CVE-2019-12814 - Vulnerability Details

CVE-2019-12814 - jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server via crafted JSON message.

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x through 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has JDOM 1.x or 2.x jar in the classpath, an attacker can send a specifically crafted JSON message that allows them to read arbitrary local files on the server.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.22123.

Exploitation none

Automatable no

Technical Impact partial

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

affected

Version	Status	Constraints
`n/a`	affected	—

Configuration 1 [-]

OR	cpe:2.3:a:fasterxml:jackson-databind::::::::
	cpe:2.3:a:fasterxml:jackson-databind::::::::
	cpe:2.3:a:fasterxml:jackson-databind::::::::
	cpe:2.3:a:fasterxml:jackson-databind::::::::

Configuration 2 [-]

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Package	CPE	Advisory	Released Date
Red Hat AMQ Streams 1
	cpe:/a:redhat:amq_streams:1	RHSA-2019:3200	2019-10-24T00:00:00Z
Red Hat Decision Manager 7
jackson-databind	cpe:/a:redhat:jboss_enterprise_brms_platform:7.5	RHSA-2019:3292	2019-10-31T00:00:00Z
Red Hat Enterprise Linux 8
pki-core:10.6-8010020190912123424.8ba0ffbe	cpe:/a:redhat:enterprise_linux:8	RHBA-2019:3416	2019-11-05T00:00:00Z
pki-deps:10.6-8010020190731203900.cdc1202b	cpe:/a:redhat:enterprise_linux:8	RHBA-2019:3416	2019-11-05T00:00:00Z
Red Hat Fuse 6.3
	cpe:/a:redhat:jboss_amq:6.3	RHSA-2019:2804	2019-09-17T00:00:00Z
Red Hat Fuse 7.6.0
jackson-databind	cpe:/a:redhat:jboss_fuse:7	RHSA-2020:0983	2020-03-26T00:00:00Z
Red Hat JBoss EAP 7.2
jackson-databind	cpe:/a:redhat:jboss_enterprise_application_platform:7.2	RHSA-2019:2938	2019-09-30T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6
eap7-activemq-artemis-0:2.9.0-1.redhat_00005.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6	RHSA-2019:2935	2019-10-01T00:00:00Z
eap7-codehaus-jackson-0:1.9.13-9.redhat_00006.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6	RHSA-2019:2935	2019-10-01T00:00:00Z
eap7-glassfish-jsf-0:2.3.5-4.SP3_redhat_00002.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6	RHSA-2019:2935	2019-10-01T00:00:00Z
eap7-hal-console-0:3.0.16-1.Final_redhat_00001.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6	RHSA-2019:2935	2019-10-01T00:00:00Z
eap7-hibernate-0:5.3.11-2.SP1_redhat_00001.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6	RHSA-2019:2935	2019-10-01T00:00:00Z
eap7-infinispan-0:9.3.7-1.Final_redhat_00001.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6	RHSA-2019:2935	2019-10-01T00:00:00Z
eap7-ironjacamar-0:1.4.17-1.Final_redhat_00001.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6	RHSA-2019:2935	2019-10-01T00:00:00Z
eap7-jackson-annotations-0:2.9.9-1.redhat_00001.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6	RHSA-2019:2935	2019-10-01T00:00:00Z
eap7-jackson-core-0:2.9.9-1.redhat_00001.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6	RHSA-2019:2935	2019-10-01T00:00:00Z
eap7-jackson-databind-0:2.9.9.3-1.redhat_00001.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6	RHSA-2019:2935	2019-10-01T00:00:00Z
eap7-jackson-jaxrs-providers-0:2.9.9-2.redhat_00001.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6	RHSA-2019:2935	2019-10-01T00:00:00Z
eap7-jackson-modules-base-0:2.9.9-1.redhat_00001.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6	RHSA-2019:2935	2019-10-01T00:00:00Z
eap7-jackson-modules-java8-0:2.9.9-1.redhat_00001.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6	RHSA-2019:2935	2019-10-01T00:00:00Z
eap7-jboss-ejb-client-0:4.0.23-1.Final_redhat_00001.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6	RHSA-2019:2935	2019-10-01T00:00:00Z
eap7-jboss-jaxrs-api_2.1_spec-0:1.0.3-1.Final_redhat_00001.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6	RHSA-2019:2935	2019-10-01T00:00:00Z
eap7-jboss-logging-0:3.3.3-1.Final_redhat_00001.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6	RHSA-2019:2935	2019-10-01T00:00:00Z
eap7-jboss-logmanager-0:2.1.14-1.Final_redhat_00001.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6	RHSA-2019:2935	2019-10-01T00:00:00Z
eap7-jboss-marshalling-0:2.0.9-1.Final_redhat_00001.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6	RHSA-2019:2935	2019-10-01T00:00:00Z
eap7-jboss-msc-0:1.4.8-1.Final_redhat_00001.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6	RHSA-2019:2935	2019-10-01T00:00:00Z
eap7-jboss-remoting-0:5.0.14-1.SP1_redhat_00001.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6	RHSA-2019:2935	2019-10-01T00:00:00Z
eap7-jboss-server-migration-0:1.3.1-4.Final_redhat_00004.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6	RHSA-2019:2935	2019-10-01T00:00:00Z
eap7-jboss-xnio-base-0:3.7.3-1.Final_redhat_00001.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6	RHSA-2019:2935	2019-10-01T00:00:00Z
eap7-jgroups-0:4.0.20-1.Final_redhat_00001.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6	RHSA-2019:2935	2019-10-01T00:00:00Z
eap7-narayana-0:5.9.6-1.Final_redhat_00001.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6	RHSA-2019:2935	2019-10-01T00:00:00Z
eap7-netty-0:4.1.34-2.Final_redhat_00002.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6	RHSA-2019:2935	2019-10-01T00:00:00Z
eap7-picketbox-0:5.0.3-5.Final_redhat_00004.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6	RHSA-2019:2935	2019-10-01T00:00:00Z
eap7-picketlink-bindings-0:2.5.5-20.SP12_redhat_00007.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6	RHSA-2019:2935	2019-10-01T00:00:00Z
eap7-picketlink-federation-0:2.5.5-20.SP12_redhat_00007.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6	RHSA-2019:2935	2019-10-01T00:00:00Z
eap7-undertow-0:2.0.25-1.SP1_redhat_00001.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6	RHSA-2019:2935	2019-10-01T00:00:00Z
eap7-weld-core-0:3.0.6-2.Final_redhat_00002.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6	RHSA-2019:2935	2019-10-01T00:00:00Z
eap7-wildfly-0:7.2.4-1.GA_redhat_00002.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6	RHSA-2019:2935	2019-10-01T00:00:00Z
eap7-wildfly-elytron-0:1.6.4-1.Final_redhat_00001.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6	RHSA-2019:2935	2019-10-01T00:00:00Z
eap7-wildfly-elytron-tool-0:1.4.3-1.Final_redhat_00001.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6	RHSA-2019:2935	2019-10-01T00:00:00Z
eap7-wildfly-transaction-client-0:1.1.6-2.Final_redhat_00001.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6	RHSA-2019:2935	2019-10-01T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7
eap7-activemq-artemis-0:2.9.0-1.redhat_00005.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7	RHSA-2019:2936	2019-10-01T00:00:00Z
eap7-codehaus-jackson-0:1.9.13-9.redhat_00006.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7	RHSA-2019:2936	2019-10-01T00:00:00Z
eap7-glassfish-jsf-0:2.3.5-4.SP3_redhat_00002.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7	RHSA-2019:2936	2019-10-01T00:00:00Z
eap7-hal-console-0:3.0.16-1.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7	RHSA-2019:2936	2019-10-01T00:00:00Z
eap7-hibernate-0:5.3.11-2.SP1_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7	RHSA-2019:2936	2019-10-01T00:00:00Z
eap7-infinispan-0:9.3.7-1.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7	RHSA-2019:2936	2019-10-01T00:00:00Z
eap7-ironjacamar-0:1.4.17-1.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7	RHSA-2019:2936	2019-10-01T00:00:00Z
eap7-jackson-annotations-0:2.9.9-1.redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7	RHSA-2019:2936	2019-10-01T00:00:00Z
eap7-jackson-core-0:2.9.9-1.redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7	RHSA-2019:2936	2019-10-01T00:00:00Z
eap7-jackson-databind-0:2.9.9.3-1.redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7	RHSA-2019:2936	2019-10-01T00:00:00Z
eap7-jackson-jaxrs-providers-0:2.9.9-2.redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7	RHSA-2019:2936	2019-10-01T00:00:00Z
eap7-jackson-modules-base-0:2.9.9-1.redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7	RHSA-2019:2936	2019-10-01T00:00:00Z
eap7-jackson-modules-java8-0:2.9.9-1.redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7	RHSA-2019:2936	2019-10-01T00:00:00Z
eap7-jboss-ejb-client-0:4.0.23-1.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7	RHSA-2019:2936	2019-10-01T00:00:00Z
eap7-jboss-jaxrs-api_2.1_spec-0:1.0.3-1.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7	RHSA-2019:2936	2019-10-01T00:00:00Z
eap7-jboss-logging-0:3.3.3-1.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7	RHSA-2019:2936	2019-10-01T00:00:00Z
eap7-jboss-logmanager-0:2.1.14-1.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7	RHSA-2019:2936	2019-10-01T00:00:00Z
eap7-jboss-marshalling-0:2.0.9-1.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7	RHSA-2019:2936	2019-10-01T00:00:00Z
eap7-jboss-msc-0:1.4.8-1.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7	RHSA-2019:2936	2019-10-01T00:00:00Z
eap7-jboss-remoting-0:5.0.14-1.SP1_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7	RHSA-2019:2936	2019-10-01T00:00:00Z
eap7-jboss-server-migration-0:1.3.1-4.Final_redhat_00004.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7	RHSA-2019:2936	2019-10-01T00:00:00Z
eap7-jboss-xnio-base-0:3.7.3-1.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7	RHSA-2019:2936	2019-10-01T00:00:00Z
eap7-jgroups-0:4.0.20-1.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7	RHSA-2019:2936	2019-10-01T00:00:00Z
eap7-narayana-0:5.9.6-1.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7	RHSA-2019:2936	2019-10-01T00:00:00Z
eap7-netty-0:4.1.34-2.Final_redhat_00002.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7	RHSA-2019:2936	2019-10-01T00:00:00Z
eap7-picketbox-0:5.0.3-5.Final_redhat_00004.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7	RHSA-2019:2936	2019-10-01T00:00:00Z
eap7-picketlink-bindings-0:2.5.5-20.SP12_redhat_00007.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7	RHSA-2019:2936	2019-10-01T00:00:00Z
eap7-picketlink-federation-0:2.5.5-20.SP12_redhat_00007.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7	RHSA-2019:2936	2019-10-01T00:00:00Z
eap7-undertow-0:2.0.25-1.SP1_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7	RHSA-2019:2936	2019-10-01T00:00:00Z
eap7-weld-core-0:3.0.6-2.Final_redhat_00002.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7	RHSA-2019:2936	2019-10-01T00:00:00Z
eap7-wildfly-0:7.2.4-1.GA_redhat_00002.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7	RHSA-2019:2936	2019-10-01T00:00:00Z
eap7-wildfly-elytron-0:1.6.4-1.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7	RHSA-2019:2936	2019-10-01T00:00:00Z
eap7-wildfly-elytron-tool-0:1.4.3-1.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7	RHSA-2019:2936	2019-10-01T00:00:00Z
eap7-wildfly-transaction-client-0:1.1.6-2.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7	RHSA-2019:2936	2019-10-01T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8
eap7-activemq-artemis-0:2.9.0-1.redhat_00005.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8	RHSA-2019:2937	2019-10-01T00:00:00Z
eap7-codehaus-jackson-0:1.9.13-9.redhat_00006.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8	RHSA-2019:2937	2019-10-01T00:00:00Z
eap7-glassfish-jsf-0:2.3.5-4.SP3_redhat_00002.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8	RHSA-2019:2937	2019-10-01T00:00:00Z
eap7-hal-console-0:3.0.16-1.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8	RHSA-2019:2937	2019-10-01T00:00:00Z
eap7-hibernate-0:5.3.11-2.SP1_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8	RHSA-2019:2937	2019-10-01T00:00:00Z
eap7-infinispan-0:9.3.7-1.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8	RHSA-2019:2937	2019-10-01T00:00:00Z
eap7-ironjacamar-0:1.4.17-1.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8	RHSA-2019:2937	2019-10-01T00:00:00Z
eap7-jackson-annotations-0:2.9.9-1.redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8	RHSA-2019:2937	2019-10-01T00:00:00Z
eap7-jackson-core-0:2.9.9-1.redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8	RHSA-2019:2937	2019-10-01T00:00:00Z
eap7-jackson-databind-0:2.9.9.3-1.redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8	RHSA-2019:2937	2019-10-01T00:00:00Z
eap7-jackson-jaxrs-providers-0:2.9.9-2.redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8	RHSA-2019:2937	2019-10-01T00:00:00Z
eap7-jackson-modules-base-0:2.9.9-1.redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8	RHSA-2019:2937	2019-10-01T00:00:00Z
eap7-jackson-modules-java8-0:2.9.9-1.redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8	RHSA-2019:2937	2019-10-01T00:00:00Z
eap7-jboss-ejb-client-0:4.0.23-1.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8	RHSA-2019:2937	2019-10-01T00:00:00Z
eap7-jboss-jaxrs-api_2.1_spec-0:1.0.3-1.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8	RHSA-2019:2937	2019-10-01T00:00:00Z
eap7-jboss-logging-0:3.3.3-1.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8	RHSA-2019:2937	2019-10-01T00:00:00Z
eap7-jboss-logmanager-0:2.1.14-1.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8	RHSA-2019:2937	2019-10-01T00:00:00Z
eap7-jboss-marshalling-0:2.0.9-1.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8	RHSA-2019:2937	2019-10-01T00:00:00Z
eap7-jboss-msc-0:1.4.8-1.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8	RHSA-2019:2937	2019-10-01T00:00:00Z
eap7-jboss-remoting-0:5.0.14-1.SP1_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8	RHSA-2019:2937	2019-10-01T00:00:00Z
eap7-jboss-server-migration-0:1.3.1-4.Final_redhat_00004.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8	RHSA-2019:2937	2019-10-01T00:00:00Z
eap7-jboss-xnio-base-0:3.7.3-1.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8	RHSA-2019:2937	2019-10-01T00:00:00Z
eap7-jgroups-0:4.0.20-1.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8	RHSA-2019:2937	2019-10-01T00:00:00Z
eap7-narayana-0:5.9.6-1.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8	RHSA-2019:2937	2019-10-01T00:00:00Z
eap7-netty-0:4.1.34-2.Final_redhat_00002.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8	RHSA-2019:2937	2019-10-01T00:00:00Z
eap7-picketbox-0:5.0.3-5.Final_redhat_00004.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8	RHSA-2019:2937	2019-10-01T00:00:00Z
eap7-picketlink-bindings-0:2.5.5-20.SP12_redhat_00007.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8	RHSA-2019:2937	2019-10-01T00:00:00Z
eap7-picketlink-federation-0:2.5.5-20.SP12_redhat_00007.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8	RHSA-2019:2937	2019-10-01T00:00:00Z
eap7-undertow-0:2.0.25-1.SP1_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8	RHSA-2019:2937	2019-10-01T00:00:00Z
eap7-weld-core-0:3.0.6-2.Final_redhat_00002.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8	RHSA-2019:2937	2019-10-01T00:00:00Z
eap7-wildfly-0:7.2.4-1.GA_redhat_00002.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8	RHSA-2019:2937	2019-10-01T00:00:00Z
eap7-wildfly-elytron-0:1.6.4-1.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8	RHSA-2019:2937	2019-10-01T00:00:00Z
eap7-wildfly-elytron-tool-0:1.4.3-1.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8	RHSA-2019:2937	2019-10-01T00:00:00Z
eap7-wildfly-transaction-client-0:1.1.6-2.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8	RHSA-2019:2937	2019-10-01T00:00:00Z
Red Hat OpenShift Container Platform 3.11
openshift3/ose-logging-elasticsearch5:v3.11.153-2	cpe:/a:redhat:openshift:3.11::el7	RHSA-2019:3149	2019-10-18T00:00:00Z
Red Hat OpenShift Container Platform 4.1
openshift4/ose-logging-elasticsearch5:v4.1.18-201909201915	cpe:/a:redhat:openshift:4.1::el7	RHSA-2019:2858	2019-09-27T00:00:00Z
Red Hat Process Automation 7
jackson-databind	cpe:/a:redhat:jboss_enterprise_bpms_platform:7.5	RHSA-2019:3297	2019-10-31T00:00:00Z
Red Hat Single Sign-On 7.3.4 zip
jackson-databind	cpe:/a:redhat:jboss_single_sign_on:7.3	RHSA-2019:3050	2019-10-14T00:00:00Z
Red Hat Single Sign-On 7.3 for RHEL 6
rh-sso7-keycloak-0:4.8.13-1.Final_redhat_00001.1.el6sso	cpe:/a:redhat:red_hat_single_sign_on:7::el6	RHSA-2019:3044	2019-10-14T00:00:00Z
Red Hat Single Sign-On 7.3 for RHEL 7
rh-sso7-keycloak-0:4.8.13-1.Final_redhat_00001.1.el7sso	cpe:/a:redhat:red_hat_single_sign_on:7::el7	RHSA-2019:3045	2019-10-14T00:00:00Z
rh-sso7-libunix-dbus-java-0:0.8.0-2.el7sso	cpe:/a:redhat:red_hat_single_sign_on:7::el7	RHSA-2019:3045	2019-10-14T00:00:00Z
Red Hat Single Sign-On 7.3 for RHEL 8
rh-sso7-keycloak-0:4.8.13-1.Final_redhat_00001.1.el8sso	cpe:/a:redhat:red_hat_single_sign_on:7::el8	RHSA-2019:3046	2019-10-14T00:00:00Z

No data.

Project Subscriptions

Vendors	Products
Debian Subscribe	Debian Linux Subscribe
Fasterxml Subscribe	Jackson-databind Subscribe
Redhat Subscribe	Amq Streams Subscribe Enterprise Linux Subscribe Jboss Amq Subscribe Jboss Enterprise Application Platform Subscribe Jboss Enterprise Bpms Platform Subscribe Jboss Enterprise Brms Platform Subscribe Jboss Fuse Subscribe Jboss Single Sign On Subscribe Openshift Subscribe Red Hat Single Sign On Subscribe

Advisories

Source	ID	Title
Debian DLA	DLA-1831-1	jackson-databind security update
Github GHSA	GHSA-cmfg-87vq-g5g4	Deserialization of untrusted data in FasterXML jackson-databind
Ubuntu USN	USN-4813-1	Jackson Databind vulnerabilities

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://access.redhat.com/errata/RHSA-2019:2858
https://access.redhat.com/errata/RHSA-2019:2935
https://access.redhat.com/errata/RHSA-2019:2936
https://access.redhat.com/errata/RHSA-2019:2937
https://access.redhat.com/errata/RHSA-2019:2938
https://access.redhat.com/errata/RHSA-2019:3044
https://access.redhat.com/errata/RHSA-2019:3045
https://access.redhat.com/errata/RHSA-2019:3046
https://access.redhat.com/errata/RHSA-2019:3050
https://access.redhat.com/errata/RHSA-2019:3149
https://access.redhat.com/errata/RHSA-2019:3200
https://access.redhat.com/errata/RHSA-2019:3292
https://access.redhat.com/errata/RHSA-2019:3297
https://github.com/FasterXML/jackson-databind/issues/2341
https://lists.apache.org/thread.html/0d4b630d9ee724aee50703397d9d1afa2b2befc9395ba7797d0ccea9%40%3Cdev.tomee.apache.org%3E
https://lists.apache.org/thread.html/129da0204c876f746636018751a086cc581e0e07bcdeb3ee22ff5731%40%3Cdev.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/15a55e1d837fa686db493137cc0330c7ee1089ed9a9eea7ae7151ef1%40%3Cissues.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/1e04d9381c801b31ab28dec813c31c304b2a596b2a3707fa5462c5c0%40%3Cnotifications.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/28be28ffd6471d230943a255c36fe196a54ef5afc494a4781d16e37c%40%3Cissues.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/2d2a76440becb610b9a9cb49b15eac3934b02c2dbcaacde1000353e4%40%3Cdev.tomee.apache.org%3E
https://lists.apache.org/thread.html/2ff264b6a94c5363a35c4c88fa93216f60ec54d1d973ed6b76a9f560%40%3Cissues.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/34717424b4d08b74f65c09a083d6dd1cb0763f37a15d6de135998c1d%40%3Cdev.tomee.apache.org%3E
https://lists.apache.org/thread.html/3f99ae8dcdbd69438cb733d745ee3ad5e852068490719a66509b4592%40%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/4b832d1327703d6b287a6d223307f8f884d798821209a10647e93324%40%3Cnotifications.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E
https://lists.apache.org/thread.html/56c8042873595b8c863054c7bfccab4bf2c01c6f5abedae249d914b9%40%3Cdev.tomee.apache.org%3E
https://lists.apache.org/thread.html/5ecc333113b139429f4f05000d4aa2886974d4df3269c1dd990bb319%40%3Cdev.tomee.apache.org%3E
https://lists.apache.org/thread.html/5fc0e16b7af2590bf1e97c76c136291c4fdb244ee63c65c485c9a7a1%40%3Cdev.tomee.apache.org%3E
https://lists.apache.org/thread.html/71f9ffd92410a889e27b95a219eaa843fd820f8550898633d85d4ea3%40%3Cissues.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/87e46591de8925f719664a845572d184027258c5a7af0a471b53c77b%40%3Cdev.tomee.apache.org%3E
https://lists.apache.org/thread.html/8fe2983f6d9fee0aa737e4bd24483f8f5cf9b938b9adad0c4e79b2a4%40%3Cnotifications.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef%40%3Cdev.struts.apache.org%3E
https://lists.apache.org/thread.html/a3ae8a8c5e32c413cd27071d3a204166050bf79ce7f1299f6866338f%40%3Cissues.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/a62aa2706105d68f1c02023fe24aaa3c13b4d8a1826181fed07d9682%40%3Cnotifications.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/a78239b1f11cddfa86e4edee19064c40b6272214630bfef070c37957%40%3Cissues.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E
https://lists.apache.org/thread.html/b0a2b2cca072650dbd5882719976c3d353972c44f6736ddf0ba95209%40%3Cissues.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/b148fa2e9ef468c4de00de255dd728b74e2a97d935f8ced31eb41ba2%40%3Cnotifications.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E
https://lists.apache.org/thread.html/bf20574dbc2db255f1fd489942b5720f675e32a2c4f44eb6a36060cd%40%3Ccommits.accumulo.apache.org%3E
https://lists.apache.org/thread.html/e0733058c0366b703e6757d8d2a7a04b943581f659e9c271f0841dfe%40%3Cnotifications.geode.apache.org%3E
https://lists.apache.org/thread.html/ee0a051428d2c719acfa297d0854a189ea5e284ef3ed491fa672f4be%40%3Cdev.tomee.apache.org%3E
https://lists.apache.org/thread.html/eff7280055fc717ea8129cd28a9dd57b8446d00b36260c1caee10b87%40%3Cnotifications.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E
https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E
https://lists.debian.org/debian-lts-announce/2019/06/msg00019.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OVRZDN2T6AZ6DJCZJ3VSIQIVHBVMVWBL/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TXRVXNRFHJSQWFHPRJQRI5UPMZ63B544/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UKUALE2TUCKEKOHE2D342PQXN4MWCSLC/
https://nvd.nist.gov/vuln/detail/CVE-2019-12814
https://security.netapp.com/advisory/ntap-20190625-0006/
https://www.cve.org/CVERecord?id=CVE-2019-12814
https://www.oracle.com/security-alerts/cpujan2020.html
https://www.oracle.com/security-alerts/cpujul2020.html
https://www.oracle.com/security-alerts/cpuoct2020.html
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

History

Wed, 27 Aug 2025 21:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2019-06-19T13:24:44.000Z

Updated: 2025-08-27T20:30:34.890Z

Reserved: 2019-06-13T00:00:00.000Z

Link: CVE-2019-12814

Vulnrichment

Updated: 2024-08-04T23:32:55.182Z

NVD

Status : Modified

Published: 2019-06-19T14:15:10.897

Modified: 2025-08-27T21:15:34.630

Link: CVE-2019-12814

Redhat

Severity : Moderate

Publid Date: 2019-06-04T00:00:00Z

Links: CVE-2019-12814 - Bugzilla

OpenCVE Enrichment

No data.

Weaknesses

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Exploitation none

Automatable no

Technical Impact partial

Project Subscriptions

Projects

JSON object

JSON object

JSON object

JSON object

JSON object