OpenCVE

FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery (SSRF) attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Debian	Debian Linux
Fasterxml	Jackson-databind
Oracle	Banking Platform Communications Billing And Revenue Management Enterprise Manager For Virtualization Financial Services Analytical Applications Infrastructure Jdeveloper Primavera Unifier Retail Merchandising System Webcenter Portal
Redhat	Jboss Bpms Jboss Data Grid Jboss Enterprise Application Platform Jboss Enterprise Application Platform Cd Jboss Enterprise Brms Platform Jboss Fuse Jboss Single Sign On Logging Openshift Openshift Container Platform Rhel Software Collections

Configuration 1 [-]

OR	cpe:2.3:a:fasterxml:jackson-databind::::::::
	cpe:2.3:a:fasterxml:jackson-databind::::::::
	cpe:2.3:a:fasterxml:jackson-databind::::::::
	cpe:2.3:a:fasterxml:jackson-databind::::::::
	cpe:2.3:a:fasterxml:jackson-databind:2.7.0:rc1::::::
	cpe:2.3:a:fasterxml:jackson-databind:2.7.0:rc2::::::
	cpe:2.3:a:fasterxml:jackson-databind:2.7.0:rc3::::::
	cpe:2.3:a:fasterxml:jackson-databind:2.8.0:rc1::::::
	cpe:2.3:a:fasterxml:jackson-databind:2.8.0:rc2::::::
	cpe:2.3:a:fasterxml:jackson-databind:2.9.0:pr1::::::
	cpe:2.3:a:fasterxml:jackson-databind:2.9.0:pr2::::::
	cpe:2.3:a:fasterxml:jackson-databind:2.9.0:pr3::::::
	cpe:2.3:a:fasterxml:jackson-databind:2.9.0:pr4::::::

Configuration 2 [-]

OR	cpe:2.3:o:debian:debian_linux:8.0:::::::*
	cpe:2.3:o:debian:debian_linux:9.0:::::::*

Configuration 3 [-]

OR	cpe:2.3:a:oracle:banking_platform:2.5.0:::::::*
	cpe:2.3:a:oracle:banking_platform:2.6.0:::::::*
	cpe:2.3:a:oracle:banking_platform:2.6.1:::::::*
	cpe:2.3:a:oracle:banking_platform:2.6.2:::::::*
	cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5:::::::*
	cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0:::::::*
	cpe:2.3:a:oracle:enterprise_manager_for_virtualization:13.2.2:::::::*
	cpe:2.3:a:oracle:enterprise_manager_for_virtualization:13.2.3:::::::*
	cpe:2.3:a:oracle:enterprise_manager_for_virtualization:13.3.1:::::::*
	cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.2:::::::*
	cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.3:::::::*
	cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.4:::::::*
	cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.5:::::::*
	cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6:::::::*
	cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.7:::::::*
	cpe:2.3:a:oracle:jdeveloper:12.1.3.0.0:::::::*
	cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:::::::*
	cpe:2.3:a:oracle:primavera_unifier::::::::
	cpe:2.3:a:oracle:primavera_unifier:16.1:::::::*
	cpe:2.3:a:oracle:primavera_unifier:16.2:::::::*
	cpe:2.3:a:oracle:primavera_unifier:18.8:::::::*
	cpe:2.3:a:oracle:retail_merchandising_system:15.0:::::::*
	cpe:2.3:a:oracle:retail_merchandising_system:16.0:::::::*
	cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:::::::*

Configuration 4 [-]

OR	cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.2.0:::::::*
	cpe:2.3:a:redhat:openshift_container_platform:3.11:::::::*

Package	CPE	Advisory	Released Date
OpenShift Logging 5.0
openshift-logging/elasticsearch6-rhel8:v5.0.3-1	cpe:/a:redhat:logging:5.0::el8	RHSA-2021:1515	2021-05-06T00:00:00Z
Red Hat Data Grid
jackson-databind	cpe:/a:redhat:jboss_data_grid:7.3	RHSA-2019:4037	2019-12-02T00:00:00Z
Red Hat Fuse 7.5.0
jackson-databind	cpe:/a:redhat:jboss_fuse:7	RHSA-2019:3892	2019-11-14T00:00:00Z
Red Hat JBoss BPMS 7.4
jackson-databind	cpe:/a:redhat:jboss_bpms:7.4	RHSA-2019:1823	2019-07-22T00:00:00Z
Red Hat JBoss BRMS 7.4
jackson-databind	cpe:/a:redhat:jboss_enterprise_brms_platform:7.4	RHSA-2019:1822	2019-07-22T00:00:00Z
Red Hat JBoss EAP 7.2
jackson-databind	cpe:/a:redhat:jboss_enterprise_application_platform:7.2	RHSA-2019:1106	2019-05-08T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6
eap7-activemq-artemis-0:2.6.3-5.redhat_00020.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6	RHSA-2019:1107	2019-05-08T00:00:00Z
eap7-apache-commons-lang-0:3.8.0-1.redhat_00001.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6	RHSA-2019:1107	2019-05-08T00:00:00Z
eap7-apache-cxf-0:3.2.7-1.redhat_00001.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6	RHSA-2019:1107	2019-05-08T00:00:00Z
eap7-apache-cxf-xjc-utils-0:3.2.3-2.redhat_00002.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6	RHSA-2019:1107	2019-05-08T00:00:00Z
eap7-artemis-native-0:2.6.3-15.redhat_00020.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6	RHSA-2019:1107	2019-05-08T00:00:00Z
eap7-byte-buddy-0:1.9.5-1.redhat_00001.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6	RHSA-2019:1107	2019-05-08T00:00:00Z
eap7-dom4j-0:2.1.1-2.redhat_00001.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6	RHSA-2019:1107	2019-05-08T00:00:00Z
eap7-elytron-web-0:1.2.4-1.Final_redhat_00001.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6	RHSA-2019:1107	2019-05-08T00:00:00Z
eap7-hibernate-0:5.3.9-2.Final_redhat_00002.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6	RHSA-2019:1107	2019-05-08T00:00:00Z
eap7-httpcomponents-asyncclient-0:4.1.4-1.redhat_00001.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6	RHSA-2019:1107	2019-05-08T00:00:00Z
eap7-infinispan-0:9.3.6-1.Final_redhat_00001.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6	RHSA-2019:1107	2019-05-08T00:00:00Z
eap7-ironjacamar-0:1.4.15-1.Final_redhat_00001.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6	RHSA-2019:1107	2019-05-08T00:00:00Z
eap7-jackson-annotations-0:2.9.8-2.redhat_00004.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6	RHSA-2019:1107	2019-05-08T00:00:00Z
eap7-jackson-core-0:2.9.8-2.redhat_00004.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6	RHSA-2019:1107	2019-05-08T00:00:00Z
eap7-jackson-databind-0:2.9.8-2.redhat_00004.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6	RHSA-2019:1107	2019-05-08T00:00:00Z
eap7-jackson-jaxrs-providers-0:2.9.8-2.redhat_00004.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6	RHSA-2019:1107	2019-05-08T00:00:00Z
eap7-jackson-modules-base-0:2.9.8-1.redhat_00004.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6	RHSA-2019:1107	2019-05-08T00:00:00Z
eap7-jackson-modules-java8-0:2.9.8-1.redhat_00004.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6	RHSA-2019:1107	2019-05-08T00:00:00Z
eap7-jberet-0:1.3.2-1.Final_redhat_00001.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6	RHSA-2019:1107	2019-05-08T00:00:00Z
eap7-jboss-ejb-client-0:4.0.15-1.Final_redhat_00001.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6	RHSA-2019:1107	2019-05-08T00:00:00Z
eap7-jboss-el-api_3.0_spec-0:1.0.13-2.Final_redhat_00001.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6	RHSA-2019:1107	2019-05-08T00:00:00Z
eap7-jboss-genericjms-0:2.0.1-2.Final_redhat_00002.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6	RHSA-2019:1107	2019-05-08T00:00:00Z
eap7-jboss-logmanager-0:2.1.7-3.Final_redhat_00001.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6	RHSA-2019:1107	2019-05-08T00:00:00Z
eap7-jboss-remoting-jmx-0:3.0.1-1.Final_redhat_00001.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6	RHSA-2019:1107	2019-05-08T00:00:00Z
eap7-jboss-security-negotiation-0:3.0.5-2.Final_redhat_00001.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6	RHSA-2019:1107	2019-05-08T00:00:00Z
eap7-jboss-server-migration-0:1.3.0-7.Final_redhat_00004.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6	RHSA-2019:1107	2019-05-08T00:00:00Z
eap7-narayana-0:5.9.1-1.Final_redhat_00001.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6	RHSA-2019:1107	2019-05-08T00:00:00Z
eap7-picketlink-bindings-0:2.5.5-16.SP12_redhat_4.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6	RHSA-2019:1107	2019-05-08T00:00:00Z
eap7-picketlink-federation-0:2.5.5-16.SP12_redhat_4.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6	RHSA-2019:1107	2019-05-08T00:00:00Z
eap7-resteasy-0:3.6.1-4.SP3_redhat_00001.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6	RHSA-2019:1107	2019-05-08T00:00:00Z
eap7-sun-istack-commons-0:3.0.7-2.redhat_00001.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6	RHSA-2019:1107	2019-05-08T00:00:00Z
eap7-undertow-0:2.0.19-1.Final_redhat_00001.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6	RHSA-2019:1107	2019-05-08T00:00:00Z
eap7-undertow-jastow-0:2.0.7-2.Final_redhat_00001.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6	RHSA-2019:1107	2019-05-08T00:00:00Z
eap7-wildfly-0:7.2.1-6.GA_redhat_00004.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6	RHSA-2019:1107	2019-05-08T00:00:00Z
eap7-wildfly-elytron-0:1.6.2-1.Final_redhat_00001.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6	RHSA-2019:1107	2019-05-08T00:00:00Z
eap7-wildfly-elytron-tool-0:1.4.1-1.Final_redhat_00001.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6	RHSA-2019:1107	2019-05-08T00:00:00Z
eap7-wildfly-http-client-0:1.0.13-1.Final_redhat_00001.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6	RHSA-2019:1107	2019-05-08T00:00:00Z
eap7-wildfly-transaction-client-0:1.1.3-1.Final_redhat_00001.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6	RHSA-2019:1107	2019-05-08T00:00:00Z
eap7-yasson-0:1.0.2-1.redhat_00001.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6	RHSA-2019:1107	2019-05-08T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7
eap7-activemq-artemis-0:2.6.3-5.redhat_00020.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7	RHSA-2019:1108	2019-05-08T00:00:00Z
eap7-apache-commons-lang-0:3.8.0-1.redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7	RHSA-2019:1108	2019-05-08T00:00:00Z
eap7-apache-cxf-0:3.2.7-1.redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7	RHSA-2019:1108	2019-05-08T00:00:00Z
eap7-apache-cxf-xjc-utils-0:3.2.3-2.redhat_00002.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7	RHSA-2019:1108	2019-05-08T00:00:00Z
eap7-artemis-native-0:2.6.3-15.redhat_00020.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7	RHSA-2019:1108	2019-05-08T00:00:00Z
eap7-byte-buddy-0:1.9.5-1.redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7	RHSA-2019:1108	2019-05-08T00:00:00Z
eap7-dom4j-0:2.1.1-2.redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7	RHSA-2019:1108	2019-05-08T00:00:00Z
eap7-elytron-web-0:1.2.4-1.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7	RHSA-2019:1108	2019-05-08T00:00:00Z
eap7-hibernate-0:5.3.9-2.Final_redhat_00002.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7	RHSA-2019:1108	2019-05-08T00:00:00Z
eap7-httpcomponents-asyncclient-0:4.1.4-1.redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7	RHSA-2019:1108	2019-05-08T00:00:00Z
eap7-infinispan-0:9.3.6-1.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7	RHSA-2019:1108	2019-05-08T00:00:00Z
eap7-ironjacamar-0:1.4.15-1.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7	RHSA-2019:1108	2019-05-08T00:00:00Z
eap7-jackson-annotations-0:2.9.8-2.redhat_00004.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7	RHSA-2019:1108	2019-05-08T00:00:00Z
eap7-jackson-core-0:2.9.8-2.redhat_00004.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7	RHSA-2019:1108	2019-05-08T00:00:00Z
eap7-jackson-databind-0:2.9.8-2.redhat_00004.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7	RHSA-2019:1108	2019-05-08T00:00:00Z
eap7-jackson-jaxrs-providers-0:2.9.8-2.redhat_00004.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7	RHSA-2019:1108	2019-05-08T00:00:00Z
eap7-jackson-modules-base-0:2.9.8-1.redhat_00004.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7	RHSA-2019:1108	2019-05-08T00:00:00Z
eap7-jackson-modules-java8-0:2.9.8-1.redhat_00004.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7	RHSA-2019:1108	2019-05-08T00:00:00Z
eap7-jberet-0:1.3.2-1.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7	RHSA-2019:1108	2019-05-08T00:00:00Z
eap7-jboss-ejb-client-0:4.0.15-1.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7	RHSA-2019:1108	2019-05-08T00:00:00Z
eap7-jboss-el-api_3.0_spec-0:1.0.13-2.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7	RHSA-2019:1108	2019-05-08T00:00:00Z
eap7-jboss-genericjms-0:2.0.1-2.Final_redhat_00002.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7	RHSA-2019:1108	2019-05-08T00:00:00Z
eap7-jboss-logmanager-0:2.1.7-3.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7	RHSA-2019:1108	2019-05-08T00:00:00Z
eap7-jboss-remoting-jmx-0:3.0.1-1.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7	RHSA-2019:1108	2019-05-08T00:00:00Z
eap7-jboss-security-negotiation-0:3.0.5-2.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7	RHSA-2019:1108	2019-05-08T00:00:00Z
eap7-jboss-server-migration-0:1.3.0-7.Final_redhat_00004.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7	RHSA-2019:1108	2019-05-08T00:00:00Z
eap7-narayana-0:5.9.1-1.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7	RHSA-2019:1108	2019-05-08T00:00:00Z
eap7-picketlink-bindings-0:2.5.5-16.SP12_redhat_4.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7	RHSA-2019:1108	2019-05-08T00:00:00Z
eap7-picketlink-federation-0:2.5.5-16.SP12_redhat_4.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7	RHSA-2019:1108	2019-05-08T00:00:00Z
eap7-resteasy-0:3.6.1-4.SP3_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7	RHSA-2019:1108	2019-05-08T00:00:00Z
eap7-sun-istack-commons-0:3.0.7-2.redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7	RHSA-2019:1108	2019-05-08T00:00:00Z
eap7-undertow-0:2.0.19-1.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7	RHSA-2019:1108	2019-05-08T00:00:00Z
eap7-undertow-jastow-0:2.0.7-2.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7	RHSA-2019:1108	2019-05-08T00:00:00Z
eap7-wildfly-0:7.2.1-6.GA_redhat_00004.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7	RHSA-2019:1108	2019-05-08T00:00:00Z
eap7-wildfly-elytron-0:1.6.2-1.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7	RHSA-2019:1108	2019-05-08T00:00:00Z
eap7-wildfly-elytron-tool-0:1.4.1-1.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7	RHSA-2019:1108	2019-05-08T00:00:00Z
eap7-wildfly-http-client-0:1.0.13-1.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7	RHSA-2019:1108	2019-05-08T00:00:00Z
eap7-wildfly-transaction-client-0:1.1.3-1.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7	RHSA-2019:1108	2019-05-08T00:00:00Z
eap7-yasson-0:1.0.2-1.redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7	RHSA-2019:1108	2019-05-08T00:00:00Z
Red Hat JBoss Enterprise Application Platform Continuous Delivery
jackson-databind	cpe:/a:redhat:jboss_enterprise_application_platform_cd:16	RHSA-2020:2564	2020-06-15T00:00:00Z
Red Hat OpenShift Container Platform 3.11
openshift3/ose-logging-elasticsearch5:v3.11.153-2	cpe:/a:redhat:openshift:3.11::el7	RHSA-2019:3149	2019-10-18T00:00:00Z
Red Hat OpenShift Container Platform 4.1
openshift4/ose-logging-elasticsearch5:v4.1.18-201909201915	cpe:/a:redhat:openshift:4.1::el7	RHSA-2019:2858	2019-09-27T00:00:00Z
Red Hat OpenShift Container Platform 4.6
openshift4/ose-logging-elasticsearch6:v4.6.0-202104161407.p0	cpe:/a:redhat:openshift:4.6::el8	RHSA-2021:1230	2021-04-27T00:00:00Z
Red Hat Single Sign-On 7.3.1 zip
	cpe:/a:redhat:jboss_single_sign_on:7.3	RHSA-2019:1140	2019-05-09T00:00:00Z
Red Hat Software Collections for Red Hat Enterprise Linux 7
rh-maven35-jackson-databind-0:2.7.6-2.5.el7	cpe:/a:redhat:rhel_software_collections:3::el7	RHSA-2019:0782	2019-04-17T00:00:00Z
Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS
rh-maven35-jackson-databind-0:2.7.6-2.5.el7	cpe:/a:redhat:rhel_software_collections:3::el7	RHSA-2019:0782	2019-04-17T00:00:00Z
Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS
rh-maven35-jackson-databind-0:2.7.6-2.5.el7	cpe:/a:redhat:rhel_software_collections:3::el7	RHSA-2019:0782	2019-04-17T00:00:00Z
Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS
rh-maven35-jackson-databind-0:2.7.6-2.5.el7	cpe:/a:redhat:rhel_software_collections:3::el7	RHSA-2019:0782	2019-04-17T00:00:00Z

References

Link	Providers
https://access.redhat.com/errata/RHBA-2019:0959
https://access.redhat.com/errata/RHSA-2019:0782
https://access.redhat.com/errata/RHSA-2019:1106
https://access.redhat.com/errata/RHSA-2019:1107
https://access.redhat.com/errata/RHSA-2019:1108
https://access.redhat.com/errata/RHSA-2019:1140
https://access.redhat.com/errata/RHSA-2019:1822
https://access.redhat.com/errata/RHSA-2019:1823
https://access.redhat.com/errata/RHSA-2019:2858
https://access.redhat.com/errata/RHSA-2019:3149
https://access.redhat.com/errata/RHSA-2019:3892
https://access.redhat.com/errata/RHSA-2019:4037
https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44
https://github.com/FasterXML/jackson-databind/issues/2097
https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.7
https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E
https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E
https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E
https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3E
https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E
https://lists.debian.org/debian-lts-announce/2019/03/msg00005.html
https://nvd.nist.gov/vuln/detail/CVE-2018-14721
https://seclists.org/bugtraq/2019/May/68
https://security.netapp.com/advisory/ntap-20190530-0003/
https://www.cve.org/CVERecord?id=CVE-2018-14721
https://www.debian.org/security/2019/dsa-4452
https://www.oracle.com/security-alerts/cpuapr2020.html
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2019-01-02T18:00:00

Updated: 2024-08-05T09:38:13.150Z

Reserved: 2018-07-28T00:00:00

Link: CVE-2018-14721

Vulnrichment

No data.

NVD

Status : Modified

Published: 2019-01-02T18:29:00.543

Modified: 2023-11-07T02:53:01.290

Link: CVE-2018-14721

Redhat

Severity : Moderate

Publid Date: 2018-07-27T00:00:00Z

Links: CVE-2018-14721 - Bugzilla

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object