Remote Code Execution (RCE)

🗓️ 14 Oct 2019 05:13:49Reported by Veracode Vulnerability DatabaseType

veracode🔗 sca.analysiscenter.veracode.com👁 26 Views

FasterXML jackson-databind vulnerability RCE through apache-log4j-extra classpat

Reporter	Title	Published	Views	Family All 183
IBM Security Bulletins	Security Bulletin: Vulnerabilities in FasterXML Jackson libraries affect IBM Cúram Social Program Management (CVE-2019-17531, CVE-2019-17267, CVE-2019-16942, CVE-2019-16335, CVE-2019-14540)	17 Dec 201909:46	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Cloud Pak for Multicloud Management Monitoring has patched several open source dependencies	18 Dec 202115:42	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Security Guardium Insights is affected by Components with known vulnerabilities	6 Oct 202112:30	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in jackson-databind affects IBM Process Mining (Multiple CVEs)	1 Feb 202321:46	–	ibm
IBM Security Bulletins	Security Bulletin: Series of vulnerabilities in FasterXML jackson-databind affect Apache Solr shipped with IBM Operations Analytics - Log Analysis	22 Apr 202105:30	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities have been Identified In Jackson Databind library shipped with IBM Global Mailbox	24 Jul 202017:07	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple CVEs affect IBM Integration Designer	1 Feb 202319:40	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Disconnected Log Collector is vulnerable to using components with known vulnerabilities	16 Jun 202221:33	–	ibm
IBM Security Bulletins	Security Bulletin: Jackson-Databind Vulnerabilities Affect the B2B API of IBM Sterling B2B Integrator	6 Oct 202114:34	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities affect IBM Network Performance Insight (CVE-2019-14379, CVE-2019-17531, CVE-2019-14439 and CVE-2019-14540)	13 Feb 202003:02	–	ibm

Vulners

Node

fasterxml jackson-databindRange2.9.0.pr1–2.9.10java

fasterxml jackson-databindRange2.0.0-RC1–2.7.9.6java

fasterxml jackson-databindRange2.8.0.rc1–2.8.11.5java

fasterxml jackson-mapper-aslRange0.9.6–1.9.13java

codehaus jackson-mapper-lgplRange0.9.6–1.9.13java

rh-maven35-jackson-databind rh-maven35-jackson-databindMatch2.7.6_2.7.el7

rh-maven35-jackson-databind rh-maven35-jackson-databindMatch2.7.6_2.2.el7

rh-maven35-jackson-databind rh-maven35-jackson-databindMatch2.7.6_2.6.el7

rh-maven35-jackson-databind rh-maven35-jackson-databindMatch2.7.6_2.4.el7

rh-maven35-jackson-databind rh-maven35-jackson-databindMatch2.7.6_2.5.el7

Source	Link
github	www.github.com/FasterXML/jackson-databind/issues/2498
lists	www.lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E
lists	www.lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E
lists	www.lists.debian.org/debian-lts-announce/2019/12/msg00013.html
lists	www.lists.apache.org/thread.html/r392099ed2757ff2e383b10440594e914d080511d7da1c8fed0612c1f@%3Ccommits.druid.apache.org%3E
lists	www.lists.apache.org/thread.html/r392099ed2757ff2e383b10440594e914d080511d7da1c8fed0612c1f%40%3Ccommits.druid.apache.org%3E
lists	www.lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E
lists	www.lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E
medium	www.medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
medium	www.medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062

07 Nov 2023 23:48Current

5.7Medium risk

Vulners AI Score5.7

CVSS 26.8

CVSS 3.19.8

EPSS0.01223