ID

VAR-201903-0926


CVE

CVE-2018-12023


TITLE

FasterXML jackson-databind Code problem vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-201901-723

DESCRIPTION

An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Oracle JDBC jar in the classpath, and an attacker can provide an LDAP service to access, it is possible to make the service execute a malicious payload. FasterXML Jackson is a data processing tool for Java developed by American FasterXML Company. jackson-databind is one of the components with data binding function. A remote attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service within the context of the affected application. Description: Red Hat Decision Manager is an open source decision management platform that combines business rules management, complex event processing, Decision Model & Notation (DMN) execution, and Business Optimizer for solving planning problems. It automates business decisions and makes that logic available to the entire business. Updating instructions and release notes may be found at: https://access.redhat.com/articles/3060411 4. The References section of this erratum contains a download link (you must log in to download the update). The JBoss server process must be restarted for the update to take effect. For the stable distribution (stretch), these problems have been fixed in version 2.8.6-1+deb9u5. We recommend that you upgrade your jackson-databind packages. For the detailed security status of jackson-databind please refer to its security tracker page at: https://security-tracker.debian.org/tracker/jackson-databind Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlzoWnMACgkQEMKTtsN8 TjYKuA//TDDdI43NQ1mLh+bu0jrQOHZf8QLv/68kHpHe0kMAc92kSkK/k8GojxxZ u2BmBM8sYp7XzRN1wGfuh04BDnA6t9NdWl5VG/jaL2npubV6GeKa3b1trEol0WRw WJmwDkrp946XchxJZJyEU9QICaMBU4seDjq2nhSEzJhBiS6dHxh1PkCqpA0xL1iH yN/ZmSWbgIeZIbFMUiV6SghbXpEEAQjBVzeo7tbWddzDMV7atQdErpfOLoeAiWY3 6ER/AQqulMVaC3odGglzU2OksDfeRN4TIAVKhv7t0Jb6hJkJU3a5TJOe/jvWuNna b3+psiLU1LHHwlWZuUAbiFx6HZkLj0kxHH1IR9Om42MJ++lCZA78JbxwgfW9JsOH xbo+334isNCM6P7sdyvxabqwCSWbUFb+6eUR6Hqe9HaTrhWZPln3VL/pwszT7HSA Ut6RRIUcHu0BdMZZv08dO015j5Gk/a314BAvUQyRejYmM6WNQwwOkNHGp5I66VhA S284hCKozpttwG3ogDjbzwvCcmzUr757cgn4ACC6nXjfVnxz/u/WeMEAJfoYFPW8 +MKh7SkB1wADYBjgDt/HAG2e1A5GOjrtNO92x0GQ62iIs53iRvct6WmEJr4eQ/7T n3frp2khA85wvPhz3oj07KMxrnF4yBtrR6TO+eVkZAMp/COnosA= =PkmH -----END PGP SIGNATURE----- . (CVE-2019-12086) * jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server via crafted JSON message. (CVE-2019-12814) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution: For OpenShift Container Platform 4.1 see the following documentation, which will be updated shortly for release 4.1.18, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.openshift.com/container-platform/4.1/release_notes/ocp-4-1-rel ease-notes.html 4. 1725795 - CVE-2019-12814 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server via crafted JSON message. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat JBoss Enterprise Application Platform 7.2.1 on RHEL 6 security update Advisory ID: RHSA-2019:1107-01 Product: Red Hat JBoss Enterprise Application Platform Advisory URL: https://access.redhat.com/errata/RHSA-2019:1107 Issue date: 2019-05-08 CVE Names: CVE-2018-11307 CVE-2018-12022 CVE-2018-12023 CVE-2018-14642 CVE-2018-14720 CVE-2018-14721 CVE-2019-3805 CVE-2019-3894 ==================================================================== 1. Summary: An update is now available for Red Hat JBoss Enterprise Application Platform 7.2 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat JBoss EAP 7.2 for RHEL 6 Server - noarch, x86_64 3. Description: Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on JBoss Application Server 7. This release of Red Hat JBoss Enterprise Application Platform 7.2.1 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.2.0, and includes bug fixes and enhancements. Refer to the Red Hat JBoss Enterprise Application Platform 7.2.1 Release Notes for information on the most significant bug fixes and enhancements included in this release. Security Fix(es): * jackson-databind: Potential information exfiltration with default typing, serialization gadget from MyBatis (CVE-2018-11307) * jackson-databind: improper polymorphic deserialization of types from Jodd-db library (CVE-2018-12022) * jackson-databind: improper polymorphic deserialization of types from Oracle JDBC driver (CVE-2018-12023) * undertow: Infoleak in some circumstances where Undertow can serve data from a random buffer (CVE-2018-14642) * jackson-databind: exfiltration/XXE in some JDK classes (CVE-2018-14720) * jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class (CVE-2018-14721) * wildfly: Race condition on PID file allows for termination of arbitrary processes by local users (CVE-2019-3805) * wildfly: wrong SecurityIdentity for EE concurrency threads that are reused (CVE-2019-3894) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications. For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1628702 - CVE-2018-14642 undertow: Infoleak in some circumstances where Undertow can serve data from a random buffer 1660263 - CVE-2019-3805 wildfly: Race condition on PID file allows for termination of arbitrary processes by local users 1666423 - CVE-2018-14720 jackson-databind: exfiltration/XXE in some JDK classes 1666428 - CVE-2018-14721 jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class 1671096 - CVE-2018-12023 jackson-databind: improper polymorphic deserialization of types from Oracle JDBC driver 1671097 - CVE-2018-12022 jackson-databind: improper polymorphic deserialization of types from Jodd-db library 1677341 - CVE-2018-11307 jackson-databind: Potential information exfiltration with default typing, serialization gadget from MyBatis 1682108 - CVE-2019-3894 wildfly: wrong SecurityIdentity for EE concurrency threads that are reused 6. JIRA issues fixed (https://issues.jboss.org/): JBEAP-14861 - [GSS](7.2.z) Upgrade JBeret from 1.3.1.Final to 1.3.2.Final JBEAP-15392 - (7.2.z) Upgrade Apache CXF from 3.2.5 to 3.2.7 JBEAP-15477 - (7.2.z) Upgrade PicketLink bindings from 2.5.5.SP12-redhat-2 to 2.5.5.SP12-redhat-4 JBEAP-15478 - (7.2.z) Upgrade PicketLink from 2.5.5.SP12-redhat-2 to 2.5.5.SP12-redhat-4 JBEAP-15568 - [GSS](7.2.z) Upgrade ironjacamar from 1.4.11 Final to 1.4.15 Final JBEAP-15617 - (7.2.z) Upgrade WildFly Core from 6.0.11 to 6.0.12 JBEAP-15622 - [GSS](7.2.z) Upgrade jboss-el-api_spec from 1.0.12.Final to 1.0.13.Final JBEAP-15748 - [GSS](7.2.z) Upgrade jastow from 2.0.6.Final-redhat-00001 to 2.0.7.Final-redhat-00001 JBEAP-15805 - (7.2.z) Upgrade Hibernate ORM from 5.3.7 to 5.3.8 JBEAP-15851 - [ENG] (7.2.z) Upgrade Infinispan from 9.3.3.Final to 9.3.6.Final JBEAP-15869 - (7.2.z) Upgrade Undertow from 2.0.15 to 2.0.19 JBEAP-15876 - (7.2.z) Upgrade Artemis from 2.6.3.redhat-00014 to 2.6.3.redhat-00020 JBEAP-16025 - Upgrade yasson from 1.0.1 to 1.0.2 JBEAP-16037 - [GSS](7.2.z) Upgrade Narayana from 5.9.0.Final to 5.9.1.Final JBEAP-16086 - (7.2.z) Upgrade WildFly HTTP client from 1.0.12.Final to 1.0.13.Final JBEAP-16090 - [GSS](7.2.z) Upgrade jboss-ejb-client from 4.0.12 to 4.0.15 JBEAP-16091 - [GSS](7.2.z) Upgrade wildfly-transaction-client from 1.1.2.Final-redhat-1 to 1.1.3.Final-redhat-1 JBEAP-16112 - (7.2.z) Upgrade FasterXML Jackson from 2.9.5.redhat-2 to 2.9.8 JBEAP-16122 - [Runtimes] (7.2.z) Upgrade istack from 3.0.5.redhat-1 to 3.0.7.redhat-00001 JBEAP-16123 - [Runtimes] (7.2.x) Upgrade commons-digester from 1.8 to 1.8.1.redhat-4 JBEAP-16124 - [Runtimes] (7.2.x) Upgrade hornetq from 2.4.7.redhat-1 to 2.4.7.redhat-2 JBEAP-16125 - [Runtimes] (7.2.x) Upgrade org.jboss.genericjms from 2.0.1.Final-redhat-1 to 2.0.1.Final-redhat-00002 JBEAP-16137 - (7.2.z) (WFCORE) Upgrade FasterXML Jackson from 2.9.2 to 2.9.8 JBEAP-16146 - (7.2.z) Upgrade Elytron from 1.6.1.Final to 1.6.2.Final JBEAP-16147 - (7.2.z) Upgrade Elytron-Tool from 1.4.0 to 1.4.1.Final JBEAP-16233 - Tracker bug for the EAP 7.2.1 release for RHEL-6 JBEAP-16259 - (7.2.z) Upgrade legacy EJB Client from 3.0.2.Final-redhat-1 to 3.0.3.Final-redhat-1 JBEAP-16276 - (7.2.z) Upgrade elytron-web from 1.2.3.Final to 1.2.4.Final JBEAP-16321 - (7.2.z) HHH-13099 HHH-13283 Upgrade ByteBuddy from 1.8.17 to 1.9.5 JBEAP-16347 - (7.2.z) Upgrade jboss-logmanager from 2.1.5.Final-redhat-00001 to 2.1.7.Final JBEAP-16356 - (7.2.z) Upgrade RESTEasy from 3.6.1.SP2 to 3.6.1.SP3 JBEAP-16367 - (7.2.z) Upgrade commons-lang3 from 3.6.0-redhat-1 to 3.8-redhat-00001 JBEAP-16368 - (7.2.z) Upgrade cxf-xjc from 3.2.2.redhat-00001 to 3.2.3.redhat-00002 JBEAP-16369 - (7.2.z) Upgrade httpasyncclient from 4.1.3.redhat-2 to 4.1.4.redhat-00001 JBEAP-16381 - (7.2.z) Upgrade jboss-remoting-jmx from 3.0.0.Final to 3.0.1.Final JBEAP-16418 - (7.2.z) Upgrade Hibernate ORM from 5.3.8 to 5.3.9 JBEAP-9657 - (7.2.z) Upgrade jboss-negotiation from 3.0.4 to 3.0.5.Final-redhat-00001 7. Package List: Red Hat JBoss EAP 7.2 for RHEL 6 Server: Source: eap7-activemq-artemis-2.6.3-5.redhat_00020.1.el6eap.src.rpm eap7-apache-commons-lang-3.8.0-1.redhat_00001.1.el6eap.src.rpm eap7-apache-cxf-3.2.7-1.redhat_00001.1.el6eap.src.rpm eap7-apache-cxf-xjc-utils-3.2.3-2.redhat_00002.1.el6eap.src.rpm eap7-artemis-native-2.6.3-15.redhat_00020.el6eap.src.rpm eap7-byte-buddy-1.9.5-1.redhat_00001.1.el6eap.src.rpm eap7-dom4j-2.1.1-2.redhat_00001.1.el6eap.src.rpm eap7-elytron-web-1.2.4-1.Final_redhat_00001.1.el6eap.src.rpm eap7-hibernate-5.3.9-2.Final_redhat_00002.1.el6eap.src.rpm eap7-httpcomponents-asyncclient-4.1.4-1.redhat_00001.1.el6eap.src.rpm eap7-infinispan-9.3.6-1.Final_redhat_00001.1.el6eap.src.rpm eap7-ironjacamar-1.4.15-1.Final_redhat_00001.1.el6eap.src.rpm eap7-jackson-annotations-2.9.8-2.redhat_00004.1.el6eap.src.rpm eap7-jackson-core-2.9.8-2.redhat_00004.1.el6eap.src.rpm eap7-jackson-databind-2.9.8-2.redhat_00004.1.el6eap.src.rpm eap7-jackson-jaxrs-providers-2.9.8-2.redhat_00004.1.el6eap.src.rpm eap7-jackson-modules-base-2.9.8-1.redhat_00004.1.el6eap.src.rpm eap7-jackson-modules-java8-2.9.8-1.redhat_00004.1.el6eap.src.rpm eap7-jberet-1.3.2-1.Final_redhat_00001.1.el6eap.src.rpm eap7-jboss-ejb-client-4.0.15-1.Final_redhat_00001.1.el6eap.src.rpm eap7-jboss-el-api_3.0_spec-1.0.13-2.Final_redhat_00001.1.el6eap.src.rpm eap7-jboss-genericjms-2.0.1-2.Final_redhat_00002.1.el6eap.src.rpm eap7-jboss-logmanager-2.1.7-3.Final_redhat_00001.1.el6eap.src.rpm eap7-jboss-remoting-jmx-3.0.1-1.Final_redhat_00001.1.el6eap.src.rpm eap7-jboss-security-negotiation-3.0.5-2.Final_redhat_00001.1.el6eap.src.rpm eap7-jboss-server-migration-1.3.0-7.Final_redhat_00004.1.el6eap.src.rpm eap7-narayana-5.9.1-1.Final_redhat_00001.1.el6eap.src.rpm eap7-picketlink-bindings-2.5.5-16.SP12_redhat_4.1.el6eap.src.rpm eap7-picketlink-federation-2.5.5-16.SP12_redhat_4.1.el6eap.src.rpm eap7-resteasy-3.6.1-4.SP3_redhat_00001.1.el6eap.src.rpm eap7-sun-istack-commons-3.0.7-2.redhat_00001.1.el6eap.src.rpm eap7-undertow-2.0.19-1.Final_redhat_00001.1.el6eap.src.rpm eap7-undertow-jastow-2.0.7-2.Final_redhat_00001.1.el6eap.src.rpm eap7-wildfly-7.2.1-6.GA_redhat_00004.1.el6eap.src.rpm eap7-wildfly-elytron-1.6.2-1.Final_redhat_00001.1.el6eap.src.rpm eap7-wildfly-elytron-tool-1.4.1-1.Final_redhat_00001.1.el6eap.src.rpm eap7-wildfly-http-client-1.0.13-1.Final_redhat_00001.1.el6eap.src.rpm eap7-wildfly-transaction-client-1.1.3-1.Final_redhat_00001.1.el6eap.src.rpm eap7-yasson-1.0.2-1.redhat_00001.1.el6eap.src.rpm noarch: eap7-activemq-artemis-2.6.3-5.redhat_00020.1.el6eap.noarch.rpm eap7-activemq-artemis-cli-2.6.3-5.redhat_00020.1.el6eap.noarch.rpm eap7-activemq-artemis-commons-2.6.3-5.redhat_00020.1.el6eap.noarch.rpm eap7-activemq-artemis-core-client-2.6.3-5.redhat_00020.1.el6eap.noarch.rpm eap7-activemq-artemis-dto-2.6.3-5.redhat_00020.1.el6eap.noarch.rpm eap7-activemq-artemis-hornetq-protocol-2.6.3-5.redhat_00020.1.el6eap.noarch.rpm eap7-activemq-artemis-hqclient-protocol-2.6.3-5.redhat_00020.1.el6eap.noarch.rpm eap7-activemq-artemis-jdbc-store-2.6.3-5.redhat_00020.1.el6eap.noarch.rpm eap7-activemq-artemis-jms-client-2.6.3-5.redhat_00020.1.el6eap.noarch.rpm eap7-activemq-artemis-jms-server-2.6.3-5.redhat_00020.1.el6eap.noarch.rpm eap7-activemq-artemis-journal-2.6.3-5.redhat_00020.1.el6eap.noarch.rpm eap7-activemq-artemis-native-2.6.3-5.redhat_00020.1.el6eap.noarch.rpm eap7-activemq-artemis-ra-2.6.3-5.redhat_00020.1.el6eap.noarch.rpm eap7-activemq-artemis-selector-2.6.3-5.redhat_00020.1.el6eap.noarch.rpm eap7-activemq-artemis-server-2.6.3-5.redhat_00020.1.el6eap.noarch.rpm eap7-activemq-artemis-service-extensions-2.6.3-5.redhat_00020.1.el6eap.noarch.rpm eap7-activemq-artemis-tools-2.6.3-5.redhat_00020.1.el6eap.noarch.rpm eap7-apache-commons-lang-3.8.0-1.redhat_00001.1.el6eap.noarch.rpm eap7-apache-cxf-3.2.7-1.redhat_00001.1.el6eap.noarch.rpm eap7-apache-cxf-rt-3.2.7-1.redhat_00001.1.el6eap.noarch.rpm eap7-apache-cxf-services-3.2.7-1.redhat_00001.1.el6eap.noarch.rpm eap7-apache-cxf-tools-3.2.7-1.redhat_00001.1.el6eap.noarch.rpm eap7-apache-cxf-xjc-utils-3.2.3-2.redhat_00002.1.el6eap.noarch.rpm eap7-byte-buddy-1.9.5-1.redhat_00001.1.el6eap.noarch.rpm eap7-cxf-xjc-boolean-3.2.3-2.redhat_00002.1.el6eap.noarch.rpm eap7-cxf-xjc-bug986-3.2.3-2.redhat_00002.1.el6eap.noarch.rpm eap7-cxf-xjc-dv-3.2.3-2.redhat_00002.1.el6eap.noarch.rpm eap7-cxf-xjc-runtime-3.2.3-2.redhat_00002.1.el6eap.noarch.rpm eap7-cxf-xjc-ts-3.2.3-2.redhat_00002.1.el6eap.noarch.rpm eap7-dom4j-2.1.1-2.redhat_00001.1.el6eap.noarch.rpm eap7-hibernate-5.3.9-2.Final_redhat_00002.1.el6eap.noarch.rpm eap7-hibernate-core-5.3.9-2.Final_redhat_00002.1.el6eap.noarch.rpm eap7-hibernate-entitymanager-5.3.9-2.Final_redhat_00002.1.el6eap.noarch.rpm eap7-hibernate-envers-5.3.9-2.Final_redhat_00002.1.el6eap.noarch.rpm eap7-hibernate-java8-5.3.9-2.Final_redhat_00002.1.el6eap.noarch.rpm eap7-httpcomponents-asyncclient-4.1.4-1.redhat_00001.1.el6eap.noarch.rpm eap7-infinispan-9.3.6-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-infinispan-cachestore-jdbc-9.3.6-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-infinispan-cachestore-remote-9.3.6-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-infinispan-client-hotrod-9.3.6-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-infinispan-commons-9.3.6-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-infinispan-core-9.3.6-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-infinispan-hibernate-cache-commons-9.3.6-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-infinispan-hibernate-cache-spi-9.3.6-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-infinispan-hibernate-cache-v53-9.3.6-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-ironjacamar-1.4.15-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-ironjacamar-common-api-1.4.15-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-ironjacamar-common-impl-1.4.15-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-ironjacamar-common-spi-1.4.15-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-ironjacamar-core-api-1.4.15-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-ironjacamar-core-impl-1.4.15-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-ironjacamar-deployers-common-1.4.15-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-ironjacamar-jdbc-1.4.15-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-ironjacamar-validator-1.4.15-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-istack-commons-runtime-3.0.7-2.redhat_00001.1.el6eap.noarch.rpm eap7-istack-commons-tools-3.0.7-2.redhat_00001.1.el6eap.noarch.rpm eap7-jackson-annotations-2.9.8-2.redhat_00004.1.el6eap.noarch.rpm eap7-jackson-core-2.9.8-2.redhat_00004.1.el6eap.noarch.rpm eap7-jackson-databind-2.9.8-2.redhat_00004.1.el6eap.noarch.rpm eap7-jackson-datatype-jdk8-2.9.8-1.redhat_00004.1.el6eap.noarch.rpm eap7-jackson-datatype-jsr310-2.9.8-1.redhat_00004.1.el6eap.noarch.rpm eap7-jackson-jaxrs-base-2.9.8-2.redhat_00004.1.el6eap.noarch.rpm eap7-jackson-jaxrs-json-provider-2.9.8-2.redhat_00004.1.el6eap.noarch.rpm eap7-jackson-module-jaxb-annotations-2.9.8-1.redhat_00004.1.el6eap.noarch.rpm eap7-jackson-modules-base-2.9.8-1.redhat_00004.1.el6eap.noarch.rpm eap7-jackson-modules-java8-2.9.8-1.redhat_00004.1.el6eap.noarch.rpm eap7-jberet-1.3.2-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-jberet-core-1.3.2-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-jboss-ejb-client-4.0.15-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-jboss-el-api_3.0_spec-1.0.13-2.Final_redhat_00001.1.el6eap.noarch.rpm eap7-jboss-genericjms-2.0.1-2.Final_redhat_00002.1.el6eap.noarch.rpm eap7-jboss-logmanager-2.1.7-3.Final_redhat_00001.1.el6eap.noarch.rpm eap7-jboss-remoting-jmx-3.0.1-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-jboss-security-negotiation-3.0.5-2.Final_redhat_00001.1.el6eap.noarch.rpm eap7-jboss-server-migration-1.3.0-7.Final_redhat_00004.1.el6eap.noarch.rpm eap7-jboss-server-migration-cli-1.3.0-7.Final_redhat_00004.1.el6eap.noarch.rpm eap7-jboss-server-migration-core-1.3.0-7.Final_redhat_00004.1.el6eap.noarch.rpm eap7-jboss-server-migration-eap6.4-1.3.0-7.Final_redhat_00004.1.el6eap.noarch.rpm eap7-jboss-server-migration-eap6.4-to-eap7.2-1.3.0-7.Final_redhat_00004.1.el6eap.noarch.rpm eap7-jboss-server-migration-eap7.0-1.3.0-7.Final_redhat_00004.1.el6eap.noarch.rpm eap7-jboss-server-migration-eap7.0-to-eap7.2-1.3.0-7.Final_redhat_00004.1.el6eap.noarch.rpm eap7-jboss-server-migration-eap7.1-1.3.0-7.Final_redhat_00004.1.el6eap.noarch.rpm eap7-jboss-server-migration-eap7.1-to-eap7.2-1.3.0-7.Final_redhat_00004.1.el6eap.noarch.rpm eap7-jboss-server-migration-eap7.2-1.3.0-7.Final_redhat_00004.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly10.0-1.3.0-7.Final_redhat_00004.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly10.0-to-eap7.2-1.3.0-7.Final_redhat_00004.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly10.1-1.3.0-7.Final_redhat_00004.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly10.1-to-eap7.2-1.3.0-7.Final_redhat_00004.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly11.0-1.3.0-7.Final_redhat_00004.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly11.0-to-eap7.2-1.3.0-7.Final_redhat_00004.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly12.0-1.3.0-7.Final_redhat_00004.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly12.0-to-eap7.2-1.3.0-7.Final_redhat_00004.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly13.0-server-1.3.0-7.Final_redhat_00004.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly8.2-1.3.0-7.Final_redhat_00004.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly8.2-to-eap7.2-1.3.0-7.Final_redhat_00004.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly9.0-1.3.0-7.Final_redhat_00004.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly9.0-to-eap7.2-1.3.0-7.Final_redhat_00004.1.el6eap.noarch.rpm eap7-narayana-5.9.1-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-narayana-compensations-5.9.1-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-narayana-jbosstxbridge-5.9.1-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-narayana-jbossxts-5.9.1-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-narayana-jts-idlj-5.9.1-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-narayana-jts-integration-5.9.1-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-narayana-restat-api-5.9.1-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-narayana-restat-bridge-5.9.1-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-narayana-restat-integration-5.9.1-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-narayana-restat-util-5.9.1-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-narayana-txframework-5.9.1-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-picketlink-api-2.5.5-16.SP12_redhat_4.1.el6eap.noarch.rpm eap7-picketlink-bindings-2.5.5-16.SP12_redhat_4.1.el6eap.noarch.rpm eap7-picketlink-common-2.5.5-16.SP12_redhat_4.1.el6eap.noarch.rpm eap7-picketlink-config-2.5.5-16.SP12_redhat_4.1.el6eap.noarch.rpm eap7-picketlink-federation-2.5.5-16.SP12_redhat_4.1.el6eap.noarch.rpm eap7-picketlink-idm-api-2.5.5-16.SP12_redhat_4.1.el6eap.noarch.rpm eap7-picketlink-idm-impl-2.5.5-16.SP12_redhat_4.1.el6eap.noarch.rpm eap7-picketlink-idm-simple-schema-2.5.5-16.SP12_redhat_4.1.el6eap.noarch.rpm eap7-picketlink-impl-2.5.5-16.SP12_redhat_4.1.el6eap.noarch.rpm eap7-picketlink-wildfly8-2.5.5-16.SP12_redhat_4.1.el6eap.noarch.rpm eap7-resteasy-3.6.1-4.SP3_redhat_00001.1.el6eap.noarch.rpm eap7-resteasy-atom-provider-3.6.1-4.SP3_redhat_00001.1.el6eap.noarch.rpm eap7-resteasy-cdi-3.6.1-4.SP3_redhat_00001.1.el6eap.noarch.rpm eap7-resteasy-client-3.6.1-4.SP3_redhat_00001.1.el6eap.noarch.rpm eap7-resteasy-client-microprofile-3.6.1-4.SP3_redhat_00001.1.el6eap.noarch.rpm eap7-resteasy-crypto-3.6.1-4.SP3_redhat_00001.1.el6eap.noarch.rpm eap7-resteasy-jackson-provider-3.6.1-4.SP3_redhat_00001.1.el6eap.noarch.rpm eap7-resteasy-jackson2-provider-3.6.1-4.SP3_redhat_00001.1.el6eap.noarch.rpm eap7-resteasy-jaxb-provider-3.6.1-4.SP3_redhat_00001.1.el6eap.noarch.rpm eap7-resteasy-jaxrs-3.6.1-4.SP3_redhat_00001.1.el6eap.noarch.rpm eap7-resteasy-jettison-provider-3.6.1-4.SP3_redhat_00001.1.el6eap.noarch.rpm eap7-resteasy-jose-jwt-3.6.1-4.SP3_redhat_00001.1.el6eap.noarch.rpm eap7-resteasy-jsapi-3.6.1-4.SP3_redhat_00001.1.el6eap.noarch.rpm eap7-resteasy-json-binding-provider-3.6.1-4.SP3_redhat_00001.1.el6eap.noarch.rpm eap7-resteasy-json-p-provider-3.6.1-4.SP3_redhat_00001.1.el6eap.noarch.rpm eap7-resteasy-multipart-provider-3.6.1-4.SP3_redhat_00001.1.el6eap.noarch.rpm eap7-resteasy-rxjava2-3.6.1-4.SP3_redhat_00001.1.el6eap.noarch.rpm eap7-resteasy-spring-3.6.1-4.SP3_redhat_00001.1.el6eap.noarch.rpm eap7-resteasy-validator-provider-11-3.6.1-4.SP3_redhat_00001.1.el6eap.noarch.rpm eap7-resteasy-yaml-provider-3.6.1-4.SP3_redhat_00001.1.el6eap.noarch.rpm eap7-sun-istack-commons-3.0.7-2.redhat_00001.1.el6eap.noarch.rpm eap7-undertow-2.0.19-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-undertow-jastow-2.0.7-2.Final_redhat_00001.1.el6eap.noarch.rpm eap7-undertow-server-1.2.4-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-wildfly-7.2.1-6.GA_redhat_00004.1.el6eap.noarch.rpm eap7-wildfly-elytron-1.6.2-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-wildfly-elytron-tool-1.4.1-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-wildfly-http-client-common-1.0.13-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-wildfly-http-ejb-client-1.0.13-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-wildfly-http-naming-client-1.0.13-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-wildfly-http-transaction-client-1.0.13-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-wildfly-javadocs-7.2.1-6.GA_redhat_00004.1.el6eap.noarch.rpm eap7-wildfly-modules-7.2.1-6.GA_redhat_00004.1.el6eap.noarch.rpm eap7-wildfly-transaction-client-1.1.3-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-yasson-1.0.2-1.redhat_00001.1.el6eap.noarch.rpm x86_64: eap7-artemis-native-2.6.3-15.redhat_00020.el6eap.x86_64.rpm eap7-artemis-native-wildfly-2.6.3-15.redhat_00020.el6eap.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 8. References: https://access.redhat.com/security/cve/CVE-2018-11307 https://access.redhat.com/security/cve/CVE-2018-12022 https://access.redhat.com/security/cve/CVE-2018-12023 https://access.redhat.com/security/cve/CVE-2018-14642 https://access.redhat.com/security/cve/CVE-2018-14720 https://access.redhat.com/security/cve/CVE-2018-14721 https://access.redhat.com/security/cve/CVE-2019-3805 https://access.redhat.com/security/cve/CVE-2019-3894 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/ https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/html-single/installation_guide/ 9. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXNLIH9zjgjWX9erEAQjT1g//QxSXPF0SICUBTolkkO32lAWcjRd6YUC4 kRPEUObCcpFlvCvhTeXFn3jAI7L5tn0tC0hHdZ92/V6RoVOXqNC2Iptpfff1R5Jn u/6Cz/QQ+ozKgOmocxC2G1ivwNeaors+iwlLrQHuKEX0dhKcPGQWYjr5sxbSmdpZ JkhevwkZdDir3FfDqA/Qrs1H+HTNKEYhC8MA9mimlvzFeMAxYoElXiUtliF9le01 /SJjspuIQvZtSKElDikAZ1ufgLEOE6+D41fNSOJqVbAutKn8dSnx5/4Gr667H4Ct T1w03wZ8p56OQit4u/WdJPTf6kw1QHqpnd6nIyooY42IZn4Uzi1MNLdaDghcAYcr Hn4fr6bb1zuMAz6gEpOU5e023xnRUJos+vyfZtlgYdPNQh+S0P6IzFouhD6VrJT5 SrM1F4Vd56Syk5lK58vid8O7WUTWCCbXT39bgSLl5afh0n2Dav1be7rBp1ta/d0b c8ULzKAEaUyN0dQI6tb7YAxgWZZXk5WoiKHkjf188qrkjSD5ju2fZHkQQ6Fot250 64Mt97nhkZUSKJ347Q1hLxkthKpmp8mJNZIk3NogKp644BJFFv2zDFYVukFztyKd GMSvD6LaJC122Kft/wUfPKuSCutsVjtl90wBuIeHGshtVKWjOELdpiRYnBDoquJe ImQbSeTLLts=YHGD -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 1.89

sources: NVD: CVE-2018-12023 // VULHUB: VHN-121941 // VULMON: CVE-2018-12023 // PACKETSTORM: 153720 // PACKETSTORM: 154794 // PACKETSTORM: 153724 // PACKETSTORM: 152764 // PACKETSTORM: 153090 // PACKETSTORM: 154649 // PACKETSTORM: 153649 // PACKETSTORM: 152766 // PACKETSTORM: 153657

AFFECTED PRODUCTS

vendor:fasterxmlmodel:jackson-databindscope:gteversion:2.8.0

Trust: 1.0

vendor:fasterxmlmodel:jackson-databindscope:gteversion:2.7.0

Trust: 1.0

vendor:fasterxmlmodel:jackson-databindscope:gteversion:2.9.0

Trust: 1.0

vendor:redhatmodel:openshift container platformscope:eqversion:3.11

Trust: 1.0

vendor:redhatmodel:automation managerscope:eqversion:7.3.1

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:29

Trust: 1.0

vendor:oraclemodel:retail merchandising systemscope:eqversion:15.0

Trust: 1.0

vendor:oraclemodel:jd edwards enterpriseone toolsscope:eqversion:9.2

Trust: 1.0

vendor:redhatmodel:jboss brmsscope:eqversion:6.4.10

Trust: 1.0

vendor:redhatmodel:jboss enterprise application platformscope:eqversion:7.2.0

Trust: 1.0

vendor:fasterxmlmodel:jackson-databindscope:ltversion:2.8.11.2

Trust: 1.0

vendor:redhatmodel:decision managerscope:eqversion:7.3.1

Trust: 1.0

vendor:fasterxmlmodel:jackson-databindscope:ltversion:2.7.9.4

Trust: 1.0

vendor:redhatmodel:single sign-onscope:eqversion:7.3

Trust: 1.0

vendor:fasterxmlmodel:jackson-databindscope:ltversion:2.9.6

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:9.0

Trust: 1.0

sources: NVD: CVE-2018-12023

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-12023
value: HIGH

Trust: 1.0

CNNVD: CNNVD-201901-723
value: HIGH

Trust: 0.6

VULHUB: VHN-121941
value: MEDIUM

Trust: 0.1

VULMON: CVE-2018-12023
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-12023
severity: MEDIUM
baseScore: 5.1
vectorString: AV:N/AC:H/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 4.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

VULHUB: VHN-121941
severity: MEDIUM
baseScore: 5.1
vectorString: AV:N/AC:H/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 4.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-12023
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.6
impactScore: 5.9
version: 3.0

Trust: 1.0

sources: VULHUB: VHN-121941 // VULMON: CVE-2018-12023 // CNNVD: CNNVD-201901-723 // NVD: CVE-2018-12023

PROBLEMTYPE DATA

problemtype:CWE-502

Trust: 1.1

sources: VULHUB: VHN-121941 // NVD: CVE-2018-12023

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201901-723

TYPE

code execution

Trust: 0.6

sources: PACKETSTORM: 153720 // PACKETSTORM: 154794 // PACKETSTORM: 153724 // PACKETSTORM: 154649 // PACKETSTORM: 153649 // PACKETSTORM: 153657

PATCH

title:FasterXML Jackson-databind Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=88845

Trust: 0.6

title:Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.1 on RHEL 7 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20191108 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.1 on RHEL 6 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20191107 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Red Hat JBoss BPM Suite 6.4.12 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20191797 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.1 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20191106 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Red Hat FIS 2.0 on Fuse 6.3.0 R13 security and bug fix updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20193002 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Red Hat Single Sign-On 7.3.1 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20191140 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Red Hat JBoss BRMS 6.4.12 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20191782 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Red Hat JBoss Fuse/A-MQ 6.3 R13 security and bug fix updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192804 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Red Hat Process Automation Manager 7.4.0 Security Updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20191823 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Red Hat Decision Manager 7.4.0 Security Updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20191822 - Security Advisory

Trust: 0.1

title:Red Hat: Important: rh-maven35-jackson-databind security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20190782 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Red Hat OpenShift Application Runtimes Thorntail 2.4.0 security & bug fix updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20190877 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Red Hat Data Grid 7.3.2 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20194037 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Red Hat JBoss Data Virtualization 6.4.8 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20193140 - Security Advisory

Trust: 0.1

title:Red Hat: Important: OpenShift Container Platform 4.1.18 logging-elasticsearch5 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192858 - Security Advisory

Trust: 0.1

title:Debian Security Advisories: DSA-4452-1 jackson-databind -- security updateurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=a4042e15eece2d982640f9a553bd3505

Trust: 0.1

title:Red Hat: Important: OpenShift Container Platform logging-elasticsearch5-container security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20193149 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Red Hat Fuse 7.5.0 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20193892 - Security Advisory

Trust: 0.1

title:Oracle: Oracle Critical Patch Update Advisory - January 2019url:https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=f655264a6935505d167bbf45f409a57b

Trust: 0.1

title:Oracle: Oracle Critical Patch Update Advisory - October 2018url:https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=81c63752a6f26433af2128b2e8c02385

Trust: 0.1

title:IBM: Security Bulletin: Multiple Vulnerabilities in IBM Guardium Data Encryption (GDE)url:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=3dea47d76eee003a50f853f241578c37

Trust: 0.1

title:IBM: Security Bulletin: z/Transaction Processing Facility is affected by multiple vulnerabilities in the jackson-databind, jackson-dataformat-xml, jackson-core, slf4j-ext, and cxf-core packagesurl:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=f974282a27702bae4111bf7716ee6cf6

Trust: 0.1

title:IBM: Security Bulletin: Multiple vulnerabilities in Data-Binding for Jackson shipped with IBM Operations Analytics – Log Analysisurl:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=1db4c8cb14383c63d0c04205c943ef8a

Trust: 0.1

title:cybsecurl:https://github.com/ilmari666/cybsec

Trust: 0.1

sources: VULMON: CVE-2018-12023 // CNNVD: CNNVD-201901-723

EXTERNAL IDS

db:NVDid:CVE-2018-12023

Trust: 2.7

db:BIDid:105659

Trust: 1.8

db:CNNVDid:CNNVD-201901-723

Trust: 0.7

db:AUSCERTid:ESB-2019.1350

Trust: 0.6

db:AUSCERTid:ESB-2019.4332

Trust: 0.6

db:AUSCERTid:ESB-2020.4254

Trust: 0.6

db:AUSCERTid:ESB-2019.0674

Trust: 0.6

db:AUSCERTid:ESB-2019.4532

Trust: 0.6

db:PACKETSTORMid:155352

Trust: 0.6

db:PACKETSTORMid:152558

Trust: 0.6

db:PACKETSTORMid:152620

Trust: 0.6

db:PACKETSTORMid:155516

Trust: 0.6

db:VULHUBid:VHN-121941

Trust: 0.1

db:VULMONid:CVE-2018-12023

Trust: 0.1

db:PACKETSTORMid:153720

Trust: 0.1

db:PACKETSTORMid:154794

Trust: 0.1

db:PACKETSTORMid:153724

Trust: 0.1

db:PACKETSTORMid:152764

Trust: 0.1

db:PACKETSTORMid:153090

Trust: 0.1

db:PACKETSTORMid:154649

Trust: 0.1

db:PACKETSTORMid:153649

Trust: 0.1

db:PACKETSTORMid:152766

Trust: 0.1

db:PACKETSTORMid:153657

Trust: 0.1

sources: VULHUB: VHN-121941 // VULMON: CVE-2018-12023 // PACKETSTORM: 153720 // PACKETSTORM: 154794 // PACKETSTORM: 153724 // PACKETSTORM: 152764 // PACKETSTORM: 153090 // PACKETSTORM: 154649 // PACKETSTORM: 153649 // PACKETSTORM: 152766 // PACKETSTORM: 153657 // CNNVD: CNNVD-201901-723 // NVD: CVE-2018-12023

REFERENCES

url:http://www.securityfocus.com/bid/105659

Trust: 3.0

url:https://www.oracle.com/security-alerts/cpujul2020.html

Trust: 2.4

url:https://access.redhat.com/errata/rhsa-2019:0782

Trust: 2.4

url:https://access.redhat.com/errata/rhsa-2019:3892

Trust: 2.4

url:https://access.redhat.com/errata/rhsa-2019:4037

Trust: 2.4

url:https://access.redhat.com/errata/rhsa-2019:1106

Trust: 1.9

url:https://access.redhat.com/errata/rhsa-2019:1107

Trust: 1.9

url:https://access.redhat.com/errata/rhsa-2019:1782

Trust: 1.9

url:https://access.redhat.com/errata/rhsa-2019:1797

Trust: 1.9

url:https://access.redhat.com/errata/rhsa-2019:1822

Trust: 1.9

url:https://access.redhat.com/errata/rhsa-2019:1823

Trust: 1.9

url:https://access.redhat.com/errata/rhsa-2019:2858

Trust: 1.9

url:https://access.redhat.com/errata/rhsa-2019:3002

Trust: 1.9

url:https://seclists.org/bugtraq/2019/may/68

Trust: 1.8

url:https://security.netapp.com/advisory/ntap-20190530-0003/

Trust: 1.8

url:https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

Trust: 1.8

url:https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

Trust: 1.8

url:https://www.debian.org/security/2019/dsa-4452

Trust: 1.8

url:https://github.com/fasterxml/jackson-databind/commit/28badf7ef60ac3e7ef151cd8e8ec010b8479226a

Trust: 1.8

url:https://github.com/fasterxml/jackson-databind/issues/2058

Trust: 1.8

url:https://www.blackhat.com/docs/us-16/materials/us-16-munoz-a-journey-from-jndi-ldap-manipulation-to-rce.pdf

Trust: 1.8

url:https://www.oracle.com/security-alerts/cpuapr2020.html

Trust: 1.8

url:https://www.oracle.com/security-alerts/cpuoct2020.html

Trust: 1.8

url:https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

Trust: 1.8

url:https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

Trust: 1.8

url:https://access.redhat.com/errata/rhba-2019:0959

Trust: 1.8

url:https://access.redhat.com/errata/rhsa-2019:0877

Trust: 1.8

url:https://access.redhat.com/errata/rhsa-2019:1108

Trust: 1.8

url:https://access.redhat.com/errata/rhsa-2019:1140

Trust: 1.8

url:https://access.redhat.com/errata/rhsa-2019:2804

Trust: 1.8

url:https://access.redhat.com/errata/rhsa-2019:3140

Trust: 1.8

url:https://access.redhat.com/errata/rhsa-2019:3149

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2018-12023

Trust: 1.5

url:https://lists.apache.org/thread.html/7fcf88aff0d1deaa5c3c7be8d58c05ad7ad5da94b59065d8e7c50c5d%40%3cissues.lucene.apache.org%3e

Trust: 1.1

url:https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3cdev.drill.apache.org%3e

Trust: 1.1

url:https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3cdev.drill.apache.org%3e

Trust: 1.1

url:https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3cissues.drill.apache.org%3e

Trust: 1.1

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/zedlduybstdy4gwdbuxgjns2rfytfvrc/

Trust: 1.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-12022

Trust: 0.9

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.8

url:https://access.redhat.com/security/team/contact/

Trust: 0.8

url:https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.8

url:https://access.redhat.com/security/cve/cve-2018-12023

Trust: 0.8

url:https://access.redhat.com/security/cve/cve-2018-12022

Trust: 0.8

url:https://bugzilla.redhat.com/):

Trust: 0.8

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/zedlduybstdy4gwdbuxgjns2rfytfvrc/

Trust: 0.7

url:https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3cdev.drill.apache.org%3e

Trust: 0.7

url:https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3cdev.drill.apache.org%3e

Trust: 0.7

url:https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3cissues.drill.apache.org%3e

Trust: 0.7

url:https://lists.apache.org/thread.html/7fcf88aff0d1deaa5c3c7be8d58c05ad7ad5da94b59065d8e7c50c5d@%3cissues.lucene.apache.org%3e

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2018-14718

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2018-19361

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2018-14719

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2018-19360

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2018-19362

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2018-11307

Trust: 0.7

url:https://access.redhat.com/security/cve/cve-2018-19360

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2018-14720

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2018-14718

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2018-14719

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2018-19362

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2018-14721

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2018-11307

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2018-19361

Trust: 0.6

url:https://lists.debian.org/debian-lts-announce/2019/03/msg00005.html

Trust: 0.6

url:https://packetstormsecurity.com/files/152558/red-hat-security-advisory-2019-0782-01.html

Trust: 0.6

url:https://packetstormsecurity.com/files/152620/red-hat-security-advisory-2019-0877-01.html

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-guardium-data-encryption-gde-3/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-fasterxml-jackson-databind-affect-apache-solr-shipped-with-ibm-operations-analytics-log-analysis/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/76470

Trust: 0.6

url:https://www.auscert.org.au/bulletins/79390

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.4532/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.4254/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.4332/

Trust: 0.6

url:https://packetstormsecurity.com/files/155516/red-hat-security-advisory-2019-4037-01.html

Trust: 0.6

url:https://packetstormsecurity.com/files/155352/red-hat-security-advisory-2019-3892-01.html

Trust: 0.6

url:https://vigilance.fr/vulnerability/jackson-databind-code-execution-via-oracle-jdbc-driver-deserialization-28553

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-release-for-ibm-security-identity-governance-and-intelligence-in-response-to-security-vulnerabilities-3/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-third-party-vulnerable-library-jackson-databind-affects-ibm-engineering-lifecycle-optimization-publishing/

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2018-14720

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2018-14721

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2017-17485

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2017-17485

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-10173

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-10173

Trust: 0.2

url:https://issues.jboss.org/):

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2018-14642

Trust: 0.2

url:https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/html-single/installation_guide/

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2018-14642

Trust: 0.2

url:https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-3894

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-3894

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-3805

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-3805

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-12086

Trust: 0.2

url:https://cwe.mitre.org/data/definitions/502.html

Trust: 0.1

url:https://tools.cisco.com/security/center/viewalert.x?alertid=60029

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://github.com/ilmari666/cybsec

Trust: 0.1

url:https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions&product=rhdm&version=7.4.0

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_decision_manager/7.4/html/release_notes_for_red_hat_decision_manager_7.4/index

Trust: 0.1

url:https://access.redhat.com/articles/3060411

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_process_automation_manager/7.4/html/release_notes_for_red_hat_process_automation_manager_7.4/index

Trust: 0.1

url:https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions&product=rhpam&version=7.4.0

Trust: 0.1

url:https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=appplatform&downloadtype=securitypatches&version=7.2

Trust: 0.1

url:https://security-tracker.debian.org/tracker/jackson-databind

Trust: 0.1

url:https://www.debian.org/security/faq

Trust: 0.1

url:https://www.debian.org/security/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-15095

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-14379

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-7525

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-7489

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-5968

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-10237

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.1/release_notes/ocp-4-1-rel

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2017-7525

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-7489

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-12814

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-10237

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-5968

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-12384

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2017-15095

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-12384

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-12814

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-12086

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-14379

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_jboss_brms/6.4/html/6.4_release_notes/index

Trust: 0.1

url:https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=rhdm&downloadtype=securitypatches&version=6.4

Trust: 0.1

url:https://access.redhat.com/articles/11258

Trust: 0.1

url:https://access.redhat.com/security/team/key/

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_process_automation_manager/6.4/

Trust: 0.1

url:https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=rhpam&downloadtype=securitypatches&version=6.4

Trust: 0.1

sources: VULHUB: VHN-121941 // VULMON: CVE-2018-12023 // PACKETSTORM: 153720 // PACKETSTORM: 154794 // PACKETSTORM: 153724 // PACKETSTORM: 152764 // PACKETSTORM: 153090 // PACKETSTORM: 154649 // PACKETSTORM: 153649 // PACKETSTORM: 152766 // PACKETSTORM: 153657 // CNNVD: CNNVD-201901-723 // NVD: CVE-2018-12023

CREDITS

Red Hat

Trust: 0.8

sources: PACKETSTORM: 153720 // PACKETSTORM: 154794 // PACKETSTORM: 153724 // PACKETSTORM: 152764 // PACKETSTORM: 154649 // PACKETSTORM: 153649 // PACKETSTORM: 152766 // PACKETSTORM: 153657

SOURCES

db:VULHUBid:VHN-121941
db:VULMONid:CVE-2018-12023
db:PACKETSTORMid:153720
db:PACKETSTORMid:154794
db:PACKETSTORMid:153724
db:PACKETSTORMid:152764
db:PACKETSTORMid:153090
db:PACKETSTORMid:154649
db:PACKETSTORMid:153649
db:PACKETSTORMid:152766
db:PACKETSTORMid:153657
db:CNNVDid:CNNVD-201901-723
db:NVDid:CVE-2018-12023

LAST UPDATE DATE

2024-11-07T21:38:14.003000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-121941date:2020-10-20T00:00:00
db:VULMONid:CVE-2018-12023date:2023-11-07T00:00:00
db:CNNVDid:CNNVD-201901-723date:2021-04-19T00:00:00
db:NVDid:CVE-2018-12023date:2023-11-07T02:52:00.913

SOURCES RELEASE DATE

db:VULHUBid:VHN-121941date:2019-03-21T00:00:00
db:VULMONid:CVE-2018-12023date:2019-03-21T00:00:00
db:PACKETSTORMid:153720date:2019-07-22T17:32:22
db:PACKETSTORMid:154794date:2019-10-10T14:45:40
db:PACKETSTORMid:153724date:2019-07-23T18:44:44
db:PACKETSTORMid:152764date:2019-05-08T17:45:48
db:PACKETSTORMid:153090date:2019-05-24T18:02:22
db:PACKETSTORMid:154649date:2019-09-28T11:11:11
db:PACKETSTORMid:153649date:2019-07-16T20:09:58
db:PACKETSTORMid:152766date:2019-05-08T17:46:03
db:PACKETSTORMid:153657date:2019-07-16T20:11:36
db:CNNVDid:CNNVD-201901-723date:2019-01-17T00:00:00
db:NVDid:CVE-2018-12023date:2019-03-21T16:00:12.407