CVE-2020-25649 - Vulnerability Details

CVE-2020-25649 - jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (XXE)

A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.00011.

Key SSVC decision points have not yet been added.

Vendors	Products
Apache	Iotdb
Fasterxml	Jackson-databind
Fedoraproject	Fedora
Netapp	Oncommand Api Services Oncommand Workflow Automation Service Level Manager
Oracle	Agile Plm Agile Product Lifecycle Management Integration Pack Banking Apis Banking Platform Banking Treasury Management Blockchain Platform Coherence Commerce Platform Communications Billing And Revenue Management Communications Cloud Native Core Unified Data Repository Communications Convergent Charging Controller Communications Evolved Communications Application Server Communications Instant Messaging Server Communications Interactive Session Recorder Communications Messaging Server Communications Network Charging And Control Communications Offline Mediation Controller Communications Pricing Design Center Communications Services Gatekeeper Communications Unified Inventory Management Goldengate Application Adapters Health Sciences Empirica Signal Insurance Policy Administration Insurance Rules Palette Jd Edwards Enterpriseone Orchestrator Jd Edwards Enterpriseone Tools Primavera Gateway Retail Service Backbone Retail Xstore Point Of Service Sd-wan Edge Utilities Framework Webcenter Portal
Quarkus	Quarkus
Redhat	Amq Streams Integration Jboss Data Grid Jboss Enterprise Application Platform Jboss Enterprise Bpms Platform Jboss Enterprise Brms Platform Openshift Openshift Application Runtimes Red Hat Single Sign On Rhel Software Collections Rhev Manager

Configuration 1 [-]

OR	cpe:2.3:a:fasterxml:jackson-databind::::::::
	cpe:2.3:a:fasterxml:jackson-databind::::::::
	cpe:2.3:a:fasterxml:jackson-databind::::::::

Configuration 2 [-]

OR	cpe:2.3:a:netapp:oncommand_api_services:-:::::::*
	cpe:2.3:a:netapp:oncommand_workflow_automation:-:::::::*
	cpe:2.3:a:netapp:service_level_manager:-:::::::*

Configuration 3 [-]

cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*

Configuration 4 [-]

cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*

Configuration 5 [-]

cpe:2.3:a:apache:iotdb:*:*:*:*:*:*:*:*

Configuration 6 [-]

OR	cpe:2.3:a:oracle:agile_plm:9.3.6:::::::*
	cpe:2.3:a:oracle:agile_product_lifecycle_management_integration_pack:3.6:::::e-business_suite::
	cpe:2.3:a:oracle:banking_apis::::::::
	cpe:2.3:a:oracle:banking_apis:19.1:::::::*
	cpe:2.3:a:oracle:banking_apis:19.2:::::::*
	cpe:2.3:a:oracle:banking_apis:20.1:::::::*
	cpe:2.3:a:oracle:banking_apis:21.1:::::::*
	cpe:2.3:a:oracle:banking_platform:2.6.2:::::::*
	cpe:2.3:a:oracle:banking_platform:2.7.0:::::::*
	cpe:2.3:a:oracle:banking_platform:2.7.1:::::::*
	cpe:2.3:a:oracle:banking_platform:2.8.0:::::::*
	cpe:2.3:a:oracle:banking_platform:2.9.0:::::::*
	cpe:2.3:a:oracle:banking_platform:2.10.0:::::::*
	cpe:2.3:a:oracle:banking_treasury_management:4.4:::::::*
	cpe:2.3:a:oracle:blockchain_platform::::::::
	cpe:2.3:a:oracle:coherence:12.2.1.4.0:::::::*
	cpe:2.3:a:oracle:coherence:14.1.1.0.0:::::::*
	cpe:2.3:a:oracle:commerce_platform::::::::
	cpe:2.3:a:oracle:commerce_platform:11.2.0:::::::*
	cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:::::::*
	cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:::::::*
	cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.4.0:::::::*
	cpe:2.3:a:oracle:communications_convergent_charging_controller:12.0.4.0.0:::::::*
	cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:::::::*
	cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.5.0:::::::*
	cpe:2.3:a:oracle:communications_interactive_session_recorder:6.3:::::::*
	cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:::::::*
	cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.4.0.0:::::::*
	cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.3:::::::*
	cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.4.0:::::::*
	cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:::::::*
	cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:::::::*
	cpe:2.3:a:oracle:goldengate_application_adapters:19.1.0.0.0:::::::*
	cpe:2.3:a:oracle:health_sciences_empirica_signal:9.0:::::::*
	cpe:2.3:a:oracle:health_sciences_empirica_signal:9.1:::::::*
	cpe:2.3:a:oracle:insurance_policy_administration::::::::
	cpe:2.3:a:oracle:insurance_policy_administration:11.0.2:::::::*
	cpe:2.3:a:oracle:insurance_rules_palette::::::::
	cpe:2.3:a:oracle:insurance_rules_palette:11.0.2:::::::*
	cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator::::::::
	cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools::::::::
	cpe:2.3:a:oracle:primavera_gateway::::::::
	cpe:2.3:a:oracle:primavera_gateway::::::::
	cpe:2.3:a:oracle:primavera_gateway::::::::
	cpe:2.3:a:oracle:primavera_gateway::::::::
	cpe:2.3:a:oracle:primavera_gateway:20.12.0:::::::*
	cpe:2.3:a:oracle:retail_service_backbone:14.1.3.2:::::::*
	cpe:2.3:a:oracle:retail_service_backbone:15.0.3.1:::::::*
	cpe:2.3:a:oracle:retail_service_backbone:16.0.3:::::::*
	cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.6:::::::*
	cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.4:::::::*
	cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.3:::::::*
	cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.2:::::::*
	cpe:2.3:a:oracle:retail_xstore_point_of_service:20.0.1:::::::*
	cpe:2.3:a:oracle:sd-wan_edge:9.0:::::::*
	cpe:2.3:a:oracle:utilities_framework:4.3.0.5.0:::::::*
	cpe:2.3:a:oracle:utilities_framework:4.3.0.6.0:::::::*
	cpe:2.3:a:oracle:utilities_framework:4.4.0.0.0:::::::*
	cpe:2.3:a:oracle:utilities_framework:4.4.0.2.0:::::::*
	cpe:2.3:a:oracle:utilities_framework:4.4.0.3.0:::::::*
	cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:::::::*
	cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:::::::*
	cpe:2.3:o:oracle:communications_messaging_server:8.0.2:::::::*
	cpe:2.3:o:oracle:communications_messaging_server:8.1:::::::*

Package	CPE	Advisory	Released Date
Red Hat AMQ Streams 1.7.0
jackson-databind	cpe:/a:redhat:amq_streams:1	RHSA-2021:1260	2021-04-19T00:00:00Z
Red Hat Data Grid 7.3.8
jackson-databind	cpe:/a:redhat:jboss_data_grid:7.3	RHSA-2020:5410	2020-12-14T00:00:00Z
Red Hat Integration
jackson-databind	cpe:/a:redhat:integration:1	RHSA-2021:2039	2021-05-19T00:00:00Z
Red Hat Integration - Camel K - Tech-Preview 3
jackson-databind	cpe:/a:redhat:integration:1	RHSA-2021:0811	2021-03-11T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7
jackson-databind	cpe:/a:redhat:jboss_enterprise_application_platform:7.3	RHSA-2020:4402	2020-10-28T00:00:00Z
jackson-databind	cpe:/a:redhat:jboss_enterprise_application_platform:7.3	RHSA-2020:5344	2020-12-03T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6
eap7-jackson-databind-0:2.10.4-1.redhat_00002.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6	RHSA-2020:4401	2020-10-28T00:00:00Z
eap7-activemq-artemis-0:2.9.0-6.redhat_00016.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6	RHSA-2020:5340	2020-12-03T00:00:00Z
eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6	RHSA-2020:5340	2020-12-03T00:00:00Z
eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6	RHSA-2020:5340	2020-12-03T00:00:00Z
eap7-hal-console-0:3.2.11-1.Final_redhat_00001.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6	RHSA-2020:5340	2020-12-03T00:00:00Z
eap7-hibernate-validator-0:6.0.21-1.Final_redhat_00001.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6	RHSA-2020:5340	2020-12-03T00:00:00Z
eap7-jackson-annotations-0:2.10.4-1.redhat_00002.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6	RHSA-2020:5340	2020-12-03T00:00:00Z
eap7-jackson-core-0:2.10.4-1.redhat_00002.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6	RHSA-2020:5340	2020-12-03T00:00:00Z
eap7-jackson-coreutils-0:1.6.0-1.redhat_00006.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6	RHSA-2020:5340	2020-12-03T00:00:00Z
eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00002.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6	RHSA-2020:5340	2020-12-03T00:00:00Z
eap7-jackson-modules-base-0:2.10.4-3.redhat_00002.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6	RHSA-2020:5340	2020-12-03T00:00:00Z
eap7-jackson-modules-java8-0:2.10.4-1.redhat_00002.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6	RHSA-2020:5340	2020-12-03T00:00:00Z
eap7-jasypt-0:1.9.3-1.redhat_00002.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6	RHSA-2020:5340	2020-12-03T00:00:00Z
eap7-jboss-marshalling-0:2.0.10-1.Final_redhat_00001.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6	RHSA-2020:5340	2020-12-03T00:00:00Z
eap7-jboss-remoting-0:5.0.19-1.Final_redhat_00001.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6	RHSA-2020:5340	2020-12-03T00:00:00Z
eap7-jboss-server-migration-0:1.7.2-3.Final_redhat_00004.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6	RHSA-2020:5340	2020-12-03T00:00:00Z
eap7-jboss-xnio-base-0:3.7.11-1.Final_redhat_00001.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6	RHSA-2020:5340	2020-12-03T00:00:00Z
eap7-undertow-0:2.0.32-1.SP1_redhat_00001.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6	RHSA-2020:5340	2020-12-03T00:00:00Z
eap7-wildfly-0:7.3.4-3.GA_redhat_00003.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6	RHSA-2020:5340	2020-12-03T00:00:00Z
eap7-wildfly-elytron-0:1.10.9-1.Final_redhat_00001.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6	RHSA-2020:5340	2020-12-03T00:00:00Z
eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6	RHSA-2020:5340	2020-12-03T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7
eap7-jackson-databind-0:2.10.4-1.redhat_00002.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7	RHSA-2020:4401	2020-10-28T00:00:00Z
eap7-activemq-artemis-0:2.9.0-6.redhat_00016.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7	RHSA-2020:5341	2020-12-03T00:00:00Z
eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7	RHSA-2020:5341	2020-12-03T00:00:00Z
eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7	RHSA-2020:5341	2020-12-03T00:00:00Z
eap7-hal-console-0:3.2.11-1.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7	RHSA-2020:5341	2020-12-03T00:00:00Z
eap7-hibernate-validator-0:6.0.21-1.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7	RHSA-2020:5341	2020-12-03T00:00:00Z
eap7-jackson-annotations-0:2.10.4-1.redhat_00002.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7	RHSA-2020:5341	2020-12-03T00:00:00Z
eap7-jackson-core-0:2.10.4-1.redhat_00002.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7	RHSA-2020:5341	2020-12-03T00:00:00Z
eap7-jackson-coreutils-0:1.6.0-1.redhat_00006.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7	RHSA-2020:5341	2020-12-03T00:00:00Z
eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00002.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7	RHSA-2020:5341	2020-12-03T00:00:00Z
eap7-jackson-modules-base-0:2.10.4-3.redhat_00002.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7	RHSA-2020:5341	2020-12-03T00:00:00Z
eap7-jackson-modules-java8-0:2.10.4-1.redhat_00002.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7	RHSA-2020:5341	2020-12-03T00:00:00Z
eap7-jasypt-0:1.9.3-1.redhat_00002.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7	RHSA-2020:5341	2020-12-03T00:00:00Z
eap7-jboss-marshalling-0:2.0.10-1.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7	RHSA-2020:5341	2020-12-03T00:00:00Z
eap7-jboss-remoting-0:5.0.19-1.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7	RHSA-2020:5341	2020-12-03T00:00:00Z
eap7-jboss-server-migration-0:1.7.2-3.Final_redhat_00004.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7	RHSA-2020:5341	2020-12-03T00:00:00Z
eap7-jboss-xnio-base-0:3.7.11-1.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7	RHSA-2020:5341	2020-12-03T00:00:00Z
eap7-undertow-0:2.0.32-1.SP1_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7	RHSA-2020:5341	2020-12-03T00:00:00Z
eap7-wildfly-0:7.3.4-3.GA_redhat_00003.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7	RHSA-2020:5341	2020-12-03T00:00:00Z
eap7-wildfly-elytron-0:1.10.9-1.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7	RHSA-2020:5341	2020-12-03T00:00:00Z
eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7	RHSA-2020:5341	2020-12-03T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8
eap7-jackson-databind-0:2.10.4-1.redhat_00002.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8	RHSA-2020:4401	2020-10-28T00:00:00Z
eap7-activemq-artemis-0:2.9.0-6.redhat_00016.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8	RHSA-2020:5342	2020-12-03T00:00:00Z
eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8	RHSA-2020:5342	2020-12-03T00:00:00Z
eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8	RHSA-2020:5342	2020-12-03T00:00:00Z
eap7-hal-console-0:3.2.11-1.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8	RHSA-2020:5342	2020-12-03T00:00:00Z
eap7-hibernate-validator-0:6.0.21-1.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8	RHSA-2020:5342	2020-12-03T00:00:00Z
eap7-jackson-annotations-0:2.10.4-1.redhat_00002.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8	RHSA-2020:5342	2020-12-03T00:00:00Z
eap7-jackson-core-0:2.10.4-1.redhat_00002.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8	RHSA-2020:5342	2020-12-03T00:00:00Z
eap7-jackson-coreutils-0:1.6.0-1.redhat_00006.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8	RHSA-2020:5342	2020-12-03T00:00:00Z
eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00002.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8	RHSA-2020:5342	2020-12-03T00:00:00Z
eap7-jackson-modules-base-0:2.10.4-3.redhat_00002.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8	RHSA-2020:5342	2020-12-03T00:00:00Z
eap7-jackson-modules-java8-0:2.10.4-1.redhat_00002.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8	RHSA-2020:5342	2020-12-03T00:00:00Z
eap7-jasypt-0:1.9.3-1.redhat_00002.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8	RHSA-2020:5342	2020-12-03T00:00:00Z
eap7-jboss-marshalling-0:2.0.10-1.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8	RHSA-2020:5342	2020-12-03T00:00:00Z
eap7-jboss-remoting-0:5.0.19-1.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8	RHSA-2020:5342	2020-12-03T00:00:00Z
eap7-jboss-server-migration-0:1.7.2-3.Final_redhat_00004.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8	RHSA-2020:5342	2020-12-03T00:00:00Z
eap7-jboss-xnio-base-0:3.7.11-1.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8	RHSA-2020:5342	2020-12-03T00:00:00Z
eap7-undertow-0:2.0.32-1.SP1_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8	RHSA-2020:5342	2020-12-03T00:00:00Z
eap7-wildfly-0:7.3.4-3.GA_redhat_00003.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8	RHSA-2020:5342	2020-12-03T00:00:00Z
eap7-wildfly-elytron-0:1.10.9-1.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8	RHSA-2020:5342	2020-12-03T00:00:00Z
eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8	RHSA-2020:5342	2020-12-03T00:00:00Z
Red Hat OpenShift Container Platform 4.6
openshift4/ose-logging-elasticsearch6:v4.6.0-202104221811.p0	cpe:/a:redhat:openshift:4.6::el8	RHSA-2021:1429	2021-05-05T00:00:00Z
Red Hat Software Collections for Red Hat Enterprise Linux 7
rh-maven35-jackson-databind-0:2.7.6-2.12.el7	cpe:/a:redhat:rhel_software_collections:3::el7	RHSA-2020:4312	2020-10-22T00:00:00Z
Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS
rh-maven35-jackson-databind-0:2.7.6-2.12.el7	cpe:/a:redhat:rhel_software_collections:3::el7	RHSA-2020:4312	2020-10-22T00:00:00Z
Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS
rh-maven35-jackson-databind-0:2.7.6-2.12.el7	cpe:/a:redhat:rhel_software_collections:3::el7	RHSA-2020:4312	2020-10-22T00:00:00Z
Red Hat Virtualization Engine 4.4
org.ovirt.engine-root-0:4.4.4.5-10	cpe:/a:redhat:rhev_manager:4.4:el8	RHSA-2021:0381	2021-02-02T00:00:00Z
ovirt-engine-dwh-0:4.4.4.2-1.el8ev	cpe:/a:redhat:rhev_manager:4.4:el8	RHSA-2021:0381	2021-02-02T00:00:00Z
ovirt-web-ui-0:1.6.6-1.el8ev	cpe:/a:redhat:rhev_manager:4.4:el8	RHSA-2021:0381	2021-02-02T00:00:00Z
rhv-log-collector-analyzer-0:1.0.6-1.el8ev	cpe:/a:redhat:rhev_manager:4.4:el8	RHSA-2021:0381	2021-02-02T00:00:00Z
vdsm-jsonrpc-java-0:1.6.0-1.el8ev	cpe:/a:redhat:rhev_manager:4.4:el8	RHSA-2021:0381	2021-02-02T00:00:00Z
RHDM 7.11.0
jackson-databind	cpe:/a:redhat:jboss_enterprise_brms_platform:7.11	RHSA-2021:2476	2021-06-17T00:00:00Z
RHPAM 7.11.0
jackson-databind	cpe:/a:redhat:jboss_enterprise_bpms_platform:7.11	RHSA-2021:2475	2021-06-17T00:00:00Z
Text-Only RHOAR
	cpe:/a:redhat:openshift_application_runtimes:1.0	RHSA-2020:5361	2020-12-16T00:00:00Z
Text-Only RHSSO
jackson-databind	cpe:/a:redhat:red_hat_single_sign_on	RHSA-2020:5533	2020-12-15T00:00:00Z
Vert.x 3.9.4
jackson-databind	cpe:/a:redhat:openshift_application_runtimes:1.0	RHSA-2020:4379	2020-11-09T00:00:00Z

No data.

Advisories

Source	ID	Title
Debian DLA	DLA-2406-1	jackson-databind security update
Debian DLA	DLA-2638-1	jackson-databind security update
EUVD	EUVD-2021-0525	A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.
Github GHSA	GHSA-288c-cq4h-88gq	XML External Entity (XXE) Injection in Jackson Databind

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://bugzilla.redhat.com/show_bug.cgi?id=1887664
https://github.com/FasterXML/jackson-databind/issues/2589
https://lists.apache.org/thread.html/r011d1430e8f40dff9550c3bc5d0f48b14c01ba8aecabd91d5e495386%40%3Ccommits.turbine.apache.org%3E
https://lists.apache.org/thread.html/r024b7bda9c43c5560d81238748775c5ecfe01b57280f90df1f773949%40%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/r04529cedaca40c2ff90af4880493f9c88a8ebf4d1d6c861d23108a5a%40%3Cnotifications.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r0881e23bd9034c8f51fdccdc8f4d085ba985dcd738f8520569ca5c3d%40%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/r0b8dc3acd4503e4ecb6fbd6ea7d95f59941168d8452ac0ab1d1d96bb%40%3Cissues.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r1b7ed0c4b6c4301d4dfd6fdbc5581b0a789d3240cab55d766f33c6c6%40%3Cjira.kafka.apache.org%3E
https://lists.apache.org/thread.html/r2882fc1f3032cd7be66e28787f04ec6f1874ac68d47e310e30ff7eb1%40%3Cjira.kafka.apache.org%3E
https://lists.apache.org/thread.html/r2b6ddb3a4f4cd11d8f6305011e1b7438ba813511f2e3ab3180c7ffda%40%3Ccommits.druid.apache.org%3E
https://lists.apache.org/thread.html/r2eb66c182853c69ecfb52f63d3dec09495e9b65be829fd889a081ae1%40%3Cdev.hive.apache.org%3E
https://lists.apache.org/thread.html/r2f5c5479f99398ef344b7ebd4d90bc3316236c45d0f3bc42090efcd7%40%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/r31f4ee7d561d56a0c2c2c6eb1d6ce3e05917ff9654fdbfec05dc2b83%40%3Ccommits.servicecomb.apache.org%3E
https://lists.apache.org/thread.html/r3e6ae311842de4e64c5d560a475b7f9cc7e0a9a8649363c6cf7537eb%40%3Ccommits.karaf.apache.org%3E
https://lists.apache.org/thread.html/r407538adec3185dd35a05c9a26ae2f74425b15132470cf540f41d85b%40%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/r45e7350dfc92bb192f3f88e9971c11ab2be0953cc375be3dda5170bd%40%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/r5b130fe668503c4b7e2caf1b16f86b7f2070fd1b7ef8f26195a2ffbd%40%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/r5f8a1608d758936bd6bbc5eed980777437b611537bf6fff40663fc71%40%3Cjira.kafka.apache.org%3E
https://lists.apache.org/thread.html/r605764e05e201db33b3e9c2e66ff620658f07ad74f296abe483f7042%40%3Creviews.iotdb.apache.org%3E
https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cdev.kafka.apache.org%3E
https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cusers.kafka.apache.org%3E
https://lists.apache.org/thread.html/r63c87aab97155f3f3cbe11d030c4a184ea0de440ee714977db02e956%40%3Cjira.kafka.apache.org%3E
https://lists.apache.org/thread.html/r68d029ee74ab0f3b0569d0c05f5688cb45dd3abe96a6534735252805%40%3Cnotifications.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r6a4f3ef6edfed2e0884269d84798f766779bbbc1005f7884e0800d61%40%3Cdev.knox.apache.org%3E
https://lists.apache.org/thread.html/r6a6df5647583541e3cb71c75141008802f7025cee1c430d4ed78f4cc%40%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/r6b11eca1d646f45eb0d35d174e6b1e47cfae5295b92000856bfb6304%40%3Cdev.kafka.apache.org%3E
https://lists.apache.org/thread.html/r6b11eca1d646f45eb0d35d174e6b1e47cfae5295b92000856bfb6304%40%3Cusers.kafka.apache.org%3E
https://lists.apache.org/thread.html/r6cbd599b80e787f02ff7a1391d9278a03f37d6a6f4f943f0f01a62fb%40%3Creviews.iotdb.apache.org%3E
https://lists.apache.org/thread.html/r6e3d4f7991542119a4ca6330271d7fbf7b9fb3abab24ada82ddf1ee4%40%3Cnotifications.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r73bef1bb601a9f093f915f8075eb49fcca51efade57b817afd5def07%40%3Ccommits.iotdb.apache.org%3E
https://lists.apache.org/thread.html/r765283e145049df9b8998f14dcd444345555aae02b1610cfb3188bf8%40%3Cnotifications.iotdb.apache.org%3E
https://lists.apache.org/thread.html/r78d53a0a269c18394daf5940105dc8c7f9a2399503c2e78be20abe7e%40%3Cjira.kafka.apache.org%3E
https://lists.apache.org/thread.html/r7cb5b4b3e4bd41a8042e5725b7285877a17bcbf07f4eb3f7b316af60%40%3Creviews.iotdb.apache.org%3E
https://lists.apache.org/thread.html/r86c78bf7656fdb2dab69cbf17f3d7492300f771025f1a3a65d5e5ce5%40%3Ccommits.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r8764bb835bcb8e311c882ff91dd3949c9824e905e880930be56f6ba3%40%3Cuser.spark.apache.org%3E
https://lists.apache.org/thread.html/r8937a7160717fe8b2221767163c4de4f65bc5466405cb1c5310f9080%40%3Cdev.kafka.apache.org%3E
https://lists.apache.org/thread.html/r8937a7160717fe8b2221767163c4de4f65bc5466405cb1c5310f9080%40%3Cusers.kafka.apache.org%3E
https://lists.apache.org/thread.html/r8ae961c80930e2717c75025414ce48a432cea1137c02f648b1fb9524%40%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/r900d4408c4189b376d1ec580ea7740ea6f8710dc2f0b7e9c9eeb5ae0%40%3Cdev.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r90d1e97b0a743cf697d89a792a9b669909cc5a1692d1e0083a22e66c%40%3Cissues.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r91722ecfba688b0c565675f8bf380269fde8ec62b54d6161db544c22%40%3Ccommits.karaf.apache.org%3E
https://lists.apache.org/thread.html/r94c7e86e546120f157264ba5ba61fd29b3a8d530ed325a9b4fa334d7%40%3Ccommits.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r95a297eb5fd1f2d3a2281f15340e2413f952e9d5503296c3adc7201a%40%3Ccommits.tomee.apache.org%3E
https://lists.apache.org/thread.html/r98bfe3b90ea9408f12c4b447edcb5638703d80bc782430aa0c210a54%40%3Cissues.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/ra1157e57a01d25e36b0dc17959ace758fc21ba36746de29ba1d8b130%40%3Cjira.kafka.apache.org%3E
https://lists.apache.org/thread.html/ra409f798a1e5a6652b7097429b388650ccd65fd958cee0b6f69bba00%40%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/ra95faf968f3463acb3f31a6fbec31453fc5045325f99f396961886d3%40%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/raf13235de6df1d47a717199e1ecd700dff3236632f5c9a1488d9845b%40%3Cjira.kafka.apache.org%3E
https://lists.apache.org/thread.html/rb674520b9f6c808c1bf263b1369e14048ec3243615f35cfd24e33604%40%3Cissues.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cdev.kafka.apache.org%3E
https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cusers.kafka.apache.org%3E
https://lists.apache.org/thread.html/rc15e90bbef196a5c6c01659e015249d6c9a73581ca9afb8aeecf00d2%40%3Cjira.kafka.apache.org%3E
https://lists.apache.org/thread.html/rc82ff47853289e9cd17f5cfbb053c04cafc75ee32e3d7223963f83bb%40%3Cdev.knox.apache.org%3E
https://lists.apache.org/thread.html/rc88f2fa2b7bd6443921727aeee7704a1fb02433e722e2abf677e0d3d%40%3Ccommits.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/rc959cdb57c4fe198316130ff4a5ecbf9d680e356032ff2e9f4f05d54%40%3Cjira.kafka.apache.org%3E
https://lists.apache.org/thread.html/rd317f15a675d114dbf5b488d27eeb2467b4424356b16116eb18a652d%40%3Cjira.kafka.apache.org%3E
https://lists.apache.org/thread.html/rd57c7582adc90e233f23f3727db3df9115b27a823b92374f11453f34%40%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/rd6f6bf848c2d47fa4a85c27d011d948778b8f7e58ba495968435a0b3%40%3Cissues.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/rdca8711bb7aa5d47a44682606cd0ea3497e2e922f22b7ee83e81e6c1%40%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/rdf9a34726482222c90d50ae1b9847881de67dde8cfde4999633d2cdc%40%3Ccommits.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/re16f81d3ad49a93dd2f0cba9f8fc88e5fb89f30bf9a2ad7b6f3e69c1%40%3Ccommits.karaf.apache.org%3E
https://lists.apache.org/thread.html/re96dc7a13e13e56190a5d80f9e5440a0d0c83aeec6467b562fbf2dca%40%3Cjira.kafka.apache.org%3E
https://lists.apache.org/thread.html/rf1809a1374041a969d77afab21fc38925de066bc97e86157d3ac3402%40%3Ccommits.karaf.apache.org%3E
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6X2UT4X6M7DLQYBOOHMXBWGYJ65RL2CT/
https://nvd.nist.gov/vuln/detail/CVE-2020-25649
https://security.netapp.com/advisory/ntap-20210108-0007/
https://www.cve.org/CVERecord?id=CVE-2020-25649
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com/security-alerts/cpujul2022.html
https://www.oracle.com/security-alerts/cpuoct2021.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2020-12-03T16:16:50

Updated: 2024-08-04T15:40:36.648Z

Reserved: 2020-09-16T00:00:00

Link: CVE-2020-25649

Vulnrichment

No data.

NVD

Status : Modified

Published: 2020-12-03T17:15:12.503

Modified: 2024-11-21T05:18:20.343

Link: CVE-2020-25649

Redhat

Severity : Important

Publid Date: 2020-01-09T00:00:00Z

Links: CVE-2020-25649 - Bugzilla

OpenCVE Enrichment

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object