Vulnerabilities > Oracle > Utilities Advanced Spatial AND Operational Analytics > 2.7.0.1

DATE	CVE	VULNERABILITY TITLE	RISK
2019-07-09	CVE-2018-11307	Deserialization of Untrusted Data vulnerability in multiple products An issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.5. network low complexity fasterxml redhat oracle CWE-502 critical	9.8
2018-02-06	CVE-2017-7525	Incomplete Blacklist vulnerability in multiple products A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. network low complexity fasterxml debian netapp redhat oracle CWE-184 critical	9.8
2018-02-06	CVE-2017-15095	Deserialization of Untrusted Data vulnerability in multiple products A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. network low complexity fasterxml debian redhat netapp oracle CWE-502 critical	9.8
2017-04-17	CVE-2017-5645	Deserialization of Untrusted Data vulnerability in multiple products In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code. network low complexity apache netapp redhat oracle CWE-502 critical	9.8

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.