A series of deserialization vulnerabilities have been discovered in Codehaus 1.9.x implemented in EAP 7. This CVE fixes CVE-2017-17485, CVE-2017-7525, CVE-2017-15095, CVE-2018-5968, CVE-2018-7489, CVE-2018-1000873, CVE-2019-12086 reported for FasterXML jackson-databind by implementing a whitelist approach that will mitigate these vulnerabilities and future ones alike.

References

bugzilla.redhat.com/show_bug.cgi?id=1731271

nvd.nist.gov/vuln/detail/CVE-2019-10202

www.cve.org/CVERecord?id=CVE-2019-10202

cve 8

prion 8

osv 23

github 7

ibm 17

fedora 8

openvas 19

checkpoint_advisories 1

redhatcve 7

debiancve 6

redhat 25

nessus 28

ubuntucve 6

veracode 10

mageia 3

debian 11

seebug 2

freebsd 2

ubuntu 1

cgr 1

githubexploit 2

wolfi 1

zdt 1

huawei 1

symantec 1

cve

CVE-2019-10202

2019-10-01 15:15:00

CVE-2018-5968

2018-01-22 04:29:00

CVE-2017-17485

2018-01-10 18:29:00

prion

Deserialization of untrusted data

2019-10-01 15:15:00

Remote code execution

2018-01-22 04:29:00

Design/Logic Flaw

2018-01-10 18:29:00

osv

Deserialization of Untrusted Data in org.codehaus.jackson:jackson-mapper-asl

2022-05-24 16:57:28

CVE-2018-5968

2018-01-22 04:29:00

Deserialization of Untrusted Data in jackson-databind

2020-06-30 20:40:50

github

Deserialization of Untrusted Data in org.codehaus.jackson:jackson-mapper-asl

2022-05-24 16:57:28

Deserialization of Untrusted Data in jackson-databind

2020-06-30 20:40:50

jackson-databind vulnerable to remote code execution due to incorrect deserialization and blocklist bypass

2018-10-18 17:42:48

ibm

Security Bulletin: IBM InfoSphere Change Data Capture is affected by a Jackson 2.3.3 and 2.4.4 open source library vulnerabilities

2022-03-03 17:16:13

Security Bulletin: Public disclosed vulnerabilities from Jackson-databind affects IBM Spectrum LSF

2019-03-01 14:00:01

Security Bulletin: Security vulnerabilities affect multiple IBM Rational products based on IBM Jazz technology

2021-04-28 18:35:50

fedora

[SECURITY] Fedora 26 Update: jackson-databind-2.7.6-8.fc26

2018-02-07 13:00:23

[SECURITY] Fedora 27 Update: jackson-databind-2.7.6-8.fc27

2018-02-07 13:18:19

[SECURITY] Fedora 27 Update: jackson-databind-2.7.6-5.fc27

2017-11-15 17:58:38

openvas

Fedora Update for jackson-databind FEDORA-2018-e4b025841e

2018-02-08 00:00:00

Fedora Update for jackson-databind FEDORA-2018-bbf8c38b51

2018-02-08 00:00:00

Debian: Security Advisory (DSA-4114-1)

2018-02-14 00:00:00

checkpoint_advisories

Apache Struts2 Jackson Library Remote Code Execution (CVE-2017-15095; CVE-2017-17485; CVE-2017-7525; CVE-2018-7489)

2017-12-05 00:00:00

redhatcve

CVE-2018-5968

2020-04-09 12:20:28

CVE-2017-17485

2020-04-09 07:26:09

CVE-2018-7489

2020-12-06 11:49:47

debiancve

CVE-2018-5968

2018-01-22 04:29:00

CVE-2017-17485

2018-01-10 18:29:00

CVE-2018-7489

2018-02-26 15:29:00

redhat

(RHSA-2018:0342) Important: rh-maven35-jackson-databind security update

2018-02-22 08:56:45

(RHSA-2018:0116) Important: rh-eclipse46-jackson-databind security update

2018-01-23 05:27:26

(RHSA-2018:0577) Important: Red Hat JBoss BPM Suite 6.4.9 security update

2018-03-22 08:09:42

nessus

RHEL 7 : rh-maven35-jackson-databind (RHSA-2018:0342)

2018-04-30 00:00:00

JFrog < 7.8.1 Multiple Vulnerabilities

2021-03-12 00:00:00

RHEL 7 : rh-eclipse46-jackson-databind (RHSA-2018:0116)

2018-04-30 00:00:00

ubuntucve

CVE-2018-5968

2018-01-22 00:00:00

CVE-2017-17485

2018-01-10 00:00:00

CVE-2018-7489

2018-02-26 00:00:00

veracode

Remote Code Execution (RCE)

2018-01-22 07:53:13

Remote Code Execution (RCE)

2019-01-15 09:20:28

Remote Code Execution (RCE)

2018-01-11 02:20:08

mageia

Updated jackson-databind packages fix security vulnerability

2018-02-25 02:25:24

Updated jackson-databind packages fix security vulnerability

2017-11-16 10:39:32

Updated jackson-databind packages fix security vulnerability

2017-08-12 01:24:19

debian

[SECURITY] [DSA 4114-1] jackson-databind security update

2018-02-15 07:04:58

[SECURITY] [DSA 4114-1] jackson-databind security update

2018-02-15 07:04:58

[SECURITY] [DSA 4190-1] jackson-databind security update

2018-05-03 13:56:38

seebug

Jackson-databind 远程代码执行漏洞(CVE-2017-17485)

2018-01-11 00:00:00

Apache Struts2 S2-055(CVE-2017-7525)

2017-12-01 00:00:00

freebsd

payara -- Default typing issue in Jackson Databind

2018-02-26 00:00:00

Payara -- A Polymorphic Typing issue in FasterXML jackson-databind

2019-05-17 00:00:00

ubuntu

Jackson vulnerabilities

2021-02-18 00:00:00

cgr

CVE-2019-10202 vulnerabilities

2024-04-25 03:20:40

githubexploit

Exploit for Deserialization of Untrusted Data in Fasterxml Jackson-Databind

2020-05-22 17:10:10

Exploit for Deserialization of Untrusted Data in Fasterxml Jackson-Databind

2019-05-26 03:19:49

wolfi

CVE-2019-10202 vulnerabilities

2024-04-25 03:15:35

zdt

Apache Struts2 S2-055 DoS Vulnerability

2017-12-02 00:00:00

huawei

Security Advisory - Remote Code Execution Vulnerability in Jackson JSON library of Apache Struts2

2018-02-28 00:00:00

symantec

Oracle Communications Billing and Revenue Management CVE-2019-12086 Remote Security Vulnerability

2019-07-16 00:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.951 High

EPSS

Percentile

99.3%

JSON

Related for RH:CVE-2019-10202