Remote Code Execution

🗓️ 08 Oct 2019 02:07:41Reported by Veracode Vulnerability DatabaseType

veracode🔗 sca.analysiscenter.veracode.com👁 30 Views

FasterXML jackson-databind vulnerability in deserialization of untrusted data leading to Remote Code Execution

Reporter	Title	Published	Views	Family All 157
IBM Security Bulletins	Security Bulletin: Vulnerabilities in FasterXML Jackson libraries affect IBM Cúram Social Program Management (CVE-2019-17531, CVE-2019-17267, CVE-2019-16942, CVE-2019-16335, CVE-2019-14540)	17 Dec 201909:46	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Maximo Asset Management is vulnerable to Multiple Jackson-Databind CVEs - February 2020	1 Mar 202212:38	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Cloud Pak for Multicloud Management Monitoring has patched several open source dependencies	18 Dec 202115:42	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Security Guardium Insights is affected by Components with known vulnerabilities	6 Oct 202112:30	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in jackson-databind affects IBM Process Mining (Multiple CVEs)	1 Feb 202321:46	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Cognos Business Intelligence has addressed multiple vulnerabilities (Q12021)	29 Jan 202118:58	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Data Risk Manager is affected by multiple vulnerabilities	13 Aug 202122:15	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities have been Identified In Jackson Databind library shipped with IBM Global Mailbox	24 Jul 202017:07	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple CVEs affect IBM Integration Designer	1 Feb 202319:40	–	ibm
IBM Security Bulletins	Security Bulletin: CVEs addressed in latest release of Cloudera Observability	14 Nov 202513:59	–	ibm

Vulners

Node

fasterxml jackson-databindRange2.10.0.pr1–2.10.0.pr3java

fasterxml jackson-databindRange2.7.9.2–2.7.9.6java

fasterxml jackson-databindRange2.8.11–2.8.11.4java

fasterxml jackson-databindRange2.9.4–2.9.9.3java

fasterxml jackson-databindRange2.9.0.pr1–2.9.3java

fasterxml jackson-databindRange2.0.0-RC1–2.7.9.1java

fasterxml jackson-mapper-aslRange0.9.6–1.9.13java

codehaus jackson-mapper-lgplRange0.9.6–1.9.13java

Source	Link
github	www.github.com/FasterXML/jackson-databind/issues/2460
lists	www.lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E
lists	www.lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E
lists	www.lists.debian.org/debian-lts-announce/2019/12/msg00013.html
lists	www.lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E
lists	www.lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E
lists	www.lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E
lists	www.lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E
lists	www.lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E
lists	www.lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E

08 Nov 2023 00:17Current

3.8Low risk

Vulners AI Score3.8

CVSS 27.5

CVSS 3.19.8

EPSS0.01228