ID CVE-2020-35728
Summary FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).
References
Vulnerable Configurations
  • cpe:2.3:a:fasterxml:jackson-databind:2.9.0:*:*:*:*:*:*:*
    cpe:2.3:a:fasterxml:jackson-databind:2.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:fasterxml:jackson-databind:2.9.0:-:*:*:*:*:*:*
    cpe:2.3:a:fasterxml:jackson-databind:2.9.0:-:*:*:*:*:*:*
  • cpe:2.3:a:fasterxml:jackson-databind:2.9.0:prerelease1:*:*:*:*:*:*
    cpe:2.3:a:fasterxml:jackson-databind:2.9.0:prerelease1:*:*:*:*:*:*
  • cpe:2.3:a:fasterxml:jackson-databind:2.9.0:prerelease2:*:*:*:*:*:*
    cpe:2.3:a:fasterxml:jackson-databind:2.9.0:prerelease2:*:*:*:*:*:*
  • cpe:2.3:a:fasterxml:jackson-databind:2.9.0:prerelease3:*:*:*:*:*:*
    cpe:2.3:a:fasterxml:jackson-databind:2.9.0:prerelease3:*:*:*:*:*:*
  • cpe:2.3:a:fasterxml:jackson-databind:2.9.0:prerelease4:*:*:*:*:*:*
    cpe:2.3:a:fasterxml:jackson-databind:2.9.0:prerelease4:*:*:*:*:*:*
  • cpe:2.3:a:fasterxml:jackson-databind:2.9.1:*:*:*:*:*:*:*
    cpe:2.3:a:fasterxml:jackson-databind:2.9.1:*:*:*:*:*:*:*
  • cpe:2.3:a:fasterxml:jackson-databind:2.9.2:*:*:*:*:*:*:*
    cpe:2.3:a:fasterxml:jackson-databind:2.9.2:*:*:*:*:*:*:*
  • cpe:2.3:a:fasterxml:jackson-databind:2.9.3:*:*:*:*:*:*:*
    cpe:2.3:a:fasterxml:jackson-databind:2.9.3:*:*:*:*:*:*:*
  • cpe:2.3:a:fasterxml:jackson-databind:2.9.4:*:*:*:*:*:*:*
    cpe:2.3:a:fasterxml:jackson-databind:2.9.4:*:*:*:*:*:*:*
  • cpe:2.3:a:fasterxml:jackson-databind:2.9.5:*:*:*:*:*:*:*
    cpe:2.3:a:fasterxml:jackson-databind:2.9.5:*:*:*:*:*:*:*
  • cpe:2.3:a:fasterxml:jackson-databind:2.9.6:*:*:*:*:*:*:*
    cpe:2.3:a:fasterxml:jackson-databind:2.9.6:*:*:*:*:*:*:*
  • cpe:2.3:a:fasterxml:jackson-databind:2.9.7:*:*:*:*:*:*:*
    cpe:2.3:a:fasterxml:jackson-databind:2.9.7:*:*:*:*:*:*:*
  • cpe:2.3:a:fasterxml:jackson-databind:2.9.8:*:*:*:*:*:*:*
    cpe:2.3:a:fasterxml:jackson-databind:2.9.8:*:*:*:*:*:*:*
  • cpe:2.3:a:fasterxml:jackson-databind:2.9.9:*:*:*:*:*:*:*
    cpe:2.3:a:fasterxml:jackson-databind:2.9.9:*:*:*:*:*:*:*
  • cpe:2.3:a:fasterxml:jackson-databind:2.9.9.1:*:*:*:*:*:*:*
    cpe:2.3:a:fasterxml:jackson-databind:2.9.9.1:*:*:*:*:*:*:*
  • cpe:2.3:a:fasterxml:jackson-databind:2.9.9.2:*:*:*:*:*:*:*
    cpe:2.3:a:fasterxml:jackson-databind:2.9.9.2:*:*:*:*:*:*:*
  • cpe:2.3:a:fasterxml:jackson-databind:2.9.9.3:*:*:*:*:*:*:*
    cpe:2.3:a:fasterxml:jackson-databind:2.9.9.3:*:*:*:*:*:*:*
  • cpe:2.3:a:fasterxml:jackson-databind:2.9.9.4:*:*:*:*:*:*:*
    cpe:2.3:a:fasterxml:jackson-databind:2.9.9.4:*:*:*:*:*:*:*
  • cpe:2.3:a:fasterxml:jackson-databind:2.9.10:*:*:*:*:*:*:*
    cpe:2.3:a:fasterxml:jackson-databind:2.9.10:*:*:*:*:*:*:*
  • cpe:2.3:a:fasterxml:jackson-databind:2.9.10.1:*:*:*:*:*:*:*
    cpe:2.3:a:fasterxml:jackson-databind:2.9.10.1:*:*:*:*:*:*:*
  • cpe:2.3:a:fasterxml:jackson-databind:2.9.10.2:*:*:*:*:*:*:*
    cpe:2.3:a:fasterxml:jackson-databind:2.9.10.2:*:*:*:*:*:*:*
  • cpe:2.3:a:fasterxml:jackson-databind:2.9.10.3:*:*:*:*:*:*:*
    cpe:2.3:a:fasterxml:jackson-databind:2.9.10.3:*:*:*:*:*:*:*
  • cpe:2.3:a:fasterxml:jackson-databind:2.9.10.4:*:*:*:*:*:*:*
    cpe:2.3:a:fasterxml:jackson-databind:2.9.10.4:*:*:*:*:*:*:*
  • cpe:2.3:a:fasterxml:jackson-databind:2.9.10.5:*:*:*:*:*:*:*
    cpe:2.3:a:fasterxml:jackson-databind:2.9.10.5:*:*:*:*:*:*:*
  • cpe:2.3:a:fasterxml:jackson-databind:2.9.10.6:*:*:*:*:*:*:*
    cpe:2.3:a:fasterxml:jackson-databind:2.9.10.6:*:*:*:*:*:*:*
  • cpe:2.3:a:fasterxml:jackson-databind:2.9.10.7:*:*:*:*:*:*:*
    cpe:2.3:a:fasterxml:jackson-databind:2.9.10.7:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:service_level_manager:-:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:service_level_manager:-:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:17.7:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:primavera_unifier:17.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:17.8:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:primavera_unifier:17.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:17.9:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:primavera_unifier:17.9:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:17.10:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:primavera_unifier:17.10:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:17.11:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:primavera_unifier:17.11:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:17.12:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:primavera_unifier:17.12:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_policy_management:12.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:communications_policy_management:12.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_merchandising_system:15.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:retail_merchandising_system:15.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:goldengate_application_adapters:19.1.0.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:goldengate_application_adapters:19.1.0.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:autovue:21.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:autovue:21.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_rules_palette:11.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:insurance_rules_palette:11.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:commerce_platform:11.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:commerce_platform:11.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:commerce_platform:11.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:commerce_platform:11.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:commerce_platform:11.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:commerce_platform:11.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:commerce_platform:11.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:commerce_platform:11.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_service_backbone:15.0.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:retail_service_backbone:15.0.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_service_backbone:14.1.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:retail_service_backbone:14.1.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:-:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:-:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:4.0.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:4.0.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.1:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.1.5:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.1.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2.4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_virtual_account_management:14.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:banking_virtual_account_management:14.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:-:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:-:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:9.2:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:9.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:9.2.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:9.2.4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:9.2.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:9.2.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:9.2.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:9.2.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:9.2.5.3:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:9.2.5.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_rules_palette:11.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:insurance_rules_palette:11.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_rules_palette:11.1.0.15:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:insurance_rules_palette:11.1.0.15:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_rules_palette:11.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:insurance_rules_palette:11.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_rules_palette:11.2.0.26:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:insurance_rules_palette:11.2.0.26:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_rules_palette:11.2.7:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:insurance_rules_palette:11.2.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_rules_palette:11.2.8:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:insurance_rules_palette:11.2.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_rules_palette:11.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:insurance_rules_palette:11.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_policy_administration:11.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:insurance_policy_administration:11.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_policy_administration:11.2.7:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:insurance_policy_administration:11.2.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_policy_administration:11.2.8:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:insurance_policy_administration:11.2.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_policy_administration:11.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:insurance_policy_administration:11.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_gateway:20.12.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:primavera_gateway:20.12.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_gateway:19.12.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:primavera_gateway:19.12.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_gateway:19.12.4:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:primavera_gateway:19.12.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_gateway:19.12.10:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:primavera_gateway:19.12.10:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_gateway:18.8.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:primavera_gateway:18.8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_gateway:18.8.8:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:primavera_gateway:18.8.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_gateway:18.8.8.1:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:primavera_gateway:18.8.8.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_gateway:18.8.9:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:primavera_gateway:18.8.9:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_gateway:18.8.11:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:primavera_gateway:18.8.11:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_gateway:17.12.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:primavera_gateway:17.12.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_gateway:17.12.6:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:primavera_gateway:17.12.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_gateway:17.12.7:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:primavera_gateway:17.12.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_gateway:17.12.8:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:primavera_gateway:17.12.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_gateway:17.12.9:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:primavera_gateway:17.12.9:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_gateway:17.12.10:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:primavera_gateway:17.12.10:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_gateway:17.12.11:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:primavera_gateway:17.12.11:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.4.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.4.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_convergent_charging_controller:12.0.4.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:communications_convergent_charging_controller:12.0.4.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:16.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:16.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:16.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:16.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:16.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:16.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:17.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:17.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:17.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:17.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:18.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:18.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:18.1:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:18.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_service_backbone:16.0.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:retail_service_backbone:16.0.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.2:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.3:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.5:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.2:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.3:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.5:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_supply_chain_finance:14.2:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:banking_supply_chain_finance:14.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_supply_chain_finance:14.3:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:banking_supply_chain_finance:14.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_supply_chain_finance:14.5:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:banking_supply_chain_finance:14.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_treasury_management:14.4:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:banking_treasury_management:14.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_diameter_signaling_route:8.0.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:communications_diameter_signaling_route:8.0.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_diameter_signaling_route:8.3:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:communications_diameter_signaling_route:8.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_diameter_signaling_route:8.5.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:communications_diameter_signaling_route:8.5.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_route_manager:8.2.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:communications_session_route_manager:8.2.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_route_manager:8.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:communications_session_route_manager:8.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_route_manager:8.2.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:communications_session_route_manager:8.2.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_report_manager:8.0.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:communications_session_report_manager:8.0.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_report_manager:8.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:communications_session_report_manager:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_report_manager:8.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:communications_session_report_manager:8.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_report_manager:8.2.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:communications_session_report_manager:8.2.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:18.8.2:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:primavera_unifier:18.8.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:18.8.3:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:primavera_unifier:18.8.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:18.8.4:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:primavera_unifier:18.8.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_extensibility_workbench:14.2:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:banking_extensibility_workbench:14.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_extensibility_workbench:14.3:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:banking_extensibility_workbench:14.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_extensibility_workbench:14.5:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:banking_extensibility_workbench:14.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_element_manager:8.2.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:communications_element_manager:8.2.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_element_manager:8.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:communications_element_manager:8.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_element_manager:8.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:communications_element_manager:8.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_element_manager:8.2.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:communications_element_manager:8.2.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_element_manager:8.2.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:communications_element_manager:8.2.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:blockchain_platform:-:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:blockchain_platform:-:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_virtual_account_management:14.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:banking_virtual_account_management:14.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_virtual_account_management:14.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:banking_virtual_account_management:14.5.0:*:*:*:*:*:*:*
CVSS
Base: 6.8 (as of 02-09-2022 - 14:50)
Impact:
Exploitability:
CWE CWE-502
CAPEC
  • Object Injection
    An adversary attempts to exploit an application by injecting additional, malicious content during its processing of serialized objects. Developers leverage serialization in order to convert data or state into a static, binary format for saving to disk or transferring over a network. These objects are then deserialized when needed to recover the data/state. By injecting a malformed object into a vulnerable application, an adversary can potentially compromise the application by manipulating the deserialization process. This can result in a number of unwanted outcomes, including remote code execution.
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:P/A:P
refmap via4
misc
Last major update 02-09-2022 - 14:50
Published 27-12-2020 - 05:15
Last modified 02-09-2022 - 14:50
Back to Top