Arbitrary Code Execution

🗓️ 18 Sep 2020 06:07:30Reported by Veracode Vulnerability DatabaseType

veracode🔗 sca.analysiscenter.veracode.com👁 22 Views

Jackson-databind vulnerability allows arbitrary code execution via untrusted Java objec

Reporter	Title	Published	Views	Family All 115
IBM Security Bulletins	Security Bulletin: IBM Cloud Private is vulnerable to FasterXML jackson-databind vulnerabilities (CVE-2020-24750)	10 Feb 202216:05	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Cloud Pak for Multicloud Management Monitoring has patched several open source dependencies	18 Dec 202115:42	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in jackson-databind affects IBM Process Mining (Multiple CVEs)	1 Feb 202321:46	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Cognos Business Intelligence has addressed multiple vulnerabilities (Q12021)	29 Jan 202118:58	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple CVEs affect IBM Integration Designer	1 Feb 202319:40	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Disconnected Log Collector is vulnerable to using components with known vulnerabilities	16 Jun 202221:33	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in Jackson, jQuery, and Dom4j affect IBM Spectrum Copy Data Management	10 Dec 202123:20	–	ibm
IBM Security Bulletins	Security Bulletin: Jackson-Databind Vulnerabilities Affect the B2B API of IBM Sterling B2B Integrator	6 Oct 202114:34	–	ibm
IBM Security Bulletins	Security Bulletin: z/Transaction Processing Facility is affected by multiple vulnerabilities in the jackson-databind, jackson-dataformat-xml, jackson-core, slf4j-ext, and cxf-core packages	10 Oct 202222:34	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in jQuery, Spring, Dom4j, MongoDB, Linux Kernel, Targetcli-fb, Jackson, Node.js, and Apache Commons affect IBM Spectrum Protect Plus	20 Nov 202020:41	–	ibm

Vulners

Node

fasterxml jackson-databindRange2.0.0-RC1–2.7.9.7java

fasterxml jackson-databindRange2.9.10–2.9.10.5java

fasterxml jackson-databindRange2.9.0.pr1–2.9.9.3java

fasterxml jackson-databindRange2.8.0.rc1–2.8.11.6java

fasterxml jackson-mapper-aslRange0.9.6–0.9.7java

fasterxml jackson-mapper-aslRange1.7.0–1.9.13java

fasterxml jackson-mapper-aslRange0.9.8–0.9.9-3java

codehaus jackson-mapper-lgplRange0.9.8–0.9.9-3java

codehaus jackson-mapper-lgplRange1.7.0–1.9.13java

codehaus jackson-mapper-lgplRange0.9.6–0.9.7java

rh-maven35-jackson-databind rh-maven35-jackson-databindMatch2.7.6_2.2.el7

rh-maven35-jackson-databind rh-maven35-jackson-databindMatch2.7.6_2.4.el7

rh-maven35-jackson-databind rh-maven35-jackson-databindMatch2.7.6_2.8.el7

rh-maven35-jackson-databind rh-maven35-jackson-databindMatch2.7.6_2.5.el7

rh-maven35-jackson-databind rh-maven35-jackson-databindMatch2.7.6_2.6.el7

rh-maven35-jackson-databind rh-maven35-jackson-databindMatch2.7.6_2.7.el7

rh-maven35-jackson-databind rh-maven35-jackson-databindMatch2.7.6_2.10.el7

Source	Link
github	www.github.com/FasterXML/jackson-databind/issues/2798
lists	www.lists.debian.org/debian-lts-announce/2021/04/msg00025.html
github	www.github.com/FasterXML/jackson-databind/commit/ad5a630174f08d279504bc51ebba8772fd71b86b
security	www.security.netapp.com/advisory/ntap-20201009-0003/
oracle	www.oracle.com/security-alerts/cpuApr2021.html
oracle	www.oracle.com/security-alerts/cpuapr2022.html
oracle	www.oracle.com/security-alerts/cpujan2021.html
oracle	www.oracle.com/security-alerts/cpujan2022.html
oracle	www.oracle.com/security-alerts/cpuoct2021.html
oracle	www.oracle.com//security-alerts/cpujul2021.html

14 Sep 2023 14:39Current

5.5Medium risk

Vulners AI Score5.5

CVSS 26.8

CVSS 3.18.1

EPSS0.02052