CVE-2019-16335

Published: Sep 15, 2019Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariDataSource. This is a different vulnerability than CVE-2019-14540.

Affected (39)

Products: Fasterxml: Jackson Databind · Fedoraproject: Fedora · Debian: Debian Linux · +3 more

Show all products

1 product

1 product

1 product

3 products

Oncommand Api Services

Oncommand Workflow Automation

Steelstore Cloud Integrated Storage

Redhat

1 product

Jboss Enterprise Application Platform

Oracle

10 products

Banking Platform

Customer Management And Segmentation Foundation

Financial Services Analytical Applications Infrastructure

Global Lifecycle Management Opatch

Goldengate Application Adapters

Goldengate Stream Analytics

Primavera Gateway

Retail Customer Management And Segmentation Foundation

Retail Xstore Point Of Service

Weblogic Server

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Fasterxml Jackson Databind	From 2.0.0 to 2.6.7.3
Fasterxml Jackson Databind	From 2.7.0 to 2.8.11.5
Fasterxml Jackson Databind	From 2.9.0 to 2.9.10

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 30
Fedoraproject Fedora	Version 31

Configuration C

3 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 10.0
Debian Debian Linux	Version 8.0
Debian Debian Linux	Version 9.0

Configuration D

3 vulnerable

Vulnerable Software	Affected Versions
Netapp Oncommand Api Services	All versions
Netapp Oncommand Workflow Automation	All versions
Netapp Steelstore Cloud Integrated Storage	All versions

Configuration E

2 vulnerable · 3 platform

Vulnerable Software	Affected Versions
Redhat Jboss Enterprise Application Platform	Version 7.2
Redhat Jboss Enterprise Application Platform	Version 7.3

Running on/with	Platform Versions
Redhat Enterprise Linux	Version 6.0
Redhat Enterprise Linux	Version 7.0
Redhat Enterprise Linux	Version 8.0

Configuration F

26 vulnerable

Vulnerable Software	Affected Versions
Oracle Banking Platform	Version 2.4.0
Oracle Banking Platform	Version 2.4.1
Oracle Banking Platform	Version 2.5.0
Oracle Banking Platform	Version 2.6.0
Oracle Banking Platform	Version 2.6.1
Oracle Banking Platform	Version 2.7.0
Oracle Banking Platform	Version 2.7.1
Oracle Customer Management And Segmentation Foundation	Version 18.0
Oracle Financial Services Analytical Applications Infrastructure	From 8.0.2 to 8.0.8
Oracle Global Lifecycle Management Opatch	Before 11.2.0.3.23
Oracle Global Lifecycle Management Opatch	From 12.2.0.1.0 to 12.2.0.1.19
Oracle Global Lifecycle Management Opatch	From 13.9.4.0.0 to 13.9.4.2.1
Oracle Goldengate Application Adapters	Version 19.1.0.0.0
Oracle Goldengate Stream Analytics	Before 19.1.0.0.1
Oracle Primavera Gateway	From 17.7 to 17.12
Oracle Primavera Gateway	Version 15.2
Oracle Primavera Gateway	Version 16.1
Oracle Primavera Gateway	Version 16.2
Oracle Primavera Gateway	Version 18.8.0
Oracle Retail Customer Management And Segmentation Foundation	Version 17.0
Oracle Retail Xstore Point Of Service	Version 15.0
Oracle Retail Xstore Point Of Service	Version 16.0
Oracle Retail Xstore Point Of Service	Version 17.0
Oracle Retail Xstore Point Of Service	Version 18.0
Oracle Retail Xstore Point Of Service	Version 7.1
Oracle Weblogic Server	Version 12.2.1.3.0

Related CWEs

CWE-502

Deserialization of Untrusted Data

The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

References (64)

https://access.redhat.com/errata/RHSA-2019:3200

Source: cve@mitre.org

Third Party Advisory

https://access.redhat.com/errata/RHSA-2020:0159

Source: cve@mitre.org

Third Party Advisory

https://access.redhat.com/errata/RHSA-2020:0160

Source: cve@mitre.org

Third Party Advisory

https://access.redhat.com/errata/RHSA-2020:0161

Source: cve@mitre.org

Third Party Advisory

https://access.redhat.com/errata/RHSA-2020:0164

Source: cve@mitre.org

Third Party Advisory

https://access.redhat.com/errata/RHSA-2020:0445

Source: cve@mitre.org

Third Party Advisory

https://access.redhat.com/errata/RHSA-2020:0729

Source: cve@mitre.org

Third Party Advisory

https://github.com/FasterXML/jackson-databind/issues/2449

Source: cve@mitre.org

PatchThird Party Advisory

https://lists.apache.org/thread.html/0fcef7321095ce0bc597d468d150cff3d647f4cb3aef3bd4d20e1c69%40%3Ccommits.tinkerpop.apache.org%3E

Source: cve@mitre.org

https://lists.apache.org/thread.html/40c00861b53bb611dee7d6f35f864aa7d1c1bd77df28db597cbf27e1%40%3Cissues.hbase.apache.org%3E

Source: cve@mitre.org

https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E

Source: cve@mitre.org

https://lists.apache.org/thread.html/a360b46061c91c5cad789b6c3190aef9b9f223a2b75c9c9f046fe016%40%3Cissues.hbase.apache.org%3E

Source: cve@mitre.org

https://lists.apache.org/thread.html/ad0d238e97a7da5eca47a014f0f7e81f440ed6bf74a93183825e18b9%40%3Cissues.hbase.apache.org%3E

Source: cve@mitre.org

https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E

Source: cve@mitre.org

https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E

Source: cve@mitre.org

https://lists.apache.org/thread.html/dc6b5cad721a4f6b3b62ed1163894941140d9d5656140fb757505ca0%40%3Cissues.hbase.apache.org%3E

Source: cve@mitre.org

https://lists.apache.org/thread.html/e90c3feb21702e68a8c08afce37045adb3870f2bf8223fa403fb93fb%40%3Ccommits.hbase.apache.org%3E

Source: cve@mitre.org

https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E

Source: cve@mitre.org

https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E

Source: cve@mitre.org

https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E

Source: cve@mitre.org

https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E

Source: cve@mitre.org

https://lists.debian.org/debian-lts-announce/2019/10/msg00001.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q7CANA7KV53JROZDX5Z5P26UG5VN2K43/

Source: cve@mitre.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TH5VFUN4P7CCIP7KSEXYA5MUTFCUDUJT/

Source: cve@mitre.org

https://seclists.org/bugtraq/2019/Oct/6

Source: cve@mitre.org

Issue TrackingMailing ListThird Party Advisory

https://security.netapp.com/advisory/ntap-20191004-0002/

Source: cve@mitre.org

Third Party Advisory

https://www.debian.org/security/2019/dsa-4542

Source: cve@mitre.org

Third Party Advisory

https://www.oracle.com/security-alerts/cpuapr2020.html

Source: cve@mitre.org

Third Party Advisory

https://www.oracle.com/security-alerts/cpujan2020.html

Source: cve@mitre.org

Third Party Advisory

https://www.oracle.com/security-alerts/cpujul2020.html

Source: cve@mitre.org

Third Party Advisory

https://www.oracle.com/security-alerts/cpuoct2020.html

Source: cve@mitre.org

Third Party Advisory

https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

Source: cve@mitre.org

PatchThird Party Advisory

https://access.redhat.com/errata/RHSA-2019:3200