Vulnerabilities > CVE-2020-24750 - Deserialization of Untrusted Data vulnerability in multiple products

CVSS 8.1 - HIGH

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

high complexity

NVD

Published: 2020-09-17

Updated: 2023-09-13

Summary

FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.

Vulnerable Configurations

Part	Description	Count
Application	Fasterxml Fasterxml Jackson Databind 2.0.0 Fasterxml Jackson Databind 2.0.1 Fasterxml Jackson Databind 2.0.2 Fasterxml Jackson Databind 2.0.4 Fasterxml Jackson Databind 2.0.5 Fasterxml Jackson Databind 2.0.6 Fasterxml Jackson Databind 2.1.0 Fasterxml Jackson Databind 2.1.1 Fasterxml Jackson Databind 2.1.2 Fasterxml Jackson Databind 2.1.3 Fasterxml Jackson Databind 2.1.4 Fasterxml Jackson Databind 2.1.5 Fasterxml Jackson Databind 2.2.0 Fasterxml Jackson Databind 2.2.1 Fasterxml Jackson Databind 2.2.2 Fasterxml Jackson Databind 2.2.3 Fasterxml Jackson Databind 2.2.4 Fasterxml Jackson Databind 2.3.0 Fasterxml Jackson Databind 2.3.1 Fasterxml Jackson Databind 2.3.2 Fasterxml Jackson Databind 2.3.3 Fasterxml Jackson Databind 2.3.4 Fasterxml Jackson Databind 2.3.5 Fasterxml Jackson Databind 2.4.0 Fasterxml Jackson Databind 2.4.1 Fasterxml Jackson Databind 2.4.1.1 Fasterxml Jackson Databind 2.4.1.2 Fasterxml Jackson Databind 2.4.1.3 Fasterxml Jackson Databind 2.4.2 Fasterxml Jackson Databind 2.4.3 Fasterxml Jackson Databind 2.4.4 Fasterxml Jackson Databind 2.4.5 Fasterxml Jackson Databind 2.4.5.1 Fasterxml Jackson Databind 2.4.6 Fasterxml Jackson Databind 2.4.6.1 Fasterxml Jackson Databind 2.5.0 Fasterxml Jackson Databind 2.5.1 Fasterxml Jackson Databind 2.5.2 Fasterxml Jackson Databind 2.5.3 Fasterxml Jackson Databind 2.5.4 Fasterxml Jackson Databind 2.5.5 Fasterxml Jackson Databind 2.6.0 Fasterxml Jackson Databind 2.6.1 Fasterxml Jackson Databind 2.6.2 Fasterxml Jackson Databind 2.6.3 Fasterxml Jackson Databind 2.6.4 Fasterxml Jackson Databind 2.6.5 Fasterxml Jackson Databind 2.6.6 Fasterxml Jackson Databind 2.6.7 Fasterxml Jackson Databind 2.6.7.1 Fasterxml Jackson Databind 2.6.7.2 Fasterxml Jackson Databind 2.6.7.3 Fasterxml Jackson Databind 2.6.7.4 Fasterxml Jackson Databind 2.7.0 Fasterxml Jackson Databind 2.7.1 Fasterxml Jackson Databind 2.7.1-1 Fasterxml Jackson Databind 2.7.2 Fasterxml Jackson Databind 2.7.3 Fasterxml Jackson Databind 2.7.4 Fasterxml Jackson Databind 2.7.5 Fasterxml Jackson Databind 2.7.6 Fasterxml Jackson Databind 2.7.7 Fasterxml Jackson Databind 2.7.8 Fasterxml Jackson Databind 2.7.9 Fasterxml Jackson Databind 2.7.9.1 Fasterxml Jackson Databind 2.7.9.2 Fasterxml Jackson Databind 2.7.9.3 Fasterxml Jackson Databind 2.7.9.4 Fasterxml Jackson Databind 2.7.9.5 Fasterxml Jackson Databind 2.7.9.6 Fasterxml Jackson Databind 2.7.9.7 Fasterxml Jackson Databind 2.8.0 Fasterxml Jackson Databind 2.8.1 Fasterxml Jackson Databind 2.8.2 Fasterxml Jackson Databind 2.8.3 Fasterxml Jackson Databind 2.8.4 Fasterxml Jackson Databind 2.8.5 Fasterxml Jackson Databind 2.8.6 Fasterxml Jackson Databind 2.8.7 Fasterxml Jackson Databind 2.8.8 Fasterxml Jackson Databind 2.8.8.1 Fasterxml Jackson Databind 2.8.9 Fasterxml Jackson Databind 2.8.10 Fasterxml Jackson Databind 2.8.11 Fasterxml Jackson Databind 2.8.11.1 Fasterxml Jackson Databind 2.8.11.2 Fasterxml Jackson Databind 2.8.11.3 Fasterxml Jackson Databind 2.8.11.4 Fasterxml Jackson Databind 2.8.11.5 Fasterxml Jackson Databind 2.8.11.6 Fasterxml Jackson Databind 2.9.0 Fasterxml Jackson Databind 2.9.1 Fasterxml Jackson Databind 2.9.2 Fasterxml Jackson Databind 2.9.3 Fasterxml Jackson Databind 2.9.4 Fasterxml Jackson Databind 2.9.5 Fasterxml Jackson Databind 2.9.6 Fasterxml Jackson Databind 2.9.7 Fasterxml Jackson Databind 2.9.8 Fasterxml Jackson Databind 2.9.9 Fasterxml Jackson Databind 2.9.9.1 Fasterxml Jackson Databind 2.9.9.2 Fasterxml Jackson Databind 2.9.9.3 Fasterxml Jackson Databind 2.9.9.4 Fasterxml Jackson Databind 2.9.10 Fasterxml Jackson Databind 2.9.10.1 Fasterxml Jackson Databind 2.9.10.2 Fasterxml Jackson Databind 2.9.10.3 Fasterxml Jackson Databind 2.9.10.4 Fasterxml Jackson Databind 2.9.10.5	140
Application	Oracle Oracle Application Testing Suite 13.3.0.1 Oracle Agile PLM 9.3.6 Oracle Communications Policy Management 12.5.0 Oracle Communications Diameter Signaling Router 8.0.0 Oracle Communications Diameter Signaling Router 8.0.0.0 Oracle Communications Diameter Signaling Router 8.1 Oracle Communications Diameter Signaling Router 8.2 Oracle Communications Diameter Signaling Router 8.2.1 Oracle Communications Diameter Signaling Router 8.2.2 Oracle Communications Offline Mediation Controller 12.0.0.3.0 Oracle Communications Services Gatekeeper 7.0 Oracle Communications Contacts Server 8.0.0.5.0 Oracle Communications Contacts Server 8.0 Oracle Communications Calendar Server 8.0.0.4.0 Oracle Communications Calendar Server 8.0 Oracle Banking Credit Facilities Process Management 14.3.0 Oracle Banking Credit Facilities Process Management 14.2.0 Oracle Banking Credit Facilities Process Management 14.5.0 Oracle Banking Corporate Lending Process Management 14.3.0 Oracle Banking Corporate Lending Process Management 14.2.0 Oracle Banking Corporate Lending Process Management 14.5.0 Oracle Siebel Core Server Framework - Oracle Siebel Core Server Framework 19.0 Oracle Siebel Core Server Framework 20.12 Oracle Siebel Core Server Framework 21.5 Oracle Communications Unified Inventory Management 7.4.1 Oracle Communications Element Manager 8.2.0 Oracle Communications Element Manager 8.2.0.0 Oracle Communications Element Manager 8.2.1 Oracle Communications Element Manager 8.2.2 Oracle Communications Element Manager 8.2.2.1 Oracle Communications Element Manager 8.2.4.0 Oracle Autovue FOR Agile Product Lifecycle Management 21.0.2 Oracle Banking Supply Chain Finance 14.2.0 Oracle Banking Supply Chain Finance 14.5.0 Oracle Banking Supply Chain Finance 14.3.0 Oracle Communications Messaging Server 8.1 Oracle Siebel UI Framework - Oracle Siebel UI Framework 8.1.1 Oracle Siebel UI Framework 8.2.2 Oracle Siebel UI Framework 16.0 Oracle Siebel UI Framework 16.1 Oracle Siebel UI Framework 17.0 Oracle Siebel UI Framework 18.0 Oracle Siebel UI Framework 18.7 Oracle Siebel UI Framework 18.8 Oracle Siebel UI Framework 18.9 Oracle Siebel UI Framework 18.10 Oracle Siebel UI Framework 18.11 Oracle Siebel UI Framework 19.0 Oracle Siebel UI Framework 19.7 Oracle Siebel UI Framework 19.8 Oracle Siebel UI Framework 19.10 Oracle Siebel UI Framework 20.1 Oracle Siebel UI Framework 20.2 Oracle Siebel UI Framework 20.5 Oracle Siebel UI Framework 20.6 Oracle Siebel UI Framework 20.8 Oracle Siebel UI Framework 20.12 Oracle Siebel UI Framework 21.0 Oracle Siebel UI Framework 21.2 Oracle Identity Manager Connector 11.1.1.5.0 Oracle Banking Liquidity Management 14.3 Oracle Banking Liquidity Management 14.5 Oracle Banking Liquidity Management 14.2 Oracle Communications Session Route Manager 8.2.0 Oracle Communications Session Route Manager 8.2.0.0 Oracle Communications Session Route Manager 8.2.1 Oracle Communications Session Route Manager 8.2.2 Oracle Communications Session Route Manager 8.2.2.1 Oracle Communications Session Report Manager 8.0.0.0 Oracle Communications Session Report Manager 8.1.0 Oracle Communications Session Report Manager 8.1.1 Oracle Communications Session Report Manager 8.2.0 Oracle Communications Session Report Manager 8.2.1 Oracle Communications Session Report Manager 8.2.2 Oracle Communications Session Report Manager 8.2.2.1 Oracle Communications Pricing Design Center 12.0.0.4.0 Oracle Communications Instant Messaging Server 10.0.1.5.0 Oracle Blockchain Platform -	80
OS	Debian Debian Debian Linux 9.0	1

Common Weakness Enumeration (CWE)

CWE-502 - Deserialization of Untrusted Data

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References