Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2019:3200
HistoryOct 24, 2019 - 9:16 a.m.

(RHSA-2019:3200) Moderate: Red Hat AMQ Streams 1.3.0 release and security update

2019-10-2409:16:50
access.redhat.com
89

0.533 Medium

EPSS

Percentile

97.6%

JSON

Red Hat AMQ Streams, based on the Apache Kafka project, offers a distributed backbone that allows microservices and other applications to share data with extremely high throughput and extremely low latency.

This release of Red Hat AMQ Streams 1.3.0 serves as a replacement for Red Hat AMQ Streams 1.2.0, and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section.

Security Fix(es):

  • jackson-databind: failure to block the logback-core class from polymorphic deserialization leading to remote code execution (CVE-2019-12384)

  • jackson-databind: default typing mishandling leading to remote code execution (CVE-2019-14379)

  • jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server (CVE-2019-12086)

  • jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server via crafted JSON message (CVE-2019-12814)

  • jackson-databind: Polymorphic typing issue related to logback/JNDI (CVE-2019-14439)

  • jackson-databind: polymorphic typing issue related to com.zaxxer.hikari.HikariConfig (CVE-2019-14540)

  • jackson-databind: polymorphic typing issue related to com.zaxxer.hikari.HikariDataSource (CVE-2019-16335)

  • jackson-databind: Serialization gadgets in classes of the ehcache package (CVE-2019-17267)

  • jackson-databind: Serialization gadgets in classes of the commons-configuration package (no CVE assigned)

  • jackson-databind: Serialization gadgets in classes of the xalan package (no CVE assigned)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Related

fedora 22
openvas 28
ibm 24
nessus 20
symantec 2
redhat 15
debian 5
osv 17
debiancve 5
cloudfoundry 1
nvd 6
github 7
cvelist 6
redhatcve 6
ubuntucve 7
cve 7
prion 5
veracode 5
rocky 2
atlassian 1
githubexploit 4
freebsd 1
almalinux 1
oraclelinux 2
fedora
fedora
[SECURITY] Fedora 31 Update: jackson-bom-2.9.9-1.fc31
2019-09-18 00:07:22
[SECURITY] Fedora 30 Update: jackson-databind-2.9.9.3-1.fc30
2019-09-22 02:26:43
[SECURITY] Fedora 31 Update: jackson-core-2.9.9-1.fc31
2019-09-18 00:07:22
openvas
openvas
Fedora Update for jackson-annotations FEDORA-2019-ae6a703b8f
2019-09-23 00:00:00
Fedora Update for jackson-bom FEDORA-2019-fb23eccc03
2019-09-23 00:00:00
Fedora Update for jackson-core FEDORA-2019-fb23eccc03
2019-09-23 00:00:00
ibm
ibm
Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in Jackson databind
2020-05-18 22:54:36
Security Bulletin: Multiple vulnerabilities in jackson-databind affect IBM Platform Symphony and IBM Spectrum Symphony
2019-10-22 07:37:22
Security Bulletin: IBM Event Streams is affected by jackson-databind vulnerabilities
2019-10-21 16:12:00
nessus
nessus
Fedora 29 : jackson-annotations / jackson-bom / jackson-core / jackson-databind (2019-fb23eccc03)
2019-09-23 00:00:00
Fedora 31 : jackson-annotations / jackson-bom / jackson-core / jackson-databind (2019-99ff6aa32c)
2019-10-07 00:00:00
Fedora 30 : jackson-annotations / jackson-bom / jackson-core / jackson-databind (2019-ae6a703b8f)
2019-09-23 00:00:00
symantec
symantec
FasterXML Jackson-databind CVE-2019-14540 Information Disclosure Vulnerability
2020-01-14 00:00:00
FasterXML Jackson-databind CVE-2019-12814 Information Disclosure Vulnerability
2019-06-19 00:00:00
redhat
redhat
(RHSA-2019:3292) Important: Red Hat Decision Manager 7.5.0 Security Update
2019-10-31 17:24:46
(RHSA-2019:3297) Important: Red Hat Process Automation Manager 7.5.0 Security Update
2019-10-31 19:07:44
(RHSA-2019:2935) Important: Red Hat JBoss Enterprise Application Platform 7.2.4 on RHEL 6 Security update
2019-09-30 22:35:42
debian
debian
[SECURITY] [DSA 4542-1] jackson-databind security update
2019-10-06 08:28:37
[SECURITY] [DSA 4542-1] jackson-databind security update
2019-10-06 08:28:37
[SECURITY] [DLA 1831-1] jackson-databind security update
2019-06-21 15:09:36
osv
osv
jackson-databind - security update
2019-10-06 00:00:00
Polymorphic Typing issue in FasterXML jackson-databind
2019-09-23 18:33:45
jackson-databind - security update
2019-08-12 00:00:00
debiancve
debiancve
CVE-2019-16335
2019-09-15 22:15:10
CVE-2019-17267
2019-10-07 00:15:10
CVE-2019-14379
2019-07-29 12:15:16
cloudfoundry
cloudfoundry
Various CVEs: UAA consumes vulnerable versions of FasterXML jackson-databind | Cloud Foundry
2019-11-13 00:00:00
nvd
nvd
CVE-2019-16335
2019-09-15 22:15:10
CVE-2019-14439
2019-07-30 11:15:11
CVE-2019-14379
2019-07-29 12:15:16
github
github
Polymorphic Typing issue in FasterXML jackson-databind
2019-09-23 18:33:45
Improper Input Validation in jackson-databind
2020-06-15 18:44:48
Deserialization of untrusted data in FasterXML jackson-databind
2019-07-17 15:26:12
cvelist
cvelist
CVE-2019-16335
2019-09-15 21:45:50
CVE-2019-14439
2019-07-30 10:49:43
CVE-2019-12814
2019-06-19 13:24:44
redhatcve
redhatcve
CVE-2019-16335
2021-08-22 13:15:03
CVE-2019-14379
2021-07-18 00:18:58
CVE-2019-17267
2020-04-06 04:58:17
ubuntucve
ubuntucve
CVE-2019-16335
2019-09-15 00:00:00
CVE-2019-17267
2019-10-07 00:00:00
CVE-2019-12384
2019-06-24 00:00:00
cve
cve
CVE-2019-16335
2019-09-15 22:15:10
CVE-2019-14379
2019-07-29 12:15:16
CVE-2019-12814
2019-06-19 14:15:10
prion
prion
Design/Logic Flaw
2019-09-15 22:15:00
Design/Logic Flaw
2019-10-07 00:15:00
Remote code execution
2019-07-29 12:15:00
veracode
veracode
Deserialization Of Untrusted Data
2019-09-16 07:58:38
Remote Code Execution
2019-10-08 02:07:41
Remote Code Execution (RCE)
2019-07-30 05:10:45
rocky
rocky
pki-core:10.6 and pki-deps:10:6 bug fix and enhancement update
2019-11-05 17:43:24
pki-deps:10.6 security update
2019-09-10 15:32:49
atlassian
atlassian
RCE jackson-databind
2019-11-19 20:26:41
githubexploit
githubexploit
Exploit for Deserialization of Untrusted Data in Fasterxml Jackson-Databind
2020-05-22 17:10:10
Exploit for Deserialization of Untrusted Data in Fasterxml Jackson-Databind
2019-05-26 03:19:49
Exploit for Deserialization of Untrusted Data in Fasterxml Jackson-Databind
2019-07-26 03:24:38
freebsd
freebsd
Payara -- A Polymorphic Typing issue in FasterXML jackson-databind
2019-05-17 00:00:00
almalinux
almalinux
Moderate: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update
2020-04-28 09:00:20
oraclelinux
oraclelinux
pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update
2020-05-05 00:00:00
pki-deps:10.6 security update
2019-09-17 00:00:00

0.533 Medium

EPSS

Percentile

97.6%

JSON
Related for RHSA-2019:3200
fedora22openvas28ibm24nessus20symantec2redhat15debian5osv17debiancve5cloudfoundry1nvd6github7cvelist6redhatcve6ubuntucve7cve7prion5veracode5rocky2atlassian1githubexploit4freebsd1almalinux1oraclelinux2