Vulnerability Name:

CVE-2018-5968 (CCN-138088)

Assigned:2018-01-18
Published:2018-01-18
Updated:2021-01-21
Summary:FasterXML jackson-databind through 2.8.11 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 and CVE-2017-17485 deserialization flaws. This is exploitable via two different gadgets that bypass a blacklist.
CVSS v3 Severity:8.1 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
7.1 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
6.4 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-184
CWE-502
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2018-5968

Source: CCN
Type: IBM Security Bulletin 740849 (Rational Collaborative Lifecycle Management)
Security vulnerabilities affect multiple IBM Rational products based on IBM Jazz technology

Source: CCN
Type: IBM Security Bulletin 870976 (InfoSphere Data Replication)
IBM InfoSphere Change Data Capture is affected by a Jackson 2.3.3 and 2.4.4 open source library vulnerabilities

Source: CCN
Type: IBM Security Bulletin 2015305 (Business Automation Workflow)
Multiple vulnerabilities within Jackson JSON library affect IBM Business Automation Workflow (CVE-2017-17485, CVE-2018-5968, CVE-2018-7489)

Source: CCN
Type: IBM Security Bulletin 2016016 (InfoSphere Information Server)
Multiple vulnerabilities in Jackson-databind affect IBM InfoSphere Information Server

Source: REDHAT
Type: Third Party Advisory
RHSA-2018:0478

Source: REDHAT
Type: Third Party Advisory
RHSA-2018:0479

Source: REDHAT
Type: Third Party Advisory
RHSA-2018:0480

Source: REDHAT
Type: Third Party Advisory
RHSA-2018:0481

Source: REDHAT
Type: Third Party Advisory
RHSA-2018:1525

Source: REDHAT
Type: Third Party Advisory
RHSA-2019:2858

Source: REDHAT
Type: Third Party Advisory
RHSA-2019:3149

Source: XF
Type: UNKNOWN
fasterxml-cve20185968-code-exec(138088)

Source: CCN
Type: jackson-databind GIT Repository
Another two gadgets to exploit default typing issue in jackson-databind (CVE-2018-5968) #1899

Source: MISC
Type: Third Party Advisory
https://github.com/FasterXML/jackson-databind/issues/1899

Source: CONFIRM
Type: Third Party Advisory
https://security.netapp.com/advisory/ntap-20180423-0002/

Source: CONFIRM
Type: Third Party Advisory
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03902en_us

Source: DEBIAN
Type: Third Party Advisory
DSA-4114

Source: CCN
Type: IBM Security Bulletin 0872142 (Security Identity Governance and Intelligence)
IBM has announced a release for IBM Security Identity Governance and Intelligence in response to multiple security vulnerabilities

Source: CCN
Type: IBM Security Bulletin 2867997 (Rational Rhapsody Design Manager)
Security vulnerabilities affect multiple IBM Rational products based on IBM Jazz technology

Source: CCN
Type: IBM Security Bulletin 6244628 (Rational Publishing Engine)
Third party vulnerable library Jackson-Databind affects IBM Engineering Lifecycle Optimization - Publishing

Source: CCN
Type: IBM Security Bulletin 6324739 (Security Guardium Insights)
IBM Security Guardium Insights is affected by Components with known vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6335281 (Data Risk Manager)
IBM Data Risk Manager is affected by multiple vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6340251 (Maximo Asset Management)
IBM Maximo Asset Management is vulnerable to Multiple Jackson-Databind CVEs - February 2020

Source: CCN
Type: IBM Security Bulletin 6403331 (Security Guardium Data Encryption)
Multiple Vulnerabilities in IBM Guardium Data Encryption (GDE)

Source: CCN
Type: IBM Security Bulletin 6444089 (Log Analysis)
Multiple vulnerabilities in FasterXML jackson-databind affect Apache Solr shipped with IBM Operations Analytics - Log Analysis

Source: CCN
Type: IBM Security Bulletin 6452485 (InfoSphere Information Server)
IBM InfoSphere Information Server is affected by multiple vulnerabilities in Jackson databind

Source: CCN
Type: IBM Security Bulletin 6828455 (z/Transaction Processing Facility)
z/Transaction Processing Facility is affected by multiple vulnerabilities in the jackson-databind, jackson-dataformat-xml, jackson-core, slf4j-ext, and cxf-core packages

Source: MISC
Type: Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2020.html

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2018-5968

Vulnerable Configuration:Configuration 1:
  • cpe:/a:fasterxml:jackson-databind:*:*:*:*:*:*:*:* (Version >= 2.6.0 and < 2.6.7.3)
  • OR cpe:/a:fasterxml:jackson-databind:*:*:*:*:*:*:*:* (Version >= 2.7.0 and < 2.7.9.2)
  • OR cpe:/a:fasterxml:jackson-databind:*:*:*:*:*:*:*:* (Version >= 2.8.0 and < 2.8.11.1)
  • OR cpe:/a:fasterxml:jackson-databind:*:*:*:*:*:*:*:* (Version >= 2.9.0 and < 2.9.4)

    • Configuration 2:
  • cpe:/o:debian:debian_linux:8.0:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:9.0:*:*:*:*:*:*:*

    • Configuration 3:
  • cpe:/a:redhat:openshift_container_platform:4.1:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:virtualization:4.0:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*
  • AND
  • cpe:/o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*

    • Configuration 4:
  • cpe:/a:redhat:jboss_enterprise_application_platform:7.1:*:*:*:*:*:*:*
  • AND
  • cpe:/o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*

    • Configuration 5:
  • cpe:/a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*

    • Configuration 6:
  • cpe:/a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:* (Version >= 11.0.0 and <= 11.60.3)
  • OR cpe:/a:netapp:e-series_santricity_web_services_proxy:-:*:*:*:*:*:*:*
  • OR cpe:/a:netapp:oncommand_shift:-:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:fasterxml:jackson-databind:2.8.11:*:*:*:*:*:*:*
  • OR cpe:/a:fasterxml:jackson-databind:2.9.3:*:*:*:*:*:*:*
  • AND
  • cpe:/a:ibm:infosphere_information_server:11.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_collaborative_lifecycle_management:5.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_collaborative_lifecycle_management:5.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:maximo_asset_management:7.6.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_collaborative_lifecycle_management:5.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_collaborative_lifecycle_management:6.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:infosphere_information_server:11.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_identity_governance_and_intelligence:5.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_collaborative_lifecycle_management:6.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_identity_governance_and_intelligence:5.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_collaborative_lifecycle_management:6.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_collaborative_lifecycle_management:6.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_rhapsody_design_manager:6.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_rhapsody_design_manager:6.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_rhapsody_design_manager:6.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_rhapsody_design_manager:6.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_collaborative_lifecycle_management:6.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_collaborative_lifecycle_management:6.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_rhapsody_design_manager:6.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:infosphere_information_server:11.7:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_rhapsody_design_manager:6.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:business_automation_workflow:18.0.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_identity_governance_and_intelligence:5.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_identity_governance_and_intelligence:5.2.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_identity_governance_and_intelligence:5.2.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_identity_governance_and_intelligence:5.2.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_identity_governance_and_intelligence:5.2.3.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:maximo_asset_management:7.6.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_identity_governance_and_intelligence:5.2.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_rhapsody_design_manager:6.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_collaborative_lifecycle_management:6.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_publishing_engine:6.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:infosphere_data_replication:11.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_identity_governance_and_intelligence:5.2.4.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_rhapsody_design_manager:6.0.6.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:data_risk_manager:2.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:log_analysis:1.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:log_analysis:1.3.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:log_analysis:1.3.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:log_analysis:1.3.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:log_analysis:1.3.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:log_analysis:1.3.6:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_publishing_engine:7.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_guardium_insights:2.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_guardium_data_encryption:3.0.0.2:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:com.ubuntu.artful:def:20185968000
    V
    		CVE-2018-5968 on Ubuntu 17.10 (artful) - medium.
    2018-02-16
    oval:com.ubuntu.xenial:def:20185968000
    V
    		CVE-2018-5968 on Ubuntu 16.04 LTS (xenial) - medium.
    2018-02-16
    oval:com.ubuntu.trusty:def:20185968000
    V
    		CVE-2018-5968 on Ubuntu 14.04 LTS (trusty) - medium.
    2018-02-16
    oval:com.ubuntu.xenial:def:201859680000000
    V
    		CVE-2018-5968 on Ubuntu 16.04 LTS (xenial) - medium.
    2018-01-22
    oval:com.ubuntu.disco:def:201859680000000
    V
    		CVE-2018-5968 on Ubuntu 19.04 (disco) - medium.
    2018-01-22
    oval:com.ubuntu.bionic:def:201859680000000
    V
    		CVE-2018-5968 on Ubuntu 18.04 LTS (bionic) - medium.
    2018-01-22
    oval:com.ubuntu.bionic:def:20185968000
    V
    		CVE-2018-5968 on Ubuntu 18.04 LTS (bionic) - medium.
    2018-01-21
    oval:com.ubuntu.cosmic:def:201859680000000
    V
    		CVE-2018-5968 on Ubuntu 18.10 (cosmic) - medium.
    2018-01-21
    oval:com.ubuntu.cosmic:def:20185968000
    V
    		CVE-2018-5968 on Ubuntu 18.10 (cosmic) - medium.
    2018-01-21
    BACK
    fasterxml jackson-databind *
    fasterxml jackson-databind *
    fasterxml jackson-databind *
    fasterxml jackson-databind *
    debian debian linux 8.0
    debian debian linux 9.0
    redhat openshift container platform 4.1
    redhat virtualization 4.0
    redhat virtualization host 4.0
    redhat enterprise linux server 7.0
    redhat jboss enterprise application platform 7.1
    redhat enterprise linux server 6.0
    redhat enterprise linux server 7.0
    redhat openshift container platform 3.11
    netapp e-series santricity os controller *
    netapp e-series santricity web services proxy -
    netapp oncommand shift -
    fasterxml jackson-databind 2.8.11
    fasterxml jackson-databind 2.9.3
    ibm infosphere information server 11.3
    ibm rational collaborative lifecycle management 5.0
    ibm rational collaborative lifecycle management 5.0.1
    ibm maximo asset management 7.6.0
    ibm rational collaborative lifecycle management 5.0.2
    ibm rational collaborative lifecycle management 6.0
    ibm infosphere information server 11.5
    ibm security identity governance and intelligence 5.2
    ibm rational collaborative lifecycle management 6.0.1
    ibm security identity governance and intelligence 5.2.1
    ibm rational collaborative lifecycle management 6.0.2
    ibm rational collaborative lifecycle management 6.0.3
    ibm rational rhapsody design manager 6.0
    ibm rational rhapsody design manager 6.0.1
    ibm rational rhapsody design manager 6.0.2
    ibm rational rhapsody design manager 6.0.3
    ibm rational collaborative lifecycle management 6.0.4
    ibm rational collaborative lifecycle management 6.0.5
    ibm rational rhapsody design manager 6.0.4
    ibm infosphere information server 11.7
    ibm rational rhapsody design manager 6.0.5
    ibm business automation workflow 18.0.0.0
    ibm security identity governance and intelligence 5.2.2
    ibm security identity governance and intelligence 5.2.2.1
    ibm security identity governance and intelligence 5.2.3
    ibm security identity governance and intelligence 5.2.3.1
    ibm security identity governance and intelligence 5.2.3.2
    ibm maximo asset management 7.6.1
    ibm security identity governance and intelligence 5.2.4
    ibm rational rhapsody design manager 6.0.6
    ibm rational collaborative lifecycle management 6.0.6
    ibm rational publishing engine 6.0.6
    ibm infosphere data replication 11.4
    ibm security identity governance and intelligence 5.2.4.1
    ibm rational rhapsody design manager 6.0.6.1
    ibm data risk manager 2.0.6
    ibm log analysis 1.3.1
    ibm log analysis 1.3.2
    ibm log analysis 1.3.3
    ibm log analysis 1.3.4
    ibm log analysis 1.3.5
    ibm log analysis 1.3.6
    ibm rational publishing engine 7.0
    ibm security guardium insights 2.0.1
    ibm security guardium data encryption 3.0.0.2