Vulnerability Name:

CVE-2020-5411 (CCN-183336)

Assigned:2020-06-10
Published:2020-06-10
Updated:2020-08-07
Summary:When configured to enable default typing, Jackson contained a deserialization vulnerability that could lead to arbitrary code execution. Jackson fixed this vulnerability by blacklisting known "deserialization gadgets". Spring Batch configures Jackson with global default typing enabled which means that through the previous exploit, arbitrary code could be executed if all of the following is true: * Spring Batch's Jackson support is being leveraged to serialize a job's ExecutionContext. * A malicious user gains write access to the data store used by the JobRepository (where the data to be deserialized is stored). In order to protect against this type of attack, Jackson prevents a set of untrusted gadget classes from being deserialized. Spring Batch should be proactive against blocking unknown "deserialization gadgets" when enabling default typing.
CVSS v3 Severity:8.1 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
7.1 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
9.8 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
8.5 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-502
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2020-5411

Source: XF
Type: UNKNOWN
vmware-cve20205411-code-exec(183336)

Source: CCN
Type: VMware Tanzu Web site
CVE-2020-5411: Jackson Configuration Allows Code Execution with Unknown "Serialization Gadgets"

Source: CONFIRM
Type: Vendor Advisory
https://tanzu.vmware.com/security/cve-2020-5411

Source: CCN
Type: IBM Security Bulletin 6410788 (Data Risk Manager)
IBM Data Risk Manager is affected by multiple vulnerabilities

Vulnerable Configuration:Configuration 1:
  • cpe:/a:pivotal_software:spring_batch:*:*:*:*:*:*:*:* (Version >= 4.0.0 and <= 4.0.4)
  • OR cpe:/a:pivotal_software:spring_batch:*:*:*:*:*:*:*:* (Version >= 4.1.0 and <= 4.1.4)
  • OR cpe:/a:pivotal_software:spring_batch:*:*:*:*:*:*:*:* (Version >= 4.2.0 and <= 4.2.2)

    • Configuration CCN 1:
  • cpe:/a:ibm:data_risk_manager:2.0.6:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    pivotal_software spring batch *
    pivotal_software spring batch *
    pivotal_software spring batch *
    ibm data risk manager 2.0.6