CVE-2018-5968

🗓️ 22 Jan 2018 04:00:00Reported by mitreType

cve🔗 web.nvd.nist.gov📰️ 3 Media mentions👁 213 Views

FasterXML jackson-databind allows unauthenticated remote code execution via deserialization flaws

Reporter	Title	Published	Views	Family All 81
IBM Security Bulletins	Security Bulletin: IBM Maximo Asset Management is vulnerable to Multiple Jackson-Databind CVEs - February 2020	1 Mar 202212:38	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Security Guardium Insights is affected by Components with known vulnerabilities	6 Oct 202112:30	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in jackson-databind affect watsonx.data	14 Aug 202415:40	–	ibm
IBM Security Bulletins	Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in Jackson databind	2 Jun 202123:46	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Data Risk Manager is affected by multiple vulnerabilities	13 Aug 202122:15	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in IBM Guardium Data Encryption (GDE)	12 Jan 202114:42	–	ibm
IBM Security Bulletins	Security Bulletin: z/Transaction Processing Facility is affected by multiple vulnerabilities in the jackson-databind, jackson-dataformat-xml, jackson-core, slf4j-ext, and cxf-core packages	10 Oct 202222:34	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities within Jackson JSON library affect IBM Business Automation Workflow (CVE-2017-17485, CVE-2018-5968, CVE-2018-7489)	3 Jan 202315:55	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in Jackson-databind affect IBM InfoSphere Information Server	12 Jul 201800:16	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in jackson-databind affect IBM Application Performance Management products	15 Sep 202305:44	–	ibm

NVD

Node

fasterxml jackson-databindRange2.0.0–2.6.7.3

fasterxml jackson-databindRange2.7.0–2.7.9.2

fasterxml jackson-databindRange2.8.0–2.8.11.1

fasterxml jackson-databindRange2.9.0–2.9.4

Node

debian debian_linuxMatch8.0

debian debian_linuxMatch9.0

Node

redhat openshift_container_platformMatch4.1

redhat virtualizationMatch4.0

redhat virtualization_hostMatch4.0

AND

redhat enterprise_linux_serverMatch7.0

Node

redhat jboss_enterprise_application_platformMatch7.1

AND

redhat enterprise_linux_serverMatch6.0

redhat enterprise_linux_serverMatch7.0

Node

redhat openshift_container_platformMatch3.11

Node

netapp e-series_santricity_os_controllerRange11.0.0–11.60.3

netapp e-series_santricity_web_services_proxyMatch-

netapp oncommand_shiftMatch-

Source	Link
support	www.support.hpe.com/hpsc/doc/public/display
debian	www.debian.org/security/2018/dsa-4114
access	www.access.redhat.com/errata/RHSA-2019:3149
access	www.access.redhat.com/errata/RHSA-2018:0480
oracle	www.oracle.com/security-alerts/cpuoct2020.html
access	www.access.redhat.com/errata/RHSA-2018:0478
security	www.security.netapp.com/advisory/ntap-20180423-0002/
access	www.access.redhat.com/errata/RHSA-2018:1525
access	www.access.redhat.com/errata/RHSA-2018:0479
access	www.access.redhat.com/errata/RHSA-2018:0481

21 Nov 2024 04:09Current

9.6High risk

Vulners AI Score9.6

CVSS 26.8

CVSS 3.18.1

EPSS0.01965