CVE-2017-7525
jackson-databind: Deserialization vulnerability via readValue method of ObjectMapper
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.
Se ha descubierto un error de deserialización en jackson-databind, en versiones anteriores a la 2.6.7.1, 2.7.9.1 y a la 2.8.9, que podría permitir que un usuario no autenticado ejecute código enviando las entradas maliciosamente manipuladas al método readValue de ObjectMapper.
A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-04-05 CVE Reserved
- 2017-07-31 CVE Published
- 2022-03-28 First Exploit
- 2024-09-17 CVE Updated
- 2024-09-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-20: Improper Input Validation
- CWE-184: Incomplete List of Disallowed Inputs
- CWE-502: Deserialization of Untrusted Data
CAPEC
References (62)
URL | Date | SRC |
---|---|---|
https://github.com/Ingenuity-Fainting-Goats/CVE-2017-7525-Jackson-Deserialization-Lab | 2022-03-28 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Redhat Search vendor "Redhat" | Openshift Container Platform Search vendor "Redhat" for product "Openshift Container Platform" | 4.1 Search vendor "Redhat" for product "Openshift Container Platform" and version "4.1" | - |
Affected
| in | Redhat Search vendor "Redhat" | Enterprise Linux Server Search vendor "Redhat" for product "Enterprise Linux Server" | 7.0 Search vendor "Redhat" for product "Enterprise Linux Server" and version "7.0" | - |
Safe
|
Redhat Search vendor "Redhat" | Virtualization Search vendor "Redhat" for product "Virtualization" | 4.0 Search vendor "Redhat" for product "Virtualization" and version "4.0" | - |
Affected
| in | Redhat Search vendor "Redhat" | Enterprise Linux Server Search vendor "Redhat" for product "Enterprise Linux Server" | 7.0 Search vendor "Redhat" for product "Enterprise Linux Server" and version "7.0" | - |
Safe
|
Redhat Search vendor "Redhat" | Virtualization Host Search vendor "Redhat" for product "Virtualization Host" | 4.0 Search vendor "Redhat" for product "Virtualization Host" and version "4.0" | - |
Affected
| in | Redhat Search vendor "Redhat" | Enterprise Linux Server Search vendor "Redhat" for product "Enterprise Linux Server" | 7.0 Search vendor "Redhat" for product "Enterprise Linux Server" and version "7.0" | - |
Safe
|
Redhat Search vendor "Redhat" | Jboss Enterprise Application Platform Search vendor "Redhat" for product "Jboss Enterprise Application Platform" | 6.0.0 Search vendor "Redhat" for product "Jboss Enterprise Application Platform" and version "6.0.0" | - |
Affected
| in | Redhat Search vendor "Redhat" | Enterprise Linux Server Search vendor "Redhat" for product "Enterprise Linux Server" | 6.0 Search vendor "Redhat" for product "Enterprise Linux Server" and version "6.0" | - |
Safe
|
Redhat Search vendor "Redhat" | Jboss Enterprise Application Platform Search vendor "Redhat" for product "Jboss Enterprise Application Platform" | 6.0.0 Search vendor "Redhat" for product "Jboss Enterprise Application Platform" and version "6.0.0" | - |
Affected
| in | Redhat Search vendor "Redhat" | Enterprise Linux Server Search vendor "Redhat" for product "Enterprise Linux Server" | 7.0 Search vendor "Redhat" for product "Enterprise Linux Server" and version "7.0" | - |
Safe
|
Redhat Search vendor "Redhat" | Jboss Enterprise Application Platform Search vendor "Redhat" for product "Jboss Enterprise Application Platform" | 6.4.0 Search vendor "Redhat" for product "Jboss Enterprise Application Platform" and version "6.4.0" | - |
Affected
| in | Redhat Search vendor "Redhat" | Enterprise Linux Server Search vendor "Redhat" for product "Enterprise Linux Server" | 6.0 Search vendor "Redhat" for product "Enterprise Linux Server" and version "6.0" | - |
Safe
|
Redhat Search vendor "Redhat" | Jboss Enterprise Application Platform Search vendor "Redhat" for product "Jboss Enterprise Application Platform" | 6.4.0 Search vendor "Redhat" for product "Jboss Enterprise Application Platform" and version "6.4.0" | - |
Affected
| in | Redhat Search vendor "Redhat" | Enterprise Linux Server Search vendor "Redhat" for product "Enterprise Linux Server" | 7.0 Search vendor "Redhat" for product "Enterprise Linux Server" and version "7.0" | - |
Safe
|
Redhat Search vendor "Redhat" | Jboss Enterprise Application Platform Search vendor "Redhat" for product "Jboss Enterprise Application Platform" | 7.0 Search vendor "Redhat" for product "Jboss Enterprise Application Platform" and version "7.0" | - |
Affected
| in | Redhat Search vendor "Redhat" | Enterprise Linux Server Search vendor "Redhat" for product "Enterprise Linux Server" | 6.0 Search vendor "Redhat" for product "Enterprise Linux Server" and version "6.0" | - |
Safe
|
Redhat Search vendor "Redhat" | Jboss Enterprise Application Platform Search vendor "Redhat" for product "Jboss Enterprise Application Platform" | 7.0 Search vendor "Redhat" for product "Jboss Enterprise Application Platform" and version "7.0" | - |
Affected
| in | Redhat Search vendor "Redhat" | Enterprise Linux Server Search vendor "Redhat" for product "Enterprise Linux Server" | 7.0 Search vendor "Redhat" for product "Enterprise Linux Server" and version "7.0" | - |
Safe
|
Redhat Search vendor "Redhat" | Jboss Enterprise Application Platform Search vendor "Redhat" for product "Jboss Enterprise Application Platform" | 7.1 Search vendor "Redhat" for product "Jboss Enterprise Application Platform" and version "7.1" | - |
Affected
| in | Redhat Search vendor "Redhat" | Enterprise Linux Server Search vendor "Redhat" for product "Enterprise Linux Server" | 6.0 Search vendor "Redhat" for product "Enterprise Linux Server" and version "6.0" | - |
Safe
|
Redhat Search vendor "Redhat" | Jboss Enterprise Application Platform Search vendor "Redhat" for product "Jboss Enterprise Application Platform" | 7.1 Search vendor "Redhat" for product "Jboss Enterprise Application Platform" and version "7.1" | - |
Affected
| in | Redhat Search vendor "Redhat" | Enterprise Linux Server Search vendor "Redhat" for product "Enterprise Linux Server" | 7.0 Search vendor "Redhat" for product "Enterprise Linux Server" and version "7.0" | - |
Safe
|
Redhat Search vendor "Redhat" | Jboss Enterprise Application Platform Search vendor "Redhat" for product "Jboss Enterprise Application Platform" | 6.0.0 Search vendor "Redhat" for product "Jboss Enterprise Application Platform" and version "6.0.0" | - |
Affected
| in | Redhat Search vendor "Redhat" | Enterprise Linux Server Search vendor "Redhat" for product "Enterprise Linux Server" | 5.0 Search vendor "Redhat" for product "Enterprise Linux Server" and version "5.0" | - |
Safe
|
Redhat Search vendor "Redhat" | Jboss Enterprise Application Platform Search vendor "Redhat" for product "Jboss Enterprise Application Platform" | 6.4.0 Search vendor "Redhat" for product "Jboss Enterprise Application Platform" and version "6.4.0" | - |
Affected
| in | Redhat Search vendor "Redhat" | Enterprise Linux Server Search vendor "Redhat" for product "Enterprise Linux Server" | 5.0 Search vendor "Redhat" for product "Enterprise Linux Server" and version "5.0" | - |
Safe
|
Fasterxml Search vendor "Fasterxml" | Jackson-databind Search vendor "Fasterxml" for product "Jackson-databind" | < 2.6.7.1 Search vendor "Fasterxml" for product "Jackson-databind" and version " < 2.6.7.1" | - |
Affected
| ||||||
Fasterxml Search vendor "Fasterxml" | Jackson-databind Search vendor "Fasterxml" for product "Jackson-databind" | >= 2.7.0 < 2.7.9.1 Search vendor "Fasterxml" for product "Jackson-databind" and version " >= 2.7.0 < 2.7.9.1" | - |
Affected
| ||||||
Fasterxml Search vendor "Fasterxml" | Jackson-databind Search vendor "Fasterxml" for product "Jackson-databind" | >= 2.8.0 < 2.8.9 Search vendor "Fasterxml" for product "Jackson-databind" and version " >= 2.8.0 < 2.8.9" | - |
Affected
| ||||||
Fasterxml Search vendor "Fasterxml" | Jackson-databind Search vendor "Fasterxml" for product "Jackson-databind" | 2.9.0 Search vendor "Fasterxml" for product "Jackson-databind" and version "2.9.0" | prerelease1 |
Affected
| ||||||
Fasterxml Search vendor "Fasterxml" | Jackson-databind Search vendor "Fasterxml" for product "Jackson-databind" | 2.9.0 Search vendor "Fasterxml" for product "Jackson-databind" and version "2.9.0" | prerelease2 |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
| ||||||
Netapp Search vendor "Netapp" | Oncommand Balance Search vendor "Netapp" for product "Oncommand Balance" | - | - |
Affected
| ||||||
Netapp Search vendor "Netapp" | Oncommand Performance Manager Search vendor "Netapp" for product "Oncommand Performance Manager" | - | linux |
Affected
| ||||||
Netapp Search vendor "Netapp" | Oncommand Performance Manager Search vendor "Netapp" for product "Oncommand Performance Manager" | - | vmware_vsphere |
Affected
| ||||||
Netapp Search vendor "Netapp" | Oncommand Shift Search vendor "Netapp" for product "Oncommand Shift" | - | - |
Affected
| ||||||
Netapp Search vendor "Netapp" | Snapcenter Search vendor "Netapp" for product "Snapcenter" | - | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Openshift Container Platform Search vendor "Redhat" for product "Openshift Container Platform" | 3.11 Search vendor "Redhat" for product "Openshift Container Platform" and version "3.11" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Banking Platform Search vendor "Oracle" for product "Banking Platform" | 2.5.0 Search vendor "Oracle" for product "Banking Platform" and version "2.5.0" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Banking Platform Search vendor "Oracle" for product "Banking Platform" | 2.6.0 Search vendor "Oracle" for product "Banking Platform" and version "2.6.0" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Banking Platform Search vendor "Oracle" for product "Banking Platform" | 2.6.1 Search vendor "Oracle" for product "Banking Platform" and version "2.6.1" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Banking Platform Search vendor "Oracle" for product "Banking Platform" | 2.6.2 Search vendor "Oracle" for product "Banking Platform" and version "2.6.2" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Communications Billing And Revenue Management Search vendor "Oracle" for product "Communications Billing And Revenue Management" | 7.5 Search vendor "Oracle" for product "Communications Billing And Revenue Management" and version "7.5" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Communications Billing And Revenue Management Search vendor "Oracle" for product "Communications Billing And Revenue Management" | 12.0 Search vendor "Oracle" for product "Communications Billing And Revenue Management" and version "12.0" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Communications Communications Policy Management Search vendor "Oracle" for product "Communications Communications Policy Management" | >= 12.0 <= 12.5.2 Search vendor "Oracle" for product "Communications Communications Policy Management" and version " >= 12.0 <= 12.5.2" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Communications Diameter Signaling Route Search vendor "Oracle" for product "Communications Diameter Signaling Route" | < 8.3 Search vendor "Oracle" for product "Communications Diameter Signaling Route" and version " < 8.3" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Communications Instant Messaging Server Search vendor "Oracle" for product "Communications Instant Messaging Server" | 10.0.1 Search vendor "Oracle" for product "Communications Instant Messaging Server" and version "10.0.1" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Communications Instant Messaging Server Search vendor "Oracle" for product "Communications Instant Messaging Server" | 10.0.1.2.0 Search vendor "Oracle" for product "Communications Instant Messaging Server" and version "10.0.1.2.0" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Enterprise Manager For Virtualization Search vendor "Oracle" for product "Enterprise Manager For Virtualization" | 13.2.2 Search vendor "Oracle" for product "Enterprise Manager For Virtualization" and version "13.2.2" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Enterprise Manager For Virtualization Search vendor "Oracle" for product "Enterprise Manager For Virtualization" | 13.2.3 Search vendor "Oracle" for product "Enterprise Manager For Virtualization" and version "13.2.3" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Enterprise Manager For Virtualization Search vendor "Oracle" for product "Enterprise Manager For Virtualization" | 13.3.1 Search vendor "Oracle" for product "Enterprise Manager For Virtualization" and version "13.3.1" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Financial Services Analytical Applications Infrastructure Search vendor "Oracle" for product "Financial Services Analytical Applications Infrastructure" | 8.0.2.0.0 Search vendor "Oracle" for product "Financial Services Analytical Applications Infrastructure" and version "8.0.2.0.0" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Financial Services Analytical Applications Infrastructure Search vendor "Oracle" for product "Financial Services Analytical Applications Infrastructure" | 8.0.3.0.0 Search vendor "Oracle" for product "Financial Services Analytical Applications Infrastructure" and version "8.0.3.0.0" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Financial Services Analytical Applications Infrastructure Search vendor "Oracle" for product "Financial Services Analytical Applications Infrastructure" | 8.0.4.0.0 Search vendor "Oracle" for product "Financial Services Analytical Applications Infrastructure" and version "8.0.4.0.0" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Financial Services Analytical Applications Infrastructure Search vendor "Oracle" for product "Financial Services Analytical Applications Infrastructure" | 8.0.5.0.0 Search vendor "Oracle" for product "Financial Services Analytical Applications Infrastructure" and version "8.0.5.0.0" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Financial Services Analytical Applications Infrastructure Search vendor "Oracle" for product "Financial Services Analytical Applications Infrastructure" | 8.0.6.0.0 Search vendor "Oracle" for product "Financial Services Analytical Applications Infrastructure" and version "8.0.6.0.0" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Financial Services Analytical Applications Infrastructure Search vendor "Oracle" for product "Financial Services Analytical Applications Infrastructure" | 8.0.7.0.0 Search vendor "Oracle" for product "Financial Services Analytical Applications Infrastructure" and version "8.0.7.0.0" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Global Lifecycle Management Opatchauto Search vendor "Oracle" for product "Global Lifecycle Management Opatchauto" | < 12.2.0.1.14 Search vendor "Oracle" for product "Global Lifecycle Management Opatchauto" and version " < 12.2.0.1.14" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Primavera Unifier Search vendor "Oracle" for product "Primavera Unifier" | >= 17.1 <= 17.12 Search vendor "Oracle" for product "Primavera Unifier" and version " >= 17.1 <= 17.12" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Primavera Unifier Search vendor "Oracle" for product "Primavera Unifier" | 16.1 Search vendor "Oracle" for product "Primavera Unifier" and version "16.1" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Primavera Unifier Search vendor "Oracle" for product "Primavera Unifier" | 16.2 Search vendor "Oracle" for product "Primavera Unifier" and version "16.2" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Primavera Unifier Search vendor "Oracle" for product "Primavera Unifier" | 18.8 Search vendor "Oracle" for product "Primavera Unifier" and version "18.8" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Utilities Advanced Spatial And Operational Analytics Search vendor "Oracle" for product "Utilities Advanced Spatial And Operational Analytics" | 2.7.0.1 Search vendor "Oracle" for product "Utilities Advanced Spatial And Operational Analytics" and version "2.7.0.1" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Webcenter Portal Search vendor "Oracle" for product "Webcenter Portal" | 12.2.1.3.0 Search vendor "Oracle" for product "Webcenter Portal" and version "12.2.1.3.0" | - |
Affected
|