CVE-2020-10672

FasterXML/jackson-databind
on github

Published

Severity

CVSS v3:
8.8 HIGH
CVSS v2:
6.8 MEDIUM

Description

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).

References

Configurations

CPE23Version StartVersion EndExact Version
cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*2.9.0 (including)2.9.10.4*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*n/an/a8.0
cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*n/an/a-
cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*n/an/a15.0
cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*n/an/a16.2
cpe:2.3:a:oracle:retail_service_backbone:14.1:*:*:*:*:*:*:*n/an/a14.1
cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*n/an/a16.1
cpe:2.3:a:oracle:retail_service_backbone:15.0:*:*:*:*:*:*:*n/an/a15.0
cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*n/an/a12.2.1.3.0
cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0:*:*:*:*:*:*:*n/an/a16.0
cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*n/an/a18.8
cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*17.7 (including)17.12 (including)*
cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*n/an/a9.3.6
cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:*n/an/a18.1
cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:*n/an/a18.2
cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:*n/an/a18.3
cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:*n/an/a19.1
cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:*n/an/a19.2
cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*8.0.0 (including)8.2.2 (including)*
cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*n/an/a10.0.1.4.0
cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*n/an/a13.3.0.0
cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*n/an/a13.4.0.0
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*8.0.6 (including)8.1.0 (including)*
cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.7:*:*:*:*:*:*:*n/an/a8.0.7
cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*n/an/a19.12
cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*n/an/a15.0
cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0:*:*:*:*:*:*:*n/an/a17.0
cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0:*:*:*:*:*:*:*n/an/a18.0
cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0:*:*:*:*:*:*:*n/an/a19.0
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*n/an/a12.2.1.4.0
cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*n/an/a21.0.2
cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*n/an/a20.1
cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:*2.4.0 (including)2.9.0 (including)*
cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*n/an/a8.0.0.4.0
cpe:2.3:a:oracle:communications_contacts_server:8.0.0.4.0:*:*:*:*:*:*:*n/an/a8.0.0.4.0
cpe:2.3:a:oracle:communications_contacts_server:8.0.0.5.0:*:*:*:*:*:*:*n/an/a8.0.0.5.0
cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*8.2.0 (including)8.2.2 (including)*
cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*n/an/a7.1
cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*n/an/a6.0.1
cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*12.0.0 (including)12.0.3 (including)*
cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*8.2.0 (including)8.2.2 (including)*
cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*8.2.0 (including)8.2.2 (including)*
cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*n/an/a8.0.6
cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.7:*:*:*:*:*:*:*n/an/a8.0.7
cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.1.0:*:*:*:*:*:*:*n/an/a8.1.0
cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*n/an/a8.0.6
cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:*n/an/a8.0.6
cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*n/a12.2.0.1.20*
cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.0.2.25:*:*:*:*:*:*:*n/an/a11.0.2.25
cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.1.0.15:*:*:*:*:*:*:*n/an/a11.1.0.15
cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*n/a9.2.4.2*
cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*n/a9.2.4.2*
cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*n/an/a14.1
cpe:2.3:a:oracle:retail_service_backbone:16.0:*:*:*:*:*:*:*n/an/a16.0

External Links