Vulnerabilities > CVE-2020-36189 - Deserialization of Untrusted Data vulnerability in multiple products

CVSS 8.1 - HIGH

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

high complexity

NVD

Published: 2021-01-06

Updated: 2023-09-13

Summary

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource.

Vulnerable Configurations

Part	Description	Count
Application	Fasterxml Fasterxml Jackson Databind 2.0.0 Fasterxml Jackson Databind 2.0.1 Fasterxml Jackson Databind 2.0.2 Fasterxml Jackson Databind 2.0.4 Fasterxml Jackson Databind 2.0.5 Fasterxml Jackson Databind 2.0.6 Fasterxml Jackson Databind 2.1.0 Fasterxml Jackson Databind 2.1.1 Fasterxml Jackson Databind 2.1.2 Fasterxml Jackson Databind 2.1.3 Fasterxml Jackson Databind 2.1.4 Fasterxml Jackson Databind 2.1.5 Fasterxml Jackson Databind 2.2.0 Fasterxml Jackson Databind 2.2.1 Fasterxml Jackson Databind 2.2.2 Fasterxml Jackson Databind 2.2.3 Fasterxml Jackson Databind 2.2.4 Fasterxml Jackson Databind 2.3.0 Fasterxml Jackson Databind 2.3.1 Fasterxml Jackson Databind 2.3.2 Fasterxml Jackson Databind 2.3.3 Fasterxml Jackson Databind 2.3.4 Fasterxml Jackson Databind 2.3.5 Fasterxml Jackson Databind 2.4.0 Fasterxml Jackson Databind 2.4.1 Fasterxml Jackson Databind 2.4.1.1 Fasterxml Jackson Databind 2.4.1.2 Fasterxml Jackson Databind 2.4.1.3 Fasterxml Jackson Databind 2.4.2 Fasterxml Jackson Databind 2.4.3 Fasterxml Jackson Databind 2.4.4 Fasterxml Jackson Databind 2.4.5 Fasterxml Jackson Databind 2.4.5.1 Fasterxml Jackson Databind 2.4.6 Fasterxml Jackson Databind 2.4.6.1 Fasterxml Jackson Databind 2.5.0 Fasterxml Jackson Databind 2.5.1 Fasterxml Jackson Databind 2.5.2 Fasterxml Jackson Databind 2.5.3 Fasterxml Jackson Databind 2.5.4 Fasterxml Jackson Databind 2.5.5 Fasterxml Jackson Databind 2.6.0 Fasterxml Jackson Databind 2.6.1 Fasterxml Jackson Databind 2.6.2 Fasterxml Jackson Databind 2.6.3 Fasterxml Jackson Databind 2.6.4 Fasterxml Jackson Databind 2.6.5 Fasterxml Jackson Databind 2.6.6 Fasterxml Jackson Databind 2.6.7 Fasterxml Jackson Databind 2.6.7.1 Fasterxml Jackson Databind 2.6.7.2 Fasterxml Jackson Databind 2.6.7.3 Fasterxml Jackson Databind 2.6.7.4 Fasterxml Jackson Databind 2.7.0 Fasterxml Jackson Databind 2.7.1 Fasterxml Jackson Databind 2.7.1-1 Fasterxml Jackson Databind 2.7.2 Fasterxml Jackson Databind 2.7.3 Fasterxml Jackson Databind 2.7.4 Fasterxml Jackson Databind 2.7.5 Fasterxml Jackson Databind 2.7.6 Fasterxml Jackson Databind 2.7.7 Fasterxml Jackson Databind 2.7.8 Fasterxml Jackson Databind 2.7.9 Fasterxml Jackson Databind 2.7.9.1 Fasterxml Jackson Databind 2.7.9.2 Fasterxml Jackson Databind 2.7.9.3 Fasterxml Jackson Databind 2.7.9.4 Fasterxml Jackson Databind 2.7.9.5 Fasterxml Jackson Databind 2.7.9.6 Fasterxml Jackson Databind 2.7.9.7 Fasterxml Jackson Databind 2.8.0 Fasterxml Jackson Databind 2.8.1 Fasterxml Jackson Databind 2.8.2 Fasterxml Jackson Databind 2.8.3 Fasterxml Jackson Databind 2.8.4 Fasterxml Jackson Databind 2.8.5 Fasterxml Jackson Databind 2.8.6 Fasterxml Jackson Databind 2.8.7 Fasterxml Jackson Databind 2.8.8 Fasterxml Jackson Databind 2.8.8.1 Fasterxml Jackson Databind 2.8.9 Fasterxml Jackson Databind 2.8.10 Fasterxml Jackson Databind 2.8.11 Fasterxml Jackson Databind 2.8.11.1 Fasterxml Jackson Databind 2.8.11.2 Fasterxml Jackson Databind 2.8.11.3 Fasterxml Jackson Databind 2.8.11.4 Fasterxml Jackson Databind 2.8.11.5 Fasterxml Jackson Databind 2.8.11.6 Fasterxml Jackson Databind 2.9.0 Fasterxml Jackson Databind 2.9.1 Fasterxml Jackson Databind 2.9.2 Fasterxml Jackson Databind 2.9.3 Fasterxml Jackson Databind 2.9.4 Fasterxml Jackson Databind 2.9.5 Fasterxml Jackson Databind 2.9.6 Fasterxml Jackson Databind 2.9.7 Fasterxml Jackson Databind 2.9.8 Fasterxml Jackson Databind 2.9.9 Fasterxml Jackson Databind 2.9.9.1 Fasterxml Jackson Databind 2.9.9.2 Fasterxml Jackson Databind 2.9.9.3 Fasterxml Jackson Databind 2.9.9.4 Fasterxml Jackson Databind 2.9.10 Fasterxml Jackson Databind 2.9.10.1 Fasterxml Jackson Databind 2.9.10.2 Fasterxml Jackson Databind 2.9.10.3 Fasterxml Jackson Databind 2.9.10.4 Fasterxml Jackson Databind 2.9.10.5 Fasterxml Jackson Databind 2.9.10.6 Fasterxml Jackson Databind 2.9.10.7	142
Application	Netapp Netapp Cloud Backup - Netapp Service Level Manager -	2
Application	Oracle Oracle Webcenter Portal 12.2.1.3.0 Oracle Webcenter Portal 12.2.1.4.0 Oracle Application Testing Suite 13.3.0.1 Oracle Banking Platform 2.6.2 Oracle Banking Platform 2.7.0 Oracle Banking Platform 2.7.1 Oracle Banking Platform 2.9.0 Oracle Banking Platform 2.8.0 Oracle Banking Platform 2.10.0 Oracle Primavera Unifier 18.8 Oracle Primavera Unifier 17.7 Oracle Primavera Unifier 17.8 Oracle Primavera Unifier 17.9 Oracle Primavera Unifier 17.10 Oracle Primavera Unifier 17.11 Oracle Primavera Unifier 17.12 Oracle Primavera Unifier 19.12 Oracle Primavera Unifier 20.12 Oracle Agile PLM 9.3.6 Oracle Communications Billing AND Revenue Management 12.0.0.3.0 Oracle Communications Billing AND Revenue Management 7.5.0.23.0 Oracle Communications Services Gatekeeper 7.0 Oracle Retail Merchandising System 15.0.3 Oracle Communications Evolved Communications Application Server 7.1 Oracle Goldengate Application Adapters 19.1.0.0.0 Oracle Retail Service Backbone 16.0.3 Oracle Retail Service Backbone 15.0.3.1 Oracle Retail Service Backbone 14.1.3.2 Oracle Banking Virtual Account Management 14.3.0 Oracle Banking Virtual Account Management 14.2.0 Oracle Banking Virtual Account Management 14.5.0 Oracle Insurance Rules Palette 11.0.2 Oracle Insurance Rules Palette 11.1.0 Oracle Insurance Rules Palette 11.1.0.15 Oracle Insurance Rules Palette 11.2.0 Oracle Insurance Rules Palette 11.2.0.26 Oracle Insurance Rules Palette 11.2.7 Oracle Insurance Rules Palette 11.2.8 Oracle Insurance Rules Palette 11.3.0 Oracle Communications Interactive Session Recorder 6.3 Oracle Communications Interactive Session Recorder 6.4 Oracle Commerce Platform 11.3.0 Oracle Commerce Platform 11.3.1 Oracle Commerce Platform 11.3.2 Oracle Commerce Platform 11.2.0 Oracle Communications Diameter Signaling Router 8.0.0 Oracle Communications Diameter Signaling Router 8.0.0.0 Oracle Communications Diameter Signaling Router 8.1 Oracle Communications Diameter Signaling Router 8.2 Oracle Communications Diameter Signaling Router 8.2.1 Oracle Communications Diameter Signaling Router 8.2.2 Oracle Communications Diameter Signaling Router 8.3 Oracle Communications Diameter Signaling Router 8.3.0.0 Oracle Communications Diameter Signaling Router 8.4 Oracle Communications Diameter Signaling Router 8.4.0.0 Oracle Communications Diameter Signaling Router 8.4.0.5 Oracle Communications Diameter Signaling Router 8.5.0 Oracle Communications Unified Inventory Management 7.4.1 Oracle Retail Xstore Point OF Service 16.0.6 Oracle Retail Xstore Point OF Service 17.0.4 Oracle Retail Xstore Point OF Service 18.0.3 Oracle Retail Xstore Point OF Service 19.0.2 Oracle JD Edwards Enterpriseone Orchestrator - Oracle JD Edwards Enterpriseone Orchestrator 9.2 Oracle JD Edwards Enterpriseone Orchestrator 9.2.4.2 Oracle JD Edwards Enterpriseone Orchestrator 9.2.5.0 Oracle JD Edwards Enterpriseone Orchestrator 9.2.5.1 Oracle Insurance Policy Administration 11.1.0 Oracle Insurance Policy Administration 11.2.0 Oracle Insurance Policy Administration 11.2.7 Oracle Insurance Policy Administration 11.2.8 Oracle Insurance Policy Administration 11.3.0 Oracle Insurance Policy Administration 11.0.2 Oracle Primavera Gateway 20.12.0 Oracle Primavera Gateway 19.12.0 Oracle Primavera Gateway 19.12.4 Oracle Primavera Gateway 19.12.10 Oracle Primavera Gateway 18.8.0 Oracle Primavera Gateway 18.8.8 Oracle Primavera Gateway 18.8.8.1 Oracle Primavera Gateway 18.8.9 Oracle Primavera Gateway 18.8.11 Oracle Primavera Gateway 17.12.0 Oracle Primavera Gateway 17.12.6 Oracle Primavera Gateway 17.12.7 Oracle Primavera Gateway 17.12.8 Oracle Primavera Gateway 17.12.9 Oracle Primavera Gateway 17.12.10 Oracle Primavera Gateway 17.12.11 Oracle Communications Cloud Native Core Unified Data Repository 1.4.0 Oracle Communications Network Charging AND Control 12.0.4.0.0 Oracle Communications Convergent Charging Controller 12.0.4.0.0 Oracle Retail Customer Management AND Segmentation Foundation 16.0 Oracle Retail Customer Management AND Segmentation Foundation 16.0.1 Oracle Retail Customer Management AND Segmentation Foundation 16.0.2 Oracle Retail Customer Management AND Segmentation Foundation 17.0 Oracle Retail Customer Management AND Segmentation Foundation 17.0.1 Oracle Retail Customer Management AND Segmentation Foundation 18.0 Oracle Retail Customer Management AND Segmentation Foundation 18.1 Oracle Retail Customer Management AND Segmentation Foundation 19.0 Oracle JD Edwards Enterpriseone Tools - Oracle JD Edwards Enterpriseone Tools 4.0.1.0 Oracle JD Edwards Enterpriseone Tools 9.1 Oracle JD Edwards Enterpriseone Tools 9.1.5 Oracle JD Edwards Enterpriseone Tools 9.2 Oracle JD Edwards Enterpriseone Tools 9.2.4.0 Oracle JD Edwards Enterpriseone Tools 9.2.4.2 Oracle JD Edwards Enterpriseone Tools 9.2.5.0 Oracle JD Edwards Enterpriseone Tools 9.2.5.3 Oracle Autovue FOR Agile Product Lifecycle Management 21.0.2 Oracle Documaker 12.6.3 Oracle Documaker 12.6.4 Oracle Communications Messaging Server 8.1 Oracle Communications Messaging Server 8.0.2 Oracle Banking Treasury Management 14.4 Oracle Communications Session Route Manager 8.2.0.0 Oracle Communications Session Route Manager 8.2.1 Oracle Communications Session Route Manager 8.2.2 Oracle Communications Session Route Manager 8.2.2.1 Oracle Communications Pricing Design Center 12.0.0.4.0 Oracle Communications Cloud Native Core Policy 1.14.0 Oracle Communications Instant Messaging Server 10.0.1.5.0 Oracle Communications Offline Mediation Controller 12.0.0.3 Oracle Blockchain Platform -	124
OS	Debian Debian Debian Linux 9.0	1

Common Weakness Enumeration (CWE)

CWE-502 - Deserialization of Untrusted Data

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References