Lucene search

[email protected]NVD:CVE-2018-19361

HistoryJan 02, 2019 - 6:29 p.m.

CVE-2018-19361

2019-01-0218:29:00

CWE-502

[email protected]

web.nvd.nist.gov

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.8

Confidence

High

EPSS

0.005

Percentile

76.7%

JSON

FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the openjpa class from polymorphic deserialization.

Affected configurations

Nvd

Node

fasterxmljackson-databindRange2.6.0–2.6.7.2

fasterxmljackson-databindRange2.7.0–2.7.9.5

fasterxmljackson-databindRange2.8.0–2.8.11.3

fasterxmljackson-databindRange2.9.0–2.9.8

Node

debiandebian_linuxMatch8.0

debiandebian_linuxMatch9.0

Node

oraclebusiness_process_management_suiteMatch12.1.3.0.0

oraclebusiness_process_management_suiteMatch12.2.1.3.0

oracleprimavera_p6_enterprise_project_portfolio_managementRange17.7–17.12

oracleprimavera_p6_enterprise_project_portfolio_managementMatch15.1

oracleprimavera_p6_enterprise_project_portfolio_managementMatch15.2

oracleprimavera_p6_enterprise_project_portfolio_managementMatch16.1

oracleprimavera_p6_enterprise_project_portfolio_managementMatch16.2

oracleprimavera_p6_enterprise_project_portfolio_managementMatch18.8

oracleprimavera_unifierRange17.7–17.12

oracleprimavera_unifierMatch16.1

oracleprimavera_unifierMatch16.2

oracleprimavera_unifierMatch18.8

oracleretail_workforce_management_softwareMatch1.60.9.0.0

oraclewebcenter_portalMatch12.2.1.3.0

Node

redhatautomation_managerMatch7.3.1

redhatdecision_managerMatch7.3.1

redhatjboss_bpm_suiteMatch6.4.11

redhatjboss_brmsMatch6.4.10

redhatopenshift_container_platformMatch3.11

VendorProductVersionCPE
fasterxmljackson-databind*cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*
debiandebian_linux8.0cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
debiandebian_linux9.0cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
oraclebusiness_process_management_suite12.1.3.0.0cpe:2.3:a:oracle:business_process_management_suite:12.1.3.0.0:*:*:*:*:*:*:*
oraclebusiness_process_management_suite12.2.1.3.0cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*
oracleprimavera_p6_enterprise_project_portfolio_management*cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*
oracleprimavera_p6_enterprise_project_portfolio_management15.1cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:15.1:*:*:*:*:*:*:*
oracleprimavera_p6_enterprise_project_portfolio_management15.2cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:15.2:*:*:*:*:*:*:*
oracleprimavera_p6_enterprise_project_portfolio_management16.1cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:16.1:*:*:*:*:*:*:*
oracleprimavera_p6_enterprise_project_portfolio_management16.2cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:16.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
fasterxml	jackson-databind	*	cpe:2.3:a:fasterxml:jackson-databind::::::::
debian	debian_linux	8.0	cpe:2.3:o:debian:debian_linux:8.0:::::::*
debian	debian_linux	9.0	cpe:2.3:o:debian:debian_linux:9.0:::::::*
oracle	business_process_management_suite	12.1.3.0.0	cpe:2.3:a:oracle:business_process_management_suite:12.1.3.0.0:::::::*
oracle	business_process_management_suite	12.2.1.3.0	cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:::::::*
oracle	primavera_p6_enterprise_project_portfolio_management	*	cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management::::::::
oracle	primavera_p6_enterprise_project_portfolio_management	15.1	cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:15.1:::::::*
oracle	primavera_p6_enterprise_project_portfolio_management	15.2	cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:15.2:::::::*
oracle	primavera_p6_enterprise_project_portfolio_management	16.1	cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:16.1:::::::*
oracle	primavera_p6_enterprise_project_portfolio_management	16.2	cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:16.2:::::::*

Rows per page:

1-10 of 221

References

www.securityfocus.com/bid/107985

access.redhat.com/errata/RHBA-2019:0959

access.redhat.com/errata/RHSA-2019:0782

access.redhat.com/errata/RHSA-2019:0877

access.redhat.com/errata/RHSA-2019:1782

access.redhat.com/errata/RHSA-2019:1797

access.redhat.com/errata/RHSA-2019:1822

access.redhat.com/errata/RHSA-2019:1823

access.redhat.com/errata/RHSA-2019:2804

access.redhat.com/errata/RHSA-2019:2858

access.redhat.com/errata/RHSA-2019:3002

access.redhat.com/errata/RHSA-2019:3140

access.redhat.com/errata/RHSA-2019:3149

access.redhat.com/errata/RHSA-2019:3892

access.redhat.com/errata/RHSA-2019:4037

github.com/FasterXML/jackson-databind/commit/42912cac4753f3f718ece875e4d486f8264c2f2b

github.com/FasterXML/jackson-databind/issues/2186

github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.8

issues.apache.org/jira/browse/TINKERPOP-2121

lists.apache.org/thread.html/37e1ed724a1b0e5d191d98c822c426670bdfde83804567131847d2a3%40%3Cdevnull.infra.apache.org%3E

lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E

lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E

lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E

lists.apache.org/thread.html/c70da3cb6e3f03e0ad8013e38b6959419d866c4a7c80fdd34b73f25c%40%3Ccommits.pulsar.apache.org%3E

lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E

lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3E

lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E

lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E

lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E

lists.debian.org/debian-lts-announce/2019/03/msg00005.html

seclists.org/bugtraq/2019/May/68

security.netapp.com/advisory/ntap-20190530-0003/

www.debian.org/security/2019/dsa-4452

www.oracle.com/security-alerts/cpuapr2020.html

www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.8

Confidence

High

EPSS

0.005

Percentile

76.7%

JSON

Related for NVD:CVE-2018-19361

debiancve1 osv5 redhatcve1 prion1 github1 veracode1 ubuntucve1 cvelist1 cve1 ibm27 nessus9 redhat16 debian2 openvas21 fedora18 ubuntu1 hp1 oracle4