CVE-2019-10172

🗓️ 18 Nov 2019 16:16:02Reported by redhatType

cve🔗 web.nvd.nist.gov📰️ 6 Media mentions👁 574 Views

A flaw found in org.codehaus.jackson:jackson-mapper-asl:1.9.x libraries, leading to XML external entity vulnerabilities

Reporter	Title	Published	Views	Family All 120
IBM Security Bulletins	Security Bulletin: IBM Cloud Pak for Multicloud Management Monitoring has patched several open source dependencies	18 Dec 202115:42	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in jQuery, Moment, Jackson-mapper-asl and Red Hat JBoss Enterprise Application Platform might affect IBM Storage Defender Copy Data Management.	16 May 202519:26	–	ibm
IBM Security Bulletins	Security Bulletin: Series of vulnerabilities in FasterXML jackson-databind affect Apache Solr shipped with IBM Operations Analytics - Log Analysis	22 Apr 202105:30	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Match 360 is vulnerable to CVE-2019-10202 and CVE-2019-10172 for jackson-mapper-asl	12 Jul 202321:22	–	ibm
IBM Security Bulletins	Security Bulletin: Security Vulnerabilities affect IBM Voice Gateway	2 Feb 202614:19	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Data Risk Manager is affected by multiple vulnerabilities	13 Aug 202122:15	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities found in jackson-mapper-asl which is shipped with IBM® Intelligent Operations Center(CVE-2019-10172, CVE-2019-10202)	5 Sep 202313:34	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities have been identified in DB2 that affect the IBM Performance Management product	20 May 202014:01	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in Jackson, jQuery, and Dom4j affect IBM Spectrum Copy Data Management	10 Dec 202123:20	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Planning Analytics Workspace is affected by vulnerabilities	27 Mar 202516:26	–	ibm

NVD

Vulners

Node

fasterxml jackson-mapper-aslRange1.9.0–1.9.13

Node

redhat jboss_enterprise_application_platformMatch7.0

redhat jboss_fuseMatch7.0.0

Node

debian debian_linuxMatch8.0

debian debian_linuxMatch9.0

Node

apache sparkMatch3.0.1

[
  {
    "product": "jackson-mapper-asl",
    "vendor": "Redhat",
    "versions": [
      {
        "status": "affected",
        "version": "1.9.x"
      }
    ]
  }
]

Source	Link
lists	www.lists.apache.org/thread.html/r08e1b73fabd986dcd2ddd7d09480504d1472264bed2f19b1d2002a9c%40%3Ccommon-issues.hadoop.apache.org%3E
lists	www.lists.apache.org/thread.html/rd27730cfc3066dfcf15927c8e800603728d5dedf17eee1f8c6e3507c%40%3Ccommon-issues.hadoop.apache.org%3E
lists	www.lists.apache.org/thread.html/r6dea2a887f5eb1d68f124d64b14cd1a04f682f06de8cd01b7e4214e0%40%3Cissues.hive.apache.org%3E
lists	www.lists.debian.org/debian-lts-announce/2020/01/msg00037.html
lists	www.lists.apache.org/thread.html/r68acf97f4526ba59a33cc6e592261ea4f85d890f99e79c82d57dd589%40%3Cissues.spark.apache.org%3E
lists	www.lists.apache.org/thread.html/re646dcc2739d92117bf9a76a33c600ed3b65e8b4e9b6f441e366b72b%40%3Ccommits.cassandra.apache.org%3E
lists	www.lists.apache.org/thread.html/rb47911c179c9f3e8ea3f134b5645e63cd20c6fc63bd0b43ab5864bd1%40%3Ccommits.cassandra.apache.org%3E
lists	www.lists.apache.org/thread.html/rb8c09b14fd57d855dc21e0a037dc29258c2cbe9c1966bfff453a02e4%40%3Ccommon-issues.hadoop.apache.org%3E
lists	www.lists.apache.org/thread.html/r356592d9874ab4bc9da4754592f8aa6edc894c95e17e58484bc2af7a%40%3Cissues.hive.apache.org%3E
lists	www.lists.apache.org/thread.html/r4bbfa1439d7a4e1712e260bfc3d90f7cf997abfd641cccde6432d4ab%40%3Ccommits.cassandra.apache.org%3E

21 Nov 2024 04:18Current

8.6High risk

Vulners AI Score8.6

CVSS 25

CVSS 3.17.5

CVSS 35.9

EPSS0.00563

CWE-611