CyberSec.Space Logo
CVEブラウザに戻る

CVE-2018-19361

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0810%
EPSS Percentile4.85th
Published2019年1月2日
Last Modified2024年11月21日

Vulnerability Description

FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the openjpa class from polymorphic deserialization.

Affected Platforms (CPE)

📦
Fasterxml

Jackson Databind

>= 2.6.0 and <= 2.6.7.2
📦
Fasterxml

Jackson Databind

>= 2.7.0 and < 2.7.9.5
📦
Fasterxml

Jackson Databind

>= 2.8.0 and < 2.8.11.3
📦
Fasterxml

Jackson Databind

>= 2.9.0 and < 2.9.8
💻
Debian

Debian Linux

= 8.0
💻
Debian

Debian Linux

= 9.0
📦
Oracle

Business Process Management Suite

= 12.1.3.0.0
📦
Oracle

Business Process Management Suite

= 12.2.1.3.0
📦
Oracle

Primavera P6 Enterprise Project Portfolio Management

>= 17.7 and <= 17.12
📦
Oracle

Primavera P6 Enterprise Project Portfolio Management

= 15.1
📦
Oracle

Primavera P6 Enterprise Project Portfolio Management

= 15.2
📦
Oracle

Primavera P6 Enterprise Project Portfolio Management

= 16.1
📦
Oracle

Primavera P6 Enterprise Project Portfolio Management

= 16.2
📦
Oracle

Primavera P6 Enterprise Project Portfolio Management

= 18.8
📦
Oracle

Primavera Unifier

>= 17.7 and <= 17.12
📦
Oracle

Primavera Unifier

= 16.1
📦
Oracle

Primavera Unifier

= 16.2
📦
Oracle

Primavera Unifier

= 18.8
📦
Oracle

Retail Workforce Management Software

= 1.60.9.0.0
📦
Oracle

Webcenter Portal

= 12.2.1.3.0
📦
Redhat

Automation Manager

= 7.3.1
📦
Redhat

Decision Manager

= 7.3.1
📦
Redhat

Jboss Bpm Suite

= 6.4.11
📦
Redhat

Jboss Brms

= 6.4.10
📦
Redhat

Openshift Container Platform

= 3.11

References & Advisories

🔗 http://www.securityfocus.com/bid/107985
🔗 https://access.redhat.com/errata/RHBA-2019:0959
🔗 https://access.redhat.com/errata/RHSA-2019:0782
🔗 https://access.redhat.com/errata/RHSA-2019:0877
🔗 https://access.redhat.com/errata/RHSA-2019:1782
🔗 https://access.redhat.com/errata/RHSA-2019:1797
🔗 https://access.redhat.com/errata/RHSA-2019:1822
🔗 https://access.redhat.com/errata/RHSA-2019:1823

関連する脆弱性情報

CVE-2018-1472110.0

FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery (SSRF) attacks by ...

CVE-2018-193629.8

FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the jb...

CVE-2018-193609.8

FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the ax...

CVE-2018-147189.8

FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block ...