Lucene search

K
nvd[email protected]NVD:CVE-2020-9546
HistoryMar 02, 2020 - 4:15 a.m.

CVE-2020-9546

2020-03-0204:15:10
CWE-502
web.nvd.nist.gov
12
cve-2020-9546
serialization
vulnerability
interaction
gadgets
typing
org.apache.hadoop.shaded.com.zaxxer.hikari.hikariconfig

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.3

Confidence

High

EPSS

0.007

Percentile

79.6%

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).

Affected configurations

Nvd
Node
fasterxmljackson-databindRange2.7.02.7.9.7
OR
fasterxmljackson-databindRange2.8.02.8.11.6
OR
fasterxmljackson-databindRange2.9.02.9.10.4
Node
netappactive_iq_unified_managerRange7.3linux
OR
netappactive_iq_unified_managerRange7.3windows
OR
netappactive_iq_unified_managerRange9.5vmware_vsphere
Node
debiandebian_linuxMatch8.0
Node
oracleagile_plmMatch9.3.6
OR
oracleautovue_for_agile_product_lifecycle_managementMatch21.0.2
OR
oraclebanking_digital_experienceMatch18.1
OR
oraclebanking_digital_experienceMatch18.2
OR
oraclebanking_digital_experienceMatch18.3
OR
oraclebanking_digital_experienceMatch19.1
OR
oraclebanking_digital_experienceMatch19.2
OR
oraclebanking_digital_experienceMatch20.1
OR
oraclebanking_platformRange2.4.02.9.0
OR
oraclecommunications_calendar_serverMatch8.0.0.4.0
OR
oraclecommunications_contacts_serverMatch8.0.0.4.0
OR
oraclecommunications_contacts_serverMatch8.0.0.5.0
OR
oraclecommunications_diameter_signaling_routerRange8.0.08.2.2
OR
oraclecommunications_element_managerRange8.2.08.2.2
OR
oraclecommunications_evolved_communications_application_serverMatch7.1
OR
oraclecommunications_instant_messaging_serverMatch10.0.1.4.0
OR
oraclecommunications_network_charging_and_controlRange12.0.012.0.3
OR
oraclecommunications_network_charging_and_controlMatch6.0.1
OR
oraclecommunications_session_report_managerRange8.2.08.2.2
OR
oraclecommunications_session_route_managerRange8.2.08.2.2
OR
oracleenterprise_manager_base_platformMatch13.3.0.0
OR
oracleenterprise_manager_base_platformMatch13.4.0.0
OR
oraclefinancial_services_analytical_applications_infrastructureRange8.0.68.1.0
OR
oraclefinancial_services_institutional_performance_analyticsMatch8.0.6
OR
oraclefinancial_services_institutional_performance_analyticsMatch8.0.7
OR
oraclefinancial_services_institutional_performance_analyticsMatch8.1.0
OR
oraclefinancial_services_institutional_performance_analyticsMatch8.7.0
OR
oraclefinancial_services_price_creation_and_discoveryMatch8.0.6
OR
oraclefinancial_services_price_creation_and_discoveryMatch8.0.7
OR
oraclefinancial_services_retail_customer_analyticsMatch8.0.6
OR
oracleglobal_lifecycle_management_opatchRange<12.2.0.1.20
OR
oracleinsurance_policy_administration_j2eeMatch11.0.2.25
OR
oracleinsurance_policy_administration_j2eeMatch11.1.0.15
OR
oraclejd_edwards_enterpriseone_orchestratorRange<9.2.4.2
OR
oraclejd_edwards_enterpriseone_toolsRange<9.2.4.2
OR
oracleprimavera_unifierRange17.717.12
OR
oracleprimavera_unifierMatch16.1
OR
oracleprimavera_unifierMatch16.2
OR
oracleprimavera_unifierMatch18.8
OR
oracleprimavera_unifierMatch19.12
OR
oracleretail_merchandising_systemMatch15.0
OR
oracleretail_sales_auditMatch14.1
OR
oracleretail_service_backboneMatch14.1
OR
oracleretail_service_backboneMatch15.0
OR
oracleretail_service_backboneMatch16.0
OR
oracleretail_xstore_point_of_serviceMatch15.0
OR
oracleretail_xstore_point_of_serviceMatch16.0
OR
oracleretail_xstore_point_of_serviceMatch17.0
OR
oracleretail_xstore_point_of_serviceMatch18.0
OR
oracleretail_xstore_point_of_serviceMatch19.0
OR
oracleweblogic_serverMatch12.2.1.3.0
OR
oracleweblogic_serverMatch12.2.1.4.0
VendorProductVersionCPE
fasterxmljackson-databind*cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*
netappactive_iq_unified_manager*cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:linux:*:*
netappactive_iq_unified_manager*cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*
netappactive_iq_unified_manager*cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*
debiandebian_linux8.0cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
oracleagile_plm9.3.6cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*
oracleautovue_for_agile_product_lifecycle_management21.0.2cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*
oraclebanking_digital_experience18.1cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:*
oraclebanking_digital_experience18.2cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:*
oraclebanking_digital_experience18.3cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:*
Rows per page:
1-10 of 571

References

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.3

Confidence

High

EPSS

0.007

Percentile

79.6%