Lucene search

[email protected]NVD:CVE-2020-11620

HistoryApr 07, 2020 - 11:15 p.m.

CVE-2020-11620

2020-04-0723:15:12

CWE-502

[email protected]

web.nvd.nist.gov

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.7

Confidence

High

EPSS

0.043

Percentile

92.5%

JSON

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly).

Affected configurations

Nvd

Node

fasterxmljackson-databindRange2.9.0–2.9.10.4

Node

debiandebian_linuxMatch8.0

Node

netappactive_iq_unified_managerRange7.3≥linux

netappactive_iq_unified_managerRange7.3≥windows

netappactive_iq_unified_managerRange9.5≥vmware_vsphere

netappsteelstore_cloud_integrated_storageMatch-

Node

oraclebanking_platformRange2.4.0–2.9.0

oraclecommunications_contacts_serverMatch8.0.0.4.0

oraclecommunications_evolved_communications_application_serverMatch7.1

oraclecommunications_instant_messaging_serverMatch10.0.1.4.0

oraclecommunications_network_charging_and_controlRange12.0.0–12.0.3

oraclecommunications_network_charging_and_controlMatch6.0.1

oracleenterprise_manager_base_platformMatch13.3.0.0

oracleenterprise_manager_base_platformMatch13.4.0.0

oracleglobal_lifecycle_management_opatchRange<12.2.0.1.20

oraclejd_edwards_enterpriseone_orchestratorRange<9.2.4.2

oraclejd_edwards_enterpriseone_toolsRange<9.2.4.2

oracleprimavera_unifierRange17.7–17.12

oracleprimavera_unifierMatch16.1

oracleprimavera_unifierMatch16.2

oracleprimavera_unifierMatch18.8

oracleprimavera_unifierMatch19.12

oracleretail_merchandising_systemMatch15.0

oracleretail_sales_auditMatch14.1

oracleretail_xstore_point_of_serviceMatch15.0

oracleretail_xstore_point_of_serviceMatch16.0

oracleretail_xstore_point_of_serviceMatch17.0

oracleretail_xstore_point_of_serviceMatch18.0

oracleretail_xstore_point_of_serviceMatch19.0

oracleweblogic_serverMatch12.2.1.3.0

oracleweblogic_serverMatch12.2.1.4.0

References

github.com/FasterXML/jackson-databind/issues/2682

lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E

lists.debian.org/debian-lts-announce/2020/04/msg00012.html

medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062

security.netapp.com/advisory/ntap-20200511-0004/

www.oracle.com/security-alerts/cpujan2021.html

www.oracle.com/security-alerts/cpujul2020.html

www.oracle.com/security-alerts/cpuoct2020.html

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.7

Confidence

High

EPSS

0.043

Percentile

92.5%

JSON

Related for NVD:CVE-2020-11620

osv4 debiancve1 cvelist1 cve1 prion1 redhatcve1 veracode1 github1 ubuntucve1 nessus4 redhat8 openvas3 debian1 ibm30 mageia1 ubuntu1 hp1 oracle3