CVE-2018-14719
jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes
Severity Score
9.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the blaze-ds-opt and blaze-ds-core classes from polymorphic deserialization.
Las versiones 2.x de FasterXML jackson-databind anteriores a la 2.9.7 podrían permitir a los atacantes remotos ejecutar código arbitrario aprovechando un fallo para bloquear las clases blaze-ds-opt y blaze-ds-core de deserialización polimórfica.
A flaw was discovered in jackson-databind, where it would permit polymorphic deserialization of a malicious object using blaze classes. An attacker could use this flaw to execute arbitrary code.
Red Hat JBoss Data Virtualization is a lean data integration solution that provides easy, real-time, and unified data access across disparate sources to multiple applications and users. JBoss Data Virtualization makes data spread across physically distinct systems - such as multiple databases, XML files, and even Hadoop systems - appear as a set of tables in a local database. This release of Red Hat JBoss Data Virtualization 6.4.8 serves as a replacement for Red Hat JBoss Data Virtualization 6.4.7, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution, deserialization, information leakage, and path sanitization vulnerabilities.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2018-07-28 CVE Reserved
- 2019-01-02 CVE Published
- 2024-08-05 CVE Updated
- 2025-04-02 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-502: Deserialization of Untrusted Data
CAPEC
References (33)
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Redhat Search vendor "Redhat" | Openshift Container Platform Search vendor "Redhat" for product "Openshift Container Platform" | >= 4.1 < 4.1.18 Search vendor "Redhat" for product "Openshift Container Platform" and version " >= 4.1 < 4.1.18" | - |
Affected
| in | Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 7.0 Search vendor "Redhat" for product "Enterprise Linux" and version "7.0" | - |
Safe
|
| Fasterxml Search vendor "Fasterxml" | Jackson-databind Search vendor "Fasterxml" for product "Jackson-databind" | >= 2.0.0 < 2.6.7.3 Search vendor "Fasterxml" for product "Jackson-databind" and version " >= 2.0.0 < 2.6.7.3" | - |
Affected
| ||||||
| Fasterxml Search vendor "Fasterxml" | Jackson-databind Search vendor "Fasterxml" for product "Jackson-databind" | >= 2.7.0 < 2.7.9.5 Search vendor "Fasterxml" for product "Jackson-databind" and version " >= 2.7.0 < 2.7.9.5" | - |
Affected
| ||||||
| Fasterxml Search vendor "Fasterxml" | Jackson-databind Search vendor "Fasterxml" for product "Jackson-databind" | >= 2.8.0 < 2.8.11.3 Search vendor "Fasterxml" for product "Jackson-databind" and version " >= 2.8.0 < 2.8.11.3" | - |
Affected
| ||||||
| Fasterxml Search vendor "Fasterxml" | Jackson-databind Search vendor "Fasterxml" for product "Jackson-databind" | >= 2.9.0 < 2.9.7 Search vendor "Fasterxml" for product "Jackson-databind" and version " >= 2.9.0 < 2.9.7" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Banking Platform Search vendor "Oracle" for product "Banking Platform" | 2.5.0 Search vendor "Oracle" for product "Banking Platform" and version "2.5.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Banking Platform Search vendor "Oracle" for product "Banking Platform" | 2.6.0 Search vendor "Oracle" for product "Banking Platform" and version "2.6.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Banking Platform Search vendor "Oracle" for product "Banking Platform" | 2.6.1 Search vendor "Oracle" for product "Banking Platform" and version "2.6.1" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Banking Platform Search vendor "Oracle" for product "Banking Platform" | 2.6.2 Search vendor "Oracle" for product "Banking Platform" and version "2.6.2" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Business Process Management Suite Search vendor "Oracle" for product "Business Process Management Suite" | 12.1.3.0.0 Search vendor "Oracle" for product "Business Process Management Suite" and version "12.1.3.0.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Business Process Management Suite Search vendor "Oracle" for product "Business Process Management Suite" | 12.2.1.3.0 Search vendor "Oracle" for product "Business Process Management Suite" and version "12.2.1.3.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Clusterware Search vendor "Oracle" for product "Clusterware" | 12.1.0.2.0 Search vendor "Oracle" for product "Clusterware" and version "12.1.0.2.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Communications Billing And Revenue Management Search vendor "Oracle" for product "Communications Billing And Revenue Management" | 7.5 Search vendor "Oracle" for product "Communications Billing And Revenue Management" and version "7.5" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Communications Billing And Revenue Management Search vendor "Oracle" for product "Communications Billing And Revenue Management" | 12.0 Search vendor "Oracle" for product "Communications Billing And Revenue Management" and version "12.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Database Server Search vendor "Oracle" for product "Database Server" | 11.2.0.4 Search vendor "Oracle" for product "Database Server" and version "11.2.0.4" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Database Server Search vendor "Oracle" for product "Database Server" | 12.1.0.2 Search vendor "Oracle" for product "Database Server" and version "12.1.0.2" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Database Server Search vendor "Oracle" for product "Database Server" | 12.2.0.1 Search vendor "Oracle" for product "Database Server" and version "12.2.0.1" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Database Server Search vendor "Oracle" for product "Database Server" | 18c Search vendor "Oracle" for product "Database Server" and version "18c" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Database Server Search vendor "Oracle" for product "Database Server" | 19c Search vendor "Oracle" for product "Database Server" and version "19c" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Enterprise Manager For Virtualization Search vendor "Oracle" for product "Enterprise Manager For Virtualization" | 13.2.2 Search vendor "Oracle" for product "Enterprise Manager For Virtualization" and version "13.2.2" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Enterprise Manager For Virtualization Search vendor "Oracle" for product "Enterprise Manager For Virtualization" | 13.2.3 Search vendor "Oracle" for product "Enterprise Manager For Virtualization" and version "13.2.3" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Enterprise Manager For Virtualization Search vendor "Oracle" for product "Enterprise Manager For Virtualization" | 13.3.1 Search vendor "Oracle" for product "Enterprise Manager For Virtualization" and version "13.3.1" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Financial Services Analytical Applications Infrastructure Search vendor "Oracle" for product "Financial Services Analytical Applications Infrastructure" | 8.0.2 Search vendor "Oracle" for product "Financial Services Analytical Applications Infrastructure" and version "8.0.2" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Financial Services Analytical Applications Infrastructure Search vendor "Oracle" for product "Financial Services Analytical Applications Infrastructure" | 8.0.3 Search vendor "Oracle" for product "Financial Services Analytical Applications Infrastructure" and version "8.0.3" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Financial Services Analytical Applications Infrastructure Search vendor "Oracle" for product "Financial Services Analytical Applications Infrastructure" | 8.0.4 Search vendor "Oracle" for product "Financial Services Analytical Applications Infrastructure" and version "8.0.4" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Financial Services Analytical Applications Infrastructure Search vendor "Oracle" for product "Financial Services Analytical Applications Infrastructure" | 8.0.5 Search vendor "Oracle" for product "Financial Services Analytical Applications Infrastructure" and version "8.0.5" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Financial Services Analytical Applications Infrastructure Search vendor "Oracle" for product "Financial Services Analytical Applications Infrastructure" | 8.0.6 Search vendor "Oracle" for product "Financial Services Analytical Applications Infrastructure" and version "8.0.6" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Financial Services Analytical Applications Infrastructure Search vendor "Oracle" for product "Financial Services Analytical Applications Infrastructure" | 8.0.7 Search vendor "Oracle" for product "Financial Services Analytical Applications Infrastructure" and version "8.0.7" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Global Lifecycle Management Opatch Search vendor "Oracle" for product "Global Lifecycle Management Opatch" | < 11.2.0.3.23 Search vendor "Oracle" for product "Global Lifecycle Management Opatch" and version " < 11.2.0.3.23" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Global Lifecycle Management Opatch Search vendor "Oracle" for product "Global Lifecycle Management Opatch" | >= 12.2.0.1.0 < 12.2.0.1.19 Search vendor "Oracle" for product "Global Lifecycle Management Opatch" and version " >= 12.2.0.1.0 < 12.2.0.1.19" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Global Lifecycle Management Opatch Search vendor "Oracle" for product "Global Lifecycle Management Opatch" | >= 13.9.4.0.0 < 13.9.4.2.1 Search vendor "Oracle" for product "Global Lifecycle Management Opatch" and version " >= 13.9.4.0.0 < 13.9.4.2.1" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Jdeveloper Search vendor "Oracle" for product "Jdeveloper" | 12.1.3.0.0 Search vendor "Oracle" for product "Jdeveloper" and version "12.1.3.0.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Jdeveloper Search vendor "Oracle" for product "Jdeveloper" | 12.2.1.3.0 Search vendor "Oracle" for product "Jdeveloper" and version "12.2.1.3.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Primavera P6 Enterprise Project Portfolio Management Search vendor "Oracle" for product "Primavera P6 Enterprise Project Portfolio Management" | >= 17.7 <= 17.12 Search vendor "Oracle" for product "Primavera P6 Enterprise Project Portfolio Management" and version " >= 17.7 <= 17.12" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Primavera P6 Enterprise Project Portfolio Management Search vendor "Oracle" for product "Primavera P6 Enterprise Project Portfolio Management" | 15.1 Search vendor "Oracle" for product "Primavera P6 Enterprise Project Portfolio Management" and version "15.1" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Primavera P6 Enterprise Project Portfolio Management Search vendor "Oracle" for product "Primavera P6 Enterprise Project Portfolio Management" | 15.2 Search vendor "Oracle" for product "Primavera P6 Enterprise Project Portfolio Management" and version "15.2" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Primavera P6 Enterprise Project Portfolio Management Search vendor "Oracle" for product "Primavera P6 Enterprise Project Portfolio Management" | 16.1 Search vendor "Oracle" for product "Primavera P6 Enterprise Project Portfolio Management" and version "16.1" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Primavera P6 Enterprise Project Portfolio Management Search vendor "Oracle" for product "Primavera P6 Enterprise Project Portfolio Management" | 16.2 Search vendor "Oracle" for product "Primavera P6 Enterprise Project Portfolio Management" and version "16.2" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Primavera P6 Enterprise Project Portfolio Management Search vendor "Oracle" for product "Primavera P6 Enterprise Project Portfolio Management" | 18.8 Search vendor "Oracle" for product "Primavera P6 Enterprise Project Portfolio Management" and version "18.8" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Primavera Unifier Search vendor "Oracle" for product "Primavera Unifier" | >= 17.7 <= 17.12 Search vendor "Oracle" for product "Primavera Unifier" and version " >= 17.7 <= 17.12" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Primavera Unifier Search vendor "Oracle" for product "Primavera Unifier" | 16.1 Search vendor "Oracle" for product "Primavera Unifier" and version "16.1" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Primavera Unifier Search vendor "Oracle" for product "Primavera Unifier" | 16.2 Search vendor "Oracle" for product "Primavera Unifier" and version "16.2" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Primavera Unifier Search vendor "Oracle" for product "Primavera Unifier" | 18.8 Search vendor "Oracle" for product "Primavera Unifier" and version "18.8" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Retail Merchandising System Search vendor "Oracle" for product "Retail Merchandising System" | 15.0 Search vendor "Oracle" for product "Retail Merchandising System" and version "15.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Retail Merchandising System Search vendor "Oracle" for product "Retail Merchandising System" | 16.0 Search vendor "Oracle" for product "Retail Merchandising System" and version "16.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Retail Workforce Management Software Search vendor "Oracle" for product "Retail Workforce Management Software" | 1.60.9.0.0 Search vendor "Oracle" for product "Retail Workforce Management Software" and version "1.60.9.0.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Webcenter Portal Search vendor "Oracle" for product "Webcenter Portal" | 12.2.1.3.0 Search vendor "Oracle" for product "Webcenter Portal" and version "12.2.1.3.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Openshift Container Platform Search vendor "Redhat" for product "Openshift Container Platform" | >= 3.11 < 3.11.153 Search vendor "Redhat" for product "Openshift Container Platform" and version " >= 3.11 < 3.11.153" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Openshift Container Platform Search vendor "Redhat" for product "Openshift Container Platform" | >= 4.6 < 4.6.26 Search vendor "Redhat" for product "Openshift Container Platform" and version " >= 4.6 < 4.6.26" | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Oncommand Workflow Automation Search vendor "Netapp" for product "Oncommand Workflow Automation" | - | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Snapcenter Search vendor "Netapp" for product "Snapcenter" | - | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Steelstore Cloud Integrated Storage Search vendor "Netapp" for product "Steelstore Cloud Integrated Storage" | * | - |
Affected
| ||||||