CVE-2018-12023

🗓️ 17 Mar 2019 17:57:52Reported by mitreType

cve

cve🔗 web.nvd.nist.gov👁 372 Views

Jackson-databind CVE-2018-12023 allows remote attackers to execute arbitrary code via LDAP service

Reporter	Title	Published	Views	Family All 166
IBM Security Bulletins	Security Bulletin: Vulnerabilities in jackson-databind affect IBM watsonx.data	18 Sep 202416:36	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Maximo Asset Management is vulnerable to Multiple Jackson-Databind CVEs - February 2020	1 Mar 202212:38	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Security Guardium Insights is affected by Components with known vulnerabilities	6 Oct 202112:30	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in jackson-databind affect watsonx.data	14 Aug 202415:40	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple CVEs affect IBM Integration Designer	1 Feb 202319:40	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in IBM Guardium Data Encryption (GDE)	12 Jan 202114:42	–	ibm
IBM Security Bulletins	Security Bulletin: z/Transaction Processing Facility is affected by multiple vulnerabilities in the jackson-databind, jackson-dataformat-xml, jackson-core, slf4j-ext, and cxf-core packages	10 Oct 202222:34	–	ibm
IBM Security Bulletins	Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to security vulnerabilities.	29 May 202015:46	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in jackson-databind affect IBM Application Performance Management products	15 Sep 202305:44	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Disconnected Log Collector is vulnerable to using components with known vulnerabilities	29 Sep 202318:56	–	ibm

NVD

Node

fasterxml jackson-databindRange2.7.0–2.7.9.4

OR

fasterxml jackson-databindRange2.8.0–2.8.11.2

OR

fasterxml jackson-databindRange2.9.0–2.9.6

Node

debian debian_linuxMatch9.0

OR

fedoraproject fedoraMatch29

Node

oracle jd_edwards_enterpriseone_toolsMatch9.2

OR

oracle retail_merchandising_systemMatch15.0

Node

redhat automation_managerMatch7.3.1

OR

redhat decision_managerMatch7.3.1

OR

redhat jboss_brmsMatch6.4.10

OR

redhat jboss_enterprise_application_platformMatch7.2.0

OR

redhat openshift_container_platformMatch3.11

OR

redhat single_sign-onMatch7.3

Source	Link
github	www.github.com/FasterXML/jackson-databind/commit/28badf7ef60ac3e7ef151cd8e8ec010b8479226a
access	www.access.redhat.com/errata/RHSA-2019:2858
oracle	www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
access	www.access.redhat.com/errata/RHSA-2019:1782
access	www.access.redhat.com/errata/RHSA-2019:1107
access	www.access.redhat.com/errata/RHSA-2019:0877
lists	www.lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E
oracle	www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
security	www.security.netapp.com/advisory/ntap-20190530-0003/
access	www.access.redhat.com/errata/RHSA-2019:0782

21 Nov 2024 03:44Current

8.4High risk

Vulners AI Score8.4

CVSS 25.1

CVSS 37.5

EPSS0.04938

cve-2018-12023 jackson-databind remote code execution ldap security vulnerability nvd