Vulnerabilities (CVE)

Filtered by vendor Netapp Subscribe
Filtered by product Service Level Manager
Total 27 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-36189 4 Debian, Fasterxml, Netapp and 1 more 23 Debian Linux, Jackson-databind, Service Level Manager and 20 more 2021-12-10 6.8 MEDIUM 8.1 HIGH
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource.
CVE-2020-35491 4 Debian, Fasterxml, Netapp and 1 more 19 Debian Linux, Jackson-databind, Service Level Manager and 16 more 2021-12-08 6.8 MEDIUM 8.1 HIGH
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.
CVE-2020-35490 4 Debian, Fasterxml, Netapp and 1 more 18 Debian Linux, Jackson-databind, Service Level Manager and 15 more 2021-12-08 6.8 MEDIUM 8.1 HIGH
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.
CVE-2020-36185 3 Debian, Fasterxml, Netapp 3 Debian Linux, Jackson-databind, Service Level Manager 2021-11-17 6.8 MEDIUM 8.1 HIGH
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource.
CVE-2020-36186 3 Debian, Fasterxml, Netapp 3 Debian Linux, Jackson-databind, Service Level Manager 2021-11-17 6.8 MEDIUM 8.1 HIGH
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource.
CVE-2020-36187 3 Debian, Fasterxml, Netapp 3 Debian Linux, Jackson-databind, Service Level Manager 2021-11-17 6.8 MEDIUM 8.1 HIGH
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.
CVE-2020-36188 3 Debian, Fasterxml, Netapp 3 Debian Linux, Jackson-databind, Service Level Manager 2021-11-17 6.8 MEDIUM 8.1 HIGH
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource.
CVE-2020-36179 3 Debian, Fasterxml, Netapp 3 Debian Linux, Jackson-databind, Service Level Manager 2021-11-17 6.8 MEDIUM 8.1 HIGH
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS.
CVE-2020-36180 3 Debian, Fasterxml, Netapp 3 Debian Linux, Jackson-databind, Service Level Manager 2021-11-17 6.8 MEDIUM 8.1 HIGH
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.
CVE-2020-36183 3 Debian, Fasterxml, Netapp 3 Debian Linux, Jackson-databind, Service Level Manager 2021-11-17 6.8 MEDIUM 8.1 HIGH
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.
CVE-2020-36182 3 Debian, Fasterxml, Netapp 3 Debian Linux, Jackson-databind, Service Level Manager 2021-11-17 6.8 MEDIUM 8.1 HIGH
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.
CVE-2020-35728 3 Debian, Fasterxml, Netapp 3 Debian Linux, Jackson-databind, Service Level Manager 2021-11-17 6.8 MEDIUM 8.1 HIGH
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).
CVE-2020-36181 3 Debian, Fasterxml, Netapp 3 Debian Linux, Jackson-databind, Service Level Manager 2021-11-17 6.8 MEDIUM 8.1 HIGH
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS.
CVE-2020-36184 3 Debian, Fasterxml, Netapp 3 Debian Linux, Jackson-databind, Service Level Manager 2021-11-17 6.8 MEDIUM 8.1 HIGH
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.
CVE-2020-25649 6 Apache, Fasterxml, Fedoraproject and 3 more 31 Iotdb, Jackson-databind, Fedora and 28 more 2021-10-26 5.0 MEDIUM 7.5 HIGH
A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.
CVE-2017-5645 4 Apache, Netapp, Oracle and 1 more 60 Log4j, Oncommand Api Services, Oncommand Insight and 57 more 2021-10-20 7.5 HIGH 9.8 CRITICAL
In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.
CVE-2020-25644 2 Netapp, Redhat 10 Oncommand Insight, Oncommand Workflow Automation, Service Level Manager and 7 more 2021-10-19 5.0 MEDIUM 7.5 HIGH
A memory leak flaw was found in WildFly OpenSSL in versions prior to 1.1.3.Final, where it removes an HTTP session. It may allow the attacker to cause OOM leading to a denial of service. The highest threat from this vulnerability is to system availability.
CVE-2020-25689 2 Netapp, Redhat 10 Active Iq Unified Manager, Oncommand Insight, Service Level Manager and 7 more 2021-10-19 6.8 MEDIUM 6.5 MEDIUM
A memory leak flaw was found in WildFly in all versions up to 21.0.0.Final, where host-controller tries to reconnect in a loop, generating new connections which are not properly closed while not able to connect to domain-controller. This flaw allows an attacker to cause an Out of memory (OOM) issue, leading to a denial of service. The highest threat from this vulnerability is to system availability.
CVE-2019-16943 6 Debian, Fasterxml, Fedoraproject and 3 more 26 Debian Linux, Jackson-databind, Fedora and 23 more 2021-07-20 6.8 MEDIUM 9.8 CRITICAL
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.
CVE-2019-16942 6 Debian, Fasterxml, Fedoraproject and 3 more 28 Debian Linux, Jackson-databind, Fedora and 25 more 2021-07-20 7.5 HIGH 9.8 CRITICAL
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.