CVE-2018-14721

CRITICAL

10.0

CVSS Severity Score

EPSS Score0.0110%

EPSS Percentile18.28th

PublishedJan 2, 2019

Last ModifiedNov 21, 2024

Vulnerability Description

FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery (SSRF) attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization.

Affected Platforms (CPE)

📦

Fasterxml

Jackson Databind

>= 2.6.0 and < 2.6.7.2

📦

Fasterxml

Jackson Databind

>= 2.7.0 and < 2.7.9.5

📦

Fasterxml

Jackson Databind

>= 2.8.0 and < 2.8.11.3

📦

Fasterxml

Jackson Databind

>= 2.9.0 and < 2.9.7

📦

Fasterxml

Jackson Databind

= 2.7.0

📦

Fasterxml

Jackson Databind

= 2.7.0

📦

Fasterxml

Jackson Databind

= 2.7.0

📦

Fasterxml

Jackson Databind

= 2.8.0

📦

Fasterxml

Jackson Databind

= 2.8.0

📦

Fasterxml

Jackson Databind

= 2.9.0

📦

Fasterxml

Jackson Databind

= 2.9.0

📦

Fasterxml

Jackson Databind

= 2.9.0

📦

Fasterxml

Jackson Databind

= 2.9.0

💻

Debian

Debian Linux

= 8.0

💻

Debian

Debian Linux

= 9.0

📦

Oracle

Banking Platform

= 2.5.0

📦

Oracle

Banking Platform

= 2.6.0

📦

Oracle

Banking Platform

= 2.6.1

📦

Oracle

Banking Platform

= 2.6.2

📦

Oracle

Communications Billing And Revenue Management

= 7.5

📦

Oracle

Communications Billing And Revenue Management

= 12.0

📦

Oracle

Enterprise Manager For Virtualization

= 13.2.2

📦

Oracle

Enterprise Manager For Virtualization

= 13.2.3

📦

Oracle

Enterprise Manager For Virtualization

= 13.3.1

📦

Oracle

Financial Services Analytical Applications Infrastructure

= 8.0.2

📦

Oracle

Financial Services Analytical Applications Infrastructure

= 8.0.3

📦

Oracle

Financial Services Analytical Applications Infrastructure

= 8.0.4

📦

Oracle

Financial Services Analytical Applications Infrastructure

= 8.0.5

📦

Oracle

Financial Services Analytical Applications Infrastructure

= 8.0.6

📦

Oracle

Financial Services Analytical Applications Infrastructure

= 8.0.7

📦

Oracle

Jdeveloper

= 12.1.3.0.0

📦

Oracle

Jdeveloper

= 12.2.1.3.0

📦

Oracle

Primavera Unifier

>= 17.1 and <= 17.12

📦

Oracle

Primavera Unifier

= 16.1

📦

Oracle

Primavera Unifier

= 16.2

📦

Oracle

Primavera Unifier

= 18.8

📦

Oracle

Retail Merchandising System

= 15.0

📦

Oracle

Retail Merchandising System

= 16.0

📦

Oracle

Webcenter Portal

= 12.2.1.3.0

📦

Redhat

Jboss Enterprise Application Platform

= 7.2.0

📦

Redhat

Openshift Container Platform

= 3.11

References & Advisories

🔗 https://access.redhat.com/errata/RHBA-2019:0959

🔗 https://access.redhat.com/errata/RHSA-2019:0782

🔗 https://access.redhat.com/errata/RHSA-2019:1106

🔗 https://access.redhat.com/errata/RHSA-2019:1107

🔗 https://access.redhat.com/errata/RHSA-2019:1108

🔗 https://access.redhat.com/errata/RHSA-2019:1140

🔗 https://access.redhat.com/errata/RHSA-2019:1822

🔗 https://access.redhat.com/errata/RHSA-2019:1823

Vulnerability Description

Affected Platforms (CPE)

Jackson Databind

Jackson Databind

Jackson Databind

Jackson Databind

Jackson Databind

Jackson Databind

Jackson Databind

Jackson Databind

Jackson Databind

Jackson Databind

Jackson Databind

Jackson Databind

Jackson Databind

Debian Linux

Debian Linux

Banking Platform

Banking Platform

Banking Platform

Banking Platform

Communications Billing And Revenue Management

Communications Billing And Revenue Management

Enterprise Manager For Virtualization

Enterprise Manager For Virtualization

Enterprise Manager For Virtualization

Financial Services Analytical Applications Infrastructure

Financial Services Analytical Applications Infrastructure

Financial Services Analytical Applications Infrastructure

Financial Services Analytical Applications Infrastructure

Financial Services Analytical Applications Infrastructure

Financial Services Analytical Applications Infrastructure

Jdeveloper

Jdeveloper

Primavera Unifier

Primavera Unifier

Primavera Unifier

Primavera Unifier

Retail Merchandising System

Retail Merchandising System

Webcenter Portal

Jboss Enterprise Application Platform

Openshift Container Platform

References & Advisories

Related Vulnerabilities