Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-24750


FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.


Published

2020-09-17T19:15:13.580

Last Modified

2024-11-21T05:16:00.667

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.1 (HIGH)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

  • Access Vector: NETWORK
  • Access Complexity: MEDIUM
  • Authentication: NONE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: PARTIAL
  • Availability Impact: PARTIAL
Exploitability Score

8.6

Impact Score

6.4

Weaknesses
  • Type: Primary
    CWE-502

Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application fasterxml jackson-databind < 2.6.7.5 Yes
Application fasterxml jackson-databind < 2.9.10.6 Yes
Application oracle agile_plm 9.3.6 Yes
Application oracle application_testing_suite 13.3.0.1 Yes
Application oracle autovue_for_agile_product_lifecycle_management 21.0.2 Yes
Application oracle banking_corporate_lending_process_management 14.2.0 Yes
Application oracle banking_corporate_lending_process_management 14.3.0 Yes
Application oracle banking_corporate_lending_process_management 14.5.0 Yes
Application oracle banking_credit_facilities_process_management 14.2.0 Yes
Application oracle banking_credit_facilities_process_management 14.3.0 Yes
Application oracle banking_credit_facilities_process_management 14.5.0 Yes
Application oracle banking_liquidity_management 14.2 Yes
Application oracle banking_liquidity_management 14.3 Yes
Application oracle banking_liquidity_management 14.5 Yes
Application oracle banking_supply_chain_finance 14.2.0 Yes
Application oracle banking_supply_chain_finance 14.3.0 Yes
Application oracle banking_supply_chain_finance 14.5.0 Yes
Application oracle blockchain_platform < 21.1.2 Yes
Application oracle communications_calendar_server 8.0 Yes
Application oracle communications_calendar_server 8.0.0.4.0 Yes
Application oracle communications_contacts_server 8.0 Yes
Application oracle communications_contacts_server 8.0.0.5.0 Yes
Application oracle communications_diameter_signaling_router ≤ 8.2.2 Yes
Application oracle communications_element_manager ≤ 8.2.4.0 Yes
Application oracle communications_instant_messaging_server 10.0.1.5.0 Yes
Application oracle communications_messaging_server 8.1 Yes
Application oracle communications_offline_mediation_controller 12.0.0.3.0 Yes
Application oracle communications_policy_management 12.5.0 Yes
Application oracle communications_pricing_design_center 12.0.0.4.0 Yes
Application oracle communications_services_gatekeeper 7.0 Yes
Application oracle communications_session_report_manager ≤ 8.2.2.1 Yes
Application oracle communications_session_route_manager ≤ 8.2.2.1 Yes
Application oracle communications_unified_inventory_management 7.4.1 Yes
Application oracle identity_manager_connector 11.1.1.5.0 Yes
Application oracle siebel_core_-_server_framework ≤ 21.5 Yes
Application oracle siebel_ui_framework ≤ 21.2 Yes
Operating System debian debian_linux 9.0 Yes

References