8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
8.1 High
AI Score
Confidence
Low
6.8 Medium
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.007 Low
EPSS
Percentile
79.9%
Software: jackson-databind 2.10.0
OS: ROSA Virtualization 2.1
package_evr_string: jackson-databind-2.10.0
CVE-ID: CVE-2020-35490
BDU-ID: 2022-03804
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the org.apache.commons.dbcp2.datasources.PerUserPoolDataSource component of the Jackson-databind library of the FasterXML project is related to in-memory recovery of an invalid data structure. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code by sending specially generated data
CVE-STATUS: Not Current
CVE-REV:
CVE-ID: CVE-2020-35491
BDU-ID: 2024-00113
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the jackson-databind library is related to the recovery of invalid data in memory. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code
CVE-STATUS: Not Current
CVE-REV:
CVE-ID: CVE-2020-35728
BDU-ID: 2021-01045
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the Jackson-databind library of the FasterXML project is related to inaccurate data being reconstructed in memory. Exploitation of the vulnerability could allow an attacker acting remotely to impact the confidentiality, integrity, and availability of protected information
CVE-STATUS: Not Current
CVE-REV:
CVE-ID: CVE-2020-36179
BDU-ID: 2021-02830
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS component of the Jackson-databind library of the FasterXML project is related to inaccurate data being reconstructed in memory. Exploitation of the vulnerability could allow an attacker acting remotely to impact the confidentiality, integrity and availability of protected information
CVE-STATUS: Not Current
CVE-REV:
CVE-ID: CVE-2020-36180
BDU-ID: 2021-02832
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS component of the Jackson-databind library of the FasterXML project is related to inaccurate data being reconstructed in memory. Exploitation of the vulnerability could allow an attacker acting remotely to impact the confidentiality, integrity and availability of protected information
CVE-STATUS: Not Current
CVE-REV:
CVE-ID: CVE-2020-36181
BDU-ID: 2021-02836
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the org.apache.tomcat.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS component of the Jackson-databind library of the FasterXML project is related to inaccurate data being reconstructed in memory. Exploitation of the vulnerability could allow an attacker acting remotely to impact the confidentiality, integrity and availability of protected information
CVE-STATUS: Not Current
CVE-REV:
CVE-ID: CVE-2020-36182
BDU-ID: 2021-02839
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS component of the Jackson-databind library of the FasterXML project is related to inaccurate data being reconstructed in memory. Exploitation of the vulnerability could allow an attacker acting remotely to impact the confidentiality, integrity and availability of protected information
CVE-STATUS: Not Current
CVE-REV:
CVE-ID: CVE-2020-36183
BDU-ID: 2021-02831
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool component of the Jackson-databind library of the FasterXML project is related to inaccurate data being restored to memory. Exploitation of the vulnerability could allow an attacker acting remotely to impact the confidentiality, integrity and availability of protected information
CVE-STATUS: Not Current
CVE-REV:
CVE-ID: CVE-2020-36184
BDU-ID: 2021-02833
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the org.apache.tomcat.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource component of the Jackson-databind library of the FasterXML project is related to inaccurate data being reconstructed in memory. Exploitation of the vulnerability could allow an attacker acting remotely to impact the confidentiality, integrity and availability of protected information
CVE-STATUS: Not Current
CVE-REV:
CVE-ID: CVE-2020-36185
BDU-ID: 2021-02837
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the org.apache.tomcat.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource component of the Jackson-databind library of the FasterXML project is related to in-memory recovery of invalid data. Exploitation of the vulnerability could allow an attacker acting remotely to impact the confidentiality, integrity and availability of protected information
CVE-STATUS: Not Current
CVE-REV:
CVE-ID: CVE-2020-36186
BDU-ID: 2021-02829
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the org.apache.tomcat.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource component of the Jackson-databind library of the FasterXML project is related to inaccurate data being reconstructed in memory. Exploitation of the vulnerability could allow an attacker acting remotely to impact the confidentiality, integrity and availability of protected information
CVE-STATUS: Not Current
CVE-REV:
CVE-ID: CVE-2020-36187
BDU-ID: 2021-02838
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the org.apache.tomcat.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource component of the Jackson-databind library of the FasterXML project is related to in-memory recovery of invalid data. Exploitation of the vulnerability could allow an attacker acting remotely to impact the confidentiality, integrity and availability of protected information
CVE-STATUS: Not Current
CVE-REV:
CVE-ID: CVE-2020-36188
BDU-ID: 2021-02834
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource component of the Jackson-databind library of the FasterXML project is related to inaccurate data being restored to memory. Exploitation of the vulnerability could allow an attacker acting remotely to impact the confidentiality, integrity and availability of protected information
CVE-STATUS: Not Current
CVE-REV:
CVE-ID: CVE-2020-36189
BDU-ID: 2021-02835
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource component of the Jackson-databind library of the FasterXML project is related to inaccurate data being restored to memory. Exploitation of the vulnerability could allow an attacker acting remotely to impact the confidentiality, integrity and availability of protected information
CVE-STATUS: Not Current
CVE-REV:
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
8.1 High
AI Score
Confidence
Low
6.8 Medium
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.007 Low
EPSS
Percentile
79.9%