← Back

CVE-2020-14195

nvd nist
Published: Jun 16, 2020Modified: Nov 21, 2024

JSON object

Loading...
8.1
Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 2.2 / Impact: 5.9
Source: NVD

Description

FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity).

Affected (21)

Show all products
Fasterxml: Jackson Databind · Netapp: Active Iq Unified Manager, Steelstore Cloud Integrated Storage · Debian: Debian Linux · Oracle: Agile Plm, Banking Digital Experience, Communications Calendar Server, Communications Contacts Server, Communications Diameter Signaling Router, Communications Element Manager, Communications Evolved Communications Application Server, Communications Instant Messaging Server, Communications Session Report Manager, Communications Session Route Manager
Fasterxml
1 product
Jackson Databind
Netapp
2 products
Active Iq Unified Manager
Steelstore Cloud Integrated Storage
Debian
1 product
Debian Linux
Oracle
10 products
Agile Plm
Banking Digital Experience
Communications Calendar Server
Communications Contacts Server
Communications Diameter Signaling Router
Communications Element Manager
Communications Evolved Communications Application Server
Communications Instant Messaging Server
Communications Session Report Manager
Communications Session Route Manager
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Jackson Databind
From 2.9.0 to 2.9.10.5
Configuration B
4 vulnerable
Vulnerable SoftwareAffected Versions
Netapp
Active Iq Unified Manager
From 7.3
Active Iq Unified Manager
From 9.5
Active Iq Unified Manager
From 7.3
Steelstore Cloud Integrated Storage
All versions
Configuration C
1 vulnerable
Vulnerable SoftwareAffected Versions
Debian Linux
Version 8.0
Configuration D
15 vulnerable
Vulnerable SoftwareAffected Versions
Agile Plm
Version 9.3.6
Oracle
Banking Digital Experience
Version 18.1
Banking Digital Experience
Version 18.2
Banking Digital Experience
Version 18.3
Banking Digital Experience
Version 19.1
Banking Digital Experience
Version 19.2
Banking Digital Experience
Version 20.1
Communications Calendar Server
Version 8.0.0.4.0
Communications Contacts Server
Version 8.0.0.5.0
Communications Diameter Signaling Router
From 8.0.0 to 8.2.2
Communications Element Manager
From 8.2.0 to 8.2.2
Communications Evolved Communications Application Server
Version 7.1
Communications Instant Messaging Server
Version 10.0.1.4.0
Communications Session Report Manager
From 8.2.0 to 8.2.2
Communications Session Route Manager
From 8.2.0 to 8.2.2

Related CWEs

CWE-502
Deserialization of Untrusted Data
The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

References (16)

Source: cve@mitre.org
Issue TrackingThird Party Advisory
Source: cve@mitre.org
Mailing ListThird Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Issue TrackingThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

Timeline

No history available yet.