CVE-2018-14718

CRITICAL

9.8

CVSS Severity Score

EPSS Score0.0490%

EPSS Percentile20.32th

PublishedJan 2, 2019

Last ModifiedNov 21, 2024

Vulnerability Description

FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization.

Affected Platforms (CPE)

📦

Fasterxml

Jackson Databind

>= 2.0.0 and < 2.6.7.3

📦

Fasterxml

Jackson Databind

>= 2.7.0 and < 2.7.9.5

📦

Fasterxml

Jackson Databind

>= 2.8.0 and < 2.8.11.3

📦

Fasterxml

Jackson Databind

>= 2.9.0 and < 2.9.7

💻

Debian

Debian Linux

= 8.0

💻

Debian

Debian Linux

= 9.0

📦

Oracle

Banking Platform

= 2.5.0

📦

Oracle

Banking Platform

= 2.6.0

📦

Oracle

Banking Platform

= 2.6.1

📦

Oracle

Banking Platform

= 2.6.2

📦

Oracle

Business Process Management Suite

= 12.1.3.0.0

📦

Oracle

Business Process Management Suite

= 12.2.1.3.0

📦

Oracle

Communications Billing And Revenue Management

= 7.5

📦

Oracle

Communications Billing And Revenue Management

= 12.0

📦

Oracle

Communications Instant Messaging Server

= 10.0.1.3.0

📦

Oracle

Enterprise Manager For Virtualization

= 13.2.2

📦

Oracle

Enterprise Manager For Virtualization

= 13.2.3

📦

Oracle

Enterprise Manager For Virtualization

= 13.3.1

📦

Oracle

Financial Services Analytical Applications Infrastructure

= 8.0.2

📦

Oracle

Financial Services Analytical Applications Infrastructure

= 8.0.3

📦

Oracle

Financial Services Analytical Applications Infrastructure

= 8.0.4

📦

Oracle

Financial Services Analytical Applications Infrastructure

= 8.0.5

📦

Oracle

Financial Services Analytical Applications Infrastructure

= 8.0.6

📦

Oracle

Financial Services Analytical Applications Infrastructure

= 8.0.7

📦

Oracle

Global Lifecycle Management Opatch

< 11.2.0.3.23

📦

Oracle

Global Lifecycle Management Opatch

>= 12.2.0.1.0 and < 12.2.0.1.19

📦

Oracle

Global Lifecycle Management Opatch

>= 13.9.4.0.0 and < 13.9.4.2.1

📦

Oracle

Jd Edwards Enterpriseone Orchestrator

= 9.2

📦

Oracle

Jd Edwards Enterpriseone Tools

= 9.2

📦

Oracle

Jdeveloper

= 12.1.3.0.0

📦

Oracle

Jdeveloper

= 12.2.1.3.0

📦

Oracle

Nosql Database

< 19.3.12

📦

Oracle

Nosql Database

= 19.3.12

📦

Oracle

Primavera P6 Enterprise Project Portfolio Management

>= 17.7 and <= 17.12

📦

Oracle

Primavera P6 Enterprise Project Portfolio Management

= 15.1

📦

Oracle

Primavera P6 Enterprise Project Portfolio Management

= 15.2

📦

Oracle

Primavera P6 Enterprise Project Portfolio Management

= 16.1

📦

Oracle

Primavera P6 Enterprise Project Portfolio Management

= 16.2

📦

Oracle

Primavera P6 Enterprise Project Portfolio Management

= 18.8

📦

Oracle

Primavera Unifier

>= 17.7 and <= 17.12

📦

Oracle

Primavera Unifier

= 16.1

📦

Oracle

Primavera Unifier

= 16.2

📦

Oracle

Primavera Unifier

= 18.8

📦

Oracle

Retail Customer Management And Segmentation Foundation

= 17.0

📦

Oracle

Retail Merchandising System

= 15.0

📦

Oracle

Retail Merchandising System

= 16.0

📦

Oracle

Retail Workforce Management Software

= 1.60.9.0.0

📦

Oracle

Siebel Engineering Installer \& Deployment

<= 19.8

📦

Oracle

Siebel Ui Framework

<= 19.10

📦

Oracle

Webcenter Portal

= 12.2.1.3.0

📦

Netapp

Oncommand Workflow Automation

All versions

📦

Netapp

Snapcenter

All versions

📦

Netapp

Steelstore Cloud Integrated Storage

All versions

📦

Redhat

Openshift Container Platform

>= 3.11 and < 3.11.153

📦

Redhat

Openshift Container Platform

>= 4.6 and < 4.6.26

📦

Redhat

Openshift Container Platform

= 3.10

📦

Redhat

Openshift Container Platform

>= 4.1 and < 4.1.18

References & Advisories

🔗 http://www.securityfocus.com/bid/106601

🔗 https://access.redhat.com/errata/RHBA-2019:0959

🔗 https://access.redhat.com/errata/RHSA-2019:0782

🔗 https://access.redhat.com/errata/RHSA-2019:0877

🔗 https://access.redhat.com/errata/RHSA-2019:1782

🔗 https://access.redhat.com/errata/RHSA-2019:1797

🔗 https://access.redhat.com/errata/RHSA-2019:1822

🔗 https://access.redhat.com/errata/RHSA-2019:1823

Vulnerability Description

Affected Platforms (CPE)

Jackson Databind

Jackson Databind

Jackson Databind

Jackson Databind

Debian Linux

Debian Linux

Banking Platform

Banking Platform

Banking Platform

Banking Platform

Business Process Management Suite

Business Process Management Suite

Communications Billing And Revenue Management

Communications Billing And Revenue Management

Communications Instant Messaging Server

Enterprise Manager For Virtualization

Enterprise Manager For Virtualization

Enterprise Manager For Virtualization

Financial Services Analytical Applications Infrastructure

Financial Services Analytical Applications Infrastructure

Financial Services Analytical Applications Infrastructure

Financial Services Analytical Applications Infrastructure

Financial Services Analytical Applications Infrastructure

Financial Services Analytical Applications Infrastructure

Global Lifecycle Management Opatch

Global Lifecycle Management Opatch

Global Lifecycle Management Opatch

Jd Edwards Enterpriseone Orchestrator

Jd Edwards Enterpriseone Tools

Jdeveloper

Jdeveloper

Nosql Database

Nosql Database

Primavera P6 Enterprise Project Portfolio Management

Primavera P6 Enterprise Project Portfolio Management

Primavera P6 Enterprise Project Portfolio Management

Primavera P6 Enterprise Project Portfolio Management

Primavera P6 Enterprise Project Portfolio Management

Primavera P6 Enterprise Project Portfolio Management

Primavera Unifier

Primavera Unifier

Primavera Unifier

Primavera Unifier

Retail Customer Management And Segmentation Foundation

Retail Merchandising System

Retail Merchandising System

Retail Workforce Management Software

Siebel Engineering Installer \& Deployment

Siebel Ui Framework

Webcenter Portal

Oncommand Workflow Automation

Snapcenter

Steelstore Cloud Integrated Storage

Openshift Container Platform

Openshift Container Platform

Openshift Container Platform

Openshift Container Platform

References & Advisories

Related Vulnerabilities