CVE-2019-17267

Published: Oct 7, 2019Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to net.sf.ehcache.hibernate.EhcacheJtaTransactionManagerLookup.

Affected (16)

Products: Fasterxml: Jackson Databind · Netapp: Active Iq Unified Manager, Oncommand Api Services, Oncommand Workflow Automation, Service Level Manager, Steelstore Cloud Integrated Storage · Debian: Debian Linux · +2 more

Show all products

Fasterxml: Jackson Databind · Netapp: Active Iq Unified Manager, Oncommand Api Services, Oncommand Workflow Automation, Service Level Manager, Steelstore Cloud Integrated Storage · Debian: Debian Linux · Redhat: Jboss Enterprise Application Platform · Oracle: Customer Management And Segmentation Foundation, Goldengate Application Adapters, Retail Customer Management And Segmentation Foundation, Weblogic Server

1 product

Jackson Databind

5 products

Active Iq Unified Manager

Oncommand Api Services

Oncommand Workflow Automation

Service Level Manager

Steelstore Cloud Integrated Storage

1 product

1 product

Jboss Enterprise Application Platform

4 products

Customer Management And Segmentation Foundation

Goldengate Application Adapters

Retail Customer Management And Segmentation Foundation

Weblogic Server

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Fasterxml Jackson Databind	From 2.0.0 to 2.8.11.5
Fasterxml Jackson Databind	From 2.9.0 to 2.9.10

Configuration B

7 vulnerable

Vulnerable Software	Affected Versions
Netapp Active Iq Unified Manager	From 7.3
Netapp Active Iq Unified Manager	From 9.5
Netapp Active Iq Unified Manager	From 7.3
Netapp Oncommand Api Services	All versions
Netapp Oncommand Workflow Automation	All versions
Netapp Service Level Manager	All versions
Netapp Steelstore Cloud Integrated Storage	All versions

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 8.0

Configuration D

2 vulnerable · 3 platform

Vulnerable Software	Affected Versions
Redhat Jboss Enterprise Application Platform	Version 7.2
Redhat Jboss Enterprise Application Platform	Version 7.3

Running on/with	Platform Versions
Redhat Enterprise Linux	Version 6.0
Redhat Enterprise Linux	Version 7.0
Redhat Enterprise Linux	Version 8.0

Configuration E

4 vulnerable

Vulnerable Software	Affected Versions
Oracle Customer Management And Segmentation Foundation	Before 18.0
Oracle Goldengate Application Adapters	Version 19.1.0.0.0
Oracle Retail Customer Management And Segmentation Foundation	Version 17.0
Oracle Weblogic Server	Version 12.2.1.3.0

Related CWEs

Deserialization of Untrusted Data

The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

References (40)

https://access.redhat.com/errata/RHSA-2019:3200

Source: cve@mitre.org

Third Party Advisory

https://access.redhat.com/errata/RHSA-2020:0159

Source: cve@mitre.org

Third Party Advisory

https://access.redhat.com/errata/RHSA-2020:0160

Source: cve@mitre.org

Third Party Advisory

https://access.redhat.com/errata/RHSA-2020:0161

Source: cve@mitre.org

Third Party Advisory

https://access.redhat.com/errata/RHSA-2020:0164

Source: cve@mitre.org

Third Party Advisory

https://access.redhat.com/errata/RHSA-2020:0445

Source: cve@mitre.org

Third Party Advisory

https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.9.3...jackson-databind-2.9.10

Source: cve@mitre.org

PatchThird Party Advisory

https://github.com/FasterXML/jackson-databind/issues/2460

Source: cve@mitre.org

Issue TrackingThird Party Advisory

https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E

Source: cve@mitre.org

https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E

Source: cve@mitre.org

https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E

Source: cve@mitre.org

https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E

Source: cve@mitre.org

https://lists.apache.org/thread.html/r392099ed2757ff2e383b10440594e914d080511d7da1c8fed0612c1f%40%3Ccommits.druid.apache.org%3E

Source: cve@mitre.org

https://lists.apache.org/thread.html/r9d727fc681fb3828794acbefcaee31393742b4d73a29461ccd9597a8%40%3Cdev.skywalking.apache.org%3E

Source: cve@mitre.org

https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E

Source: cve@mitre.org

https://lists.debian.org/debian-lts-announce/2019/12/msg00013.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://security.netapp.com/advisory/ntap-20191017-0006/

Source: cve@mitre.org

Third Party Advisory

https://www.oracle.com/security-alerts/cpujan2020.html

Source: cve@mitre.org

Third Party Advisory

https://www.oracle.com/security-alerts/cpujul2020.html

Source: cve@mitre.org

Third Party Advisory

https://www.oracle.com/security-alerts/cpuoct2020.html

Source: cve@mitre.org

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:3200

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://access.redhat.com/errata/RHSA-2020:0159

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://access.redhat.com/errata/RHSA-2020:0160

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://access.redhat.com/errata/RHSA-2020:0161

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://access.redhat.com/errata/RHSA-2020:0164

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://access.redhat.com/errata/RHSA-2020:0445

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.9.3...jackson-databind-2.9.10

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://github.com/FasterXML/jackson-databind/issues/2460

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingThird Party Advisory

https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.apache.org/thread.html/r392099ed2757ff2e383b10440594e914d080511d7da1c8fed0612c1f%40%3Ccommits.druid.apache.org%3E

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.apache.org/thread.html/r9d727fc681fb3828794acbefcaee31393742b4d73a29461ccd9597a8%40%3Cdev.skywalking.apache.org%3E

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.debian.org/debian-lts-announce/2019/12/msg00013.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://security.netapp.com/advisory/ntap-20191017-0006/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.oracle.com/security-alerts/cpujan2020.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.oracle.com/security-alerts/cpujul2020.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.oracle.com/security-alerts/cpuoct2020.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.