43 matches found
K000160435: FasterXML jackson-databind vulnerability CVE-2018-14721
Security Advisory Description FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery SSRF attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization. CVE-2018-14721 Impact There is no impact; F5 products a...
EUVD-2016-4577
Malware in sbrugna...
Security Bulletin: IBM WebSphere Application Server Liberty is vulnerable to server-side request forgery due to Apache CXF (CVE-2022-46364)
Summary There is a vulnerability in the Apache CXF library used by IBM WebSphere Application Server Liberty with the jaxws-2.2 feature enabled. This has been addressed. Vulnerability Details CVEID:CVE-2022-46364 DESCRIPTION: Apache CXF is vulnerable to server-side request forgery, caused by a fla...
Security Bulletin: The IBM® Engineering Lifecycle Engineering product using WebSphere Application Server Liberty is vulnerable to server-side request forgery due to Apache CXF - CVE-2022-46364
Summary IBM WebSphere Application Server Liberty is vulnerable to server-side request forgery due to Apache CXF. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been addressed in this bulletin: Jazz Foundation, IBM Engineering Workflow Management, I...
Security Bulletin: IBM Liberty for Java for IBM Cloud is vulnerable to server-side request forgery due to Apache CXF (CVE-2022-46364)
Summary There is a vulnerability in the Apache CXF library used by IBM Liberty for Java for IBM Cloud with the jaxws-2.2 feature enabled. This has been addressed. Vulnerability Details CVEID:CVE-2022-46364 DESCRIPTION: Apache CXF is vulnerable to server-side request forgery, caused by a flaw in...
SUSE CVE-2018-14721
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery SSRF attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization...
CVE-2018-14721
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery SSRF attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization...
jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery SSRF attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization...
Oracle NoSQL Database Enterprise Server-Side Request Forgery (October 2019 CPU)
The version of Oracle NoSQL Database Enterprise running on the remote host is prior to 19.3.12. It is, therefore, affected by a server-side request forgery vulnerability. The vulnerability exists in the jackson-databind component due to a failure to block the axis2-jaxws class from polymorphic...
jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery SSRF attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization...
jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery SSRF attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization...
jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery SSRF attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization...
jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery SSRF attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization...
jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery SSRF attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization...
jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery SSRF attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization...
jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery SSRF attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization...
jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery SSRF attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization...
Information Disclosure
java is vulnerable to information disclosure. The vulnerability exists through JAXWS...
jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery SSRF attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization...
Server-Side Request Forgery (SSRF) in jackson-databind
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery SSRF attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization...