Lucene search

MitreCVE-2020-11619

HistoryApr 07, 2020 - 11:15 p.m.

CVE-2020-11619

2020-04-0723:15:12

CWE-502

mitre

web.nvd.nist.gov

183

cve-2020-11619

fasterxml

jackson-databind

serialization gadgets

typing

org.springframework

spring-aop

security vulnerability

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

0.05

Percentile

92.9%

JSON

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).

Affected configurations

Nvd

Node

fasterxmljackson-databindRange2.9.0–2.9.10.4

Node

debiandebian_linuxMatch8.0

Node

netappactive_iq_unified_managerRange7.3≥linux

netappactive_iq_unified_managerRange7.3≥windows

netappactive_iq_unified_managerRange9.5≥vmware_vsphere

netappsteelstore_cloud_integrated_storageMatch-

Node

oracleagile_plmMatch9.3.6

oraclebanking_platformRange2.4.0–2.9.0

oraclecommunications_calendar_serverMatch8.0.0.4.0

oraclecommunications_contacts_serverMatch8.0.0.4.0

oraclecommunications_contacts_serverMatch8.0.0.5.0

oraclecommunications_diameter_signaling_routerRange8.0.0–8.2.2

oraclecommunications_evolved_communications_application_serverMatch7.1

oraclecommunications_instant_messaging_serverMatch10.0.1.4.0

oraclecommunications_network_charging_and_controlRange12.0.0–12.0.3

oraclecommunications_network_charging_and_controlMatch6.0.1

oracleenterprise_manager_base_platformMatch13.3.0.0

oracleenterprise_manager_base_platformMatch13.4.0.0

oracleglobal_lifecycle_management_opatchRange<12.2.0.1.20

oraclejd_edwards_enterpriseone_orchestratorRange<9.2.4.2

oraclejd_edwards_enterpriseone_toolsRange<9.2.4.2

oracleprimavera_unifierRange17.7–17.12

oracleprimavera_unifierMatch16.1

oracleprimavera_unifierMatch16.2

oracleprimavera_unifierMatch18.8

oracleprimavera_unifierMatch19.12

oracleretail_merchandising_systemMatch15.0

oracleretail_sales_auditMatch14.1

oracleretail_xstore_point_of_serviceMatch15.0

oracleretail_xstore_point_of_serviceMatch16.0

oracleretail_xstore_point_of_serviceMatch17.0

oracleretail_xstore_point_of_serviceMatch18.0

oracleretail_xstore_point_of_serviceMatch19.0

oracleweblogic_serverMatch12.2.1.3.0

oracleweblogic_serverMatch12.2.1.4.0

VendorProductVersionCPE
fasterxmljackson-databind*cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*
debiandebian_linux8.0cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
netappactive_iq_unified_manager*cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:linux:*:*
netappactive_iq_unified_manager*cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*
netappactive_iq_unified_manager*cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*
netappsteelstore_cloud_integrated_storage-cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
oracleagile_plm9.3.6cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*
oraclebanking_platform*cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:*
oraclecommunications_calendar_server8.0.0.4.0cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*
oraclecommunications_contacts_server8.0.0.4.0cpe:2.3:a:oracle:communications_contacts_server:8.0.0.4.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
fasterxml	jackson-databind	*	cpe:2.3:a:fasterxml:jackson-databind::::::::
debian	debian_linux	8.0	cpe:2.3:o:debian:debian_linux:8.0:::::::*
netapp	active_iq_unified_manager	*	cpe:2.3:a:netapp:active_iq_unified_manager::::::linux::*
netapp	active_iq_unified_manager	*	cpe:2.3:a:netapp:active_iq_unified_manager::::::windows::*
netapp	active_iq_unified_manager	*	cpe:2.3:a:netapp:active_iq_unified_manager::::::vmware_vsphere::*
netapp	steelstore_cloud_integrated_storage	-	cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:::::::*
oracle	agile_plm	9.3.6	cpe:2.3:a:oracle:agile_plm:9.3.6:::::::*
oracle	banking_platform	*	cpe:2.3:a:oracle:banking_platform::::::::
oracle	communications_calendar_server	8.0.0.4.0	cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:::::::*
oracle	communications_contacts_server	8.0.0.4.0	cpe:2.3:a:oracle:communications_contacts_server:8.0.0.4.0:::::::*