Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntuUbuntuUSN-4813-1
HistoryMar 15, 2021 - 12:00 a.m.

Jackson Databind vulnerabilities

2021-03-1500:00:00
ubuntu.com
18

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

8.9 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.369 Low

EPSS

Percentile

97.1%

JSON

Releases

  • Ubuntu 16.04 ESM

Packages

  • jackson-databind - fast and powerful JSON library for Java – data binding

Details

It was discovered that Jackson Databind incorrectly handled
deserialization. An attacker could possibly use this issue to obtain
sensitive information. (CVE-2018-11307, CVE-2019-12086, CVE-2019-12814)

It was discovered that Jackson Databind incorrectly handled
deserialization. An attacker could possibly use this issue to execute
arbitrary code or other unspecified impact. (CVE-2018-12022,
CVE-2018-12023, CVE-2018-14718, CVE-2018-14719, CVE-2018-19360,
CVE-2018-19361, CVE-2018-19362, CVE-2019-12384, CVE-2019-14379,
CVE-2019-14439, CVE-2019-14540, CVE-2019-16335, CVE-2019-16942,
CVE-2019-16943, CVE-2019-17267, CVE-2019-17531, CVE-2019-20330,
CVE-2020-10672, CVE-2020-10673, CVE-2020-10968, CVE-2020-10969,
CVE-2020-11111, CVE-2020-11112, CVE-2020-11113, CVE-2020-11619,
CVE-2020-11620, CVE-2020-14060, CVE-2020-14061, CVE-2020-14062,
CVE-2020-14195, CVE-2020-8840, CVE-2020-9546, CVE-2020-9547, CVE-2020-9548)

It was discovered that Jackson Databind incorrectly handled
deserialization. An attacker could possibly use this issue to execute XML
entity (XXE) attacks. (CVE-2018-14720)

It was discovered that Jackson Databind incorrectly handled
deserialization. An attacker could possibly use this issue to execute
server-side request forgery (SSRF). (CVE-2018-14721)

References

Related

openvas 48
osv 9
nessus 21
ibm 48
mageia 1
rocky 1
debian 8
redhat 18
fedora 39
cloudfoundry 1
almalinux 1
oraclelinux 1
freebsd 2
symantec 1
openvas
openvas
Ubuntu: Security Advisory (USN-4813-1)
2023-01-27 00:00:00
Mageia: Security Advisory (MGASA-2021-0153)
2022-01-28 00:00:00
Debian: Security Advisory (DSA-4452-1)
2019-05-26 00:00:00
osv
osv
jackson-databind vulnerabilities
2021-03-15 21:47:52
Moderate: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update
2020-04-28 09:00:20
jackson-databind - security update
2019-03-04 00:00:00
nessus
nessus
Ubuntu 16.04 ESM : Jackson Databind vulnerabilities (USN-4813-1)
2023-10-20 00:00:00
CentOS 8 : pki-core:10.6 and pki-deps:10.6 (CESA-2020:1644)
2021-02-01 00:00:00
Debian DLA-1703-1 : jackson-databind security update
2019-03-05 00:00:00
ibm
ibm
Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to security vulnerabilities
2020-05-29 15:44:58
Security Bulletin: Multiple Security Vulnerabilities in Jackson-databind Affect IBM Sterling B2B Integrator
2020-07-24 17:07:55
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in FasterXML jackson-databind
2020-08-29 08:58:37
mageia
mageia
Updated jackson-databind packages fix security vulnerabilities
2021-03-27 17:27:02
rocky
rocky
pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update
2020-04-28 09:00:20
debian
debian
[SECURITY] [DLA 1703-1] jackson-databind security update
2019-03-04 12:13:19
[SECURITY] [DSA 4452-1] jackson-databind security update
2019-05-24 21:04:55
[SECURITY] [DLA 2179-1] jackson-databind security update
2020-04-17 23:51:40
redhat
redhat
(RHSA-2019:0782) Important: rh-maven35-jackson-databind security update
2019-04-17 20:45:27
(RHSA-2020:1644) Moderate: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update
2020-04-28 09:00:20
(RHSA-2019:3200) Moderate: Red Hat AMQ Streams 1.3.0 release and security update
2019-10-24 09:16:50
fedora
fedora
[SECURITY] Fedora 29 Update: jackson-databind-2.9.9.3-1.fc29
2019-09-22 03:20:24
[SECURITY] Fedora 29 Update: jackson-dataformat-xml-2.9.8-1.fc29
2019-02-19 14:03:53
[SECURITY] Fedora 29 Update: jackson-module-jsonSchema-2.9.8-1.fc29
2019-02-19 14:03:53
cloudfoundry
cloudfoundry
Various CVEs: UAA consumes vulnerable versions of FasterXML jackson-databind | Cloud Foundry
2019-11-13 00:00:00
almalinux
almalinux
Moderate: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update
2020-04-28 09:00:20
oraclelinux
oraclelinux
pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update
2020-05-05 00:00:00
freebsd
freebsd
puppetdb -- Multiple vulnerabilities
2020-07-23 00:00:00
payara -- multiple vulnerabilities
2019-02-01 00:00:00
symantec
symantec
FasterXML Jackson-databind CVE-2019-14540 Information Disclosure Vulnerability
2020-01-14 00:00:00

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

8.9 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.369 Low

EPSS

Percentile

97.1%

JSON
Related for USN-4813-1
openvas48osv9nessus21ibm48mageia1rocky1debian8redhat18fedora39cloudfoundry1almalinux1oraclelinux1freebsd2symantec1