← Back

CVE-2020-14060

nvd nist
Published: Jun 14, 2020Modified: Apr 29, 2026

JSON object

Loading...
8.1
Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 2.2 / Impact: 5.9
Source: NVD

Description

FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill).

Affected (19)

Fasterxml
1 product
Jackson Databind
Netapp
2 products
Active Iq Unified Manager
Steelstore Cloud Integrated Storage
Oracle
9 products
Agile Plm
Banking Digital Experience
Communications Calendar Server
Communications Contacts Server
Communications Diameter Signaling Router
Communications Element Manager
Communications Evolved Communications Application Server
Communications Session Report Manager
Communications Session Route Manager
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Jackson Databind
From 2.0.0 to 2.9.10.5
Configuration B
4 vulnerable
Vulnerable SoftwareAffected Versions
Netapp
Active Iq Unified Manager
From 7.3
Active Iq Unified Manager
From 9.5
Active Iq Unified Manager
From 7.3
Steelstore Cloud Integrated Storage
All versions
Configuration C
14 vulnerable
Vulnerable SoftwareAffected Versions
Agile Plm
Version 9.3.6
Oracle
Banking Digital Experience
Version 18.1
Banking Digital Experience
Version 18.2
Banking Digital Experience
Version 18.3
Banking Digital Experience
Version 19.1
Banking Digital Experience
Version 19.2
Banking Digital Experience
Version 20.1
Communications Calendar Server
Version 8.0.0.4.0
Communications Contacts Server
Version 8.0.0.5.0
Communications Diameter Signaling Router
From 8.0.0 to 8.2.2
Communications Element Manager
From 8.2.0 to 8.2.2
Communications Evolved Communications Application Server
Version 7.1
Communications Session Report Manager
From 8.2.0 to 8.2.2
Communications Session Route Manager
From 8.2.0 to 8.2.2

Related CWEs

CWE-502
Deserialization of Untrusted Data
The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

References (18)

Source: cve@mitre.org
PatchThird Party Advisory
Source: cve@mitre.org
Mailing ListThird Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

Timeline

No history available yet.