CVE-2020-9548

Published: Mar 2, 2020Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).

Affected (46)

Products: Fasterxml: Jackson Databind · Netapp: Active Iq Unified Manager · Debian: Debian Linux · +1 more

Show all products

Fasterxml

1 product

Jackson Databind

Netapp

1 product

Active Iq Unified Manager

1 product

22 products

Autovue For Agile Product Lifecycle Management

Banking Digital Experience

Banking Platform

Communications Calendar Server

Communications Contacts Server

Communications Diameter Signaling Router

Communications Element Manager

Communications Evolved Communications Application Server

Communications Instant Messaging Server

Communications Network Charging And Control

Communications Session Report Manager

Communications Session Route Manager

Enterprise Manager Base Platform

Global Lifecycle Management Opatch

Jd Edwards Enterpriseone Orchestrator

Jd Edwards Enterpriseone Tools

Primavera Unifier

Retail Merchandising System

Retail Sales Audit

Retail Xstore Point Of Service

Weblogic Server

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Fasterxml Jackson Databind	From 2.0.0 to 2.7.9.7
Fasterxml Jackson Databind	From 2.8.0 to 2.8.11.6
Fasterxml Jackson Databind	From 2.9.0 to 2.9.10.4

Configuration B

3 vulnerable

Vulnerable Software	Affected Versions
Netapp Active Iq Unified Manager	From 7.3
Netapp Active Iq Unified Manager	From 9.5
Netapp Active Iq Unified Manager	From 7.3

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 8.0

Configuration D

39 vulnerable

Vulnerable Software	Affected Versions
Oracle Agile Plm	Version 9.3.6
Oracle Autovue For Agile Product Lifecycle Management	Version 21.0.2
Oracle Banking Digital Experience	Version 18.1
Oracle Banking Digital Experience	Version 18.2
Oracle Banking Digital Experience	Version 18.3
Oracle Banking Digital Experience	Version 19.1
Oracle Banking Digital Experience	Version 19.2
Oracle Banking Digital Experience	Version 20.1
Oracle Banking Platform	From 2.4.0 to 2.9.0
Oracle Communications Calendar Server	Version 8.0.0.4.0
Oracle Communications Contacts Server	Version 8.0.0.4.0
Oracle Communications Contacts Server	Version 8.0.0.5.0
Oracle Communications Diameter Signaling Router	From 8.0.0 to 8.2.2
Oracle Communications Element Manager	From 8.2.0 to 8.2.2
Oracle Communications Evolved Communications Application Server	Version 7.1
Oracle Communications Instant Messaging Server	Version 10.0.1.4.0
Oracle Communications Network Charging And Control	From 12.0.0 to 12.0.3
Oracle Communications Network Charging And Control	Version 6.0.1
Oracle Communications Session Report Manager	From 8.2.0 to 8.2.2
Oracle Communications Session Route Manager	From 8.2.0 to 8.2.2
Oracle Enterprise Manager Base Platform	Version 13.3.0.0
Oracle Enterprise Manager Base Platform	Version 13.4.0.0
Oracle Global Lifecycle Management Opatch	Before 12.2.0.1.20
Oracle Jd Edwards Enterpriseone Orchestrator	Before 9.2.4.2
Oracle Jd Edwards Enterpriseone Tools	Before 9.2.4.2
Oracle Primavera Unifier	From 17.7 to 17.12
Oracle Primavera Unifier	Version 16.1
Oracle Primavera Unifier	Version 16.2
Oracle Primavera Unifier	Version 18.8
Oracle Primavera Unifier	Version 19.12
Oracle Retail Merchandising System	Version 15.0
Oracle Retail Sales Audit	Version 14.1
Oracle Retail Xstore Point Of Service	Version 15.0
Oracle Retail Xstore Point Of Service	Version 16.0
Oracle Retail Xstore Point Of Service	Version 17.0
Oracle Retail Xstore Point Of Service	Version 18.0
Oracle Retail Xstore Point Of Service	Version 19.0
Oracle Weblogic Server	Version 12.2.1.3.0
Oracle Weblogic Server	Version 12.2.1.4.0