CyberSec.Space Logo
Back to CVE Browser

CVE-2018-19361

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0810%
EPSS Percentile4.85th
PublishedJan 2, 2019
Last ModifiedNov 21, 2024

Vulnerability Description

FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the openjpa class from polymorphic deserialization.

Affected Platforms (CPE)

πŸ“¦
Fasterxml

Jackson Databind

>= 2.6.0 and <= 2.6.7.2
πŸ“¦
Fasterxml

Jackson Databind

>= 2.7.0 and < 2.7.9.5
πŸ“¦
Fasterxml

Jackson Databind

>= 2.8.0 and < 2.8.11.3
πŸ“¦
Fasterxml

Jackson Databind

>= 2.9.0 and < 2.9.8
πŸ’»
Debian

Debian Linux

= 8.0
πŸ’»
Debian

Debian Linux

= 9.0
πŸ“¦
Oracle

Business Process Management Suite

= 12.1.3.0.0
πŸ“¦
Oracle

Business Process Management Suite

= 12.2.1.3.0
πŸ“¦
Oracle

Primavera P6 Enterprise Project Portfolio Management

>= 17.7 and <= 17.12
πŸ“¦
Oracle

Primavera P6 Enterprise Project Portfolio Management

= 15.1
πŸ“¦
Oracle

Primavera P6 Enterprise Project Portfolio Management

= 15.2
πŸ“¦
Oracle

Primavera P6 Enterprise Project Portfolio Management

= 16.1
πŸ“¦
Oracle

Primavera P6 Enterprise Project Portfolio Management

= 16.2
πŸ“¦
Oracle

Primavera P6 Enterprise Project Portfolio Management

= 18.8
πŸ“¦
Oracle

Primavera Unifier

>= 17.7 and <= 17.12
πŸ“¦
Oracle

Primavera Unifier

= 16.1
πŸ“¦
Oracle

Primavera Unifier

= 16.2
πŸ“¦
Oracle

Primavera Unifier

= 18.8
πŸ“¦
Oracle

Retail Workforce Management Software

= 1.60.9.0.0
πŸ“¦
Oracle

Webcenter Portal

= 12.2.1.3.0
πŸ“¦
Redhat

Automation Manager

= 7.3.1
πŸ“¦
Redhat

Decision Manager

= 7.3.1
πŸ“¦
Redhat

Jboss Bpm Suite

= 6.4.11
πŸ“¦
Redhat

Jboss Brms

= 6.4.10
πŸ“¦
Redhat

Openshift Container Platform

= 3.11

References & Advisories

πŸ”— http://www.securityfocus.com/bid/107985
πŸ”— https://access.redhat.com/errata/RHBA-2019:0959
πŸ”— https://access.redhat.com/errata/RHSA-2019:0782
πŸ”— https://access.redhat.com/errata/RHSA-2019:0877
πŸ”— https://access.redhat.com/errata/RHSA-2019:1782
πŸ”— https://access.redhat.com/errata/RHSA-2019:1797
πŸ”— https://access.redhat.com/errata/RHSA-2019:1822
πŸ”— https://access.redhat.com/errata/RHSA-2019:1823

Related Vulnerabilities

CVE-2018-1472110.0

FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery (SSRF) attacks by ...

CVE-2018-193629.8

FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the jb...

CVE-2018-193609.8

FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the ax...

CVE-2018-147189.8

FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block ...