// For flags

CVE-2019-14540

jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariConfig

Severity Score

9.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariConfig.

Se detectó un problema de escritura polimórfica en FasterXML jackson-databind versiones anteriores a 2.9.10. Está relacionado con com.zaxxer.hikari.HikariConfig.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2019-08-02 CVE Reserved
  • 2019-09-15 CVE Published
  • 2024-08-05 CVE Updated
  • 2024-09-08 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
  • CWE-502: Deserialization of Untrusted Data
CAPEC
References (37)
URL Tag Source
https://github.com/FasterXML/jackson-databind/blob/master/release-notes/VERSION-2.x Release Notes
https://lists.apache.org/thread.html/0fcef7321095ce0bc597d468d150cff3d647f4cb3aef3bd4d20e1c69%40%3Ccommits.tinkerpop.apache.org%3E Mailing List
https://lists.apache.org/thread.html/40c00861b53bb611dee7d6f35f864aa7d1c1bd77df28db597cbf27e1%40%3Cissues.hbase.apache.org%3E Mailing List
https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E Mailing List
https://lists.apache.org/thread.html/a360b46061c91c5cad789b6c3190aef9b9f223a2b75c9c9f046fe016%40%3Cissues.hbase.apache.org%3E Mailing List
https://lists.apache.org/thread.html/a4f2c9fb36642a48912cdec6836ec00e497427717c5d377f8d7ccce6%40%3Cnotifications.zookeeper.apache.org%3E Mailing List
https://lists.apache.org/thread.html/ad0d238e97a7da5eca47a014f0f7e81f440ed6bf74a93183825e18b9%40%3Cissues.hbase.apache.org%3E Mailing List
https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E Mailing List
https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E Mailing List
https://lists.apache.org/thread.html/dc6b5cad721a4f6b3b62ed1163894941140d9d5656140fb757505ca0%40%3Cissues.hbase.apache.org%3E Mailing List
https://lists.apache.org/thread.html/e90c3feb21702e68a8c08afce37045adb3870f2bf8223fa403fb93fb%40%3Ccommits.hbase.apache.org%3E Mailing List
https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E Mailing List
https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E Mailing List
https://lists.apache.org/thread.html/r8aaf4ee16bbaf6204731d4770d96ebb34b258cd79b491f9cdd7f2540%40%3Ccommits.nifi.apache.org%3E Mailing List
https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E Mailing List
https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E Mailing List
https://lists.debian.org/debian-lts-announce/2019/10/msg00001.html Mailing List
https://seclists.org/bugtraq/2019/Oct/6 Mailing List
https://security.netapp.com/advisory/ntap-20191004-0002 Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2020.html Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2020.html Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2020.html Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2020.html Third Party Advisory
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Redhat
Search vendor "Redhat"
Jboss Enterprise Application Platform
Search vendor "Redhat" for product "Jboss Enterprise Application Platform"
7.2
Search vendor "Redhat" for product "Jboss Enterprise Application Platform" and version "7.2"
-
Affected
in Redhat
Search vendor "Redhat"
Enterprise Linux
Search vendor "Redhat" for product "Enterprise Linux"
6.0
Search vendor "Redhat" for product "Enterprise Linux" and version "6.0"
-
Safe
Redhat
Search vendor "Redhat"
Jboss Enterprise Application Platform
Search vendor "Redhat" for product "Jboss Enterprise Application Platform"
7.2
Search vendor "Redhat" for product "Jboss Enterprise Application Platform" and version "7.2"
-
Affected
in Redhat
Search vendor "Redhat"
Enterprise Linux
Search vendor "Redhat" for product "Enterprise Linux"
7.0
Search vendor "Redhat" for product "Enterprise Linux" and version "7.0"
-
Safe
Redhat
Search vendor "Redhat"
Jboss Enterprise Application Platform
Search vendor "Redhat" for product "Jboss Enterprise Application Platform"
7.2
Search vendor "Redhat" for product "Jboss Enterprise Application Platform" and version "7.2"
-
Affected
in Redhat
Search vendor "Redhat"
Enterprise Linux
Search vendor "Redhat" for product "Enterprise Linux"
8.0
Search vendor "Redhat" for product "Enterprise Linux" and version "8.0"
-
Safe
Redhat
Search vendor "Redhat"
Jboss Enterprise Application Platform
Search vendor "Redhat" for product "Jboss Enterprise Application Platform"
7.3
Search vendor "Redhat" for product "Jboss Enterprise Application Platform" and version "7.3"
-
Affected
in Redhat
Search vendor "Redhat"
Enterprise Linux
Search vendor "Redhat" for product "Enterprise Linux"
6.0
Search vendor "Redhat" for product "Enterprise Linux" and version "6.0"
-
Safe
Redhat
Search vendor "Redhat"
Jboss Enterprise Application Platform
Search vendor "Redhat" for product "Jboss Enterprise Application Platform"
7.3
Search vendor "Redhat" for product "Jboss Enterprise Application Platform" and version "7.3"
-
Affected
in Redhat
Search vendor "Redhat"
Enterprise Linux
Search vendor "Redhat" for product "Enterprise Linux"
7.0
Search vendor "Redhat" for product "Enterprise Linux" and version "7.0"
-
Safe
Redhat
Search vendor "Redhat"
Jboss Enterprise Application Platform
Search vendor "Redhat" for product "Jboss Enterprise Application Platform"
7.3
Search vendor "Redhat" for product "Jboss Enterprise Application Platform" and version "7.3"
-
Affected
in Redhat
Search vendor "Redhat"
Enterprise Linux
Search vendor "Redhat" for product "Enterprise Linux"
8.0
Search vendor "Redhat" for product "Enterprise Linux" and version "8.0"
-
Safe
Fasterxml
Search vendor "Fasterxml"
Jackson-databind
Search vendor "Fasterxml" for product "Jackson-databind"
>= 2.0.0 < 2.6.7.3
Search vendor "Fasterxml" for product "Jackson-databind" and version " >= 2.0.0 < 2.6.7.3"
-
Affected
Fasterxml
Search vendor "Fasterxml"
Jackson-databind
Search vendor "Fasterxml" for product "Jackson-databind"
>= 2.7.0 < 2.8.11.5
Search vendor "Fasterxml" for product "Jackson-databind" and version " >= 2.7.0 < 2.8.11.5"
-
Affected
Fasterxml
Search vendor "Fasterxml"
Jackson-databind
Search vendor "Fasterxml" for product "Jackson-databind"
>= 2.9.0 < 2.9.10
Search vendor "Fasterxml" for product "Jackson-databind" and version " >= 2.9.0 < 2.9.10"
-
Affected
Netapp
Search vendor "Netapp"
Oncommand Api Services
Search vendor "Netapp" for product "Oncommand Api Services"
--
Affected
Netapp
Search vendor "Netapp"
Oncommand Workflow Automation
Search vendor "Netapp" for product "Oncommand Workflow Automation"
--
Affected
Netapp
Search vendor "Netapp"
Steelstore Cloud Integrated Storage
Search vendor "Netapp" for product "Steelstore Cloud Integrated Storage"
--
Affected
Fedoraproject
Search vendor "Fedoraproject"
Fedora
Search vendor "Fedoraproject" for product "Fedora"
30
Search vendor "Fedoraproject" for product "Fedora" and version "30"
-
Affected
Fedoraproject
Search vendor "Fedoraproject"
Fedora
Search vendor "Fedoraproject" for product "Fedora"
31
Search vendor "Fedoraproject" for product "Fedora" and version "31"
-
Affected
Debian
Search vendor "Debian"
Debian Linux
Search vendor "Debian" for product "Debian Linux"
8.0
Search vendor "Debian" for product "Debian Linux" and version "8.0"
-
Affected
Debian
Search vendor "Debian"
Debian Linux
Search vendor "Debian" for product "Debian Linux"
9.0
Search vendor "Debian" for product "Debian Linux" and version "9.0"
-
Affected
Debian
Search vendor "Debian"
Debian Linux
Search vendor "Debian" for product "Debian Linux"
10.0
Search vendor "Debian" for product "Debian Linux" and version "10.0"
-
Affected
Oracle
Search vendor "Oracle"
Banking Platform
Search vendor "Oracle" for product "Banking Platform"
2.4.0
Search vendor "Oracle" for product "Banking Platform" and version "2.4.0"
-
Affected
Oracle
Search vendor "Oracle"
Banking Platform
Search vendor "Oracle" for product "Banking Platform"
2.4.1
Search vendor "Oracle" for product "Banking Platform" and version "2.4.1"
-
Affected
Oracle
Search vendor "Oracle"
Banking Platform
Search vendor "Oracle" for product "Banking Platform"
2.5.0
Search vendor "Oracle" for product "Banking Platform" and version "2.5.0"
-
Affected
Oracle
Search vendor "Oracle"
Banking Platform
Search vendor "Oracle" for product "Banking Platform"
2.6.0
Search vendor "Oracle" for product "Banking Platform" and version "2.6.0"
-
Affected
Oracle
Search vendor "Oracle"
Banking Platform
Search vendor "Oracle" for product "Banking Platform"
2.6.1
Search vendor "Oracle" for product "Banking Platform" and version "2.6.1"
-
Affected
Oracle
Search vendor "Oracle"
Banking Platform
Search vendor "Oracle" for product "Banking Platform"
2.7.0
Search vendor "Oracle" for product "Banking Platform" and version "2.7.0"
-
Affected
Oracle
Search vendor "Oracle"
Banking Platform
Search vendor "Oracle" for product "Banking Platform"
2.7.1
Search vendor "Oracle" for product "Banking Platform" and version "2.7.1"
-
Affected
Oracle
Search vendor "Oracle"
Customer Management And Segmentation Foundation
Search vendor "Oracle" for product "Customer Management And Segmentation Foundation"
18.0
Search vendor "Oracle" for product "Customer Management And Segmentation Foundation" and version "18.0"
-
Affected
Oracle
Search vendor "Oracle"
Financial Services Analytical Applications Infrastructure
Search vendor "Oracle" for product "Financial Services Analytical Applications Infrastructure"
>= 8.0.2 <= 8.0.8
Search vendor "Oracle" for product "Financial Services Analytical Applications Infrastructure" and version " >= 8.0.2 <= 8.0.8"
-
Affected
Oracle
Search vendor "Oracle"
Global Lifecycle Management Opatch
Search vendor "Oracle" for product "Global Lifecycle Management Opatch"
< 11.2.0.3.23
Search vendor "Oracle" for product "Global Lifecycle Management Opatch" and version " < 11.2.0.3.23"
-
Affected
Oracle
Search vendor "Oracle"
Global Lifecycle Management Opatch
Search vendor "Oracle" for product "Global Lifecycle Management Opatch"
>= 12.2.0.1.0 < 12.2.0.1.19
Search vendor "Oracle" for product "Global Lifecycle Management Opatch" and version " >= 12.2.0.1.0 < 12.2.0.1.19"
-
Affected
Oracle
Search vendor "Oracle"
Global Lifecycle Management Opatch
Search vendor "Oracle" for product "Global Lifecycle Management Opatch"
>= 13.9.4.0.0 < 13.9.4.2.1
Search vendor "Oracle" for product "Global Lifecycle Management Opatch" and version " >= 13.9.4.0.0 < 13.9.4.2.1"
-
Affected
Oracle
Search vendor "Oracle"
Goldengate Application Adapters
Search vendor "Oracle" for product "Goldengate Application Adapters"
19.1.0.0.0
Search vendor "Oracle" for product "Goldengate Application Adapters" and version "19.1.0.0.0"
-
Affected
Oracle
Search vendor "Oracle"
Goldengate Stream Analytics
Search vendor "Oracle" for product "Goldengate Stream Analytics"
< 19.1.0.0.1
Search vendor "Oracle" for product "Goldengate Stream Analytics" and version " < 19.1.0.0.1"
-
Affected
Oracle
Search vendor "Oracle"
Mysql
Search vendor "Oracle" for product "Mysql"
>= 5.7.0 <= 5.7.30
Search vendor "Oracle" for product "Mysql" and version " >= 5.7.0 <= 5.7.30"
-
Affected
Oracle
Search vendor "Oracle"
Mysql
Search vendor "Oracle" for product "Mysql"
>= 8.0.0 <= 8.0.20
Search vendor "Oracle" for product "Mysql" and version " >= 8.0.0 <= 8.0.20"
-
Affected
Oracle
Search vendor "Oracle"
Primavera Gateway
Search vendor "Oracle" for product "Primavera Gateway"
15.2
Search vendor "Oracle" for product "Primavera Gateway" and version "15.2"
-
Affected
Oracle
Search vendor "Oracle"
Primavera Gateway
Search vendor "Oracle" for product "Primavera Gateway"
15.2.18
Search vendor "Oracle" for product "Primavera Gateway" and version "15.2.18"
-
Affected
Oracle
Search vendor "Oracle"
Primavera Gateway
Search vendor "Oracle" for product "Primavera Gateway"
16.2
Search vendor "Oracle" for product "Primavera Gateway" and version "16.2"
-
Affected
Oracle
Search vendor "Oracle"
Primavera Gateway
Search vendor "Oracle" for product "Primavera Gateway"
16.2.11
Search vendor "Oracle" for product "Primavera Gateway" and version "16.2.11"
-
Affected
Oracle
Search vendor "Oracle"
Primavera Gateway
Search vendor "Oracle" for product "Primavera Gateway"
17.12
Search vendor "Oracle" for product "Primavera Gateway" and version "17.12"
-
Affected
Oracle
Search vendor "Oracle"
Primavera Gateway
Search vendor "Oracle" for product "Primavera Gateway"
17.12.6
Search vendor "Oracle" for product "Primavera Gateway" and version "17.12.6"
-
Affected
Oracle
Search vendor "Oracle"
Primavera Gateway
Search vendor "Oracle" for product "Primavera Gateway"
18.8.0
Search vendor "Oracle" for product "Primavera Gateway" and version "18.8.0"
-
Affected
Oracle
Search vendor "Oracle"
Primavera Gateway
Search vendor "Oracle" for product "Primavera Gateway"
18.8.8.1
Search vendor "Oracle" for product "Primavera Gateway" and version "18.8.8.1"
-
Affected
Oracle
Search vendor "Oracle"
Primavera Unifier
Search vendor "Oracle" for product "Primavera Unifier"
>= 17.7 <= 17.12
Search vendor "Oracle" for product "Primavera Unifier" and version " >= 17.7 <= 17.12"
-
Affected
Oracle
Search vendor "Oracle"
Primavera Unifier
Search vendor "Oracle" for product "Primavera Unifier"
16.1
Search vendor "Oracle" for product "Primavera Unifier" and version "16.1"
-
Affected
Oracle
Search vendor "Oracle"
Primavera Unifier
Search vendor "Oracle" for product "Primavera Unifier"
16.2
Search vendor "Oracle" for product "Primavera Unifier" and version "16.2"
-
Affected
Oracle
Search vendor "Oracle"
Primavera Unifier
Search vendor "Oracle" for product "Primavera Unifier"
18.8
Search vendor "Oracle" for product "Primavera Unifier" and version "18.8"
-
Affected
Oracle
Search vendor "Oracle"
Primavera Unifier
Search vendor "Oracle" for product "Primavera Unifier"
19.12
Search vendor "Oracle" for product "Primavera Unifier" and version "19.12"
-
Affected
Oracle
Search vendor "Oracle"
Retail Customer Management And Segmentation Foundation
Search vendor "Oracle" for product "Retail Customer Management And Segmentation Foundation"
17.0
Search vendor "Oracle" for product "Retail Customer Management And Segmentation Foundation" and version "17.0"
-
Affected
Oracle
Search vendor "Oracle"
Retail Xstore Point Of Service
Search vendor "Oracle" for product "Retail Xstore Point Of Service"
7.1
Search vendor "Oracle" for product "Retail Xstore Point Of Service" and version "7.1"
-
Affected
Oracle
Search vendor "Oracle"
Retail Xstore Point Of Service
Search vendor "Oracle" for product "Retail Xstore Point Of Service"
15.0
Search vendor "Oracle" for product "Retail Xstore Point Of Service" and version "15.0"
-
Affected
Oracle
Search vendor "Oracle"
Retail Xstore Point Of Service
Search vendor "Oracle" for product "Retail Xstore Point Of Service"
16.0
Search vendor "Oracle" for product "Retail Xstore Point Of Service" and version "16.0"
-
Affected
Oracle
Search vendor "Oracle"
Retail Xstore Point Of Service
Search vendor "Oracle" for product "Retail Xstore Point Of Service"
17.0
Search vendor "Oracle" for product "Retail Xstore Point Of Service" and version "17.0"
-
Affected
Oracle
Search vendor "Oracle"
Retail Xstore Point Of Service
Search vendor "Oracle" for product "Retail Xstore Point Of Service"
18.0
Search vendor "Oracle" for product "Retail Xstore Point Of Service" and version "18.0"
-
Affected
Oracle
Search vendor "Oracle"
Weblogic Server
Search vendor "Oracle" for product "Weblogic Server"
12.2.1.3.0
Search vendor "Oracle" for product "Weblogic Server" and version "12.2.1.3.0"
-
Affected