{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-07-20T22:53:39.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "[debian-lts-announce] 20191002 [SECURITY] [DLA 1943-1] jackson-databind security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00001.html"}, {"name": "DSA-4542", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2019/dsa-4542"}, {"name": "20191007 [SECURITY] [DSA 4542-1] jackson-databind security update", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "https://seclists.org/bugtraq/2019/Oct/6"}, {"name": "FEDORA-2019-b171554877", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TH5VFUN4P7CCIP7KSEXYA5MUTFCUDUJT/"}, {"name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"}, {"name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"}, {"name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"}, {"name": "FEDORA-2019-cf87377f5f", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q7CANA7KV53JROZDX5Z5P26UG5VN2K43/"}, {"name": "[iceberg-issues] 20191027 [GitHub] [incubator-iceberg] rdsr commented on issue #535: Update Jackson to 2.9.10 for CVE-2019-14379", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/6788e4c991f75b89d290ad06b463fcd30bcae99fee610345a35b7bc6%40%3Cissues.iceberg.apache.org%3E"}, {"name": "[iceberg-commits] 20191028 [incubator-iceberg] branch master updated: Update Jackson to 2.10.0 for CVE-2019-16943 (#583)", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/5ec8d8d485c2c8ac55ea425f4cd96596ef37312532712639712ebcdd%40%3Ccommits.iceberg.apache.org%3E"}, {"name": "[druid-commits] 20200115 [druid] branch 0.17.0 updated: Suppress CVE-2019-20330 for htrace-core-4.0.1 (#9189) (#9191)", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r392099ed2757ff2e383b10440594e914d080511d7da1c8fed0612c1f%40%3Ccommits.druid.apache.org%3E"}, {"name": "RHSA-2020:0164", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2020:0164"}, {"name": "RHSA-2020:0159", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2020:0159"}, {"name": "RHSA-2020:0160", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2020:0160"}, {"name": "RHSA-2020:0161", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2020:0161"}, {"name": "RHSA-2020:0445", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2020:0445"}, {"tags": ["x_refsource_MISC"], "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/security-alerts/cpujul2020.html"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/security-alerts/cpujan2020.html"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/FasterXML/jackson-databind/issues/2478"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20191017-0006/"}, {"name": "[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E"}, {"name": "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com//security-alerts/cpujul2021.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-16943", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "[debian-lts-announce] 20191002 [SECURITY] [DLA 1943-1] jackson-databind security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00001.html"}, {"name": "DSA-4542", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2019/dsa-4542"}, {"name": "20191007 [SECURITY] [DSA 4542-1] jackson-databind security update", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/Oct/6"}, {"name": "FEDORA-2019-b171554877", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TH5VFUN4P7CCIP7KSEXYA5MUTFCUDUJT/"}, {"name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E"}, {"name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E"}, {"name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E"}, {"name": "FEDORA-2019-cf87377f5f", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q7CANA7KV53JROZDX5Z5P26UG5VN2K43/"}, {"name": "[iceberg-issues] 20191027 [GitHub] [incubator-iceberg] rdsr commented on issue #535: Update Jackson to 2.9.10 for CVE-2019-14379", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/6788e4c991f75b89d290ad06b463fcd30bcae99fee610345a35b7bc6@%3Cissues.iceberg.apache.org%3E"}, {"name": "[iceberg-commits] 20191028 [incubator-iceberg] branch master updated: Update Jackson to 2.10.0 for CVE-2019-16943 (#583)", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/5ec8d8d485c2c8ac55ea425f4cd96596ef37312532712639712ebcdd@%3Ccommits.iceberg.apache.org%3E"}, {"name": "[iceberg-commits] 20191028 [incubator-iceberg] branch master updated: Update Jackson to 2.10.0 for CVE-2019-16943 (#583)", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/5ec8d8d485c2c8ac55ea425f4cd96596ef37312532712639712ebcdd@%3Ccommits.iceberg.apache.org%3E"}, {"name": "[druid-commits] 20200115 [druid] branch 0.17.0 updated: Suppress CVE-2019-20330 for htrace-core-4.0.1 (#9189) (#9191)", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r392099ed2757ff2e383b10440594e914d080511d7da1c8fed0612c1f@%3Ccommits.druid.apache.org%3E"}, {"name": "RHSA-2020:0164", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2020:0164"}, {"name": "RHSA-2020:0159", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2020:0159"}, {"name": "RHSA-2020:0160", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2020:0160"}, {"name": "RHSA-2020:0161", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2020:0161"}, {"name": "RHSA-2020:0445", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2020:0445"}, {"name": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062", "refsource": "MISC", "url": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"}, {"name": "https://www.oracle.com/security-alerts/cpuapr2020.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"}, {"name": "https://www.oracle.com/security-alerts/cpujul2020.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpujul2020.html"}, {"name": "https://www.oracle.com/security-alerts/cpujan2020.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpujan2020.html"}, {"name": "https://github.com/FasterXML/jackson-databind/issues/2478", "refsource": "MISC", "url": "https://github.com/FasterXML/jackson-databind/issues/2478"}, {"name": "https://security.netapp.com/advisory/ntap-20191017-0006/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20191017-0006/"}, {"name": "[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E"}, {"name": "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E"}, {"name": "https://www.oracle.com/security-alerts/cpuoct2020.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"}, {"name": "https://www.oracle.com//security-alerts/cpujul2021.html", "refsource": "MISC", "url": "https://www.oracle.com//security-alerts/cpujul2021.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T01:24:48.524Z"}, "title": "CVE Program Container", "references": [{"name": "[debian-lts-announce] 20191002 [SECURITY] [DLA 1943-1] jackson-databind security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00001.html"}, {"name": "DSA-4542", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2019/dsa-4542"}, {"name": "20191007 [SECURITY] [DSA 4542-1] jackson-databind security update", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "https://seclists.org/bugtraq/2019/Oct/6"}, {"name": "FEDORA-2019-b171554877", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TH5VFUN4P7CCIP7KSEXYA5MUTFCUDUJT/"}, {"name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"}, {"name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"}, {"name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"}, {"name": "FEDORA-2019-cf87377f5f", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q7CANA7KV53JROZDX5Z5P26UG5VN2K43/"}, {"name": "[iceberg-issues] 20191027 [GitHub] [incubator-iceberg] rdsr commented on issue #535: Update Jackson to 2.9.10 for CVE-2019-14379", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/6788e4c991f75b89d290ad06b463fcd30bcae99fee610345a35b7bc6%40%3Cissues.iceberg.apache.org%3E"}, {"name": "[iceberg-commits] 20191028 [incubator-iceberg] branch master updated: Update Jackson to 2.10.0 for CVE-2019-16943 (#583)", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/5ec8d8d485c2c8ac55ea425f4cd96596ef37312532712639712ebcdd%40%3Ccommits.iceberg.apache.org%3E"}, {"name": "[druid-commits] 20200115 [druid] branch 0.17.0 updated: Suppress CVE-2019-20330 for htrace-core-4.0.1 (#9189) (#9191)", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r392099ed2757ff2e383b10440594e914d080511d7da1c8fed0612c1f%40%3Ccommits.druid.apache.org%3E"}, {"name": "RHSA-2020:0164", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2020:0164"}, {"name": "RHSA-2020:0159", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2020:0159"}, {"name": "RHSA-2020:0160", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2020:0160"}, {"name": "RHSA-2020:0161", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2020:0161"}, {"name": "RHSA-2020:0445", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2020:0445"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/security-alerts/cpujul2020.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/security-alerts/cpujan2020.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/FasterXML/jackson-databind/issues/2478"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.netapp.com/advisory/ntap-20191017-0006/"}, {"name": "[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E"}, {"name": "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com//security-alerts/cpujul2021.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-16943", "datePublished": "2019-10-01T16:06:23.000Z", "dateReserved": "2019-09-29T00:00:00.000Z", "dateUpdated": "2024-08-05T01:24:48.524Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*", "matchCriteriaId": "7036DA13-110D-40B3-8494-E361BBF4AFCD", "versionEndExcluding": "2.6.7.3", "versionStartIncluding": "2.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*", "matchCriteriaId": "5F83B193-74CF-459A-8055-AE0F033D5BCB", "versionEndExcluding": "2.8.11.5", "versionStartIncluding": "2.7.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*", "matchCriteriaId": "18324CA7-89A0-4212-B603-E9C3DD998219", "versionEndExcluding": "2.9.10.1", "versionStartIncluding": "2.9.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.2:*:*:*:*:*:*:*", "matchCriteriaId": "0C3AA5CE-9ACB-4E96-A4C1-50A662D641FB", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "B4911A72-5FAE-47C5-A141-2E3CA8E1CCAB", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0", "vulnerable": false}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.2:*:*:*:*:*:*:*", "matchCriteriaId": "0C3AA5CE-9ACB-4E96-A4C1-50A662D641FB", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "B4911A72-5FAE-47C5-A141-2E3CA8E1CCAB", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "B0FEFCDD-A212-4525-B449-2C4A00A0D2E9", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oracle:banking_platform:2.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "C2BEE49E-A5AA-42D3-B422-460454505480", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:banking_platform:2.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "F4FF66F7-10C8-4A1C-910A-EF7D12A4284C", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:banking_platform:2.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "35AD0C07-9688-4397-8D45-FBB88C0F0C11", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:banking_platform:2.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "8972497F-6E24-45A9-9A18-EB0E842CB1D4", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:banking_platform:2.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "400509A8-D6F2-432C-A2F1-AD5B8778D0D9", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*", "matchCriteriaId": "132CE62A-FBFC-4001-81EC-35D81F73AF48", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:banking_platform:2.7.0:*:*:*:*:*:*:*", "matchCriteriaId": "282150FF-C945-4A3E-8A80-E8757A8907EA", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:banking_platform:2.7.1:*:*:*:*:*:*:*", "matchCriteriaId": "645AA3D1-C8B5-4CD2-8ACE-31541FA267F0", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:banking_platform:2.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "AB9FC9AB-1070-420F-870E-A5EC43A924A4", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:*:*:*:*:*:*:*", "matchCriteriaId": "790A89FD-6B86-49AE-9B4F-AE7262915E13", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "E39D442D-1997-49AF-8B02-5640BE2A26CC", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "559579F1-3975-45C5-9F62-2F0A5AF13E84", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "50882F8D-9740-4CC0-B2C6-CCE4F6D90C7C", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "ADE6EF8F-1F05-429B-A916-76FDB20CEB81", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "987811D5-DA5E-493D-8709-F9231A84E5F9", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:global_lifecycle_management_nextgen_oui_framework:12.2.1.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "08A37FE9-B626-48C3-8FE0-D4F1A559E0B8", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:global_lifecycle_management_nextgen_oui_framework:12.2.1.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "6495B29F-3DA2-4628-9CC0-39617871F3AD", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:global_lifecycle_management_nextgen_oui_framework:13.9.4.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "5A6FFB5C-EB44-499F-BE81-24ED2B1F201A", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:goldengate_application_adapters:19.1.0.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "E7BE0590-31BD-4FCD-B50E-A5F86196F99E", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:9.2:*:*:*:*:*:*:*", "matchCriteriaId": "989598A3-7012-4F57-B172-02404E20D16D", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*", "matchCriteriaId": "41684398-18A4-4DC6-B8A2-3EBAA0CBF9A6", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "3C209FAC-B7DE-42DC-AC9C-BD3ADA44D0B7", "versionEndIncluding": "17.12.6", "versionStartIncluding": "17.7", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "597495A7-FE17-4B31-804D-B28C2B872B4D", "versionEndIncluding": "18.8.8", "versionStartIncluding": "18.8.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:primavera_gateway:16.1:*:*:*:*:*:*:*", "matchCriteriaId": "DADAD14D-4836-4C74-A474-B8A044EED2EB", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:primavera_gateway:16.2:*:*:*:*:*:*:*", "matchCriteriaId": "0513B305-97EF-4609-A82E-D0CDFF9925BA", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:primavera_gateway:19.12.0:*:*:*:*:*:*:*", "matchCriteriaId": "B201A85E-1310-46B8-8A3B-FF7675F84E09", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_merchandising_system:15.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "E7C9BB48-50B2-4735-9E2F-E492C708C36D", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_merchandising_system:16.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "4A848888-0A4A-4B6D-8176-9A2685B37AC2", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_merchandising_system:16.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "F8383028-B719-41FD-9B6A-71F8EB4C5F8D", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*", "matchCriteriaId": "7DA6E92C-AC3B-40CF-96AE-22CD8769886F", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:siebel_engineering_-_installer_\\&_deployment:*:*:*:*:*:*:*:*", "matchCriteriaId": "A83C7FAE-9848-427E-88F8-BFA24134A84B", "versionEndIncluding": "2.20.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:trace_file_analyzer:12.2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "EDB52969-7705-47CF-BD55-5632C56A7FD1", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:trace_file_analyzer:18c:*:*:*:*:*:*:*", "matchCriteriaId": "67107890-A521-47E7-BC10-00635C85BEC4", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:trace_file_analyzer:19c:*:*:*:*:*:*:*", "matchCriteriaId": "9B3C1811-E651-4975-A1AE-BCE3377D51A0", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "D6A4F71A-4269-40FC-8F61-1D1301F2B728", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "5A502118-5B2B-47AE-82EC-1999BD841103", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:webcenter_sites:12.2.1.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "D551CAB1-4312-44AA-BDA8-A030817E153A", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:webcenter_sites:12.2.1.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "174A6D2E-E42E-4C92-A194-C6A820CD7EF4", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "F14A818F-AA16-4438-A3E4-E64C9287AC66", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:linux:*:*", "matchCriteriaId": "9FBC1BD0-FF12-4691-8751-5F245D991989", "versionStartIncluding": "7.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*", "matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62", "versionStartIncluding": "7.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB", "versionStartIncluding": "9.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:oncommand_api_services:-:*:*:*:*:*:*:*", "matchCriteriaId": "5EC98B22-FFAA-4B59-8E63-EBAA4336AD13", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:service_level_manager:-:*:*:*:*:*:*:*", "matchCriteriaId": "7081652A-D28B-494E-94EF-CA88117F23EE", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling."}, {"lang": "es", "value": "Se descubri\u00f3 un problema de escritura polim\u00f3rfica en FasterXML jackson-databind versiones 2.0.0 hasta 2.9.10. Cuando la Escritura Predeterminada est\u00e1 habilitada (globalmente o para una propiedad espec\u00edfica) para un end point JSON expuesto externamente y el servicio posee el jar p6spy (versi\u00f3n 3.8.6) en el classpath, y un atacante puede encontrar un end point del servicio RMI para acceder, es posible lograr que el servicio ejecute una carga maliciosa. Este problema se presenta debido al manejo inapropiado de com.p6spy.engine.spy.P6DataSource."}], "id": "CVE-2019-16943", "lastModified": "2024-11-21T04:31:23.737", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-10-01T17:15:10.400", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2020:0159"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2020:0160"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2020:0161"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2020:0164"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2020:0445"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/FasterXML/jackson-databind/issues/2478"}, {"source": "cve@mitre.org", "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"}, {"source": "cve@mitre.org", "url": "https://lists.apache.org/thread.html/5ec8d8d485c2c8ac55ea425f4cd96596ef37312532712639712ebcdd%40%3Ccommits.iceberg.apache.org%3E"}, {"source": "cve@mitre.org", "url": "https://lists.apache.org/thread.html/6788e4c991f75b89d290ad06b463fcd30bcae99fee610345a35b7bc6%40%3Cissues.iceberg.apache.org%3E"}, {"source": "cve@mitre.org", "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"}, {"source": "cve@mitre.org", "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"}, {"source": "cve@mitre.org", "url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E"}, {"source": "cve@mitre.org", "url": "https://lists.apache.org/thread.html/r392099ed2757ff2e383b10440594e914d080511d7da1c8fed0612c1f%40%3Ccommits.druid.apache.org%3E"}, {"source": "cve@mitre.org", "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00001.html"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q7CANA7KV53JROZDX5Z5P26UG5VN2K43/"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TH5VFUN4P7CCIP7KSEXYA5MUTFCUDUJT/"}, {"source": "cve@mitre.org", "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Mailing List", "Third Party Advisory"], "url": "https://seclists.org/bugtraq/2019/Oct/6"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20191017-0006/"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://www.debian.org/security/2019/dsa-4542"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com//security-alerts/cpujul2021.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpujan2020.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpujul2020.html"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2020:0159"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2020:0160"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2020:0161"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2020:0164"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2020:0445"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/FasterXML/jackson-databind/issues/2478"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/5ec8d8d485c2c8ac55ea425f4cd96596ef37312532712639712ebcdd%40%3Ccommits.iceberg.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/6788e4c991f75b89d290ad06b463fcd30bcae99fee610345a35b7bc6%40%3Cissues.iceberg.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/r392099ed2757ff2e383b10440594e914d080511d7da1c8fed0612c1f%40%3Ccommits.druid.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00001.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q7CANA7KV53JROZDX5Z5P26UG5VN2K43/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TH5VFUN4P7CCIP7KSEXYA5MUTFCUDUJT/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Mailing List", "Third Party Advisory"], "url": "https://seclists.org/bugtraq/2019/Oct/6"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20191017-0006/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://www.debian.org/security/2019/dsa-4542"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com//security-alerts/cpujul2021.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpujan2020.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpujul2020.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-502"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2020:2333", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_cd:19", "package": "jackson-databind", "product_name": "EAP-CD 19 Tech Preview", "release_date": "2020-05-28T00:00:00Z"}, {"advisory": "RHSA-2020:0939", "cpe": "cpe:/a:redhat:amq_streams:1", "package": "jackson-databind", "product_name": "Red Hat AMQ Streams 1", "release_date": "2020-03-23T00:00:00Z"}, {"advisory": "RHSA-2020:2321", "cpe": "cpe:/a:redhat:jboss_data_grid:7.3", "package": "jackson-databind", "product_name": "Red Hat Data Grid 7.3.6", "release_date": "2020-05-26T00:00:00Z"}, {"advisory": "RHSA-2020:0899", "cpe": "cpe:/a:redhat:jboss_enterprise_brms_platform:7.7", "package": "jackson-databind", "product_name": "Red Hat Decision Manager 7", "release_date": "2020-03-18T00:00:00Z"}, {"advisory": "RHSA-2020:1644", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "pki-core:10.6-8020020200326162741.c7c3114f", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-04-28T00:00:00Z"}, {"advisory": "RHSA-2020:1644", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "pki-deps:10.6-8020020191204213056.6a468ee4", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-04-28T00:00:00Z"}, {"advisory": "RHSA-2020:3192", "cpe": "cpe:/a:redhat:jboss_fuse:7", "package": "jackson-databind", "product_name": "Red Hat Fuse 7.7.0", "release_date": "2020-07-28T00:00:00Z"}, {"advisory": "RHSA-2020:0164", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2", "package": "jackson-databind", "product_name": "Red Hat JBoss EAP 7.2", "release_date": "2020-01-21T00:00:00Z"}, {"advisory": "RHSA-2020:0159", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package": "eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date": "2020-01-21T00:00:00Z"}, {"advisory": "RHSA-2020:0159", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package": "eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date": "2020-01-21T00:00:00Z"}, {"advisory": "RHSA-2020:0159", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package": "eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date": "2020-01-21T00:00:00Z"}, {"advisory": "RHSA-2020:0159", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package": "eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date": "2020-01-21T00:00:00Z"}, {"advisory": "RHSA-2020:0159", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package": "eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date": "2020-01-21T00:00:00Z"}, {"advisory": "RHSA-2020:0159", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package": "eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date": "2020-01-21T00:00:00Z"}, {"advisory": "RHSA-2020:0159", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package": "eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date": "2020-01-21T00:00:00Z"}, {"advisory": "RHSA-2020:0159", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package": "eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date": "2020-01-21T00:00:00Z"}, {"advisory": "RHSA-2020:0159", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package": "eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date": "2020-01-21T00:00:00Z"}, {"advisory": "RHSA-2020:0159", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package": "eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date": "2020-01-21T00:00:00Z"}, {"advisory": "RHSA-2020:0159", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package": "eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date": "2020-01-21T00:00:00Z"}, {"advisory": "RHSA-2020:0159", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package": "eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date": "2020-01-21T00:00:00Z"}, {"advisory": "RHSA-2020:0159", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package": "eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date": "2020-01-21T00:00:00Z"}, {"advisory": "RHSA-2020:0159", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package": "eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date": "2020-01-21T00:00:00Z"}, {"advisory": "RHSA-2020:0159", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package": "eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date": "2020-01-21T00:00:00Z"}, {"advisory": "RHSA-2020:0159", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date": "2020-01-21T00:00:00Z"}, {"advisory": "RHSA-2020:0159", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package": "eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date": "2020-01-21T00:00:00Z"}, {"advisory": "RHSA-2020:0159", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package": "eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date": "2020-01-21T00:00:00Z"}, {"advisory": "RHSA-2020:0159", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package": "eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date": "2020-01-21T00:00:00Z"}, {"advisory": "RHSA-2020:0159", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package": "eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date": "2020-01-21T00:00:00Z"}, {"advisory": "RHSA-2020:0159", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package": "eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date": "2020-01-21T00:00:00Z"}, {"advisory": "RHSA-2020:0159", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package": "eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date": "2020-01-21T00:00:00Z"}, {"advisory": "RHSA-2020:0159", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package": "eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date": "2020-01-21T00:00:00Z"}, {"advisory": "RHSA-2020:0159", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package": "eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date": "2020-01-21T00:00:00Z"}, {"advisory": "RHSA-2020:0159", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package": "eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date": "2020-01-21T00:00:00Z"}, {"advisory": "RHSA-2020:0159", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package": "eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date": "2020-01-21T00:00:00Z"}, {"advisory": "RHSA-2020:0160", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package": "eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date": "2020-01-21T00:00:00Z"}, {"advisory": "RHSA-2020:0160", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package": "eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date": "2020-01-21T00:00:00Z"}, {"advisory": "RHSA-2020:0160", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package": "eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date": "2020-01-21T00:00:00Z"}, {"advisory": "RHSA-2020:0160", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package": "eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date": "2020-01-21T00:00:00Z"}, {"advisory": "RHSA-2020:0160", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package": "eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date": "2020-01-21T00:00:00Z"}, {"advisory": "RHSA-2020:0160", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package": "eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date": "2020-01-21T00:00:00Z"}, {"advisory": "RHSA-2020:0160", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package": "eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date": "2020-01-21T00:00:00Z"}, {"advisory": "RHSA-2020:0160", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package": "eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date": "2020-01-21T00:00:00Z"}, {"advisory": "RHSA-2020:0160", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package": "eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date": "2020-01-21T00:00:00Z"}, {"advisory": "RHSA-2020:0160", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package": "eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date": "2020-01-21T00:00:00Z"}, {"advisory": "RHSA-2020:0160", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package": "eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date": "2020-01-21T00:00:00Z"}, {"advisory": "RHSA-2020:0160", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package": "eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date": "2020-01-21T00:00:00Z"}, {"advisory": "RHSA-2020:0160", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package": "eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date": "2020-01-21T00:00:00Z"}, {"advisory": "RHSA-2020:0160", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package": "eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date": "2020-01-21T00:00:00Z"}, {"advisory": "RHSA-2020:0160", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package": "eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date": "2020-01-21T00:00:00Z"}, {"advisory": "RHSA-2020:0160", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date": "2020-01-21T00:00:00Z"}, {"advisory": "RHSA-2020:0160", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package": "eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date": "2020-01-21T00:00:00Z"}, {"advisory": "RHSA-2020:0160", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package": "eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date": "2020-01-21T00:00:00Z"}, {"advisory": "RHSA-2020:0160", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package": "eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date": "2020-01-21T00:00:00Z"}, {"advisory": "RHSA-2020:0160", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package": "eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date": "2020-01-21T00:00:00Z"}, {"advisory": "RHSA-2020:0160", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package": "eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date": "2020-01-21T00:00:00Z"}, {"advisory": "RHSA-2020:0160", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package": "eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date": "2020-01-21T00:00:00Z"}, {"advisory": "RHSA-2020:0160", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package": "eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date": "2020-01-21T00:00:00Z"}, {"advisory": "RHSA-2020:0160", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package": "eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date": "2020-01-21T00:00:00Z"}, {"advisory": "RHSA-2020:0160", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package": "eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date": "2020-01-21T00:00:00Z"}, {"advisory": "RHSA-2020:0160", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package": "eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date": "2020-01-21T00:00:00Z"}, {"advisory": "RHSA-2020:0161", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package": "eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date": "2020-01-21T00:00:00Z"}, {"advisory": "RHSA-2020:0161", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package": "eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date": "2020-01-21T00:00:00Z"}, {"advisory": "RHSA-2020:0161", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package": "eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date": "2020-01-21T00:00:00Z"}, {"advisory": "RHSA-2020:0161", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package": "eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date": "2020-01-21T00:00:00Z"}, {"advisory": "RHSA-2020:0161", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package": "eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date": "2020-01-21T00:00:00Z"}, {"advisory": "RHSA-2020:0161", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package": "eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date": "2020-01-21T00:00:00Z"}, {"advisory": "RHSA-2020:0161", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package": "eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date": "2020-01-21T00:00:00Z"}, {"advisory": "RHSA-2020:0161", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package": "eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date": "2020-01-21T00:00:00Z"}, {"advisory": "RHSA-2020:0161", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package": "eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date": "2020-01-21T00:00:00Z"}, {"advisory": "RHSA-2020:0161", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package": "eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date": "2020-01-21T00:00:00Z"}, {"advisory": "RHSA-2020:0161", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package": "eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date": "2020-01-21T00:00:00Z"}, {"advisory": "RHSA-2020:0161", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package": "eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date": "2020-01-21T00:00:00Z"}, {"advisory": "RHSA-2020:0161", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package": "eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date": "2020-01-21T00:00:00Z"}, {"advisory": "RHSA-2020:0161", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package": "eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date": "2020-01-21T00:00:00Z"}, {"advisory": "RHSA-2020:0161", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package": "eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date": "2020-01-21T00:00:00Z"}, {"advisory": "RHSA-2020:0161", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date": "2020-01-21T00:00:00Z"}, {"advisory": "RHSA-2020:0161", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package": "eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date": "2020-01-21T00:00:00Z"}, {"advisory": "RHSA-2020:0161", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package": "eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date": "2020-01-21T00:00:00Z"}, {"advisory": "RHSA-2020:0161", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package": "eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date": "2020-01-21T00:00:00Z"}, {"advisory": "RHSA-2020:0161", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package": "eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date": "2020-01-21T00:00:00Z"}, {"advisory": "RHSA-2020:0161", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package": "eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date": "2020-01-21T00:00:00Z"}, {"advisory": "RHSA-2020:0161", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package": "eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date": "2020-01-21T00:00:00Z"}, {"advisory": "RHSA-2020:0161", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package": "eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date": "2020-01-21T00:00:00Z"}, {"advisory": "RHSA-2020:0161", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package": "eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date": "2020-01-21T00:00:00Z"}, {"advisory": "RHSA-2020:0161", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package": "eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date": "2020-01-21T00:00:00Z"}, {"advisory": "RHSA-2020:0161", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package": "eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date": "2020-01-21T00:00:00Z"}, {"advisory": "RHSA-2019:3901", "cpe": "cpe:/a:redhat:openshift_application_runtimes:1.0", "product_name": "Red Hat Openshift Application Runtimes Vert.x 3.8.3", "release_date": "2019-11-18T00:00:00Z"}, {"advisory": "RHSA-2020:0895", "cpe": "cpe:/a:redhat:jboss_enterprise_bpms_platform:7.7", "package": "jackson-databind", "product_name": "Red Hat Process Automation 7", "release_date": "2020-03-18T00:00:00Z"}, {"advisory": "RHSA-2020:0445", "cpe": "cpe:/a:redhat:jboss_single_sign_on:7.3", "package": "jackson-databind", "product_name": "Red Hat Single Sign-On 7.3", "release_date": "2020-02-06T00:00:00Z"}, {"advisory": "RHSA-2020:2067", "cpe": "cpe:/a:redhat:openshift_application_runtimes:1.0", "product_name": "Text-Only RHOAR", "release_date": "2020-05-18T00:00:00Z"}], "bugzilla": {"description": "jackson-databind: Serialization gadgets in com.p6spy.engine.spy.P6DataSource", "id": "1758191", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758191"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified"}, "cwe": "CWE-502->CWE-200", "details": ["A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling."], "mitigation": {"lang": "en:us", "value": "The following conditions are needed for an exploit, we recommend avoiding all if possible\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`"}, "name": "CVE-2019-16943", "package_state": [{"cpe": "cpe:/a:redhat:jboss_enterprise_bpms_platform", "fix_state": "Out of support scope", "package_name": "jackson-databind", "product_name": "Red Hat BPM Suite 6"}, {"cpe": "cpe:/a:redhat:jboss_amq:6", "fix_state": "Out of support scope", "package_name": "jackson-databind", "product_name": "Red Hat JBoss A-MQ 6"}, {"cpe": "cpe:/a:redhat:jboss_data_virtualization:6", "fix_state": "Out of support scope", "package_name": "jackson-databind", "product_name": "Red Hat JBoss Data Virtualization 6"}, {"cpe": "cpe:/a:redhat:jboss_fuse:6", "fix_state": "Out of support scope", "package_name": "jackson-databind", "product_name": "Red Hat JBoss Fuse 6"}, {"cpe": "cpe:/a:redhat:mobile_application_platform:4", "fix_state": "Out of support scope", "package_name": "jackson-databind", "product_name": "Red Hat Mobile Application Platform 4"}, {"cpe": "cpe:/a:redhat:openshift_application_runtimes:1.0", "fix_state": "Affected", "package_name": "jackson-databind", "product_name": "Red Hat OpenShift Application Runtimes"}, {"cpe": "cpe:/a:redhat:openshift:3.10", "fix_state": "Will not fix", "package_name": "elasticsearch-cloud-kubernetes", "product_name": "Red Hat OpenShift Container Platform 3.10"}, {"cpe": "cpe:/a:redhat:openshift:3.10", "fix_state": "Will not fix", "package_name": "openshift-elasticsearch-plugin", "product_name": "Red Hat OpenShift Container Platform 3.10"}, {"cpe": "cpe:/a:redhat:openshift:3.11", "fix_state": "Will not fix", "package_name": "openshift3/ose-logging-elasticsearch5", "product_name": "Red Hat OpenShift Container Platform 3.11"}, {"cpe": "cpe:/a:redhat:openshift:3.9", "fix_state": "Will not fix", "package_name": "elasticsearch-cloud-kubernetes", "product_name": "Red Hat OpenShift Container Platform 3.9"}, {"cpe": "cpe:/a:redhat:openshift:3.9", "fix_state": "Will not fix", "package_name": "openshift-elasticsearch-plugin", "product_name": "Red Hat OpenShift Container Platform 3.9"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-logging-elasticsearch5", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openstack:10", "fix_state": "Out of support scope", "impact": "low", "package_name": "opendaylight", "product_name": "Red Hat OpenStack Platform 10 (Newton)"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Will not fix", "impact": "low", "package_name": "opendaylight", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}, {"cpe": "cpe:/a:redhat:openstack:14", "fix_state": "Will not fix", "impact": "low", "package_name": "opendaylight", "product_name": "Red Hat OpenStack Platform 14 (Rocky)"}, {"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Not affected", "package_name": "candlepin", "product_name": "Red Hat Satellite 6"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:3", "fix_state": "Will not fix", "package_name": "rh-maven35-jackson-databind", "product_name": "Red Hat Software Collections"}], "public_date": "2019-09-27T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2019-16943\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-16943"], "statement": "Satellite 6 does not enable polymorphic unmarshmalling, which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.\nRed Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.", "threat_severity": "Moderate"}

{}