Lucene search

K
cve[email protected]CVE-2018-14720
HistoryJan 02, 2019 - 6:29 p.m.

CVE-2018-14720

2019-01-0218:29:00
CWE-502
CWE-611
web.nvd.nist.gov
135
cve-2018-14720
fasterxml
jackson-databind
xxe attack
nvd
security vulnerability

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.4

Confidence

High

EPSS

0.011

Percentile

84.1%

FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity (XXE) attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization.

Affected configurations

NVD
Node
fasterxmljackson-databindRange2.6.02.6.7.2
OR
fasterxmljackson-databindRange2.7.02.7.9.5
OR
fasterxmljackson-databindRange2.8.02.8.11.3
OR
fasterxmljackson-databindRange2.9.02.9.7
OR
fasterxmljackson-databindMatch2.7.0rc1
OR
fasterxmljackson-databindMatch2.7.0rc2
OR
fasterxmljackson-databindMatch2.7.0rc3
OR
fasterxmljackson-databindMatch2.8.0rc1
OR
fasterxmljackson-databindMatch2.8.0rc2
OR
fasterxmljackson-databindMatch2.9.0pr1
OR
fasterxmljackson-databindMatch2.9.0pr2
OR
fasterxmljackson-databindMatch2.9.0pr3
OR
fasterxmljackson-databindMatch2.9.0pr4
Node
debiandebian_linuxMatch8.0
OR
debiandebian_linuxMatch9.0
Node
oraclebanking_platformMatch2.5.0
OR
oraclebanking_platformMatch2.6.0
OR
oraclebanking_platformMatch2.6.1
OR
oraclebanking_platformMatch2.6.2
OR
oraclecommunications_billing_and_revenue_managementMatch7.5
OR
oraclecommunications_billing_and_revenue_managementMatch12.0
OR
oracleenterprise_manager_for_virtualizationMatch13.2.2
OR
oracleenterprise_manager_for_virtualizationMatch13.2.3
OR
oracleenterprise_manager_for_virtualizationMatch13.3.1
OR
oraclefinancial_services_analytical_applications_infrastructureMatch8.0.2
OR
oraclefinancial_services_analytical_applications_infrastructureMatch8.0.3
OR
oraclefinancial_services_analytical_applications_infrastructureMatch8.0.4
OR
oraclefinancial_services_analytical_applications_infrastructureMatch8.0.5
OR
oraclefinancial_services_analytical_applications_infrastructureMatch8.0.6
OR
oraclefinancial_services_analytical_applications_infrastructureMatch8.0.7
OR
oraclejdeveloperMatch12.1.3.0.0
OR
oraclejdeveloperMatch12.2.1.3.0
OR
oracleprimavera_unifierRange17.117.12
OR
oracleprimavera_unifierMatch16.1
OR
oracleprimavera_unifierMatch16.2
OR
oracleprimavera_unifierMatch18.8
OR
oracleretail_merchandising_systemMatch15.0
OR
oracleretail_merchandising_systemMatch16.0
OR
oraclewebcenter_portalMatch12.2.1.3.0
Node
redhatjboss_enterprise_application_platformMatch7.2.0
OR
redhatopenshift_container_platformMatch3.11
VendorProductVersionCPE
fasterxmljackson-databind2.8.0cpe:/a:fasterxml:jackson-databind:2.8.0:rc2::
fasterxmljackson-databind2.7.0cpe:/a:fasterxml:jackson-databind:2.7.0:rc3::
fasterxmljackson-databind2.9.0cpe:/a:fasterxml:jackson-databind:2.9.0:pr1::
fasterxmljackson-databind2.9.0cpe:/a:fasterxml:jackson-databind:2.9.0:pr2::
fasterxmljackson-databind2.7.0cpe:/a:fasterxml:jackson-databind:2.7.0:rc2::
fasterxmljackson-databind2.7.0cpe:/a:fasterxml:jackson-databind:2.7.0:rc1::
fasterxmljackson-databind2.9.0cpe:/a:fasterxml:jackson-databind:2.9.0:pr4::
fasterxmljackson-databind2.8.0cpe:/a:fasterxml:jackson-databind:2.8.0:rc1::
fasterxmljackson-databind2.9.0cpe:/a:fasterxml:jackson-databind:2.9.0:pr3::

References

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.4

Confidence

High

EPSS

0.011

Percentile

84.1%