Lucene search

K
cveMitreCVE-2020-9547
HistoryMar 02, 2020 - 4:15 a.m.

CVE-2020-9547

2020-03-0204:15:11
CWE-502
mitre
web.nvd.nist.gov
274
2
cve-2020-9547
fasterxml
jackson-databind
serialization
gadgets
typing
ibatis-sqlmap
nvd

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.1

Confidence

High

EPSS

0.007

Percentile

80.4%

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig (aka ibatis-sqlmap).

Affected configurations

Nvd
Node
fasterxmljackson-databindRange2.0.02.7.9.7
OR
fasterxmljackson-databindRange2.8.02.8.11.6
OR
fasterxmljackson-databindRange2.9.02.9.10.4
Node
netappactive_iq_unified_managerRange7.3linux
OR
netappactive_iq_unified_managerRange7.3windows
OR
netappactive_iq_unified_managerRange9.5vmware_vsphere
Node
debiandebian_linuxMatch8.0
Node
oracleautovue_for_agile_product_lifecycle_managementMatch21.0.2
OR
oraclebanking_platformRange2.4.02.9.0
OR
oraclecommunications_contacts_serverMatch8.0.0.4.0
OR
oraclecommunications_evolved_communications_application_serverMatch7.1
OR
oraclecommunications_instant_messaging_serverMatch10.0.1.4.0
OR
oraclecommunications_network_charging_and_controlRange12.0.012.0.3
OR
oraclecommunications_network_charging_and_controlMatch6.0.1
OR
oracleenterprise_manager_base_platformMatch13.3.0.0
OR
oracleenterprise_manager_base_platformMatch13.4.0.0
OR
oracleglobal_lifecycle_management_opatchRange<12.2.0.1.20
OR
oraclejd_edwards_enterpriseone_orchestratorRange<9.2.4.2
OR
oraclejd_edwards_enterpriseone_toolsRange<9.2.4.2
OR
oracleprimavera_unifierRange17.717.12
OR
oracleprimavera_unifierMatch16.1
OR
oracleprimavera_unifierMatch16.2
OR
oracleprimavera_unifierMatch18.8
OR
oracleprimavera_unifierMatch19.12
OR
oracleretail_xstore_point_of_serviceMatch15.0
OR
oracleretail_xstore_point_of_serviceMatch16.0
OR
oracleretail_xstore_point_of_serviceMatch17.0
OR
oracleretail_xstore_point_of_serviceMatch18.0
OR
oracleretail_xstore_point_of_serviceMatch19.0
OR
oracleweblogic_serverMatch12.2.1.3.0
OR
oracleweblogic_serverMatch12.2.1.4.0
VendorProductVersionCPE
fasterxmljackson-databind*cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*
netappactive_iq_unified_manager*cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:linux:*:*
netappactive_iq_unified_manager*cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*
netappactive_iq_unified_manager*cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*
debiandebian_linux8.0cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
oracleautovue_for_agile_product_lifecycle_management21.0.2cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*
oraclebanking_platform*cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:*
oraclecommunications_contacts_server8.0.0.4.0cpe:2.3:a:oracle:communications_contacts_server:8.0.0.4.0:*:*:*:*:*:*:*
oraclecommunications_evolved_communications_application_server7.1cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*
oraclecommunications_instant_messaging_server10.0.1.4.0cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*
Rows per page:
1-10 of 291

References

Social References

More

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.1

Confidence

High

EPSS

0.007

Percentile

80.4%