TROYANOSYVIRUS
Voltar para CVEs

CVE-2020-36180

HIGH
8.1

Descricao

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.

Detalhes CVE

Pontuacao CVSS v3.18.1
SeveridadeHIGH
Vetor CVSSCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Vetor de ataqueNETWORK
ComplexidadeHIGH
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado1/7/2021
Ultima modificacao11/21/2024
Fontenvd
Avistamentos honeypot0

Produtos afetados

debian:debian_linuxfasterxml:jackson-databindnetapp:cloud_backupnetapp:service_level_manageroracle:agile_plmoracle:application_testing_suiteoracle:autovue_for_agile_product_lifecycle_managementoracle:banking_corporate_lending_process_managementoracle:banking_credit_facilities_process_managementoracle:banking_extensibility_workbenchoracle:banking_supply_chain_financeoracle:banking_treasury_managementoracle:banking_virtual_account_managementoracle:blockchain_platformoracle:commerce_platformoracle:communications_billing_and_revenue_managementoracle:communications_cloud_native_core_policyoracle:communications_cloud_native_core_unified_data_repositoryoracle:communications_convergent_charging_controlleroracle:communications_diameter_signaling_routeoracle:communications_element_manageroracle:communications_evolved_communications_application_serveroracle:communications_instant_messaging_serveroracle:communications_network_charging_and_controloracle:communications_offline_mediation_controlleroracle:communications_policy_managementoracle:communications_pricing_design_centeroracle:communications_services_gatekeeperoracle:communications_session_report_manageroracle:communications_session_route_manageroracle:communications_unified_inventory_managementoracle:data_integratororacle:documakeroracle:goldengate_application_adaptersoracle:insurance_policy_administrationoracle:insurance_rules_paletteoracle:jd_edwards_enterpriseone_orchestratororacle:jd_edwards_enterpriseone_toolsoracle:primavera_gatewayoracle:primavera_unifieroracle:retail_customer_management_and_segmentation_foundationoracle:retail_merchandising_systemoracle:retail_service_backboneoracle:retail_xstore_point_of_serviceoracle:webcenter_portal

Fraquezas (CWE)

CWE-502CWE-502

Referencias

https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062(cve@mitre.org)
https://github.com/FasterXML/jackson-databind/issues/3004(cve@mitre.org)
https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html(cve@mitre.org)
https://security.netapp.com/advisory/ntap-20210205-0005/(cve@mitre.org)
https://www.oracle.com//security-alerts/cpujul2021.html(cve@mitre.org)
https://www.oracle.com/security-alerts/cpuApr2021.html(cve@mitre.org)
https://www.oracle.com/security-alerts/cpuapr2022.html(cve@mitre.org)
https://www.oracle.com/security-alerts/cpujan2022.html(cve@mitre.org)
https://www.oracle.com/security-alerts/cpujul2022.html(cve@mitre.org)
https://www.oracle.com/security-alerts/cpuoct2021.html(cve@mitre.org)
https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/FasterXML/jackson-databind/issues/3004(af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html(af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20210205-0005/(af854a3a-2127-422b-91ae-364da2661108)
https://www.oracle.com//security-alerts/cpujul2021.html(af854a3a-2127-422b-91ae-364da2661108)
https://www.oracle.com/security-alerts/cpuApr2021.html(af854a3a-2127-422b-91ae-364da2661108)
https://www.oracle.com/security-alerts/cpuapr2022.html(af854a3a-2127-422b-91ae-364da2661108)
https://www.oracle.com/security-alerts/cpujan2022.html(af854a3a-2127-422b-91ae-364da2661108)
https://www.oracle.com/security-alerts/cpujul2022.html(af854a3a-2127-422b-91ae-364da2661108)
https://www.oracle.com/security-alerts/cpuoct2021.html(af854a3a-2127-422b-91ae-364da2661108)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.