CVE-2020-35728

🗓️ 27 Dec 2020 04:32:36Reported by mitreType

cve🔗 web.nvd.nist.gov📰️ 10 Media mentions👁 295 Views

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles serialization gadgets and typin

Reporter	Title	Published	Views	Family All 109
IBM Security Bulletins	Security Bulletin: Vulnerability in jackson-databind affects IBM Process Mining (Multiple CVEs)	1 Feb 202321:46	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple CVEs affect IBM Integration Designer	1 Feb 202319:40	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Disconnected Log Collector is vulnerable to using components with known vulnerabilities	16 Jun 202221:33	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in Jackson, jQuery, and Dom4j affect IBM Spectrum Copy Data Management	10 Dec 202123:20	–	ibm
IBM Security Bulletins	Security Bulletin: Jackson-Databind Vulnerabilities Affect the B2B API of IBM Sterling B2B Integrator	6 Oct 202114:34	–	ibm
IBM Security Bulletins	Security Bulletin: jackson-databind vulnerability CVE-2020-35728 impacts IBM Aspera High-Speed Transfer Server and Aspera High-Speed Transfer Endpoint versions prior to V4.0	3 Mar 202108:02	–	ibm
IBM Security Bulletins	Security Bulletin: FasterXML jackson-databind vulnerabilites impact IBM Sterling Order Management	6 Oct 202322:52	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Security Verify Governance is vulnerable to a denial of service caused by multiple vulnerabilities.	13 Apr 202310:31	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Disconnected Log Collector is vulnerable to using components with known vulnerabilities	29 Sep 202318:56	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Cognos Analytics has addressed multiple vulnerabilities	22 Jun 202215:20	–	ibm

NVD

Node

fasterxml jackson-databindRange2.0.0–2.6.7.5

fasterxml jackson-databindRange2.7.0–2.9.10.8

Node

debian debian_linuxMatch9.0

Node

netapp service_level_managerMatch-

Node

oracle agile_plmMatch9.3.6

oracle application_testing_suiteMatch13.3.0.1

oracle autovueMatch21.0.2

oracle banking_corporate_lending_process_managementMatch14.2

oracle banking_corporate_lending_process_managementMatch14.3

oracle banking_corporate_lending_process_managementMatch14.5

oracle banking_credit_facilities_process_managementMatch14.2

oracle banking_credit_facilities_process_managementMatch14.3

oracle banking_credit_facilities_process_managementMatch14.5

oracle banking_extensibility_workbenchMatch14.2

oracle banking_extensibility_workbenchMatch14.3

oracle banking_extensibility_workbenchMatch14.5

oracle banking_supply_chain_financeMatch14.2

oracle banking_supply_chain_financeMatch14.3

oracle banking_supply_chain_financeMatch14.5

oracle banking_treasury_managementMatch14.4

oracle banking_virtual_account_managementMatch14.2.0

oracle banking_virtual_account_managementMatch14.3.0

oracle banking_virtual_account_managementMatch14.5.0

oracle blockchain_platformRange≤21.1.2

oracle commerce_platformRange11.3.0–11.3.2

oracle commerce_platformMatch11.2.0

oracle communications_billing_and_revenue_managementMatch7.5.0.23.0

oracle communications_billing_and_revenue_managementMatch12.0.0.3.0

oracle communications_cloud_native_core_policyMatch1.14.0

oracle communications_cloud_native_core_unified_data_repositoryMatch1.4.0

oracle communications_convergent_charging_controllerMatch12.0.4.0.0

oracle communications_diameter_signaling_routeRange8.0.0.0–8.5.0.0

oracle communications_element_managerRange8.2.0.0–8.2.4.0

oracle communications_evolved_communications_application_serverMatch7.1

oracle communications_network_charging_and_controlMatch12.0.4.0.0

oracle communications_policy_managementMatch12.5.0

oracle communications_services_gatekeeperMatch7.0

oracle communications_session_report_managerRange8.0.0.0–8.2.2.1

oracle communications_session_route_managerRange8.2.0.0–8.2.2.1

oracle communications_unified_inventory_managementMatch7.4.1

oracle data_integratorMatch12.2.1.4.0

oracle goldengate_application_adaptersMatch19.1.0.0.0

oracle insurance_policy_administrationRange11.1.0–11.3.0

oracle insurance_policy_administrationMatch11.0.2

oracle insurance_rules_paletteRange11.1.0–11.3.0

oracle insurance_rules_paletteMatch11.0.2

oracle jd_edwards_enterpriseone_orchestratorRange<9.2.5.3

oracle jd_edwards_enterpriseone_toolsRange<9.2.5.3

oracle primavera_gatewayRange17.12.0–17.12.11

oracle primavera_gatewayRange18.8.0–18.8.11

oracle primavera_gatewayRange19.12.0–19.12.10

oracle primavera_gatewayMatch20.12.0

oracle primavera_unifierRange17.7–17.12

oracle primavera_unifierRange18.8–19.12

oracle primavera_unifierMatch20.12

oracle retail_customer_management_and_segmentation_foundationRange16.0–19.0

oracle retail_merchandising_systemMatch15.0.3

oracle retail_service_backboneMatch14.1.3.2

oracle retail_service_backboneMatch15.0.3.1

oracle retail_service_backboneMatch16.0.3.0

oracle retail_xstore_point_of_serviceMatch16.0.6

oracle retail_xstore_point_of_serviceMatch17.0.4

oracle retail_xstore_point_of_serviceMatch18.0.3

oracle retail_xstore_point_of_serviceMatch19.0.2

oracle webcenter_portalMatch12.2.1.3.0

oracle webcenter_portalMatch12.2.1.4.0

Source	Link
oracle	www.oracle.com//security-alerts/cpujul2021.html
oracle	www.oracle.com/security-alerts/cpuapr2022.html
github	www.github.com/FasterXML/jackson-databind/issues/2999
oracle	www.oracle.com/security-alerts/cpuApr2021.html
medium	www.medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
lists	www.lists.debian.org/debian-lts-announce/2021/04/msg00025.html
oracle	www.oracle.com/security-alerts/cpujan2022.html
oracle	www.oracle.com/security-alerts/cpujul2022.html
security	www.security.netapp.com/advisory/ntap-20210129-0007/
oracle	www.oracle.com/security-alerts/cpuoct2021.html

29 Apr 2026 20:17Current

7.7High risk

Vulners AI Score7.7

CVSS 26.8

CVSS 3.18.1

EPSS0.42315

SSVC

CWE-502