CVE-2019-20330
jackson-databind: lacks certain net.sf.ehcache blocking
Severity Score
9.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.ehcache blocking.
FasterXML jackson-databind versiones 2.x anteriores a la versiĆ³n 2.9.10.2, carece de cierto bloqueo de net.sf.ehcache.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2020-01-03 CVE Reserved
- 2020-01-03 CVE Published
- 2024-04-28 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-502: Deserialization of Untrusted Data
CAPEC
References (35)
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2019-20330 | 2020-07-29 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1793154 | 2020-07-29 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Fasterxml Search vendor "Fasterxml" | Jackson-databind Search vendor "Fasterxml" for product "Jackson-databind" | >= 2.0.0 < 2.7.9.7 Search vendor "Fasterxml" for product "Jackson-databind" and version " >= 2.0.0 < 2.7.9.7" | - |
Affected
| ||||||
| Fasterxml Search vendor "Fasterxml" | Jackson-databind Search vendor "Fasterxml" for product "Jackson-databind" | >= 2.8.0 < 2.8.11.5 Search vendor "Fasterxml" for product "Jackson-databind" and version " >= 2.8.0 < 2.8.11.5" | - |
Affected
| ||||||
| Fasterxml Search vendor "Fasterxml" | Jackson-databind Search vendor "Fasterxml" for product "Jackson-databind" | >= 2.9.0 < 2.9.10.2 Search vendor "Fasterxml" for product "Jackson-databind" and version " >= 2.9.0 < 2.9.10.2" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Banking Platform Search vendor "Oracle" for product "Banking Platform" | >= 2.4.0 <= 2.9.0 Search vendor "Oracle" for product "Banking Platform" and version " >= 2.4.0 <= 2.9.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Communications Billing And Revenue Management Search vendor "Oracle" for product "Communications Billing And Revenue Management" | 7.5.0.23.0 Search vendor "Oracle" for product "Communications Billing And Revenue Management" and version "7.5.0.23.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Communications Billing And Revenue Management Search vendor "Oracle" for product "Communications Billing And Revenue Management" | 12.0.0.3.0 Search vendor "Oracle" for product "Communications Billing And Revenue Management" and version "12.0.0.3.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Communications Cloud Native Core Network Slice Selection Function Search vendor "Oracle" for product "Communications Cloud Native Core Network Slice Selection Function" | 1.2.1 Search vendor "Oracle" for product "Communications Cloud Native Core Network Slice Selection Function" and version "1.2.1" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Communications Contacts Server Search vendor "Oracle" for product "Communications Contacts Server" | 8.0.0.4.0 Search vendor "Oracle" for product "Communications Contacts Server" and version "8.0.0.4.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Communications Evolved Communications Application Server Search vendor "Oracle" for product "Communications Evolved Communications Application Server" | 7.1 Search vendor "Oracle" for product "Communications Evolved Communications Application Server" and version "7.1" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Communications Instant Messaging Server Search vendor "Oracle" for product "Communications Instant Messaging Server" | 10.0.1.4.0 Search vendor "Oracle" for product "Communications Instant Messaging Server" and version "10.0.1.4.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Communications Network Charging And Control Search vendor "Oracle" for product "Communications Network Charging And Control" | >= 12.0.0 <= 12.0.3 Search vendor "Oracle" for product "Communications Network Charging And Control" and version " >= 12.0.0 <= 12.0.3" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Communications Network Charging And Control Search vendor "Oracle" for product "Communications Network Charging And Control" | 6.0.1 Search vendor "Oracle" for product "Communications Network Charging And Control" and version "6.0.1" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Customer Management And Segmentation Foundation Search vendor "Oracle" for product "Customer Management And Segmentation Foundation" | 18.0 Search vendor "Oracle" for product "Customer Management And Segmentation Foundation" and version "18.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Enterprise Manager Base Platform Search vendor "Oracle" for product "Enterprise Manager Base Platform" | 13.3.0.0 Search vendor "Oracle" for product "Enterprise Manager Base Platform" and version "13.3.0.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Enterprise Manager Base Platform Search vendor "Oracle" for product "Enterprise Manager Base Platform" | 13.4.0.0 Search vendor "Oracle" for product "Enterprise Manager Base Platform" and version "13.4.0.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Global Lifecycle Management Opatch Search vendor "Oracle" for product "Global Lifecycle Management Opatch" | < 11.2.0.3.23 Search vendor "Oracle" for product "Global Lifecycle Management Opatch" and version " < 11.2.0.3.23" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Global Lifecycle Management Opatch Search vendor "Oracle" for product "Global Lifecycle Management Opatch" | >= 12.2.0.1.0 < 12.2.0.1.19 Search vendor "Oracle" for product "Global Lifecycle Management Opatch" and version " >= 12.2.0.1.0 < 12.2.0.1.19" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Global Lifecycle Management Opatch Search vendor "Oracle" for product "Global Lifecycle Management Opatch" | >= 13.9.4.0.0 < 13.9.4.2.1 Search vendor "Oracle" for product "Global Lifecycle Management Opatch" and version " >= 13.9.4.0.0 < 13.9.4.2.1" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Goldengate Application Adapters Search vendor "Oracle" for product "Goldengate Application Adapters" | 19.1.0.0.0 Search vendor "Oracle" for product "Goldengate Application Adapters" and version "19.1.0.0.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Goldengate Stream Analytics Search vendor "Oracle" for product "Goldengate Stream Analytics" | < 19.1.0.0.1 Search vendor "Oracle" for product "Goldengate Stream Analytics" and version " < 19.1.0.0.1" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Jd Edwards Enterpriseone Orchestrator Search vendor "Oracle" for product "Jd Edwards Enterpriseone Orchestrator" | < 9.2.4.2 Search vendor "Oracle" for product "Jd Edwards Enterpriseone Orchestrator" and version " < 9.2.4.2" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Jd Edwards Enterpriseone Tools Search vendor "Oracle" for product "Jd Edwards Enterpriseone Tools" | < 9.2.4.2 Search vendor "Oracle" for product "Jd Edwards Enterpriseone Tools" and version " < 9.2.4.2" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Primavera Unifier Search vendor "Oracle" for product "Primavera Unifier" | >= 17.7 <= 17.12 Search vendor "Oracle" for product "Primavera Unifier" and version " >= 17.7 <= 17.12" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Primavera Unifier Search vendor "Oracle" for product "Primavera Unifier" | 16.1 Search vendor "Oracle" for product "Primavera Unifier" and version "16.1" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Primavera Unifier Search vendor "Oracle" for product "Primavera Unifier" | 16.2 Search vendor "Oracle" for product "Primavera Unifier" and version "16.2" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Primavera Unifier Search vendor "Oracle" for product "Primavera Unifier" | 18.8 Search vendor "Oracle" for product "Primavera Unifier" and version "18.8" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Primavera Unifier Search vendor "Oracle" for product "Primavera Unifier" | 19.12 Search vendor "Oracle" for product "Primavera Unifier" and version "19.12" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Retail Merchandising System Search vendor "Oracle" for product "Retail Merchandising System" | 15.0.3 Search vendor "Oracle" for product "Retail Merchandising System" and version "15.0.3" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Retail Merchandising System Search vendor "Oracle" for product "Retail Merchandising System" | 16.0.2 Search vendor "Oracle" for product "Retail Merchandising System" and version "16.0.2" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Retail Merchandising System Search vendor "Oracle" for product "Retail Merchandising System" | 16.0.3 Search vendor "Oracle" for product "Retail Merchandising System" and version "16.0.3" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Retail Sales Audit Search vendor "Oracle" for product "Retail Sales Audit" | 14.1 Search vendor "Oracle" for product "Retail Sales Audit" and version "14.1" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Retail Xstore Point Of Service Search vendor "Oracle" for product "Retail Xstore Point Of Service" | 15.0 Search vendor "Oracle" for product "Retail Xstore Point Of Service" and version "15.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Retail Xstore Point Of Service Search vendor "Oracle" for product "Retail Xstore Point Of Service" | 16.0 Search vendor "Oracle" for product "Retail Xstore Point Of Service" and version "16.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Retail Xstore Point Of Service Search vendor "Oracle" for product "Retail Xstore Point Of Service" | 17.0 Search vendor "Oracle" for product "Retail Xstore Point Of Service" and version "17.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Retail Xstore Point Of Service Search vendor "Oracle" for product "Retail Xstore Point Of Service" | 18.0 Search vendor "Oracle" for product "Retail Xstore Point Of Service" and version "18.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Retail Xstore Point Of Service Search vendor "Oracle" for product "Retail Xstore Point Of Service" | 19.0 Search vendor "Oracle" for product "Retail Xstore Point Of Service" and version "19.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Siebel Engineering - Installer \& Deployment Search vendor "Oracle" for product "Siebel Engineering - Installer \& Deployment" | <= 2.20.5 Search vendor "Oracle" for product "Siebel Engineering - Installer \& Deployment" and version " <= 2.20.5" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Siebel Ui Framework Search vendor "Oracle" for product "Siebel Ui Framework" | <= 20.5 Search vendor "Oracle" for product "Siebel Ui Framework" and version " <= 20.5" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Trace File Analyzer Search vendor "Oracle" for product "Trace File Analyzer" | 12.2.0.1 Search vendor "Oracle" for product "Trace File Analyzer" and version "12.2.0.1" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Trace File Analyzer Search vendor "Oracle" for product "Trace File Analyzer" | 18c Search vendor "Oracle" for product "Trace File Analyzer" and version "18c" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Trace File Analyzer Search vendor "Oracle" for product "Trace File Analyzer" | 19c Search vendor "Oracle" for product "Trace File Analyzer" and version "19c" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Webcenter Portal Search vendor "Oracle" for product "Webcenter Portal" | 12.2.1.3.0 Search vendor "Oracle" for product "Webcenter Portal" and version "12.2.1.3.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Webcenter Portal Search vendor "Oracle" for product "Webcenter Portal" | 12.2.1.4.0 Search vendor "Oracle" for product "Webcenter Portal" and version "12.2.1.4.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Weblogic Server Search vendor "Oracle" for product "Weblogic Server" | 12.2.1.3.0 Search vendor "Oracle" for product "Weblogic Server" and version "12.2.1.3.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Weblogic Server Search vendor "Oracle" for product "Weblogic Server" | 12.2.1.4.0 Search vendor "Oracle" for product "Weblogic Server" and version "12.2.1.4.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0" | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Active Iq Unified Manager Search vendor "Netapp" for product "Active Iq Unified Manager" | >= 7.3 Search vendor "Netapp" for product "Active Iq Unified Manager" and version " >= 7.3" | linux |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Active Iq Unified Manager Search vendor "Netapp" for product "Active Iq Unified Manager" | >= 7.3 Search vendor "Netapp" for product "Active Iq Unified Manager" and version " >= 7.3" | windows |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Active Iq Unified Manager Search vendor "Netapp" for product "Active Iq Unified Manager" | >= 9.5 Search vendor "Netapp" for product "Active Iq Unified Manager" and version " >= 9.5" | vmware_vsphere |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Oncommand Api Services Search vendor "Netapp" for product "Oncommand Api Services" | - | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Service Level Manager Search vendor "Netapp" for product "Service Level Manager" | - | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Snapcenter Search vendor "Netapp" for product "Snapcenter" | - | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Steelstore Cloud Integrated Storage Search vendor "Netapp" for product "Steelstore Cloud Integrated Storage" | - | - |
Affected
| ||||||