CyberSec.Space Logo
CVEブラウザに戻る

CVE-2018-14721

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0110%
EPSS Percentile18.28th
Published2019年1月2日
Last Modified2024年11月21日

Vulnerability Description

FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery (SSRF) attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization.

Affected Platforms (CPE)

📦
Fasterxml

Jackson Databind

>= 2.6.0 and < 2.6.7.2
📦
Fasterxml

Jackson Databind

>= 2.7.0 and < 2.7.9.5
📦
Fasterxml

Jackson Databind

>= 2.8.0 and < 2.8.11.3
📦
Fasterxml

Jackson Databind

>= 2.9.0 and < 2.9.7
📦
Fasterxml

Jackson Databind

= 2.7.0
📦
Fasterxml

Jackson Databind

= 2.7.0
📦
Fasterxml

Jackson Databind

= 2.7.0
📦
Fasterxml

Jackson Databind

= 2.8.0
📦
Fasterxml

Jackson Databind

= 2.8.0
📦
Fasterxml

Jackson Databind

= 2.9.0
📦
Fasterxml

Jackson Databind

= 2.9.0
📦
Fasterxml

Jackson Databind

= 2.9.0
📦
Fasterxml

Jackson Databind

= 2.9.0
💻
Debian

Debian Linux

= 8.0
💻
Debian

Debian Linux

= 9.0
📦
Oracle

Banking Platform

= 2.5.0
📦
Oracle

Banking Platform

= 2.6.0
📦
Oracle

Banking Platform

= 2.6.1
📦
Oracle

Banking Platform

= 2.6.2
📦
Oracle

Communications Billing And Revenue Management

= 7.5
📦
Oracle

Communications Billing And Revenue Management

= 12.0
📦
Oracle

Enterprise Manager For Virtualization

= 13.2.2
📦
Oracle

Enterprise Manager For Virtualization

= 13.2.3
📦
Oracle

Enterprise Manager For Virtualization

= 13.3.1
📦
Oracle

Financial Services Analytical Applications Infrastructure

= 8.0.2
📦
Oracle

Financial Services Analytical Applications Infrastructure

= 8.0.3
📦
Oracle

Financial Services Analytical Applications Infrastructure

= 8.0.4
📦
Oracle

Financial Services Analytical Applications Infrastructure

= 8.0.5
📦
Oracle

Financial Services Analytical Applications Infrastructure

= 8.0.6
📦
Oracle

Financial Services Analytical Applications Infrastructure

= 8.0.7
📦
Oracle

Jdeveloper

= 12.1.3.0.0
📦
Oracle

Jdeveloper

= 12.2.1.3.0
📦
Oracle

Primavera Unifier

>= 17.1 and <= 17.12
📦
Oracle

Primavera Unifier

= 16.1
📦
Oracle

Primavera Unifier

= 16.2
📦
Oracle

Primavera Unifier

= 18.8
📦
Oracle

Retail Merchandising System

= 15.0
📦
Oracle

Retail Merchandising System

= 16.0
📦
Oracle

Webcenter Portal

= 12.2.1.3.0
📦
Redhat

Jboss Enterprise Application Platform

= 7.2.0
📦
Redhat

Openshift Container Platform

= 3.11

References & Advisories

🔗 https://access.redhat.com/errata/RHBA-2019:0959
🔗 https://access.redhat.com/errata/RHSA-2019:0782
🔗 https://access.redhat.com/errata/RHSA-2019:1106
🔗 https://access.redhat.com/errata/RHSA-2019:1107
🔗 https://access.redhat.com/errata/RHSA-2019:1108
🔗 https://access.redhat.com/errata/RHSA-2019:1140
🔗 https://access.redhat.com/errata/RHSA-2019:1822
🔗 https://access.redhat.com/errata/RHSA-2019:1823

関連する脆弱性情報

CVE-2018-193609.8

FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the ax...

CVE-2018-193619.8

FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the op...

CVE-2018-193629.8

FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the jb...

CVE-2018-147189.8

FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block ...