CVE-2019-17531 - A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When D

CVE-2019-17531

Summary

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload.

References

Vulnerable Configurations

cpe:2.3:a:fasterxml:jackson-databind:2.9.0:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.9.0:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.9.0:-:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.9.0:-:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.9.0:prerelease1:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.9.0:prerelease1:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.9.0:prerelease2:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.9.0:prerelease2:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.9.0:prerelease3:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.9.0:prerelease3:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.9.0:prerelease4:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.9.0:prerelease4:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.9.1:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.9.1:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.9.2:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.9.2:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.9.3:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.9.3:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.9.4:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.9.4:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.9.5:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.9.5:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.9.6:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.9.6:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.9.7:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.9.7:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.9.8:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.9.8:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.9.9:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.9.9:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.9.9.1:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.9.9.1:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.9.9.2:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.9.9.2:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.9.9.3:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.9.9.3:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.9.9.4:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.9.9.4:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.9.10:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.9.10:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.0.0:-:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.0.0:-:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.0.0:rc1:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.0.0:rc1:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.0.0:rc2:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.0.0:rc2:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.0.0:rc3:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.0.0:rc3:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.0.4:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.0.4:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.0.5:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.0.5:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.0.6:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.0.6:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.1.0:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.1.0:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.1.1:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.1.1:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.1.2:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.1.2:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.1.3:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.1.3:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.1.4:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.1.4:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.1.5:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.1.5:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.2.0:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.2.0:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.2.0:-:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.2.0:-:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.2.0:rc1:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.2.0:rc1:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.2.1:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.2.1:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.2.2:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.2.2:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.2.3:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.2.3:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.2.4:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.2.4:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.3.0:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.3.0:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.3.0:-:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.3.0:-:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.3.0:rc1:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.3.0:rc1:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.3.1:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.3.1:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.3.2:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.3.2:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.3.3:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.3.3:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.3.4:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.3.4:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.3.5:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.3.5:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.4.0:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.4.0:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.4.0:-:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.4.0:-:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.4.0:rc1:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.4.0:rc1:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.4.0:rc2:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.4.0:rc2:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.4.0:rc3:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.4.0:rc3:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.4.1:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.4.1:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.4.1.1:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.4.1.1:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.4.1.2:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.4.1.2:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.4.1.3:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.4.1.3:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.4.2:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.4.2:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.4.3:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.4.3:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.4.4:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.4.4:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.4.5:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.4.5:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.4.5.1:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.4.5.1:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.4.6:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.4.6:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.4.6.1:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.4.6.1:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.5.0:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.5.0:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.5.0:-:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.5.0:-:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.5.0:rc1:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.5.0:rc1:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.5.1:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.5.1:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.5.2:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.5.2:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.5.3:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.5.3:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.5.4:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.5.4:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.5.5:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.5.5:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.6.0:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.6.0:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.6.0:-:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.6.0:-:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.6.0:rc1:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.6.0:rc1:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.6.0:rc2:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.6.0:rc2:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.6.0:rc3:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.6.0:rc3:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.6.0:rc4:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.6.0:rc4:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.6.1:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.6.1:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.6.2:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.6.2:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.6.3:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.6.3:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.6.4:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.6.4:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.6.5:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.6.5:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.6.6:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.6.6:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.6.7:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.6.7:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.6.7.1:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.6.7.1:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.6.7.2:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.6.7.2:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.7.0:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.7.0:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.7.0:-:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.7.0:-:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.7.0:rc1:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.7.0:rc1:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.7.0:rc2:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.7.0:rc2:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.7.0:rc3:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.7.0:rc3:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.7.1:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.7.1:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.7.1-1:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.7.1-1:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.7.2:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.7.2:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.7.3:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.7.3:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.7.4:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.7.4:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.7.5:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.7.5:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.7.6:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.7.6:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.7.7:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.7.7:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.7.8:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.7.8:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.7.9:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.7.9:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.7.9.1:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.7.9.1:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.7.9.2:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.7.9.2:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.7.9.3:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.7.9.3:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.7.9.4:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.7.9.4:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.7.9.5:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.7.9.5:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.7.9.6:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.7.9.6:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.7.9.7:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.7.9.7:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.8.0:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.8.0:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.8.0:rc1:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.8.0:rc1:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.8.0:rc2:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.8.0:rc2:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.8.1:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.8.1:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.8.2:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.8.2:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.8.3:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.8.3:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.8.4:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.8.4:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.8.5:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.8.5:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.8.6:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.8.6:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.8.7:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.8.7:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.8.8:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.8.8:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.8.8.1:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.8.8.1:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.8.9:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.8.9:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.8.10:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.8.10:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.8.11:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.8.11:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.8.11.1:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.8.11.1:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.8.11.2:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.8.11.2:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.8.11.3:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.8.11.3:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.8.11.4:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.8.11.4:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.2:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.2:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.3:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:8.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_platform:2.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_platform:2.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_platform:2.4.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_platform:2.4.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_gateway:16.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_gateway:16.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_gateway:16.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_gateway:16.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_platform:2.5.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_platform:2.5.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:webcenter_sites:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:webcenter_sites:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:9.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:9.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_platform:2.6.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_platform:2.6.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_platform:2.6.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_platform:2.6.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:webcenter_sites:12.2.1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:webcenter_sites:12.2.1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:trace_file_analyzer:19c:*:*:*:*:*:*:*
cpe:2.3:a:oracle:trace_file_analyzer:19c:*:*:*:*:*:*:*
cpe:2.3:a:oracle:trace_file_analyzer:18c:*:*:*:*:*:*:*
cpe:2.3:a:oracle:trace_file_analyzer:18c:*:*:*:*:*:*:*
cpe:2.3:a:oracle:trace_file_analyzer:12.2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:trace_file_analyzer:12.2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:siebel_engineering_-_installer_\&_deployment:-:*:*:*:*:*:*:*
cpe:2.3:a:oracle:siebel_engineering_-_installer_\&_deployment:-:*:*:*:*:*:*:*
cpe:2.3:a:oracle:siebel_engineering_-_installer_\&_deployment:2.1.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:siebel_engineering_-_installer_\&_deployment:2.1.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:siebel_engineering_-_installer_\&_deployment:2.20.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:siebel_engineering_-_installer_\&_deployment:2.20.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_merchandising_system:15.0.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_merchandising_system:15.0.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_merchandising_system:16.0.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_merchandising_system:16.0.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_merchandising_system:16.0.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_merchandising_system:16.0.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:global_lifecycle_management_nextgen_oui_framework:13.9.4.2.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:global_lifecycle_management_nextgen_oui_framework:13.9.4.2.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:global_lifecycle_management_nextgen_oui_framework:12.2.1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:global_lifecycle_management_nextgen_oui_framework:12.2.1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:global_lifecycle_management_nextgen_oui_framework:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:global_lifecycle_management_nextgen_oui_framework:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_platform:2.7.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_platform:2.7.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_platform:2.7.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_platform:2.7.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_platform:2.9.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_platform:2.9.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_gateway:19.12.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_gateway:19.12.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_gateway:18.8.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_gateway:18.8.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_gateway:18.8.8:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_gateway:18.8.8:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_gateway:17.7:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_gateway:17.7:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_gateway:17.12:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_gateway:17.12:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_gateway:17.12.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_gateway:17.12.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_gateway:17.12.6:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_gateway:17.12.6:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_calendar_server:8.0.0.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_calendar_server:8.0.0.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_calendar_server:8.0.0.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_calendar_server:8.0.0.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:goldengate_application_adapters:19.1.0.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:goldengate_application_adapters:19.1.0.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*

CVSS

Base:	6.8 (as of 13-09-2023 - 14:53)
Impact:
Exploitability:

CWE

CWE-502

CAPEC

Object Injection
An adversary attempts to exploit an application by injecting additional, malicious content during its processing of serialized objects. Developers leverage serialization in order to convert data or state into a static, binary format for saving to disk or transferring over a network. These objects are then deserialized when needed to recover the data/state. By injecting a malformed object into a vulnerable application, an adversary can potentially compromise the application by manipulating the deserialization process. This can result in a number of unwanted outcomes, including remote code execution.

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:P/A:P

redhat via4

advisories

rhsa
id RHSA-2019:4192
rhsa
id RHSA-2020:0159
rhsa
id RHSA-2020:0160
rhsa
id RHSA-2020:0161
rhsa
id RHSA-2020:0164
rhsa
id RHSA-2020:0445

rpms

rh-maven35-jackson-databind-0:2.7.6-2.8.el7
rh-maven35-jackson-databind-javadoc-0:2.7.6-2.8.el7
eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap
eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el6eap
eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el6eap
eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el6eap
eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap
eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap
eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap
eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el6eap
eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el6eap
eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el6eap
eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el6eap
eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap
eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el6eap
eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap
eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap
eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap
eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap
eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap
eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el6eap
eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el6eap
eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el6eap
eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el6eap
eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el6eap
eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap
eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap
eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap
eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el6eap
eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap
eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap
eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap
eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el6eap
eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el6eap
eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el6eap
eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap
eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el6eap
eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap
eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el6eap
eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap
eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap
eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el6eap
eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap
eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el6eap
eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap
eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el6eap
eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap
eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el6eap
eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap
eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap
eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap
eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el6eap
eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap
eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el6eap
eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap
eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap
eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap
eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el6eap
eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap
eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el6eap
eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap
eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap
eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap
eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el6eap
eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el6eap
eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el6eap
eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el6eap
eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el6eap
eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el6eap
eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap
eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el6eap
eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el6eap
eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el6eap
eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el6eap
eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el6eap
eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el6eap
eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap
eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap
eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el7eap
eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el7eap
eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el7eap
eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap
eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap
eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap
eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el7eap
eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el7eap
eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el7eap
eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el7eap
eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap
eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el7eap
eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap
eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap
eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap
eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap
eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap
eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el7eap
eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el7eap
eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el7eap
eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el7eap
eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el7eap
eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap
eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap
eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap
eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el7eap
eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap
eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap
eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap
eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el7eap
eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el7eap
eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el7eap
eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap
eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el7eap
eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap
eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el7eap
eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap
eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap
eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el7eap
eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap
eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el7eap
eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap
eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el7eap
eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap
eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el7eap
eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap
eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap
eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap
eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el7eap
eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap
eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el7eap
eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap
eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap
eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap
eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el7eap
eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap
eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el7eap
eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap
eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap
eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap
eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el7eap
eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el7eap
eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el7eap
eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el7eap
eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el7eap
eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el7eap
eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap
eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el7eap
eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el7eap
eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el7eap
eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el7eap
eap7-wildfly-java-jdk11-0:7.2.6-5.GA_redhat_00001.1.el7eap
eap7-wildfly-java-jdk8-0:7.2.6-5.GA_redhat_00001.1.el7eap
eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el7eap
eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el7eap
eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap
eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el8eap
eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el8eap
eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el8eap
eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el8eap
eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el8eap
eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el8eap
eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el8eap
eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el8eap
eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el8eap
eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el8eap
eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el8eap
eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el8eap
eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el8eap
eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el8eap
eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el8eap
eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el8eap
eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el8eap
eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el8eap
eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el8eap
eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el8eap
eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el8eap
eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el8eap
eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el8eap
eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el8eap
eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el8eap
eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el8eap
eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el8eap
eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el8eap
eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el8eap
eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el8eap
eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el8eap
eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el8eap
eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el8eap
eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap
eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el8eap
eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap
eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el8eap
eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap
eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap
eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el8eap
eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap
eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el8eap
eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap
eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el8eap
eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap
eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el8eap
eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap
eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el8eap
eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el8eap
eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el8eap
eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap
eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el8eap
eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap
eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el8eap
eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el8eap
eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el8eap
eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el8eap
eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el8eap
eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el8eap
eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el8eap
eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el8eap
eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el8eap
eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el8eap
eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el8eap
eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el8eap
eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el8eap
eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el8eap
eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el8eap
eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el8eap
eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el8eap
eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el8eap
eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el8eap
eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el8eap
eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el8eap
eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap
apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c
apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c
bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c
glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c
glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c
glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c
glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c
glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c
jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25
jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25
jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25
jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d
jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d
jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c
jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c
javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c
javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c
jss-0:4.6.2-4.module+el8.2.0+6123+b4678599
jss-debuginfo-0:4.6.2-4.module+el8.2.0+6123+b4678599
jss-debugsource-0:4.6.2-4.module+el8.2.0+6123+b4678599
jss-javadoc-0:4.6.2-4.module+el8.2.0+6123+b4678599
ldapjdk-0:4.21.0-2.module+el8.2.0+4573+c3c38c7b
ldapjdk-javadoc-0:4.21.0-2.module+el8.2.0+4573+c3c38c7b
pki-base-0:10.8.3-1.module+el8.2.0+5925+bad5981a
pki-base-java-0:10.8.3-1.module+el8.2.0+5925+bad5981a
pki-ca-0:10.8.3-1.module+el8.2.0+5925+bad5981a
pki-core-debuginfo-0:10.8.3-1.module+el8.2.0+5925+bad5981a
pki-core-debugsource-0:10.8.3-1.module+el8.2.0+5925+bad5981a
pki-kra-0:10.8.3-1.module+el8.2.0+5925+bad5981a
pki-server-0:10.8.3-1.module+el8.2.0+5925+bad5981a
pki-servlet-4.0-api-1:9.0.7-16.module+el8.1.0+3366+6dfb954c
pki-servlet-engine-1:9.0.7-16.module+el8.1.0+3366+6dfb954c
pki-symkey-0:10.8.3-1.module+el8.2.0+5925+bad5981a
pki-symkey-debuginfo-0:10.8.3-1.module+el8.2.0+5925+bad5981a
pki-tools-0:10.8.3-1.module+el8.2.0+5925+bad5981a
pki-tools-debuginfo-0:10.8.3-1.module+el8.2.0+5925+bad5981a
python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c
python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c
python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c
python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c
python3-pki-0:10.8.3-1.module+el8.2.0+5925+bad5981a
relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c
resteasy-0:3.0.26-3.module+el8.1.0+3366+6dfb954c
slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c
slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c
stax-ex-0:1.7.7-8.module+el8.1.0+3366+6dfb954c
tomcatjss-0:7.4.1-2.module+el8.2.0+4573+c3c38c7b
velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c
xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c
xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c
xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c
xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c
xmlstreambuffer-0:1.5.4-8.module+el8.1.0+3366+6dfb954c
xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c

refmap via4

confirm	https://security.netapp.com/advisory/ntap-20191024-0005/
misc	https://github.com/FasterXML/jackson-databind/issues/2498 https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062 https://www.oracle.com/security-alerts/cpuapr2020.html https://www.oracle.com/security-alerts/cpujan2020.html https://www.oracle.com/security-alerts/cpujul2020.html https://www.oracle.com/security-alerts/cpuoct2020.html
mlist	[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image [debian-lts-announce] 20191210 [SECURITY] [DLA 2030-1] jackson-databind security update [druid-commits] 20200115 [druid] branch 0.17.0 updated: Suppress CVE-2019-20330 for htrace-core-4.0.1 (#9189) (#9191) [geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12 [pulsar-commits] 20191127 [GitHub] [pulsar] massakam opened a new pull request #5758: Bump jackson libraries to 2.10.1

Last major update

13-09-2023 - 14:53

Published

12-10-2019 - 21:15

Last modified

13-09-2023 - 14:53