Vulnerability Name:

CVE-2020-35728 (CCN-193843)

Assigned:2020-05-19
Published:2020-05-19
Updated:2022-09-02
Summary:FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).
CVSS v3 Severity:8.1 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
7.1 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
8.1 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
7.1 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
7.6 High (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-502
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2020-35728

Source: CCN
Type: Medium Web site
On Jackson CVEs: Don't Panic - Here is what you need to know

Source: XF
Type: UNKNOWN
fasterxml-cve202035728-code-exec(193843)

Source: CCN
Type: jackson-databind GIT Repository
Block one more gadget type (org.glassfish.web/javax.servlet.jsp.jstl, CVE-2020-35728) #2999

Source: MISC
Type: Patch, Third Party Advisory
https://github.com/FasterXML/jackson-databind/issues/2999

Source: MLIST
Type: Mailing List, Third Party Advisory
[debian-lts-announce] 20210424 [SECURITY] [DLA 2638-1] jackson-databind security update

Source: MISC
Type: Exploit, Third Party Advisory
https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062

Source: CONFIRM
Type: Third Party Advisory
https://security.netapp.com/advisory/ntap-20210129-0007/

Source: CCN
Type: IBM Security Bulletin 6398290 (Aspera High-Speed Transfer Server)
jackson-databind vulnerability CVE-2020-35728 impacts IBM Aspera High-Speed Transfer Server and Aspera High-Speed Transfer Endpoint versions prior to V4.0

Source: CCN
Type: IBM Security Bulletin 6416145 (Watson Discovery)
IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in FasterXML jackson-databind

Source: CCN
Type: IBM Security Bulletin 6440471 (Network Performance Insight)
Network Performance Insight 1.3.1 was affected by jackson-databind vulnerability (CVE-2020-35728)

Source: CCN
Type: IBM Security Bulletin 6496727 (Sterling B2B Integrator)
Jackson-Databind Vulnerabilities Affect the B2B API of IBM Sterling B2B Integrator

Source: CCN
Type: IBM Security Bulletin 6525182 (Spectrum Copy Data Management)
Vulnerabilities in Jackson, jQuery, and Dom4j affect IBM Spectrum Copy Data Management

Source: CCN
Type: IBM Security Bulletin 6554196 (Cloud Private)
IBM Cloud Private is vulnerable to FasterXML jackson-databind vulnerabilities (CVE-2020-35728)

Source: CCN
Type: IBM Security Bulletin 6593435 (Process Mining)
Vulnerability in jackson-databind affects IBM Process Mining (Multiple CVEs)

Source: CCN
Type: IBM Security Bulletin 6595755 (Disconnected Log Collector)
IBM Disconnected Log Collector is vulnerable to using components with known vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6597241 (Cognos Analytics)
IBM Cognos Analytics has addressed multiple vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6840955 (Log Analysis)
Multiple vulnerabilities in Data-Binding for Jackson shipped with IBM Operations Analytics - Log Analysis

Source: CCN
Type: IBM Security Bulletin 6910171 (Integration Designer)
Multiple CVEs affect IBM Integration Designer

Source: CCN
Type: IBM Security Bulletin 6983482 (Security Verify Governance)
IBM Security Verify Governance is vulnerable to a denial of service caused by multiple vulnerabilities.

Source: N/A
Type: Patch, Third Party Advisory
N/A

Source: MISC
Type: Third Party Advisory
https://www.oracle.com/security-alerts/cpuApr2021.html

Source: MISC
Type: Patch, Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2022.html

Source: MISC
Type: Patch, Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2022.html

Source: N/A
Type: Third Party Advisory
N/A

Source: MISC
Type: Patch, Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2021.html

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2020-35728

Vulnerable Configuration:Configuration 1:
  • cpe:/a:fasterxml:jackson-databind:*:*:*:*:*:*:*:* (Version >= 2.9.0 and < 2.9.10.8)

    • Configuration 2:
  • cpe:/o:debian:debian_linux:9.0:*:*:*:*:*:*:*

    • Configuration 3:
  • cpe:/a:netapp:service_level_manager:-:*:*:*:*:*:*:*

    • Configuration 4:
  • cpe:/a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:primavera_unifier:*:*:*:*:*:*:*:* (Version >= 17.7 and <= 17.12)
  • OR cpe:/a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:communications_policy_management:12.5.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:retail_merchandising_system:15.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:goldengate_application_adapters:19.1.0.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:autovue:21.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:insurance_rules_palette:11.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:commerce_platform:*:*:*:*:*:*:*:* (Version >= 11.3.0 and <= 11.3.2)
  • OR cpe:/a:oracle:commerce_platform:11.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:retail_xstore_point_of_service:16.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:retail_xstore_point_of_service:17.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:retail_xstore_point_of_service:18.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:retail_xstore_point_of_service:19.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:retail_service_backbone:15.0.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:retail_service_backbone:14.1.3.2:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:* (Version < 9.2.5.3)
  • OR cpe:/a:oracle:banking_virtual_account_management:14.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:* (Version < 9.2.5.3)
  • OR cpe:/a:oracle:insurance_rules_palette:*:*:*:*:*:*:*:* (Version >= 11.1.0 and <= 11.3.0)
  • OR cpe:/a:oracle:insurance_policy_administration:*:*:*:*:*:*:*:* (Version >= 11.1.0 and <= 11.3.0)
  • OR cpe:/a:oracle:insurance_policy_administration:11.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:primavera_gateway:20.12.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:primavera_gateway:*:*:*:*:*:*:*:* (Version >= 19.12.0 and <= 19.12.10)
  • OR cpe:/a:oracle:primavera_gateway:*:*:*:*:*:*:*:* (Version >= 18.8.0 and <= 18.8.11)
  • OR cpe:/a:oracle:primavera_gateway:*:*:*:*:*:*:*:* (Version >= 17.12.0 and <= 17.12.11)
  • OR cpe:/a:oracle:communications_cloud_native_core_unified_data_repository:1.4.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:communications_network_charging_and_control:12.0.4.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:communications_convergent_charging_controller:12.0.4.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:retail_customer_management_and_segmentation_foundation:*:*:*:*:*:*:*:* (Version >= 16.0 and <= 19.0)
  • OR cpe:/a:oracle:retail_service_backbone:16.0.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:banking_credit_facilities_process_management:14.2:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:banking_credit_facilities_process_management:14.3:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:banking_credit_facilities_process_management:14.5:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:banking_corporate_lending_process_management:14.2:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:banking_corporate_lending_process_management:14.3:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:banking_corporate_lending_process_management:14.5:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:banking_supply_chain_finance:14.2:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:banking_supply_chain_finance:14.3:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:banking_supply_chain_finance:14.5:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:banking_treasury_management:14.4:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:communications_diameter_signaling_route:*:*:*:*:*:*:*:* (Version >= 8.0.0.0 and <= 8.5.0.0)
  • OR cpe:/a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:* (Version >= 8.2.0.0 and <= 8.2.2.1)
  • OR cpe:/a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:* (Version >= 8.0.0.0 and <= 8.2.2.1)
  • OR cpe:/a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:primavera_unifier:*:*:*:*:*:*:*:* (Version >= 18.8 and <= 19.12)
  • OR cpe:/a:oracle:banking_extensibility_workbench:14.2:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:banking_extensibility_workbench:14.3:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:banking_extensibility_workbench:14.5:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:communications_element_manager:*:*:*:*:*:*:*:* (Version >= 8.2.0.0 and <= 8.2.4.0)
  • OR cpe:/a:oracle:blockchain_platform:*:*:*:*:*:*:*:* (Version <= 21.1.2)
  • OR cpe:/a:oracle:banking_virtual_account_management:14.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:banking_virtual_account_management:14.5.0:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:fasterxml:jackson-databind:2.9.10.7:*:*:*:*:*:*:*
  • AND
  • cpe:/a:ibm:sterling_b2b_integrator:6.0.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:sterling_b2b_integrator:5.2.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:sterling_b2b_integrator:6.0.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:watson_discovery:2.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_private:3.2.1:cd:*:*:*:*:*:*
  • OR cpe:/a:ibm:log_analysis:1.3.5.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:log_analysis:1.3.6.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_private:3.2.2:cd:*:*:*:*:*:*
  • OR cpe:/a:ibm:log_analysis:1.3.6.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:sterling_b2b_integrator:6.1.0.0:*:*:*:standard:*:*:*
  • OR cpe:/a:ibm:integration_designer:20.0.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:watson_discovery:2.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cognos_analytics:11.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cognos_analytics:11.1.7:-:*:*:*:*:*:*
  • OR cpe:/a:ibm:spectrum_copy_data_management:2.2.13:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cognos_analytics:11.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_verify_governance:10.0:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:7534
    P
    		jackson-databind-2.13.4.2-150200.3.12.1 on GA media (Moderate)
    2023-06-12
    oval:org.opensuse.security:def:2955
    P
    		jackson-databind-2.10.5.1-3.5.1 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:94906
    P
    		gnome-desktop-lang-41.2-150400.1.7 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:94585
    P
    		jackson-databind-2.10.5.1-3.5.1 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:95325
    P
    		Security update for google-gson (Important)
    2022-06-10
    oval:org.opensuse.security:def:101619
    P
    		Security update for jackson-databind, jackson-dataformats-binary, jackson-annotations, jackson-bom, jackson-core (Important) (in QA)
    2022-04-13
    oval:org.opensuse.security:def:102038
    P
    		Security update for the Linux Kernel (Live Patch 11 for SLE 15 SP3) (Important)
    2022-03-29
    oval:org.opensuse.security:def:112447
    P
    		jackson-databind-2.10.5.1-2.2 on GA media (Moderate)
    2022-01-17
    oval:org.opensuse.security:def:4497
    P
    		Security update for the Linux Kernel (Live Patch 19 for SLE 12 SP5) (Important)
    2021-10-12
    oval:org.opensuse.security:def:105953
    P
    		jackson-databind-2.10.5.1-2.2 on GA media (Moderate)
    2021-10-01
    oval:org.opensuse.security:def:63015
    P
    		jackson-databind-2.10.5.1-3.3.2 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:72734
    P
    		jackson-databind-2.10.5.1-3.3.2 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:101273
    P
    		jackson-databind-2.10.5.1-3.3.2 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:1926
    P
    		jackson-databind-2.10.5.1-3.3.2 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:5777
    P
    		Security update for the Linux Kernel (Important)
    2021-06-08
    oval:org.opensuse.security:def:111200
    P
    		Security update for jackson-databind (Moderate)
    2021-02-01
    oval:org.opensuse.security:def:66866
    P
    		Security update for jackson-databind (Moderate)
    2021-01-29
    oval:org.opensuse.security:def:97158
    P
    		Security update for jackson-databind (Moderate)
    2021-01-29
    oval:org.opensuse.security:def:94391
    P
    		 (Moderate)
    2021-01-29
    oval:org.opensuse.security:def:75934
    P
    		Security update for jackson-databind (Moderate)
    2021-01-29
    oval:org.opensuse.security:def:108285
    P
    		Security update for jackson-databind (Moderate)
    2021-01-29
    oval:org.opensuse.security:def:93754
    P
    		 (Moderate)
    2021-01-29
    oval:org.opensuse.security:def:100641
    P
    		 (Moderate)
    2021-01-29
    oval:org.opensuse.security:def:108704
    P
    		Security update for jackson-databind (Moderate)
    2021-01-29
    oval:org.opensuse.security:def:93968
    P
    		 (Moderate)
    2021-01-29
    oval:org.opensuse.security:def:117799
    P
    		Security update for jackson-databind (Moderate)
    2021-01-29
    oval:org.opensuse.security:def:65586
    P
    		Security update for jackson-databind (Moderate)
    2021-01-29
    oval:org.opensuse.security:def:94180
    P
    		 (Moderate)
    2021-01-29
    oval:org.opensuse.security:def:74654
    P
    		Security update for jackson-databind (Moderate)
    2021-01-29
    BACK
    fasterxml jackson-databind *
    debian debian linux 9.0
    netapp service level manager -
    oracle webcenter portal 12.2.1.3.0
    oracle application testing suite 13.3.0.1
    oracle primavera unifier *
    oracle agile plm 9.3.6
    oracle communications policy management 12.5.0
    oracle webcenter portal 12.2.1.4.0
    oracle communications billing and revenue management 12.0.0.3.0
    oracle communications billing and revenue management 7.5.0.23.0
    oracle communications services gatekeeper 7.0
    oracle retail merchandising system 15.0.3
    oracle communications evolved communications application server 7.1
    oracle goldengate application adapters 19.1.0.0.0
    oracle data integrator 12.2.1.4.0
    oracle primavera unifier 20.12
    oracle autovue 21.0.2
    oracle insurance rules palette 11.0.2
    oracle commerce platform *
    oracle commerce platform 11.2.0
    oracle communications unified inventory management 7.4.1
    oracle retail xstore point of service 16.0.6
    oracle retail xstore point of service 17.0.4
    oracle retail xstore point of service 18.0.3
    oracle retail xstore point of service 19.0.2
    oracle retail service backbone 15.0.3.1
    oracle retail service backbone 14.1.3.2
    oracle jd edwards enterpriseone tools *
    oracle banking virtual account management 14.3.0
    oracle jd edwards enterpriseone orchestrator *
    oracle insurance rules palette *
    oracle insurance policy administration *
    oracle insurance policy administration 11.0.2
    oracle primavera gateway 20.12.0
    oracle primavera gateway *
    oracle primavera gateway *
    oracle primavera gateway *
    oracle communications cloud native core unified data repository 1.4.0
    oracle communications network charging and control 12.0.4.0.0
    oracle communications convergent charging controller 12.0.4.0.0
    oracle retail customer management and segmentation foundation *
    oracle retail service backbone 16.0.3.0
    oracle banking credit facilities process management 14.2
    oracle banking credit facilities process management 14.3
    oracle banking credit facilities process management 14.5
    oracle banking corporate lending process management 14.2
    oracle banking corporate lending process management 14.3
    oracle banking corporate lending process management 14.5
    oracle banking supply chain finance 14.2
    oracle banking supply chain finance 14.3
    oracle banking supply chain finance 14.5
    oracle banking treasury management 14.4
    oracle communications diameter signaling route *
    oracle communications session route manager *
    oracle communications session report manager *
    oracle communications cloud native core policy 1.14.0
    oracle primavera unifier *
    oracle banking extensibility workbench 14.2
    oracle banking extensibility workbench 14.3
    oracle banking extensibility workbench 14.5
    oracle communications element manager *
    oracle blockchain platform *
    oracle banking virtual account management 14.2.0
    oracle banking virtual account management 14.5.0
    fasterxml jackson-databind 2.9.10.7
    ibm sterling b2b integrator 6.0.0.0
    ibm sterling b2b integrator 5.2.0.0
    ibm sterling b2b integrator 6.0.1.0
    ibm watson discovery 2.0.0
    ibm cloud private 3.2.1 cd
    ibm log analysis 1.3.5.3
    ibm log analysis 1.3.6.0
    ibm cloud private 3.2.2 cd
    ibm log analysis 1.3.6.1
    ibm sterling b2b integrator 6.1.0.0
    ibm integration designer 20.0.0.2
    ibm watson discovery 2.2.0
    ibm cognos analytics 11.2.0
    ibm cognos analytics 11.1.7
    ibm spectrum copy data management 2.2.13
    ibm cognos analytics 11.2.1
    ibm security verify governance 10.0