Vulnerability Name:

CVE-2020-36186 (CCN-194381)

Assigned:2020-05-19
Published:2020-05-19
Updated:2022-09-02
Summary:FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource.
CVSS v3 Severity:8.1 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
7.1 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
9.8 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
8.5 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-502
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2020-36186

Source: CCN
Type: Medium Web site
On Jackson CVEs: Don't Panic - Here is what you need to know

Source: MISC
Type: Exploit, Technical Description, Third Party Advisory
https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062

Source: XF
Type: UNKNOWN
fasterxml-cve202036186-code-exec(194381)

Source: CCN
Type: jackson-databind GIT Repository
FasterXML jackson-databind

Source: MISC
Type: Issue Tracking, Third Party Advisory
https://github.com/FasterXML/jackson-databind/issues/2997

Source: MLIST
Type: Mailing List, Third Party Advisory
[debian-lts-announce] 20210424 [SECURITY] [DLA 2638-1] jackson-databind security update

Source: CONFIRM
Type: Third Party Advisory
https://security.netapp.com/advisory/ntap-20210205-0005/

Source: CCN
Type: IBM Security Bulletin 6410570 (Aspera High-Speed Sync)
jackson-databind vulnerabilities CVE-2020-36185/36181/36189/36188/36184/36180 impacts IBM Aspera High-Speed Transfer Server and Aspera High-Speed Transfer Endpoint versions prior to V4.0

Source: CCN
Type: IBM Security Bulletin 6410882 (Spectrum Protect Plus)
Vulnerabilities in Node.js and FasterXML jackson-databind affect IBM Spectrum Protect Plus

Source: CCN
Type: IBM Security Bulletin 6430587 (Network Performance Insight)
IBM Network Performance Insight 1.3.1 was affected by multiple vulnerabilities in jackson-databind

Source: CCN
Type: IBM Security Bulletin 6454183 (Sterling B2B Integrator)
Multiple Security Vulnerabilities in Jackson-Databind Affects IBM Sterling B2B Integrator

Source: CCN
Type: IBM Security Bulletin 6455267 (Security Guardium)
IBM Security Guardium is affected by a jackson-databind vulnerability

Source: CCN
Type: IBM Security Bulletin 6496727 (Sterling B2B Integrator)
Jackson-Databind Vulnerabilities Affect the B2B API of IBM Sterling B2B Integrator

Source: CCN
Type: IBM Security Bulletin 6525182 (Spectrum Copy Data Management)
Vulnerabilities in Jackson, jQuery, and Dom4j affect IBM Spectrum Copy Data Management

Source: CCN
Type: IBM Security Bulletin 6528214 (Cloud Pak for Multicloud Management)
IBM Cloud Pak for Multicloud Management Monitoring has patched several open source dependencies

Source: CCN
Type: IBM Security Bulletin 6554198 (Cloud Private)
IBM Cloud Private is vulnerable to FasterXML jackson-databind vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6570957 (Cognos Analytics)
IBM Cognos Analytics has addressed multiple vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6593435 (Process Mining)
Vulnerability in jackson-databind affects IBM Process Mining (Multiple CVEs)

Source: CCN
Type: IBM Security Bulletin 6595755 (Disconnected Log Collector)
IBM Disconnected Log Collector is vulnerable to using components with known vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6597241 (Cognos Analytics)
IBM Cognos Analytics has addressed multiple vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6828455 (z/Transaction Processing Facility)
z/Transaction Processing Facility is affected by multiple vulnerabilities in the jackson-databind, jackson-dataformat-xml, jackson-core, slf4j-ext, and cxf-core packages

Source: CCN
Type: IBM Security Bulletin 6840955 (Log Analysis)
Multiple vulnerabilities in Data-Binding for Jackson shipped with IBM Operations Analytics - Log Analysis

Source: CCN
Type: IBM Security Bulletin 6910171 (Integration Designer)
Multiple CVEs affect IBM Integration Designer

Source: CCN
Type: IBM Security Bulletin 6983482 (Security Verify Governance)
IBM Security Verify Governance is vulnerable to a denial of service caused by multiple vulnerabilities.

Source: N/A
Type: Patch, Third Party Advisory
N/A

Source: MISC
Type: Third Party Advisory
https://www.oracle.com/security-alerts/cpuApr2021.html

Source: MISC
Type: Patch, Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2022.html

Source: MISC
Type: Patch, Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2022.html

Source: N/A
Type: Third Party Advisory
N/A

Source: MISC
Type: Patch, Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2021.html

Vulnerable Configuration:Configuration 1:
  • cpe:/a:fasterxml:jackson-databind:*:*:*:*:*:*:*:* (Version >= 2.9.0 and < 2.9.10.8)

    • Configuration 2:
  • cpe:/a:netapp:cloud_backup:-:*:*:*:*:*:*:*
  • OR cpe:/a:netapp:service_level_manager:-:*:*:*:*:*:*:*

    • Configuration 3:
  • cpe:/o:debian:debian_linux:9.0:*:*:*:*:*:*:*

    • Configuration 4:
  • cpe:/a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:primavera_unifier:17.2:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:primavera_unifier:*:*:*:*:*:*:*:* (Version >= 17.7 and <= 17.12)
  • OR cpe:/a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:communications_policy_management:12.5.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:retail_merchandising_system:15.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:goldengate_application_adapters:19.1.0.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:insurance_rules_palette:11.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:commerce_platform:*:*:*:*:*:*:*:* (Version >= 11.3.0 and <= 11.3.2)
  • OR cpe:/a:oracle:commerce_platform:11.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:retail_xstore_point_of_service:16.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:retail_xstore_point_of_service:17.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:retail_xstore_point_of_service:18.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:retail_xstore_point_of_service:19.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:retail_service_backbone:15.0.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:banking_virtual_account_management:14.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:retail_service_backbone:14.1.3.2:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:* (Version < 9.2.5.3)
  • OR cpe:/a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:* (Version < 9.2.5.3)
  • OR cpe:/a:oracle:insurance_rules_palette:*:*:*:*:*:*:*:* (Version >= 11.1.0 and <= 11.3.0)
  • OR cpe:/a:oracle:insurance_policy_administration:*:*:*:*:*:*:*:* (Version >= 11.1.0 and <= 11.3.0)
  • OR cpe:/a:oracle:insurance_policy_administration:11.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:banking_treasury_management:4.4:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:primavera_gateway:20.12.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:primavera_gateway:*:*:*:*:*:*:*:* (Version >= 19.12.0 and <= 19.12.10)
  • OR cpe:/a:oracle:primavera_gateway:*:*:*:*:*:*:*:* (Version >= 18.8.0 and <= 18.8.11)
  • OR cpe:/a:oracle:primavera_gateway:*:*:*:*:*:*:*:* (Version >= 17.12.0 and <= 17.12.11)
  • OR cpe:/a:oracle:communications_cloud_native_core_unified_data_repository:1.4.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:communications_network_charging_and_control:12.0.4.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:communications_convergent_charging_controller:12.0.4.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:retail_customer_management_and_segmentation_foundation:*:*:*:*:*:*:*:* (Version >= 16.0 and <= 19.0)
  • OR cpe:/a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:documaker:12.6.3:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:documaker:12.6.4:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:retail_service_backbone:16.0.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:banking_credit_facilities_process_management:14.2:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:banking_credit_facilities_process_management:14.3:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:banking_credit_facilities_process_management:14.5:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:banking_corporate_lending_process_management:14.2:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:banking_corporate_lending_process_management:14.3:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:banking_corporate_lending_process_management:14.5:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:banking_supply_chain_finance:14.2:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:banking_supply_chain_finance:14.3:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:banking_supply_chain_finance:14.5:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:communications_diameter_signaling_route:*:*:*:*:*:*:*:* (Version >= 8.0.0.0 and <= 8.5.0.0)
  • OR cpe:/a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:* (Version >= 8.2.0.0 and <= 8.2.2.1)
  • OR cpe:/a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:* (Version >= 8.0.0.0 and <= 8.2.2.1)
  • OR cpe:/a:oracle:communications_pricing_design_center:12.0.0.4.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:communications_instant_messaging_server:10.0.1.5.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:banking_virtual_account_management:14.5.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:banking_virtual_account_management:14.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:communications_offline_mediation_controller:12.0.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:banking_extensibility_workbench:14.2:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:banking_extensibility_workbench:14.3:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:banking_extensibility_workbench:14.5:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:communications_element_manager:*:*:*:*:*:*:*:* (Version >= 8.2.0.0 and <= 8.2.4.0)
  • OR cpe:/a:oracle:documaker:12.6.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:blockchain_platform:*:*:*:*:*:*:*:* (Version <= 21.1.2)

    • Configuration CCN 1:
  • cpe:/a:fasterxml:jackson-databind:2.9.10.7:*:*:*:*:*:*:*
  • AND
  • cpe:/a:ibm:spectrum_protect_plus:10.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_private:3.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_private:3.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_private:3.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:sterling_b2b_integrator:6.0.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:sterling_b2b_integrator:5.2.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_private:3.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:sterling_b2b_integrator:6.0.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_guardium:11.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_guardium:11.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_private:3.2.1:cd:*:*:*:*:*:*
  • OR cpe:/a:ibm:log_analysis:1.3.5.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:log_analysis:1.3.6.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_private:3.2.2:cd:*:*:*:*:*:*
  • OR cpe:/a:ibm:log_analysis:1.3.6.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_guardium:11.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:sterling_b2b_integrator:6.1.0.0:*:*:*:standard:*:*:*
  • OR cpe:/a:ibm:spectrum_protect_plus:10.1.7:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:integration_designer:20.0.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_guardium:11.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cognos_analytics:11.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cognos_analytics:11.1.7:-:*:*:*:*:*:*
  • OR cpe:/a:ibm:spectrum_copy_data_management:2.2.13:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cognos_analytics:11.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_verify_governance:10.0:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    fasterxml jackson-databind *
    netapp cloud backup -
    netapp service level manager -
    debian debian linux 9.0
    oracle webcenter portal 12.2.1.3.0
    oracle primavera unifier 17.2
    oracle application testing suite 13.3.0.1
    oracle primavera unifier 18.8
    oracle primavera unifier *
    oracle agile plm 9.3.6
    oracle communications policy management 12.5.0
    oracle primavera unifier 19.12
    oracle webcenter portal 12.2.1.4.0
    oracle communications billing and revenue management 12.0.0.3.0
    oracle communications billing and revenue management 7.5.0.23.0
    oracle communications services gatekeeper 7.0
    oracle retail merchandising system 15.0.3
    oracle communications evolved communications application server 7.1
    oracle goldengate application adapters 19.1.0.0.0
    oracle data integrator 12.2.1.4.0
    oracle primavera unifier 20.12
    oracle insurance rules palette 11.0.2
    oracle commerce platform *
    oracle commerce platform 11.2.0
    oracle communications unified inventory management 7.4.1
    oracle retail xstore point of service 16.0.6
    oracle retail xstore point of service 17.0.4
    oracle retail xstore point of service 18.0.3
    oracle retail xstore point of service 19.0.2
    oracle retail service backbone 15.0.3.1
    oracle banking virtual account management 14.3.0
    oracle retail service backbone 14.1.3.2
    oracle jd edwards enterpriseone tools *
    oracle jd edwards enterpriseone orchestrator *
    oracle insurance rules palette *
    oracle insurance policy administration *
    oracle insurance policy administration 11.0.2
    oracle banking treasury management 4.4
    oracle primavera gateway 20.12.0
    oracle primavera gateway *
    oracle primavera gateway *
    oracle primavera gateway *
    oracle communications cloud native core unified data repository 1.4.0
    oracle communications network charging and control 12.0.4.0.0
    oracle communications convergent charging controller 12.0.4.0.0
    oracle retail customer management and segmentation foundation *
    oracle autovue for agile product lifecycle management 21.0.2
    oracle documaker 12.6.3
    oracle documaker 12.6.4
    oracle retail service backbone 16.0.3.0
    oracle banking credit facilities process management 14.2
    oracle banking credit facilities process management 14.3
    oracle banking credit facilities process management 14.5
    oracle banking corporate lending process management 14.2
    oracle banking corporate lending process management 14.3
    oracle banking corporate lending process management 14.5
    oracle banking supply chain finance 14.2
    oracle banking supply chain finance 14.3
    oracle banking supply chain finance 14.5
    oracle communications diameter signaling route *
    oracle communications session route manager *
    oracle communications session report manager *
    oracle communications pricing design center 12.0.0.4.0
    oracle communications cloud native core policy 1.14.0
    oracle communications instant messaging server 10.0.1.5.0
    oracle banking virtual account management 14.5.0
    oracle banking virtual account management 14.2.0
    oracle communications offline mediation controller 12.0.0.3
    oracle banking extensibility workbench 14.2
    oracle banking extensibility workbench 14.3
    oracle banking extensibility workbench 14.5
    oracle communications element manager *
    oracle documaker 12.6.0
    oracle blockchain platform *
    fasterxml jackson-databind 2.9.10.7
    ibm spectrum protect plus 10.1.0
    ibm cloud private 3.1.0
    ibm cloud private 3.1.1
    ibm cloud private 3.1.2
    ibm sterling b2b integrator 6.0.0.0
    ibm sterling b2b integrator 5.2.0.0
    ibm cloud private 3.2.0
    ibm sterling b2b integrator 6.0.1.0
    ibm security guardium 11.0
    ibm security guardium 11.1
    ibm cloud private 3.2.1 cd
    ibm log analysis 1.3.5.3
    ibm log analysis 1.3.6.0
    ibm cloud private 3.2.2 cd
    ibm log analysis 1.3.6.1
    ibm security guardium 11.2
    ibm sterling b2b integrator 6.1.0.0
    ibm spectrum protect plus 10.1.7
    ibm integration designer 20.0.0.2
    ibm security guardium 11.3
    ibm cognos analytics 11.2.0
    ibm cognos analytics 11.1.7
    ibm spectrum copy data management 2.2.13
    ibm cognos analytics 11.2.1
    ibm security verify governance 10.0