UBUNTU-CVE-2020-9548

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig aka anteros-core...

CVE-2020-9546

CVE-2020-9546 affects FasterXML jackson-databind 2.x before 2.9.10.4, where serialization gadgets and typing interactions involving org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig can lead to deserialization issues. The IBM/Cloudera bulletin references the same CVE and lists a high impact...

CVE-2020-9546

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig aka shaded hikari-config...

CVE-2020-9546

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig aka shaded hikari-config...

CVE-2020-9547

The CVE refers to FasterXML jackson-databind 2.x prior to 2.9.10.4, where handling of serialization gadgets and typing leads to deserialization vulnerabilities. The vulnerability affects the jackson-databind component (IBM/Oracle/NVD context lists critical impacts to confidentiality, integrity, a...

CVE-2020-9547

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig aka ibatis-sqlmap...

CVE-2020-9547

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig aka ibatis-sqlmap...

CVE-2020-9548

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig aka anteros-core...

CVE-2020-9548

CVE-2020-9548 (jackson-databind 2.x prior to 2.9.10.4) is described in IBM/Cloudera documentation as a deserialization-type issue tied to br.com.anteros.dbcp.AnterosDBCPConfig (anteros-core). The impact is high (CVE-3.x 9.8, CVSSv3) with potential RCE/data integrity concerns via gadget typing int...

CVE-2020-9548

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig aka anteros-core...

PT-2020-3305 · Br.Com.Anteros +8 · Anterosdbcpconfig +8

Name of the Vulnerable Software and Affected Versions: FasterXML jackson-databind versions 2.7.9.6 and earlier, 2.8.11.5 and earlier, 2.9.10.3 and earlier Description: The issue is related to the interaction between serialization gadgets and typing in the FasterXML jackson-databind library,...

Exploit for Deserialization of Untrusted Data in Fasterxml Jackson-Databind

CVE-2020-8840: FasterXML/jackson-databind remote code executio...

Security Bulletin: Multiple vulnerabilities in FasterXML Jackson-databind affect IBM Spectrum Protect Plus (CVE-2019-16943, CVE-2019-16942, CVE-2019-17531, CVE-2019-17267, CVE-2019-14540, CVE-2019-16335, CVE-2019-14379, CVE-2019-14439)

Summary There are multiple security vulnerabilities in FasterXML Jackson-databind that affect IBM Spectrum Protect Plus. Vulnerability Details CVEID: CVE-2019-16943 DESCRIPTION: A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is...

Security Bulletin: Security vulnerability affects IBM Cloud Object Storage SDK Java (February 2020 Bulletin)

Summary Security vulnerability affects IBM Cloud Object Storage SDK Java. The vulnerability has been addressed in the latest SDK 2.6.1 release. Vulnerability Details CVEID: CVE-2019-20330 DESCRIPTION: A lacking of certain net.sf.ehcache blocking in FasterXML jackson-databind has an unknown impact...

Security Bulletin: A vulnerability has been identified in FasterXML Jackson library shipped with IBM Tivoli Netcool/OMNIbus Common Integration Libraries (CVE-2019-14540)

Summary FasterXML Jackson library is shipped as a component of IBM Tivoli Netcool/OMNIbus Transport Module Common Integration Library and Transformer for Message Bus Integration. Information about security vulnerabilities affecting FasterXML Jackson library has been published. Vulnerability Detai...

Security Bulletin: Vulnerabilities affect IBM Network Performance Insight (CVE-2019-14379, CVE-2019-17531, CVE-2019-14439 and CVE-2019-14540)

Summary IBM Network Performance Insight has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2019-14379 DESCRIPTION: SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used because of...

CVE-2020-8840

FasterXML jackson-databind 2.0.0 through 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter...

CVE-2020-8840

FasterXML jackson-databind 2.0.0 through 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter...

CVE-2020-8840

FasterXML jackson-databind 2.0.0 through 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter...

Design/Logic Flaw

FasterXML jackson-databind 2.0.0 through 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter...