CVE-2020-25649

FasterXML/jackson-databind

on github

Published

December 3, 2020

Severity

CVSS v3:

7.5 HIGH

CVSS v2:

5 MEDIUM

Description

A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.

References

Configurations

CPE23	Version Start	Version End	Exact Version
cpe:2.3:a:fasterxml:jackson-databind::::::::	2.10.0 (including)	2.10.5.1	*
cpe:2.3:a:fasterxml:jackson-databind::::::::	2.9.0 (including)	2.9.10.7	*
cpe:2.3:a:fasterxml:jackson-databind::::::::	2.6.0 (including)	2.6.7.4	*
cpe:2.3:a:netapp:oncommand_workflow_automation:-:::::::*	n/a	n/a	-
cpe:2.3:a:netapp:service_level_manager:-:::::::*	n/a	n/a	-
cpe:2.3:a:netapp:oncommand_api_services:-:::::::*	n/a	n/a	-
cpe:2.3:o:fedoraproject:fedora:32:::::::*	n/a	n/a	32
cpe:2.3:a:quarkus:quarkus::::::::	n/a	1.6.1 (including)	*
cpe:2.3:a:apache:iotdb::::::::	n/a	0.12.0	*
cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:::::::*	n/a	n/a	12.2.1.3.0
cpe:2.3:a:oracle:banking_platform:2.6.2:::::::*	n/a	n/a	2.6.2
cpe:2.3:a:oracle:utilities_framework:4.3.0.5.0:::::::*	n/a	n/a	4.3.0.5.0
cpe:2.3:a:oracle:utilities_framework:4.3.0.6.0:::::::*	n/a	n/a	4.3.0.6.0
cpe:2.3:a:oracle:utilities_framework:4.4.0.0.0:::::::*	n/a	n/a	4.4.0.0.0
cpe:2.3:a:oracle:coherence:12.2.1.4.0:::::::*	n/a	n/a	12.2.1.4.0
cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:::::::*	n/a	n/a	12.2.1.4.0
cpe:2.3:a:oracle:sd-wan_edge:9.0:::::::*	n/a	n/a	9.0
cpe:2.3:a:oracle:coherence:14.1.1.0.0:::::::*	n/a	n/a	14.1.1.0.0
cpe:2.3:a:oracle:utilities_framework:4.4.0.2.0:::::::*	n/a	n/a	4.4.0.2.0
cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:::::::*	n/a	n/a	12.0.0.3.0
cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:::::::*	n/a	n/a	7.5.0.23.0
cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:::::::*	n/a	n/a	7.0
cpe:2.3:a:oracle:banking_platform:2.7.0:::::::*	n/a	n/a	2.7.0
cpe:2.3:a:oracle:banking_platform:2.7.1:::::::*	n/a	n/a	2.7.1
cpe:2.3:a:oracle:banking_platform:2.9.0:::::::*	n/a	n/a	2.9.0
cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:::::::*	n/a	n/a	7.1
cpe:2.3:a:oracle:goldengate_application_adapters:19.1.0.0.0:::::::*	n/a	n/a	19.1.0.0.0
cpe:2.3:a:oracle:retail_service_backbone:16.0.3:::::::*	n/a	n/a	16.0.3
cpe:2.3:a:oracle:banking_platform:2.8.0:::::::*	n/a	n/a	2.8.0
cpe:2.3:a:oracle:primavera_gateway::::::::	17.7 (including)	17.12 (including)	*
cpe:2.3:a:oracle:insurance_rules_palette:11.0.2:::::::*	n/a	n/a	11.0.2
cpe:2.3:a:oracle:communications_interactive_session_recorder:6.3:::::::*	n/a	n/a	6.3
cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:::::::*	n/a	n/a	6.4
cpe:2.3:o:oracle:communications_messaging_server:8.1:::::::*	n/a	n/a	8.1
cpe:2.3:o:oracle:communications_messaging_server:8.0.2:::::::*	n/a	n/a	8.0.2
cpe:2.3:a:oracle:commerce_platform::::::::	11.3.0 (including)	11.3.2 (including)	*
cpe:2.3:a:oracle:commerce_platform:11.2.0:::::::*	n/a	n/a	11.2.0
cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:::::::*	n/a	n/a	7.4.1
cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.6:::::::*	n/a	n/a	16.0.6
cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.4:::::::*	n/a	n/a	17.0.4
cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.3:::::::*	n/a	n/a	18.0.3
cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.2:::::::*	n/a	n/a	19.0.2
cpe:2.3:a:oracle:retail_xstore_point_of_service:20.0.1:::::::*	n/a	n/a	20.0.1
cpe:2.3:a:oracle:health_sciences_empirica_signal:9.0:::::::*	n/a	n/a	9.0
cpe:2.3:a:oracle:banking_platform:2.10.0:::::::*	n/a	n/a	2.10.0
cpe:2.3:a:oracle:retail_service_backbone:15.0.3.1:::::::*	n/a	n/a	15.0.3.1
cpe:2.3:a:oracle:retail_service_backbone:14.1.3.2:::::::*	n/a	n/a	14.1.3.2
cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools::::::::	n/a	9.2.5.3	*
cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator::::::::	n/a	9.2.5.3	*
cpe:2.3:a:oracle:insurance_rules_palette::::::::	11.1.0 (including)	11.3.0 (including)	*
cpe:2.3:a:oracle:insurance_policy_administration::::::::	11.1.0 (including)	11.3.0 (including)	*
cpe:2.3:a:oracle:insurance_policy_administration:11.0.2:::::::*	n/a	n/a	11.0.2
cpe:2.3:a:oracle:banking_treasury_management:4.4:::::::*	n/a	n/a	4.4
cpe:2.3:a:oracle:primavera_gateway:20.12.0:::::::*	n/a	n/a	20.12.0
cpe:2.3:a:oracle:primavera_gateway::::::::	19.12.0 (including)	19.12.10 (including)	*
cpe:2.3:a:oracle:primavera_gateway::::::::	18.8.0 (including)	18.8.11 (including)	*
cpe:2.3:a:oracle:primavera_gateway::::::::	17.12.0 (including)	17.12.11 (including)	*
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.4.0:::::::*	n/a	n/a	1.4.0
cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.4.0.0:::::::*	n/a	n/a	12.0.4.0.0
cpe:2.3:a:oracle:communications_convergent_charging_controller:12.0.4.0.0:::::::*	n/a	n/a	12.0.4.0.0
cpe:2.3:a:oracle:utilities_framework:4.4.0.3.0:::::::*	n/a	n/a	4.4.0.3.0
cpe:2.3:a:oracle:health_sciences_empirica_signal:9.1:::::::*	n/a	n/a	9.1
cpe:2.3:a:oracle:agile_product_lifecycle_management_integration_pack:3.6:::::e-business_suite::	n/a	n/a	3.6
cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.4.0:::::::*	n/a	n/a	12.0.0.4.0
cpe:2.3:a:oracle:banking_apis::::::::	18.1 (including)	18.3 (including)	*
cpe:2.3:a:oracle:banking_apis:19.1:::::::*	n/a	n/a	19.1
cpe:2.3:a:oracle:banking_apis:19.2:::::::*	n/a	n/a	19.2
cpe:2.3:a:oracle:banking_apis:20.1:::::::*	n/a	n/a	20.1
cpe:2.3:a:oracle:banking_apis:21.1:::::::*	n/a	n/a	21.1
cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.5.0:::::::*	n/a	n/a	10.0.1.5.0
cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.3:::::::*	n/a	n/a	12.0.0.3
cpe:2.3:a:oracle:blockchain_platform::::::::	n/a	21.1.2	*
cpe:2.3:a:oracle:agile_plm:9.3.6:::::::*	n/a	n/a	9.3.6

External Links

NVD - CVE-2020-25649