CVE-2018-19362

FasterXML/jackson-databind

on github

FasterXML/jackson

on github

Published

January 2, 2019

Severity

CVSS v3:

9.8 CRITICAL

CVSS v2:

7.5 HIGH

Description

FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the jboss-common-core class from polymorphic deserialization.

References

Configurations

CPE23	Version Start	Version End	Exact Version
cpe:2.3:a:fasterxml:jackson-databind::::::::	2.7.0 (including)	2.7.9.5	*
cpe:2.3:a:fasterxml:jackson-databind::::::::	2.8.0 (including)	2.8.11.3	*
cpe:2.3:a:fasterxml:jackson-databind::::::::	2.9.0 (including)	2.9.8	*
cpe:2.3:a:fasterxml:jackson-databind::::::::	2.6.0 (including)	2.6.7.2 (including)	*
cpe:2.3:o:debian:debian_linux:8.0:::::::*	n/a	n/a	8.0
cpe:2.3:a:oracle:primavera_unifier:16.2:::::::*	n/a	n/a	16.2
cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:16.2:::::::*	n/a	n/a	16.2
cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:15.1:::::::*	n/a	n/a	15.1
cpe:2.3:a:oracle:primavera_unifier:16.1:::::::*	n/a	n/a	16.1
cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:16.1:::::::*	n/a	n/a	16.1
cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:15.2:::::::*	n/a	n/a	15.2
cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:::::::*	n/a	n/a	12.2.1.3.0
cpe:2.3:a:oracle:business_process_management_suite:12.1.3.0.0:::::::*	n/a	n/a	12.1.3.0.0
cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:::::::*	n/a	n/a	12.2.1.3.0
cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:18.8:::::::*	n/a	n/a	18.8
cpe:2.3:a:oracle:primavera_unifier::::::::	17.7 (including)	17.12 (including)	*
cpe:2.3:a:oracle:primavera_unifier:18.8:::::::*	n/a	n/a	18.8
cpe:2.3:a:oracle:retail_workforce_management_software:1.60.9.0.0:::::::*	n/a	n/a	1.60.9.0.0
cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management::::::::	17.7 (including)	17.12 (including)	*
cpe:2.3:a:redhat:openshift_container_platform:3.11:::::::*	n/a	n/a	3.11
cpe:2.3:a:redhat:jboss_bpm_suite:6.4.11:::::::*	n/a	n/a	6.4.11
cpe:2.3:a:redhat:jboss_brms:6.4.10:::::::*	n/a	n/a	6.4.10
cpe:2.3:a:redhat:automation_manager:7.3.1:::::::*	n/a	n/a	7.3.1
cpe:2.3:a:redhat:decision_manager:7.3.1:::::::*	n/a	n/a	7.3.1

External Links

NVD - CVE-2018-19362