CVE-2020-35490
HIGH
8,1
Source: [email protected]
Attack Vector: network
Attack Complexity: high
Privileges Required: none
User Interaction: none
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: high
MEDIUM
6,8
Source: [email protected]
Access Vector: network
Access Complexity: medium
Authentication: none
Confidentiality: partial
Integrity: partial
Availability: partial
Description
AI Translation Available
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.
EPSS (Exploit Prediction Scoring System)
Trend Analysis
EPSS (Exploit Prediction Scoring System)
Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.
EPSS Score
0,0392
Percentile
0,9th
Updated
EPSS Score Trend (Last 90 Days)
502
Deserialization of Untrusted Data
DraftCommon Consequences
Security Scopes Affected:
Integrity
Availability
Other
Potential Impacts:
Modify Application Data
Unexpected State
Dos: Resource Consumption (Cpu)
Varies By Context
Applicable Platforms
Languages:
Java, JavaScript, PHP, Python, Ruby
Technologies:
AI/ML, ICS/OT, Not Technology-Specific
Application
Communications Services Gatekeeper by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Retail Xstore Point Of Service by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.2:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Banking Virtual Account Management by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:banking_virtual_account_management:14.5.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Banking Platform by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Banking Platform by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:banking_platform:2.7.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Blockchain Platform by Oracle
Version Range Affected
To
21.1.2
(inclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Documaker by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:documaker:12.6.3:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Documaker by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:documaker:12.6.4:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Banking Platform by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:banking_platform:2.10.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Communications Cloud Native Core Policy by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Communications Interactive Session Recorder by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:communications_interactive_session_recorder:6.3:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Retail Xstore Point Of Service by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.3:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Retail Xstore Point Of Service by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.6:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Jackson-Databind by Fasterxml
Version Range Affected
From
2.0.0
(inclusive)
To
2.9.10.8
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Webcenter Portal by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Banking Platform by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:banking_platform:2.7.1:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Service Level Manager by Netapp
CPE Identifier
View Detailed Analysis
cpe:2.3:a:netapp:service_level_manager:-:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Autovue For Agile Product Lifecycle Management by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Communications Evolved Communications Application Server by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Application Testing Suite by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Communications Offline Mediation Controller by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.3:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Communications Pricing Design Center by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.4.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Communications Unified Inventory Management by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Communications Cloud Native Core Unified Data Repository by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.4.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Banking Treasury Management by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:banking_treasury_management:14.4:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Banking Platform by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:banking_platform:2.9.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Communications Instant Messaging Server by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.5.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Agile Plm by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Communications Diameter Signaling Router by Oracle
Version Range Affected
From
8.0.0
(inclusive)
To
8.5.0
(inclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Banking Virtual Account Management by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:banking_virtual_account_management:14.2.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Insurance Policy Administration J2Ee by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.2.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Webcenter Portal by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Banking Virtual Account Management by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:banking_virtual_account_management:14.3.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Retail Xstore Point Of Service by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.4:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Debian Linux by Debian
CPE Identifier
View Detailed Analysis
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Retail Merchandising System by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:retail_merchandising_system:15.0.3:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Communications Interactive Session Recorder by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Banking Platform by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:banking_platform:2.8.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-nee…
https://github.com/FasterXML/jackson-databind/issues/2986
https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html
https://security.netapp.com/advisory/ntap-20210122-0005/
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpujul2022.html
https://www.oracle.com/security-alerts/cpuoct2021.html
https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-nee…
https://github.com/FasterXML/jackson-databind/issues/2986
https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html
https://security.netapp.com/advisory/ntap-20210122-0005/
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpujul2022.html
https://www.oracle.com/security-alerts/cpuoct2021.html