← Back

CVE-2020-11619

nvd nist
Published: Apr 7, 2020Modified: Apr 29, 2026

JSON object

Loading...
8.1
Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 2.2 / Impact: 5.9
Source: NVD

Description

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).

Affected (35)

Show all products
Fasterxml: Jackson Databind · Debian: Debian Linux · Netapp: Active Iq Unified Manager, Steelstore Cloud Integrated Storage · Oracle: Agile Plm, Banking Platform, Communications Calendar Server, Communications Contacts Server, Communications Diameter Signaling Router, Communications Evolved Communications Application Server, Communications Instant Messaging Server, Communications Network Charging And Control, Enterprise Manager Base Platform, Global Lifecycle Management Opatch, Jd Edwards Enterpriseone Orchestrator, Jd Edwards Enterpriseone Tools, Primavera Unifier, Retail Merchandising System, Retail Sales Audit, Retail Xstore Point Of Service, Weblogic Server
Fasterxml
1 product
Jackson Databind
Debian
1 product
Debian Linux
Netapp
2 products
Active Iq Unified Manager
Steelstore Cloud Integrated Storage
Oracle
17 products
Agile Plm
Banking Platform
Communications Calendar Server
Communications Contacts Server
Communications Diameter Signaling Router
Communications Evolved Communications Application Server
Communications Instant Messaging Server
Communications Network Charging And Control
Enterprise Manager Base Platform
Global Lifecycle Management Opatch
Jd Edwards Enterpriseone Orchestrator
Jd Edwards Enterpriseone Tools
Primavera Unifier
Retail Merchandising System
Retail Sales Audit
Retail Xstore Point Of Service
Weblogic Server
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Jackson Databind
From 2.0.0 to 2.9.10.4
Configuration B
1 vulnerable
Vulnerable SoftwareAffected Versions
Debian Linux
Version 8.0
Configuration C
4 vulnerable
Vulnerable SoftwareAffected Versions
Netapp
Active Iq Unified Manager
From 7.3
Active Iq Unified Manager
From 9.5
Active Iq Unified Manager
From 7.3
Steelstore Cloud Integrated Storage
All versions
Configuration D
29 vulnerable
Vulnerable SoftwareAffected Versions
Agile Plm
Version 9.3.6
Banking Platform
From 2.4.0 to 2.9.0
Communications Calendar Server
Version 8.0.0.4.0
Oracle
Communications Contacts Server
Version 8.0.0.4.0
Communications Contacts Server
Version 8.0.0.5.0
Communications Diameter Signaling Router
From 8.0.0 to 8.2.2
Communications Evolved Communications Application Server
Version 7.1
Communications Instant Messaging Server
Version 10.0.1.4.0
Oracle
Communications Network Charging And Control
From 12.0.0 to 12.0.3
Communications Network Charging And Control
Version 6.0.1
Oracle
Enterprise Manager Base Platform
Version 13.3.0.0
Enterprise Manager Base Platform
Version 13.4.0.0
Global Lifecycle Management Opatch
Before 12.2.0.1.20
Jd Edwards Enterpriseone Orchestrator
Before 9.2.4.2
Jd Edwards Enterpriseone Tools
Before 9.2.4.2
Oracle
Primavera Unifier
From 17.7 to 17.12
Primavera Unifier
Version 16.1
Primavera Unifier
Version 16.2
Primavera Unifier
Version 18.8
Primavera Unifier
Version 19.12
Retail Merchandising System
Version 15.0
Retail Sales Audit
Version 14.1
Oracle
Retail Xstore Point Of Service
Version 15.0
Retail Xstore Point Of Service
Version 16.0
Retail Xstore Point Of Service
Version 17.0
Retail Xstore Point Of Service
Version 18.0
Retail Xstore Point Of Service
Version 19.0
Oracle
Weblogic Server
Version 12.2.1.3.0
Weblogic Server
Version 12.2.1.4.0

Related CWEs

CWE-502
Deserialization of Untrusted Data
The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

References (16)

Source: cve@mitre.org
Issue TrackingPatchThird Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Mailing ListThird Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Issue TrackingPatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

Timeline

No history available yet.