CVE-2019-14892 - Vulnerability Details

A flaw was discovered in jackson-databind in versions before 2.9.10, 2.8.11.5 and 2.6.7.3, where it would permit polymorphic deserialization of a malicious object using commons-configuration 1 and 2 JNDI classes. An attacker could use this flaw to execute arbitrary code.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.01371.

Key SSVC decision points have not yet been added.

Vendors	Products
Apache Subscribe	Geode Subscribe
Fasterxml Subscribe	Jackson-databind Subscribe
Redhat Subscribe	Decision Manager Subscribe Jboss Data Grid Subscribe Jboss Enterprise Application Platform Subscribe Jboss Enterprise Application Platform Cd Subscribe Jboss Enterprise Bpms Platform Subscribe Jboss Enterprise Brms Platform Subscribe Jboss Fuse Subscribe Jboss Single Sign On Subscribe Openshift Application Runtimes Subscribe Openshift Container Platform Subscribe Process Automation Subscribe

Configuration 1 [-]

OR	cpe:2.3:a:fasterxml:jackson-databind::::::::
	cpe:2.3:a:fasterxml:jackson-databind::::::::
	cpe:2.3:a:fasterxml:jackson-databind::::::::

Configuration 2 [-]

OR	cpe:2.3:a:redhat:decision_manager:7.0:::::::*
	cpe:2.3:a:redhat:jboss_data_grid:-::::text-only:::
	cpe:2.3:a:redhat:jboss_data_grid:7.0.0:::::::*
	cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0:::::::*
	cpe:2.3:a:redhat:jboss_fuse:7.0.0:::::::*
	cpe:2.3:a:redhat:openshift_container_platform:4.3:::::::*
	cpe:2.3:a:redhat:process_automation:7.0:::::::*

Configuration 3 [-]

cpe:2.3:a:apache:geode:1.12.0:*:*:*:*:*:*:*

Package	CPE	Advisory	Released Date
EAP-CD 19 Tech Preview
jackson-databind	cpe:/a:redhat:jboss_enterprise_application_platform_cd:19	RHSA-2020:2333	2020-05-28T00:00:00Z
Red Hat Data Grid 7.3.5
jackson-databind	cpe:/a:redhat:jboss_data_grid:7.3	RHSA-2020:0729	2020-03-05T00:00:00Z
Red Hat Decision Manager 7
jackson-databind	cpe:/a:redhat:jboss_enterprise_brms_platform:7.7	RHSA-2020:0899	2020-03-18T00:00:00Z
Red Hat Fuse 7.7.0
jackson-databind	cpe:/a:redhat:jboss_fuse:7	RHSA-2020:3192	2020-07-28T00:00:00Z
Red Hat JBoss EAP 7.2
jackson-databind	cpe:/a:redhat:jboss_enterprise_application_platform:7.2	RHSA-2020:0164	2020-01-21T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6
eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6	RHSA-2020:0159	2020-01-21T00:00:00Z
eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6	RHSA-2020:0159	2020-01-21T00:00:00Z
eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6	RHSA-2020:0159	2020-01-21T00:00:00Z
eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6	RHSA-2020:0159	2020-01-21T00:00:00Z
eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6	RHSA-2020:0159	2020-01-21T00:00:00Z
eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6	RHSA-2020:0159	2020-01-21T00:00:00Z
eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6	RHSA-2020:0159	2020-01-21T00:00:00Z
eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6	RHSA-2020:0159	2020-01-21T00:00:00Z
eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6	RHSA-2020:0159	2020-01-21T00:00:00Z
eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6	RHSA-2020:0159	2020-01-21T00:00:00Z
eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6	RHSA-2020:0159	2020-01-21T00:00:00Z
eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6	RHSA-2020:0159	2020-01-21T00:00:00Z
eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6	RHSA-2020:0159	2020-01-21T00:00:00Z
eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6	RHSA-2020:0159	2020-01-21T00:00:00Z
eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6	RHSA-2020:0159	2020-01-21T00:00:00Z
eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6	RHSA-2020:0159	2020-01-21T00:00:00Z
eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6	RHSA-2020:0159	2020-01-21T00:00:00Z
eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6	RHSA-2020:0159	2020-01-21T00:00:00Z
eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6	RHSA-2020:0159	2020-01-21T00:00:00Z
eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6	RHSA-2020:0159	2020-01-21T00:00:00Z
eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6	RHSA-2020:0159	2020-01-21T00:00:00Z
eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6	RHSA-2020:0159	2020-01-21T00:00:00Z
eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6	RHSA-2020:0159	2020-01-21T00:00:00Z
eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6	RHSA-2020:0159	2020-01-21T00:00:00Z
eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6	RHSA-2020:0159	2020-01-21T00:00:00Z
eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6	RHSA-2020:0159	2020-01-21T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7
eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7	RHSA-2020:0160	2020-01-21T00:00:00Z
eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7	RHSA-2020:0160	2020-01-21T00:00:00Z
eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7	RHSA-2020:0160	2020-01-21T00:00:00Z
eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7	RHSA-2020:0160	2020-01-21T00:00:00Z
eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7	RHSA-2020:0160	2020-01-21T00:00:00Z
eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7	RHSA-2020:0160	2020-01-21T00:00:00Z
eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7	RHSA-2020:0160	2020-01-21T00:00:00Z
eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7	RHSA-2020:0160	2020-01-21T00:00:00Z
eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7	RHSA-2020:0160	2020-01-21T00:00:00Z
eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7	RHSA-2020:0160	2020-01-21T00:00:00Z
eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7	RHSA-2020:0160	2020-01-21T00:00:00Z
eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7	RHSA-2020:0160	2020-01-21T00:00:00Z
eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7	RHSA-2020:0160	2020-01-21T00:00:00Z
eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7	RHSA-2020:0160	2020-01-21T00:00:00Z
eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7	RHSA-2020:0160	2020-01-21T00:00:00Z
eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7	RHSA-2020:0160	2020-01-21T00:00:00Z
eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7	RHSA-2020:0160	2020-01-21T00:00:00Z
eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7	RHSA-2020:0160	2020-01-21T00:00:00Z
eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7	RHSA-2020:0160	2020-01-21T00:00:00Z
eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7	RHSA-2020:0160	2020-01-21T00:00:00Z
eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7	RHSA-2020:0160	2020-01-21T00:00:00Z
eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7	RHSA-2020:0160	2020-01-21T00:00:00Z
eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7	RHSA-2020:0160	2020-01-21T00:00:00Z
eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7	RHSA-2020:0160	2020-01-21T00:00:00Z
eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7	RHSA-2020:0160	2020-01-21T00:00:00Z
eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7	RHSA-2020:0160	2020-01-21T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8
eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8	RHSA-2020:0161	2020-01-21T00:00:00Z
eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8	RHSA-2020:0161	2020-01-21T00:00:00Z
eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8	RHSA-2020:0161	2020-01-21T00:00:00Z
eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8	RHSA-2020:0161	2020-01-21T00:00:00Z
eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8	RHSA-2020:0161	2020-01-21T00:00:00Z
eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8	RHSA-2020:0161	2020-01-21T00:00:00Z
eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8	RHSA-2020:0161	2020-01-21T00:00:00Z
eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8	RHSA-2020:0161	2020-01-21T00:00:00Z
eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8	RHSA-2020:0161	2020-01-21T00:00:00Z
eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8	RHSA-2020:0161	2020-01-21T00:00:00Z
eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8	RHSA-2020:0161	2020-01-21T00:00:00Z
eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8	RHSA-2020:0161	2020-01-21T00:00:00Z
eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8	RHSA-2020:0161	2020-01-21T00:00:00Z
eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8	RHSA-2020:0161	2020-01-21T00:00:00Z
eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8	RHSA-2020:0161	2020-01-21T00:00:00Z
eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8	RHSA-2020:0161	2020-01-21T00:00:00Z
eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8	RHSA-2020:0161	2020-01-21T00:00:00Z
eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8	RHSA-2020:0161	2020-01-21T00:00:00Z
eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8	RHSA-2020:0161	2020-01-21T00:00:00Z
eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8	RHSA-2020:0161	2020-01-21T00:00:00Z
eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8	RHSA-2020:0161	2020-01-21T00:00:00Z
eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8	RHSA-2020:0161	2020-01-21T00:00:00Z
eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8	RHSA-2020:0161	2020-01-21T00:00:00Z
eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8	RHSA-2020:0161	2020-01-21T00:00:00Z
eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8	RHSA-2020:0161	2020-01-21T00:00:00Z
eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8	RHSA-2020:0161	2020-01-21T00:00:00Z
Red Hat Process Automation 7
jackson-databind	cpe:/a:redhat:jboss_enterprise_bpms_platform:7.7	RHSA-2020:0895	2020-03-18T00:00:00Z
Red Hat Single Sign-On 7.3
jackson-databind	cpe:/a:redhat:jboss_single_sign_on:7.3	RHSA-2020:0445	2020-02-06T00:00:00Z
Text-Only RHOAR
	cpe:/a:redhat:openshift_application_runtimes:1.0	RHSA-2020:2067	2020-05-18T00:00:00Z

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2020-0420	A flaw was discovered in jackson-databind in versions before 2.9.10, 2.8.11.5 and 2.6.7.3, where it would permit polymorphic deserialization of a malicious object using commons-configuration 1 and 2 JNDI classes. An attacker could use this flaw to execute arbitrary code.
Github GHSA	GHSA-cf6r-3wgc-h863	Polymorphic deserialization of malicious object in jackson-databind

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://access.redhat.com/errata/RHSA-2020:0729
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14892
https://github.com/FasterXML/jackson-databind/issues/2462
https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E
https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2019-14892
https://security.netapp.com/advisory/ntap-20200904-0005/
https://www.cve.org/CVERecord?id=CVE-2019-14892

History

No history.

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2020-03-02T16:28:40

Updated: 2024-08-05T00:26:39.136Z

Reserved: 2019-08-10T00:00:00

Link: CVE-2019-14892

Vulnrichment

No data.

NVD

Status : Modified

Published: 2020-03-02T17:15:17.813

Modified: 2024-11-21T04:27:37.527

Link: CVE-2019-14892

Redhat

Severity : Moderate

Publid Date: 2019-09-19T00:00:00Z

Links: CVE-2019-14892 - Bugzilla

OpenCVE Enrichment

No data.

Weaknesses

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Projects

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Projects

JSON object

JSON object

JSON object

JSON object

JSON object