Vulnerability Name: | CVE-2020-36518 (CCN-222319) | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Assigned: | 2020-08-12 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Published: | 2020-08-12 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Updated: | 2022-11-29 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Summary: | FasterXML jackson-databind is vulnerable to a denial of service, caused by a Java StackOverflow exception. By using a large depth of nested objects, a remote attacker could exploit this vulnerability to cause a denial of service. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
CVSS v3 Severity: | 7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) 6.9 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:U/RC:C)
6.9 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:U/RC:C)
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Vulnerability Consequences: | Denial of Service | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
References: | Source: MITRE Type: CNA CVE-2020-36518 Source: XF Type: UNKNOWN fasterxml-cve202036518-dos(222319) Source: CCN Type: GitHub Advisory Database Deeply nested json in jackson-databind Source: CCN Type: jackson-databind GIT Repository Optimize UntypedObjectDeserializer wrt recursion #2816 Source: cve@mitre.org Type: Issue Tracking, Third Party Advisory cve@mitre.org Source: cve@mitre.org Type: Exploit, Mailing List, Third Party Advisory cve@mitre.org Source: cve@mitre.org Type: Mailing List, Third Party Advisory cve@mitre.org Source: cve@mitre.org Type: Third Party Advisory cve@mitre.org Source: cve@mitre.org Type: Third Party Advisory cve@mitre.org Source: CCN Type: IBM Security Bulletin 6555376 (Cognos Command Center) IBM Cognos Command Center is affected by multiple vulnerabilities Source: CCN Type: IBM Security Bulletin 6573013 (Watson Speech Services Cartridge for Cloud Pak for Data) A Vulnerability with jackson-databind before 2.13.0 affects IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data Source: CCN Type: IBM Security Bulletin 6579513 (Informix Dynamic Server) IBM Informix Dynamic Server is affected to denial of service due to FasterXML jackson-databind (CVE-2020-36518) Source: CCN Type: IBM Security Bulletin 6589939 (MQ Operator) IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from gzip, jackson-databind, libssh, gnutls, nettle and zlib Source: CCN Type: IBM Security Bulletin 6598053 (Security Guardium) IBM Security Guardium is affected by multiple vulnerabilities Source: CCN Type: IBM Security Bulletin 6598765 (Cloud Transformation Advisor) IBM Cloud Transformation Advisor is vulnerable to multiple vulnerabilities Source: CCN Type: IBM Security Bulletin 6600063 (UrbanCode Deploy) UrbanCode Deploy is vulnerable to denial of service due to Jackson-databind (CVE-2020-36518) Source: CCN Type: IBM Security Bulletin 6601131 (App Connect Enterprise Certified Container) IBM App Connect Enterprise Certified Container IntegrationServer operands that process JSON data may be vulnerable to denial of service due to CVE-2020-36518 Source: CCN Type: IBM Security Bulletin 6601521 (Tivoli Netcool/Impact) A security vulnerability has been identified in jackson-databind shipped with IBM Tivoli Netcool Impact (CVE-2020-36518, WS-2021-0616) Source: CCN Type: IBM Security Bulletin 6602625 (i Modernization Engine for Lifecycle Integration) IBM i Modernization Engine for Lifecycle Integration is vulnerable to multiple vulnerabilities Source: CCN Type: IBM Security Bulletin 6603415 (MQ Appliance) IBM MQ Appliance is affected by FasterXML jackson-databind vulnerabilities (CVE-2020-36518) Source: CCN Type: IBM Security Bulletin 6603665 (Business Automation Workflow) Denial of Service vulnerability affect IBM Business Automation Workflow and IBM Business Process Manager (BPM) - CVE-2020-35618 Source: CCN Type: IBM Security Bulletin 6607101 (App Connect Enterprise) IBM Integration Bus and IBM App Connect Enterprise are vulnerable to a denial of service due to jackson-databind (CVE-2020-36518) Source: CCN Type: IBM Security Bulletin 6611967 (Cloud Pak for Automation) Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for July 2022 Source: CCN Type: IBM Security Bulletin 6613321 (Process Mining) Vulnerability in FasterXML jackson-databind affects IBM Process Mining . CVE-2020-36518 Source: CCN Type: IBM Security Bulletin 6615285 (Cognos Analytics) IBM Cognos Analytics has addressed multiple vulnerabilities Source: CCN Type: IBM Security Bulletin 6825139 (QRadar User Behavior Analytics) Multiple vulnerabilities in Zookeeper affecting IBM QRadar User Behavior Analytics (CVE-2022-2191, CVE-2022-2047, CVE-2022-2048, CVE-2022-24823, CVE-2020-36518) Source: CCN Type: IBM Security Bulletin 6828455 (z/Transaction Processing Facility) z/Transaction Processing Facility is affected by multiple vulnerabilities in the jackson-databind, jackson-dataformat-xml, jackson-core, slf4j-ext, and cxf-core packages Source: CCN Type: IBM Security Bulletin 6832944 (Business Automation Manager Open Editions) Multiple security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 8.0.1 Source: CCN Type: Oracle CPUApr2022 Oracle Critical Patch Update Advisory - April 2022 Source: cve@mitre.org Type: Third Party Advisory cve@mitre.org Source: CCN Type: Oracle CPUJul2022 Oracle Critical Patch Update Advisory - July 2022 Source: cve@mitre.org Type: Third Party Advisory cve@mitre.org | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Vulnerable Configuration: | Configuration CCN 1:![]() | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Oval Definitions | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
BACK |