A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.

Mitigation

There is currently no known mitigation for this flaw.

References

bugzilla.redhat.com/show_bug.cgi?id=1887664

github.com/FasterXML/jackson-databind/issues/2589

nvd.nist.gov/vuln/detail/CVE-2020-25649

www.cve.org/CVERecord?id=CVE-2020-25649

ibm 44

ubuntucve 1

atlassian 1

debian 2

osv 3

nessus 20

openvas 7

debiancve 1

redhat 18

cvelist 1

veracode 1

cve 1

wolfi 1

cgr 1

nvd 1

github 1

prion 1

fedora 1

suse 1

threatpost 1

mageia 1

hp 1

oracle 9

ibm

Security Bulletin: Potential vulnerability with FasterXML jackson-databind

2021-07-30 21:09:43

Security Bulletin: IBM Event Streams is affected by potential data integrity issue (CVE-2020-25649)

2021-10-04 14:10:01

Security Bulletin: IBM Engineering Requirements Management DOORS Next is vulnerable to XML external entity (XXE) attacks due to FasterXML Jackson Databind (CVE-2020-25649)

2022-05-03 18:58:51

ubuntucve

CVE-2020-25649

2020-12-03 00:00:00

atlassian

XXE (XML External Entity Injection) jackson-databind in Jira Software Data Center and Server

2023-12-07 21:45:20

debian

[SECURITY] [DLA 2406-1] jackson-databind security update

2020-10-14 10:31:09

[SECURITY] [DLA 2638-1] jackson-databind security update

2021-04-24 20:50:12

osv

CVE-2020-25649

2020-12-03 17:15:12

jackson-databind - security update

2020-10-14 00:00:00

XML External Entity (XXE) Injection in Jackson Databind

2021-02-18 20:51:54

nessus

RHEL 7 : rh-maven35-jackson-databind (RHSA-2020:4312)

2023-01-23 00:00:00

RHEL 8 : RHV-M(ovirt-engine) 4.4.z security, update [ovirt-4.4.4] (Low) (RHSA-2021:0381)

2021-02-03 00:00:00

RHEL 6 / 7 / 8 : Red Hat JBoss Enterprise Application Platform 7.3 (RHSA-2020:4401)

2020-10-29 00:00:00

openvas

Fedora: Security Advisory for jackson-databind (FEDORA-2021-1d8254899c)

2021-02-10 00:00:00

Debian: Security Advisory (DLA-2406-1)

2020-10-15 00:00:00

SUSE: Security Advisory (SUSE-SU-2022:1678-1)

2022-05-17 00:00:00

debiancve

CVE-2020-25649

2020-12-03 17:15:12

redhat

(RHSA-2020:4379) Important: Red Hat build of Eclipse Vert.x 3.9.4 security update

2020-11-09 16:15:41

(RHSA-2021:1260) Low: Red Hat AMQ Streams 1.7.0 release and security update

2021-04-19 17:59:54

(RHSA-2020:4312) Important: rh-maven35-jackson-databind security update

2020-10-22 16:23:56

cvelist

CVE-2020-25649

2020-12-03 16:16:50

veracode

XML External Entity (XXE)

2020-10-15 05:10:32

cve

CVE-2020-25649

2020-12-03 17:15:12

wolfi

CVE-2020-25649 vulnerabilities

2024-05-29 03:07:31

cgr

CVE-2020-25649 vulnerabilities

2024-05-19 03:07:16

nvd

CVE-2020-25649

2020-12-03 17:15:12

github

XML External Entity (XXE) Injection in Jackson Databind

2021-02-18 20:51:54

prion

Xxe

2020-12-03 17:15:00

fedora

[SECURITY] Fedora 32 Update: jackson-databind-2.10.5.1-1.fc32

2021-02-10 01:30:26

suse

Security update for jackson-databind, jackson-dataformats-binary, jackson-annotations, jackson-bom, jackson-core (important)

2022-05-16 00:00:00

threatpost

IBM Squashes Critical Remote Code-Execution Flaw

2021-02-23 19:36:32

mageia

Updated jackson-databind packages fix security vulnerabilities

2021-03-27 17:27:02

HP Device Manager Security Updates

2023-10-20 00:00:00

oracle

Oracle Critical Patch Update Advisory - October 2023

2023-10-17 00:00:00

Oracle Critical Patch Update Advisory - October 2022

2022-10-18 00:00:00

Oracle Critical Patch Update Advisory - July 2021

2021-07-20 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

EPSS

0.003

Percentile

68.4%

JSON

Related for RH:CVE-2020-25649