Vulnerability Name: | CVE-2019-14893 (CCN-177108) | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Assigned: | 2019-09-20 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Published: | 2019-09-20 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Updated: | 2021-03-16 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Summary: | A flaw was discovered in FasterXML jackson-databind in all versions before 2.9.10 and 2.10.0, where it would permit polymorphic deserialization of malicious objects using the xalan JNDI gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
CVSS v3 Severity: | 9.8 Critical (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) 8.5 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
8.5 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Vulnerability Type: | CWE-502 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Vulnerability Consequences: | Gain Access | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
References: | Source: MITRE Type: CNA CVE-2019-14893 Source: REDHAT Type: Third Party Advisory RHSA-2020:0729 Source: CCN Type: Red Hat Bugzilla Bug 1758182 (CVE-2019-14893) - CVE-2019-14893 jackson-databind: Serialization gadgets in classes of the xalan package Source: CONFIRM Type: Issue Tracking, Patch, Third Party Advisory https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14893 Source: XF Type: UNKNOWN fasterxml-cve201914893-code-exec(177108) Source: CCN Type: jackson-databind GIT Repository Block one more gadget type (xalan2) #2469 Source: MISC Type: Third Party Advisory https://github.com/FasterXML/jackson-databind/issues/2469 Source: MLIST Type: Mailing List, Third Party Advisory [bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image Source: MLIST Type: Mailing List, Third Party Advisory [geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12 Source: CONFIRM Type: Third Party Advisory https://security.netapp.com/advisory/ntap-20200327-0006/ Source: CCN Type: IBM Security Bulletin 6210298 (Sterling B2B Integrator) Multiple Security Vulnerabilities in Jackson-databind Affect B2B API of IBM Sterling B2B Integrator Source: CCN Type: IBM Security Bulletin 6221228 (Global High Availability Mailbox) Multiple security vulnerabilities have been identified In Jackson Databind library shipped with IBM Global Mailbox (CVE-2019-14892, CVE-2019-14893) Source: CCN Type: IBM Security Bulletin 6255694 (Rational Rhapsody Design Manager) Multiple vulnerabilities affects IBM Jazz Foundation and IBM Engineering products. Source: CCN Type: IBM Security Bulletin 6256136 (Network Performance Insight) jackson-databind (Publicly disclosed vulnerability) found in Network Performance Insight (CVE-2019-14892, CVE-2019-14893) Source: CCN Type: IBM Security Bulletin 6258281 (Operations Analytics Predictive Insights) A vulnerability in Faster-XML jackson databind affects IBM Operations Analytics Predictive Insights (CVE-2019-144892, CVE-2019-144893) Source: CCN Type: IBM Security Bulletin 6324739 (Security Guardium Insights) IBM Security Guardium Insights is affected by Components with known vulnerabilities Source: CCN Type: IBM Security Bulletin 6335281 (Data Risk Manager) IBM Data Risk Manager is affected by multiple vulnerabilities Source: CCN Type: IBM Security Bulletin 6378366 (Cognos Business Intelligence) IBM Cognos Business Intelligence has addressed multiple vulnerabilities (Q12021) Source: CCN Type: IBM Security Bulletin 6446143 (Log Analysis) Series of vulnerabilities in FasterXML jackson-databind affect Apache Solr shipped with IBM Operations Analytics - Log Analysis Source: CCN Type: IBM Security Bulletin 6451705 (Cognos Analytics) IBM Cognos Analytics has addressed multiple vulnerabilities Source: CCN Type: IBM Security Bulletin 6496727 (Sterling B2B Integrator) Jackson-Databind Vulnerabilities Affect the B2B API of IBM Sterling B2B Integrator Source: CCN Type: IBM Security Bulletin 6525182 (Spectrum Copy Data Management) Vulnerabilities in Jackson, jQuery, and Dom4j affect IBM Spectrum Copy Data Management Source: CCN Type: IBM Security Bulletin 6528214 (Cloud Pak for Multicloud Management) IBM Cloud Pak for Multicloud Management Monitoring has patched several open source dependencies Source: CCN Type: IBM Security Bulletin 6593435 (Process Mining) Vulnerability in jackson-databind affects IBM Process Mining (Multiple CVEs) Source: CCN Type: IBM Security Bulletin 6595755 (Disconnected Log Collector) IBM Disconnected Log Collector is vulnerable to using components with known vulnerabilities Source: CCN Type: IBM Security Bulletin 6828455 (z/Transaction Processing Facility) z/Transaction Processing Facility is affected by multiple vulnerabilities in the jackson-databind, jackson-dataformat-xml, jackson-core, slf4j-ext, and cxf-core packages Source: CCN Type: IBM Security Bulletin 6840955 (Log Analysis) Multiple vulnerabilities in Data-Binding for Jackson shipped with IBM Operations Analytics - Log Analysis Source: CCN Type: IBM Security Bulletin 6910171 (Integration Designer) Multiple CVEs affect IBM Integration Designer Source: CCN Type: IBM Security Bulletin 6983482 (Security Verify Governance) IBM Security Verify Governance is vulnerable to a denial of service caused by multiple vulnerabilities. Source: MISC Type: Third Party Advisory https://www.oracle.com/security-alerts/cpujul2020.html Source: MISC Type: Third Party Advisory https://www.oracle.com/security-alerts/cpuoct2020.html | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration 3: Configuration CCN 1: Denotes that component is vulnerable | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Oval Definitions | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
BACK |