// For flags

CVE-2018-14719

jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes

Severity Score

9.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the blaze-ds-opt and blaze-ds-core classes from polymorphic deserialization.

Las versiones 2.x de FasterXML jackson-databind anteriores a la 2.9.7 podrían permitir a los atacantes remotos ejecutar código arbitrario aprovechando un fallo para bloquear las clases blaze-ds-opt y blaze-ds-core de deserialización polimórfica.

A flaw was discovered in jackson-databind, where it would permit polymorphic deserialization of a malicious object using blaze classes. An attacker could use this flaw to execute arbitrary code.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2018-07-28 CVE Reserved
  • 2019-01-02 CVE Published
  • 2024-08-05 CVE Updated
  • 2024-11-11 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-502: Deserialization of Untrusted Data
CAPEC
References (33)
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Redhat
Search vendor "Redhat"
Openshift Container Platform
Search vendor "Redhat" for product "Openshift Container Platform"
>= 4.1 < 4.1.18
Search vendor "Redhat" for product "Openshift Container Platform" and version " >= 4.1 < 4.1.18"
-
Affected
in Redhat
Search vendor "Redhat"
Enterprise Linux
Search vendor "Redhat" for product "Enterprise Linux"
7.0
Search vendor "Redhat" for product "Enterprise Linux" and version "7.0"
-
Safe
Fasterxml
Search vendor "Fasterxml"
Jackson-databind
Search vendor "Fasterxml" for product "Jackson-databind"
>= 2.0.0 < 2.6.7.3
Search vendor "Fasterxml" for product "Jackson-databind" and version " >= 2.0.0 < 2.6.7.3"
-
Affected
Fasterxml
Search vendor "Fasterxml"
Jackson-databind
Search vendor "Fasterxml" for product "Jackson-databind"
>= 2.7.0 < 2.7.9.5
Search vendor "Fasterxml" for product "Jackson-databind" and version " >= 2.7.0 < 2.7.9.5"
-
Affected
Fasterxml
Search vendor "Fasterxml"
Jackson-databind
Search vendor "Fasterxml" for product "Jackson-databind"
>= 2.8.0 < 2.8.11.3
Search vendor "Fasterxml" for product "Jackson-databind" and version " >= 2.8.0 < 2.8.11.3"
-
Affected
Fasterxml
Search vendor "Fasterxml"
Jackson-databind
Search vendor "Fasterxml" for product "Jackson-databind"
>= 2.9.0 < 2.9.7
Search vendor "Fasterxml" for product "Jackson-databind" and version " >= 2.9.0 < 2.9.7"
-
Affected
Debian
Search vendor "Debian"
Debian Linux
Search vendor "Debian" for product "Debian Linux"
8.0
Search vendor "Debian" for product "Debian Linux" and version "8.0"
-
Affected
Debian
Search vendor "Debian"
Debian Linux
Search vendor "Debian" for product "Debian Linux"
9.0
Search vendor "Debian" for product "Debian Linux" and version "9.0"
-
Affected
Oracle
Search vendor "Oracle"
Banking Platform
Search vendor "Oracle" for product "Banking Platform"
2.5.0
Search vendor "Oracle" for product "Banking Platform" and version "2.5.0"
-
Affected
Oracle
Search vendor "Oracle"
Banking Platform
Search vendor "Oracle" for product "Banking Platform"
2.6.0
Search vendor "Oracle" for product "Banking Platform" and version "2.6.0"
-
Affected
Oracle
Search vendor "Oracle"
Banking Platform
Search vendor "Oracle" for product "Banking Platform"
2.6.1
Search vendor "Oracle" for product "Banking Platform" and version "2.6.1"
-
Affected
Oracle
Search vendor "Oracle"
Banking Platform
Search vendor "Oracle" for product "Banking Platform"
2.6.2
Search vendor "Oracle" for product "Banking Platform" and version "2.6.2"
-
Affected
Oracle
Search vendor "Oracle"
Business Process Management Suite
Search vendor "Oracle" for product "Business Process Management Suite"
12.1.3.0.0
Search vendor "Oracle" for product "Business Process Management Suite" and version "12.1.3.0.0"
-
Affected
Oracle
Search vendor "Oracle"
Business Process Management Suite
Search vendor "Oracle" for product "Business Process Management Suite"
12.2.1.3.0
Search vendor "Oracle" for product "Business Process Management Suite" and version "12.2.1.3.0"
-
Affected
Oracle
Search vendor "Oracle"
Clusterware
Search vendor "Oracle" for product "Clusterware"
12.1.0.2.0
Search vendor "Oracle" for product "Clusterware" and version "12.1.0.2.0"
-
Affected
Oracle
Search vendor "Oracle"
Communications Billing And Revenue Management
Search vendor "Oracle" for product "Communications Billing And Revenue Management"
7.5
Search vendor "Oracle" for product "Communications Billing And Revenue Management" and version "7.5"
-
Affected
Oracle
Search vendor "Oracle"
Communications Billing And Revenue Management
Search vendor "Oracle" for product "Communications Billing And Revenue Management"
12.0
Search vendor "Oracle" for product "Communications Billing And Revenue Management" and version "12.0"
-
Affected
Oracle
Search vendor "Oracle"
Database Server
Search vendor "Oracle" for product "Database Server"
11.2.0.4
Search vendor "Oracle" for product "Database Server" and version "11.2.0.4"
-
Affected
Oracle
Search vendor "Oracle"
Database Server
Search vendor "Oracle" for product "Database Server"
12.1.0.2
Search vendor "Oracle" for product "Database Server" and version "12.1.0.2"
-
Affected
Oracle
Search vendor "Oracle"
Database Server
Search vendor "Oracle" for product "Database Server"
12.2.0.1
Search vendor "Oracle" for product "Database Server" and version "12.2.0.1"
-
Affected
Oracle
Search vendor "Oracle"
Database Server
Search vendor "Oracle" for product "Database Server"
18c
Search vendor "Oracle" for product "Database Server" and version "18c"
-
Affected
Oracle
Search vendor "Oracle"
Database Server
Search vendor "Oracle" for product "Database Server"
19c
Search vendor "Oracle" for product "Database Server" and version "19c"
-
Affected
Oracle
Search vendor "Oracle"
Enterprise Manager For Virtualization
Search vendor "Oracle" for product "Enterprise Manager For Virtualization"
13.2.2
Search vendor "Oracle" for product "Enterprise Manager For Virtualization" and version "13.2.2"
-
Affected
Oracle
Search vendor "Oracle"
Enterprise Manager For Virtualization
Search vendor "Oracle" for product "Enterprise Manager For Virtualization"
13.2.3
Search vendor "Oracle" for product "Enterprise Manager For Virtualization" and version "13.2.3"
-
Affected
Oracle
Search vendor "Oracle"
Enterprise Manager For Virtualization
Search vendor "Oracle" for product "Enterprise Manager For Virtualization"
13.3.1
Search vendor "Oracle" for product "Enterprise Manager For Virtualization" and version "13.3.1"
-
Affected
Oracle
Search vendor "Oracle"
Financial Services Analytical Applications Infrastructure
Search vendor "Oracle" for product "Financial Services Analytical Applications Infrastructure"
8.0.2
Search vendor "Oracle" for product "Financial Services Analytical Applications Infrastructure" and version "8.0.2"
-
Affected
Oracle
Search vendor "Oracle"
Financial Services Analytical Applications Infrastructure
Search vendor "Oracle" for product "Financial Services Analytical Applications Infrastructure"
8.0.3
Search vendor "Oracle" for product "Financial Services Analytical Applications Infrastructure" and version "8.0.3"
-
Affected
Oracle
Search vendor "Oracle"
Financial Services Analytical Applications Infrastructure
Search vendor "Oracle" for product "Financial Services Analytical Applications Infrastructure"
8.0.4
Search vendor "Oracle" for product "Financial Services Analytical Applications Infrastructure" and version "8.0.4"
-
Affected
Oracle
Search vendor "Oracle"
Financial Services Analytical Applications Infrastructure
Search vendor "Oracle" for product "Financial Services Analytical Applications Infrastructure"
8.0.5
Search vendor "Oracle" for product "Financial Services Analytical Applications Infrastructure" and version "8.0.5"
-
Affected
Oracle
Search vendor "Oracle"
Financial Services Analytical Applications Infrastructure
Search vendor "Oracle" for product "Financial Services Analytical Applications Infrastructure"
8.0.6
Search vendor "Oracle" for product "Financial Services Analytical Applications Infrastructure" and version "8.0.6"
-
Affected
Oracle
Search vendor "Oracle"
Financial Services Analytical Applications Infrastructure
Search vendor "Oracle" for product "Financial Services Analytical Applications Infrastructure"
8.0.7
Search vendor "Oracle" for product "Financial Services Analytical Applications Infrastructure" and version "8.0.7"
-
Affected
Oracle
Search vendor "Oracle"
Global Lifecycle Management Opatch
Search vendor "Oracle" for product "Global Lifecycle Management Opatch"
< 11.2.0.3.23
Search vendor "Oracle" for product "Global Lifecycle Management Opatch" and version " < 11.2.0.3.23"
-
Affected
Oracle
Search vendor "Oracle"
Global Lifecycle Management Opatch
Search vendor "Oracle" for product "Global Lifecycle Management Opatch"
>= 12.2.0.1.0 < 12.2.0.1.19
Search vendor "Oracle" for product "Global Lifecycle Management Opatch" and version " >= 12.2.0.1.0 < 12.2.0.1.19"
-
Affected
Oracle
Search vendor "Oracle"
Global Lifecycle Management Opatch
Search vendor "Oracle" for product "Global Lifecycle Management Opatch"
>= 13.9.4.0.0 < 13.9.4.2.1
Search vendor "Oracle" for product "Global Lifecycle Management Opatch" and version " >= 13.9.4.0.0 < 13.9.4.2.1"
-
Affected
Oracle
Search vendor "Oracle"
Jdeveloper
Search vendor "Oracle" for product "Jdeveloper"
12.1.3.0.0
Search vendor "Oracle" for product "Jdeveloper" and version "12.1.3.0.0"
-
Affected
Oracle
Search vendor "Oracle"
Jdeveloper
Search vendor "Oracle" for product "Jdeveloper"
12.2.1.3.0
Search vendor "Oracle" for product "Jdeveloper" and version "12.2.1.3.0"
-
Affected
Oracle
Search vendor "Oracle"
Primavera P6 Enterprise Project Portfolio Management
Search vendor "Oracle" for product "Primavera P6 Enterprise Project Portfolio Management"
>= 17.7 <= 17.12
Search vendor "Oracle" for product "Primavera P6 Enterprise Project Portfolio Management" and version " >= 17.7 <= 17.12"
-
Affected
Oracle
Search vendor "Oracle"
Primavera P6 Enterprise Project Portfolio Management
Search vendor "Oracle" for product "Primavera P6 Enterprise Project Portfolio Management"
15.1
Search vendor "Oracle" for product "Primavera P6 Enterprise Project Portfolio Management" and version "15.1"
-
Affected
Oracle
Search vendor "Oracle"
Primavera P6 Enterprise Project Portfolio Management
Search vendor "Oracle" for product "Primavera P6 Enterprise Project Portfolio Management"
15.2
Search vendor "Oracle" for product "Primavera P6 Enterprise Project Portfolio Management" and version "15.2"
-
Affected
Oracle
Search vendor "Oracle"
Primavera P6 Enterprise Project Portfolio Management
Search vendor "Oracle" for product "Primavera P6 Enterprise Project Portfolio Management"
16.1
Search vendor "Oracle" for product "Primavera P6 Enterprise Project Portfolio Management" and version "16.1"
-
Affected
Oracle
Search vendor "Oracle"
Primavera P6 Enterprise Project Portfolio Management
Search vendor "Oracle" for product "Primavera P6 Enterprise Project Portfolio Management"
16.2
Search vendor "Oracle" for product "Primavera P6 Enterprise Project Portfolio Management" and version "16.2"
-
Affected
Oracle
Search vendor "Oracle"
Primavera P6 Enterprise Project Portfolio Management
Search vendor "Oracle" for product "Primavera P6 Enterprise Project Portfolio Management"
18.8
Search vendor "Oracle" for product "Primavera P6 Enterprise Project Portfolio Management" and version "18.8"
-
Affected
Oracle
Search vendor "Oracle"
Primavera Unifier
Search vendor "Oracle" for product "Primavera Unifier"
>= 17.7 <= 17.12
Search vendor "Oracle" for product "Primavera Unifier" and version " >= 17.7 <= 17.12"
-
Affected
Oracle
Search vendor "Oracle"
Primavera Unifier
Search vendor "Oracle" for product "Primavera Unifier"
16.1
Search vendor "Oracle" for product "Primavera Unifier" and version "16.1"
-
Affected
Oracle
Search vendor "Oracle"
Primavera Unifier
Search vendor "Oracle" for product "Primavera Unifier"
16.2
Search vendor "Oracle" for product "Primavera Unifier" and version "16.2"
-
Affected
Oracle
Search vendor "Oracle"
Primavera Unifier
Search vendor "Oracle" for product "Primavera Unifier"
18.8
Search vendor "Oracle" for product "Primavera Unifier" and version "18.8"
-
Affected
Oracle
Search vendor "Oracle"
Retail Merchandising System
Search vendor "Oracle" for product "Retail Merchandising System"
15.0
Search vendor "Oracle" for product "Retail Merchandising System" and version "15.0"
-
Affected
Oracle
Search vendor "Oracle"
Retail Merchandising System
Search vendor "Oracle" for product "Retail Merchandising System"
16.0
Search vendor "Oracle" for product "Retail Merchandising System" and version "16.0"
-
Affected
Oracle
Search vendor "Oracle"
Retail Workforce Management Software
Search vendor "Oracle" for product "Retail Workforce Management Software"
1.60.9.0.0
Search vendor "Oracle" for product "Retail Workforce Management Software" and version "1.60.9.0.0"
-
Affected
Oracle
Search vendor "Oracle"
Webcenter Portal
Search vendor "Oracle" for product "Webcenter Portal"
12.2.1.3.0
Search vendor "Oracle" for product "Webcenter Portal" and version "12.2.1.3.0"
-
Affected
Redhat
Search vendor "Redhat"
Openshift Container Platform
Search vendor "Redhat" for product "Openshift Container Platform"
>= 3.11 < 3.11.153
Search vendor "Redhat" for product "Openshift Container Platform" and version " >= 3.11 < 3.11.153"
-
Affected
Redhat
Search vendor "Redhat"
Openshift Container Platform
Search vendor "Redhat" for product "Openshift Container Platform"
>= 4.6 < 4.6.26
Search vendor "Redhat" for product "Openshift Container Platform" and version " >= 4.6 < 4.6.26"
-
Affected
Netapp
Search vendor "Netapp"
Oncommand Workflow Automation
Search vendor "Netapp" for product "Oncommand Workflow Automation"
--
Affected
Netapp
Search vendor "Netapp"
Snapcenter
Search vendor "Netapp" for product "Snapcenter"
--
Affected
Netapp
Search vendor "Netapp"
Steelstore Cloud Integrated Storage
Search vendor "Netapp" for product "Steelstore Cloud Integrated Storage"
*-
Affected