FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).
References
Link | Resource |
---|---|
https://github.com/FasterXML/jackson-databind/issues/2814 | Issue Tracking Patch Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html | Mailing List Third Party Advisory |
https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062 | |
https://security.netapp.com/advisory/ntap-20200904-0006/ | Third Party Advisory |
https://www.oracle.com//security-alerts/cpujul2021.html | Patch Third Party Advisory |
https://www.oracle.com/security-alerts/cpuApr2021.html | Patch Third Party Advisory |
https://www.oracle.com/security-alerts/cpuapr2022.html | Patch Third Party Advisory |
https://www.oracle.com/security-alerts/cpujan2021.html | Patch Third Party Advisory |
https://www.oracle.com/security-alerts/cpujan2022.html | Patch Third Party Advisory |
https://www.oracle.com/security-alerts/cpuoct2021.html | Patch Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
History
07 Nov 2023, 03:20
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
12 May 2022, 14:42
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:* | |
References | (MISC) https://www.oracle.com/security-alerts/cpuapr2022.html - Patch, Third Party Advisory | |
First Time |
Oracle blockchain Platform
|
20 Apr 2022, 00:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
01 Mar 2022, 20:46
Type | Values Removed | Values Added |
---|---|---|
First Time |
Oracle communications Offline Mediation Controller
Oracle communications Instant Messaging Server Oracle communications Services Gatekeeper Oracle autovue For Agile Product Lifecycle Management Oracle identity Manager Connector Oracle banking Supply Chain Finance Oracle communications Pricing Design Center Oracle communications Evolved Communications Application Server Oracle banking Liquidity Management Oracle siebel Ui Framework Oracle communications Messaging Server Oracle communications Policy Management Oracle application Testing Suite Oracle communications Element Manager Oracle communications Unified Inventory Management Oracle communications Session Report Manager Oracle communications Cloud Native Core Unified Data Repository |
|
References | (MISC) https://www.oracle.com/security-alerts/cpuoct2021.html - Patch, Third Party Advisory | |
References | (N/A) https://www.oracle.com//security-alerts/cpujul2021.html - Patch, Third Party Advisory | |
References | (MISC) https://www.oracle.com/security-alerts/cpujan2022.html - Patch, Third Party Advisory | |
References | (MISC) https://www.oracle.com/security-alerts/cpujan2021.html - Patch, Third Party Advisory | |
References | (MISC) https://www.oracle.com/security-alerts/cpuApr2021.html - Patch, Third Party Advisory | |
CPE | cpe:2.3:a:oracle:banking_supply_chain_finance:14.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_policy_management:12.5.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_liquidity_management:14.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_calendar_server:8.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_supply_chain_finance:14.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_liquidity_management:14.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.5.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_contacts_server:8.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_supply_chain_finance:14.5:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_liquidity_management:14.5:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:siebel_ui_framework:*:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:identity_manager_connector:11.1.1.5.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_messaging_server:8.1:*:*:*:*:*:*:* |
07 Feb 2022, 16:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
20 Oct 2021, 11:15
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-502 | |
References |
|
14 Jun 2021, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
05 May 2021, 13:22
Type | Values Removed | Values Added |
---|---|---|
References | (MLIST) https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html - Mailing List, Third Party Advisory | |
CPE | cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:* cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:linux:*:* |
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:* cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:* cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:* cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* |
24 Apr 2021, 23:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
22 Feb 2021, 21:31
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://www.oracle.com/security-alerts/cpujan2021.html - Third Party Advisory | |
References | (MISC) https://github.com/FasterXML/jackson-databind/issues/2814 - Issue Tracking, Patch, Third Party Advisory | |
CPE | cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_contacts_server:8.0.0.5.0:*:*:*:*:*:*:* cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:* cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:* cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:linux:*:* cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:* |
20 Jan 2021, 15:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2020-08-25 18:15
Updated : 2023-12-10 13:27
NVD link : CVE-2020-24616
Mitre link : CVE-2020-24616
CVE.ORG link : CVE-2020-24616
JSON object : View
Products Affected
oracle
- communications_policy_management
- communications_element_manager
- communications_cloud_native_core_unified_data_repository
- banking_supply_chain_finance
- communications_offline_mediation_controller
- autovue_for_agile_product_lifecycle_management
- identity_manager_connector
- banking_liquidity_management
- communications_session_report_manager
- siebel_ui_framework
- communications_contacts_server
- agile_plm
- communications_pricing_design_center
- blockchain_platform
- communications_evolved_communications_application_server
- communications_services_gatekeeper
- communications_unified_inventory_management
- application_testing_suite
- communications_diameter_signaling_router
- communications_messaging_server
- communications_instant_messaging_server
- communications_calendar_server
fasterxml
- jackson-databind
debian
- debian_linux
netapp
- active_iq_unified_manager
CWE
CWE-502
Deserialization of Untrusted Data