Vulnerability Name:

CVE-2020-9547 (CCN-177103)

Assigned:2017-12-22
Published:2017-12-22
Updated:2021-12-02
Summary:FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig (aka ibatis-sqlmap).
CVSS v3 Severity:9.8 Critical (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
8.5 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
9.8 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
8.5 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
8.1 High (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
7.1 High (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-502
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2020-9547

Source: XF
Type: UNKNOWN
fasterxml-cve20209547-code-exec(177103)

Source: CCN
Type: jackson-databind GIT Repository
FasterXML jackson-databind

Source: MISC
Type: Patch, Third Party Advisory
https://github.com/FasterXML/jackson-databind/issues/2634

Source: MLIST
Type: Mailing List, Third Party Advisory
[zookeeper-issues] 20200308 [jira] [Commented] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546

Source: MISC
Type: Mailing List, Third Party Advisory
https://lists.apache.org/thread.html/r4accb2e0de9679174efd3d113a059bab71ff3ec53e882790d21c1cc1@%3Cnotifications.zookeeper.apache.org%3E

Source: MISC
Type: Mailing List, Third Party Advisory
https://lists.apache.org/thread.html/r742ef70d126548dcf7de5be5779355c9d76a9aec71d7a9ef02c6398a@%3Cnotifications.zookeeper.apache.org%3E

Source: MISC
Type: Mailing List, Third Party Advisory
https://lists.apache.org/thread.html/r893a0104e50c1c2559eb9a5812add28ae8c3e5f43712947a9847ec18@%3Cnotifications.zookeeper.apache.org%3E

Source: MLIST
Type: Mailing List, Third Party Advisory
[zookeeper-dev] 20200307 [jira] [Created] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546

Source: MLIST
Type: Mailing List, Third Party Advisory
[zookeeper-issues] 20200319 [jira] [Commented] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546

Source: MISC
Type: Mailing List, Third Party Advisory
https://lists.apache.org/thread.html/ra3e90712f2d59f8cef03fa796f5adf163d32b81fe7b95385f21790e6@%3Cnotifications.zookeeper.apache.org%3E

Source: MLIST
Type: Mailing List, Third Party Advisory
[zookeeper-issues] 20200307 [jira] [Created] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546

Source: MISC
Type: Mailing List, Third Party Advisory
https://lists.apache.org/thread.html/rc0d5d0f72da1ed6fc5e438b1ddb3fa090c73006b55f873cf845375ab@%3Cnotifications.zookeeper.apache.org%3E

Source: MLIST
Type: Mailing List, Third Party Advisory
[zookeeper-dev] 20200307 Build failed in Jenkins: PreCommit-ZOOKEEPER-github-pr-build-maven #1898

Source: MLIST
Type: Mailing List, Third Party Advisory
[zookeeper-issues] 20200319 [jira] [Updated] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546

Source: MLIST
Type: Mailing List, Third Party Advisory
[zookeeper-issues] 20200307 [jira] [Updated] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546

Source: MLIST
Type: Mailing List, Third Party Advisory
[zookeeper-issues] 20200430 [jira] [Resolved] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546

Source: MISC
Type: Mailing List, Third Party Advisory
https://lists.apache.org/thread.html/redbe4f1e21bf080f637cf9fbec47729750a2f443a919765360337428@%3Cnotifications.zookeeper.apache.org%3E

Source: MLIST
Type: Mailing List, Third Party Advisory
[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12

Source: MLIST
Type: Mailing List, Third Party Advisory
[debian-lts-announce] 20200305 [SECURITY] [DLA 2135-1] jackson-databind security update

Source: CCN
Type: Medium Web site
On Jackson CVEs: Don’t Panic — Here is what you need to know

Source: MISC
Type: Third Party Advisory
https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062

Source: CONFIRM
Type: Third Party Advisory
https://security.netapp.com/advisory/ntap-20200904-0006/

Source: CCN
Type: IBM Security Bulletin 6174489 (Platform Symphony)
Multiple vulnerabilities in jackson-databind affect IBM Platform Symphony and IBM Spectrum Symphony

Source: CCN
Type: IBM Security Bulletin 6208043 (Sterling B2B Integrator)
Multiple Security Vulnerabilities in Jackson-databind Affect IBM Sterling B2B Integrator

Source: CCN
Type: IBM Security Bulletin 6221336 (Spectrum Protect Plus)
Vulnerabilities in FasterXML jackson-databind affect IBM Spectrum Protect Plus (CVE-2020-9548, CVE-2020-9546. CVE-2020-9547, CVE-2020-8840, CVE-2019-20330)

Source: CCN
Type: IBM Security Bulletin 6228078 (Watson Discovery)
IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in FasterXML jackson-databind

Source: CCN
Type: IBM Security Bulletin 6243446 (Data Risk Manager)
IBM Data Risk Manager is affected by multiple vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6255694 (Rational Rhapsody Design Manager)
Multiple vulnerabilities affects IBM Jazz Foundation and IBM Engineering products.

Source: CCN
Type: IBM Security Bulletin 6256124 (Network Performance Insight)
jackson-databind (Publicly disclosed vulnerability) found in Network Performance Insight

Source: CCN
Type: IBM Security Bulletin 6324739 (Security Guardium Insights)
IBM Security Guardium Insights is affected by Components with known vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6347600 (Security Guardium)
IBM Security Guardium is affected by a jackson-databind vulnerability

Source: CCN
Type: IBM Security Bulletin 6348046 (Security Access Manager)
Security vulnerabilities have been fixed in the IBM Security Access Manager and IBM Security Verify Access products

Source: CCN
Type: IBM Security Bulletin 6446143 (Log Analysis)
Series of vulnerabilities in FasterXML jackson-databind affect Apache Solr shipped with IBM Operations Analytics - Log Analysis

Source: CCN
Type: IBM Security Bulletin 6452485 (InfoSphere Information Server)
IBM InfoSphere Information Server is affected by multiple vulnerabilities in Jackson databind

Source: CCN
Type: IBM Security Bulletin 6496727 (Sterling B2B Integrator)
Jackson-Databind Vulnerabilities Affect the B2B API of IBM Sterling B2B Integrator

Source: CCN
Type: IBM Security Bulletin 6528214 (Cloud Pak for Multicloud Management)
IBM Cloud Pak for Multicloud Management Monitoring has patched several open source dependencies

Source: CCN
Type: IBM Security Bulletin 6593435 (Process Mining)
Vulnerability in jackson-databind affects IBM Process Mining (Multiple CVEs)

Source: CCN
Type: IBM Security Bulletin 6595755 (Disconnected Log Collector)
IBM Disconnected Log Collector is vulnerable to using components with known vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6597241 (Cognos Analytics)
IBM Cognos Analytics has addressed multiple vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6828455 (z/Transaction Processing Facility)
z/Transaction Processing Facility is affected by multiple vulnerabilities in the jackson-databind, jackson-dataformat-xml, jackson-core, slf4j-ext, and cxf-core packages

Source: CCN
Type: IBM Security Bulletin 6840955 (Log Analysis)
Multiple vulnerabilities in Data-Binding for Jackson shipped with IBM Operations Analytics - Log Analysis

Source: CCN
Type: IBM Security Bulletin 6910171 (Integration Designer)
Multiple CVEs affect IBM Integration Designer

Source: CCN
Type: IBM Security Bulletin 6983482 (Security Verify Governance)
IBM Security Verify Governance is vulnerable to a denial of service caused by multiple vulnerabilities.

Source: MISC
Type: Patch, Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2021.html

Source: MISC
Type: Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2020.html

Source: MISC
Type: Patch, Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2020.html

Source: MISC
Type: Patch, Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2021.html

Vulnerable Configuration:Configuration 1:
  • cpe:/a:fasterxml:jackson-databind:*:*:*:*:*:*:*:* (Version >= 2.7.0 and < 2.7.9.7)
  • OR cpe:/a:fasterxml:jackson-databind:*:*:*:*:*:*:*:* (Version >= 2.8.0 and < 2.8.11.6)
  • OR cpe:/a:fasterxml:jackson-databind:*:*:*:*:*:*:*:* (Version >= 2.9.0 and < 2.9.10.4)

    • Configuration 2:
  • cpe:/a:netapp:active_iq_unified_manager:*:*:*:*:*:linux:*:* (Version >= 7.3
  • OR cpe:/a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:* (Version >= 7.3
  • OR cpe:/a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:* (Version >= 9.5

    • Configuration 3:
  • cpe:/o:debian:debian_linux:8.0:*:*:*:*:*:*:*

    • Configuration 4:
  • cpe:/a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:banking_platform:*:*:*:*:*:*:*:* (Version >= 2.4.0 and <= 2.9.0)
  • OR cpe:/a:oracle:communications_contacts_server:8.0.0.4.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:* (Version >= 12.0.0 and <= 12.0.3)
  • OR cpe:/a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:* (Version < 12.2.0.1.20)
  • OR cpe:/a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:* (Version < 9.2.4.2)
  • OR cpe:/a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:* (Version < 9.2.4.2)
  • OR cpe:/a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:primavera_unifier:*:*:*:*:*:*:*:* (Version >= 17.7 and <= 17.12)
  • OR cpe:/a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:retail_xstore_point_of_service:16.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:retail_xstore_point_of_service:17.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:retail_xstore_point_of_service:18.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:retail_xstore_point_of_service:19.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*

    • Configuration RedHat 1:
  • cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:fasterxml:jackson-databind:2.9.10.3:*:*:*:*:*:*:*
  • AND
  • cpe:/a:ibm:rational_rhapsody_design_manager:6.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:infosphere_information_server:11.7:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:spectrum_protect_plus:10.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:platform_symphony:7.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:platform_symphony:7.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:platform_symphony:7.2.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:sterling_b2b_integrator:6.0.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:sterling_b2b_integrator:5.2.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:sterling_b2b_integrator:6.0.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:watson_discovery:2.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:platform_symphony:7.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:platform_symphony:7.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:spectrum_protect_plus:10.1.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:data_risk_manager:2.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:data_risk_manager:2.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:data_risk_manager:2.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:data_risk_manager:2.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:data_risk_manager:2.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:data_risk_manager:2.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:sterling_b2b_integrator:6.0.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:watson_discovery:2.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:log_analysis:1.3.5.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:log_analysis:1.3.6.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:log_analysis:1.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:log_analysis:1.3.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:log_analysis:1.3.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:log_analysis:1.3.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:log_analysis:1.3.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:log_analysis:1.3.6:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:data_risk_manager:2.0.6.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:data_risk_manager:2.0.6.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_guardium_insights:2.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:log_analysis:1.3.6.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_guardium:11.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_verify_access:10.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_access_manager:9.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:sterling_b2b_integrator:6.1.0.0:*:*:*:standard:*:*:*
  • OR cpe:/a:ibm:integration_designer:20.0.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cognos_analytics:11.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cognos_analytics:11.1.7:-:*:*:*:*:*:*
  • OR cpe:/a:ibm:cognos_analytics:11.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_verify_governance:10.0:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:com.redhat.rhsa:def:20201644
    P
    		RHSA-2020:1644: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update (Moderate)
    2020-04-28
    oval:com.ubuntu.bionic:def:202095470000000
    V
    		CVE-2020-9547 on Ubuntu 18.04 LTS (bionic) - untriaged.
    2020-03-02
    oval:com.ubuntu.xenial:def:202095470000000
    V
    		CVE-2020-9547 on Ubuntu 16.04 LTS (xenial) - untriaged.
    2020-03-02
    BACK
    fasterxml jackson-databind *
    fasterxml jackson-databind *
    fasterxml jackson-databind *
    netapp active iq unified manager *
    netapp active iq unified manager *
    netapp active iq unified manager *
    debian debian linux 8.0
    oracle autovue for agile product lifecycle management 21.0.2
    oracle banking platform *
    oracle communications contacts server 8.0.0.4.0
    oracle communications evolved communications application server 7.1
    oracle communications instant messaging server 10.0.1.4.0
    oracle communications network charging and control 6.0.1
    oracle communications network charging and control *
    oracle enterprise manager base platform 13.3.0.0
    oracle enterprise manager base platform 13.4.0.0
    oracle global lifecycle management opatch *
    oracle jd edwards enterpriseone orchestrator *
    oracle jd edwards enterpriseone tools *
    oracle primavera unifier 16.1
    oracle primavera unifier 16.2
    oracle primavera unifier *
    oracle primavera unifier 18.8
    oracle primavera unifier 19.12
    oracle retail xstore point of service 15.0
    oracle retail xstore point of service 16.0
    oracle retail xstore point of service 17.0
    oracle retail xstore point of service 18.0
    oracle retail xstore point of service 19.0
    oracle weblogic server 12.2.1.3.0
    oracle weblogic server 12.2.1.4.0
    fasterxml jackson-databind 2.9.10.3
    ibm rational rhapsody design manager 6.0.2
    ibm infosphere information server 11.7
    ibm spectrum protect plus 10.1.0
    ibm platform symphony 7.1.1
    ibm platform symphony 7.1.2
    ibm platform symphony 7.2.0.2
    ibm sterling b2b integrator 6.0.0.0
    ibm sterling b2b integrator 5.2.0.0
    ibm sterling b2b integrator 6.0.1.0
    ibm watson discovery 2.0.0
    ibm platform symphony 7.3
    ibm platform symphony 7.2.1
    ibm spectrum protect plus 10.1.5
    ibm data risk manager 2.0.1
    ibm data risk manager 2.0.2
    ibm data risk manager 2.0.3
    ibm data risk manager 2.0.4
    ibm data risk manager 2.0.5
    ibm data risk manager 2.0.6
    ibm sterling b2b integrator 6.0.3.1
    ibm watson discovery 2.1.2
    ibm log analysis 1.3.5.3
    ibm log analysis 1.3.6.0
    ibm log analysis 1.3.1
    ibm log analysis 1.3.2
    ibm log analysis 1.3.3
    ibm log analysis 1.3.4
    ibm log analysis 1.3.5
    ibm log analysis 1.3.6
    ibm data risk manager 2.0.6.1
    ibm data risk manager 2.0.6.2
    ibm security guardium insights 2.0.1
    ibm log analysis 1.3.6.1
    ibm security guardium 11.2
    ibm security verify access 10.0.0
    ibm security access manager 9.0.7
    ibm sterling b2b integrator 6.1.0.0
    ibm integration designer 20.0.0.2
    ibm cognos analytics 11.2.0
    ibm cognos analytics 11.1.7
    ibm cognos analytics 11.2.1
    ibm security verify governance 10.0