Lucene search

K
nvd[email protected]NVD:CVE-2019-14379
HistoryJul 29, 2019 - 12:15 p.m.

CVE-2019-14379

2019-07-2912:15:16
CWE-1321
web.nvd.nist.gov

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.7

Confidence

High

EPSS

0.01

Percentile

83.6%

SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code execution.

Affected configurations

NVD
Node
fasterxmljackson-databindRange2.0.02.6.7.3
OR
fasterxmljackson-databindRange2.7.02.7.9.6
OR
fasterxmljackson-databindRange2.8.02.8.11.4
OR
fasterxmljackson-databindRange2.9.02.9.9.2
Node
debiandebian_linuxMatch8.0
Node
netappactive_iq_unified_managerRange7.3linux
OR
netappactive_iq_unified_managerRange7.3windows
OR
netappactive_iq_unified_managerRange9.5vmware_vsphere
OR
netapponcommand_workflow_automationMatch-
OR
netappservice_level_managerMatch-
OR
netappsnapcenterMatch-
Node
fedoraprojectfedoraMatch29
OR
fedoraprojectfedoraMatch30
OR
fedoraprojectfedoraMatch31
Node
redhatjboss_enterprise_application_platformMatch7.2
OR
redhatjboss_enterprise_application_platformMatch7.3
OR
redhatopenshift_container_platformMatch4.1
OR
redhatsingle_sign-onMatch7.3
AND
redhatenterprise_linuxMatch7.0
Node
redhatopenshift_container_platformMatch3.11
Node
redhatjboss_enterprise_application_platformMatch7.2
OR
redhatjboss_enterprise_application_platformMatch7.3
OR
redhatsingle_sign-onMatch7.3
AND
redhatenterprise_linuxMatch6.0
Node
redhatjboss_enterprise_application_platformMatch7.2
OR
redhatjboss_enterprise_application_platformMatch7.3
OR
redhatsingle_sign-onMatch7.3
AND
redhatenterprise_linuxMatch8.0
Node
oraclebanking_platformMatch2.4.0
OR
oraclebanking_platformMatch2.4.1
OR
oraclebanking_platformMatch2.5.0
OR
oraclebanking_platformMatch2.6.0
OR
oraclebanking_platformMatch2.6.1
OR
oraclebanking_platformMatch2.7.0
OR
oraclebanking_platformMatch2.7.1
OR
oraclecommunications_diameter_signaling_routerMatch8.0.0
OR
oraclecommunications_diameter_signaling_routerMatch8.1
OR
oraclecommunications_diameter_signaling_routerMatch8.2
OR
oraclecommunications_diameter_signaling_routerMatch8.2.1
OR
oraclecommunications_instant_messaging_serverMatch10.0.1.3.0
OR
oraclefinancial_services_analytical_applications_infrastructureRange8.0.28.0.8
OR
oraclegoldengate_stream_analyticsRange<19.1.0.0.1
OR
oraclejd_edwards_enterpriseone_orchestratorMatch9.2
OR
oraclejd_edwards_enterpriseone_toolsMatch9.2
OR
oracleprimavera_gatewayMatch15.2
OR
oracleprimavera_gatewayMatch16.2
OR
oracleprimavera_gatewayMatch17.12
OR
oracleprimavera_gatewayMatch18.8.0
OR
oracleprimavera_unifierRange17.717.12
OR
oracleprimavera_unifierMatch16.1
OR
oracleprimavera_unifierMatch16.2
OR
oracleprimavera_unifierMatch18.8
OR
oracleretail_customer_management_and_segmentation_foundationMatch17.0
OR
oracleretail_xstore_point_of_serviceMatch7.1
OR
oracleretail_xstore_point_of_serviceMatch15.0
OR
oracleretail_xstore_point_of_serviceMatch16.0
OR
oracleretail_xstore_point_of_serviceMatch17.0
OR
oracleretail_xstore_point_of_serviceMatch18.0
OR
oraclesiebel_engineering_-_installer_\&_deploymentRange19.8
OR
oraclesiebel_ui_frameworkRange19.10
Node
applexcodeRange<13.3

References

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.7

Confidence

High

EPSS

0.01

Percentile

83.6%