev] 20190325 [jira] [Updated] (SOLR-13112) CVE-2018-14718(-14719),sonatype-2017-0312, CVE-2018-14720(-14721) Threat Level 8 Against Solr v7.6. com.fasterxml.jackson.core : jackson-databind : 2.9.6. FasterXML jackson-databind 2.x before 2.9.7 Remote Hackers...
Last major update 02-01-2019 - 13:29
Published 02-01-2019 - 13:29
Last modified 30-05-2019 - 04:29
Back to Top