ID

VAR-201907-0806


CVE

CVE-2019-14379


TITLE

FasterXML jackson-databind Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-007329

DESCRIPTION

SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code execution. FasterXML jackson-databind Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. FasterXML Jackson is a data processing tool for Java developed by American FasterXML Company. jackson-databind is one of the components with data binding function. The SubTypeValidator.java file in versions earlier than FasterXML jackson-databind 2.9.9.2 has an input validation error vulnerability. An attacker could exploit this vulnerability to execute code. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2022-03-14-7 Xcode 13.3 Xcode 13.3 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213189. iTMSTransporter Available for: macOS Monterey 12 and later Impact: Multiple issues in iTMSTransporter Description: Multiple issues were addressed with updating FasterXML jackson-databind and Apache Log4j2. CVE-2019-14379 CVE-2021-44228 otool Available for: macOS Monterey 12 and later Impact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2022-22601: hjy79425575 CVE-2022-22602: hjy79425575 CVE-2022-22603: hjy79425575 CVE-2022-22604: hjy79425575 CVE-2022-22605: hjy79425575 CVE-2022-22606: hjy79425575 CVE-2022-22607: hjy79425575 CVE-2022-22608: hjy79425575 Additional recognition iTMSTransporter We would like to acknowledge Anthony Shaw of Microsoft for their assistance. ld64 We would like to acknowledge Pan ZhenPeng (@Peterpan0927) of Alibaba Security Pandora Lab for their assistance. Xcode IDE We would like to acknowledge an anonymous researcher for their assistance. Xcode 13.3 may be obtained from: https://developer.apple.com/xcode/downloads/ To check that the Xcode has been updated: * Select Xcode in the menu bar * Select About Xcode * The version after applying this update will be "Xcode 13.3". All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222. Security Fix(es): * jackson-databind: arbitrary code execution in slf4j-ext class (CVE-2018-14718) * jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes (CVE-2018-14719) * jackson-databind: improper polymorphic deserialization in axis2-transport-jms class (CVE-2018-19360) * jackson-databind: improper polymorphic deserialization in openjpa class (CVE-2018-19361) * jackson-databind: improper polymorphic deserialization in jboss-common-core class (CVE-2018-19362) * jackson-databind: default typing mishandling leading to remote code execution (CVE-2019-14379) * jackson-databind: Serialization gadgets in com.pastdev.httpcomponents.configuration.JndiConfiguration (CVE-2020-24750) * jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource (CVE-2020-35490) * jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource (CVE-2020-35491) * jackson-databind: mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (CVE-2020-35728) * jackson-databind: mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS (CVE-2020-36179) * jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS (CVE-2020-36180) * jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS (CVE-2020-36181) * jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS (CVE-2020-36182) * jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool (CVE-2020-36183) * jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource (CVE-2020-36184) * jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource (CVE-2020-36185) * jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource (CVE-2020-36186) * jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource (CVE-2020-36187) * jackson-databind: mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource (CVE-2020-36188) * jackson-databind: mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSourc e (CVE-2020-36189) * jackson-databind: mishandles the interaction between serialization gadgets and typing, related to javax.swing (CVE-2021-20190) * jackson-databind: exfiltration/XXE in some JDK classes (CVE-2018-14720) * jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class (CVE-2018-14721) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. See the following advisory for the container images for this release: https://access.redhat.com/errata/RHBA-2021:1232 All OpenShift Container Platform 4.6 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster - -between-minor.html#understanding-upgrade-channels_updating-cluster-between - -minor For OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel ease-notes.html Details on how to access this content are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster - -cli.html 4. 1882310 - CVE-2020-24750 jackson-databind: Serialization gadgets in com.pastdev.httpcomponents.configuration.JndiConfiguration 1909266 - CVE-2020-35490 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource 1909269 - CVE-2020-35491 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource 1911502 - CVE-2020-35728 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool 1913871 - CVE-2020-36179 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS 1913872 - CVE-2020-36180 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS 1913874 - CVE-2020-36181 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS 1913926 - CVE-2020-36182 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS 1913927 - CVE-2020-36183 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool 1913928 - CVE-2020-36184 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource 1913929 - CVE-2020-36185 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource 1913931 - CVE-2020-36186 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource 1913933 - CVE-2020-36187 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource 1913934 - CVE-2020-36188 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource 1913937 - CVE-2020-36189 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource 1916633 - CVE-2021-20190 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to javax.swing 1925361 - [4.6] ClusterLogForwarder namespace-specific log forwarding does not work as expected 1950894 - Placeholder bug for OCP 4.6.0 extras release 5. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat Single Sign-On 7.3.4 security update on RHEL 6 Advisory ID: RHSA-2019:3044-01 Product: Red Hat Single Sign-On Advisory URL: https://access.redhat.com/errata/RHSA-2019:3044 Issue date: 2019-10-14 CVE Names: CVE-2019-10184 CVE-2019-12086 CVE-2019-12814 CVE-2019-14379 CVE-2019-14820 CVE-2019-14832 ===================================================================== 1. Summary: New Red Hat Single Sign-On 7.3.4 packages are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Single Sign-On 7.3 for RHEL 6 Server - noarch 3. Description: Red Hat Single Sign-On 7.3 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.3.4 on RHEL 6 serves as a replacement for Red Hat Single Sign-On 7.3.3, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix(es): * keycloak: cross-realm user access auth bypass (CVE-2019-14832) * keycloak: adapter endpoints are exposed via arbitrary URLs (CVE-2019-14820) * jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server via crafted JSON message (CVE-2019-12814) * jackson-databind: default typing mishandling leading to remote code execution (CVE-2019-14379) * jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server (CVE-2019-12086) * undertow: Information leak in requests for directories without trailing slashes (CVE-2019-10184) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1649870 - CVE-2019-14820 keycloak: adapter endpoints are exposed via arbitrary URLs 1713068 - CVE-2019-10184 undertow: Information leak in requests for directories without trailing slashes 1713468 - CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server. 1725795 - CVE-2019-12814 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server via crafted JSON message. JIRA issues fixed (https://issues.jboss.org/): KEYCLOAK-11454 - Tracker bug for the RH-SSO 7.3.4 release for RHEL7 7. Package List: Red Hat Single Sign-On 7.3 for RHEL 6 Server: Source: rh-sso7-keycloak-4.8.13-1.Final_redhat_00001.1.el6sso.src.rpm noarch: rh-sso7-keycloak-4.8.13-1.Final_redhat_00001.1.el6sso.noarch.rpm rh-sso7-keycloak-server-4.8.13-1.Final_redhat_00001.1.el6sso.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 8. References: https://access.redhat.com/security/cve/CVE-2019-10184 https://access.redhat.com/security/cve/CVE-2019-12086 https://access.redhat.com/security/cve/CVE-2019-12814 https://access.redhat.com/security/cve/CVE-2019-14379 https://access.redhat.com/security/cve/CVE-2019-14820 https://access.redhat.com/security/cve/CVE-2019-14832 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.3/ 9. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXaS+r9zjgjWX9erEAQizTBAAmTcTk3Q7rVco9Xx4dWdTBrNeB3cKhnoj Fhkwvdoo4MVgaDWv2P9h9/JFoaCvgw6ZP2ZBbwB0wXq2+F70GFexx/nP44TlL3Kg JBAjCLvYT24Ahtxg9U6bmZwi1++fogj9TfJcC1C7k+TZHvoz3W+BCIO3OFWC2xYb mkT943QgXEALZ+KjAZqG0fE3RvH28zZy1RQO5x0Vb+qr6KTTzEF/VvtQFOiKVtok qyKa+59Ddzr/YLy+QPN4+tOMWNbGJhUnarssUVodgc/1OAEGJLPGB7iez9ekwTNf AzRL9nrMUI+DYs2pz/Cks9aban3uWmjXCn4OxfyBS2vJKiwXIxpHOh8Zfl9NlB7e X2NMGeU34Dem1ofhTErZCDbpkCUHYuiTgaJ53JoWAzVfX3gGb44GFDxN7kQ2DG6q lScmZjNPtI2GJ0h+4L6ViSHOhNOpTSHlfaMsatC4kE50qjNagGC2jcgS9mmYwclX gLuLa+RlbMeZSYSVb4pl2rkKvwdR5tbrLBfznoeT46UPHKT+1Yyd28jlClTNBMoP qroivgayFrYkC/oj0ud0V3POKyxpdZS1rf7GZrwN+etESHn9RZwnzsj413fQtIaw xP5xCmpqGCbBe2JZRLizd+voOn1oZbZSNYpZfGfghQHZ9IuKrECqJ8KQhv5yx2GD cxVVfwDI8os= =akLu -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . LOG-1234 - CVE-2020-15586 CVE-2020-16845 openshift-eventrouter: various flaws [openshift-4] LOG-1299 - Release 5.0 Forwarding logs to Kafka using Chained certificates fails with error "state=error: certificate verify failed (unable to get local issuer certificate)" 5. The References section of this erratum contains a download link (you must log in to download the update). The JBoss server process must be restarted for the update to take effect. JIRA issues fixed (https://issues.jboss.org/): JBEAP-16455 - [GSS](7.2.z) Upgrade Infinispan from 9.3.6 to 9.3.7 JBEAP-16779 - [GSS](7.2.z) Upgrade Hibernate ORM from 5.3.10 to 5.3.11 JBEAP-17045 - [GSS](7.2.z) Upgrade JSF based on Mojarra 2.3.5.SP3-redhat-00001 to 2.3.5.SP3-redhat-00002 JBEAP-17062 - [GSS](7.2.z) Upgrade Artemis from 2.7.0.redhat-00057 to 2.9.0.redhat-00005 JBEAP-17073 - [GSS](7.2.z) Upgrade jboss-ejb-client from 4.0.20 to 4.0.23 JBEAP-17109 - (7.2.z) Upgrade XNIO from 3.6.6.Final-redhat-00001 to 3.7.3.Final-redhat-00001 JBEAP-17112 - [GSS](7.2.z) Upgrade JBoss Remoting from 5.0.12 to 5.0.14.SP1 JBEAP-17144 - Tracker bug for the EAP 7.2.4 release for RHEL-8 JBEAP-17162 - [GSS](7.2.z) Upgrade jgroups from 4.0.19 to 4.0.20 JBEAP-17178 - (7.2.z) Upgrade IronJacamar from 1.4.16.Final to 1.4.17.Final JBEAP-17182 - (7.2.z) Upgrade PicketLink from 2.5.5.SP12-redhat-00006 to 2.5.5.SP12-redhat-00007 JBEAP-17183 - (7.2.z) Upgrade PicketLink bindings from 2.5.5.SP12-redhat-00006 to 2.5.5.SP12-redhat-00007 JBEAP-17223 - [GSS](7.2.z) Upgrade WildFly Core from 6.0.15 to 6.0.16 JBEAP-17238 - [GSS](7.2.z) Upgrade HAL from 3.0.13 to 3.0.16 JBEAP-17250 - [GSS](7.2.z) Upgrade JBoss MSC from 1.4.5 to 1.4.8 JBEAP-17271 - [GSS](7.2.z) Upgrade jboss-logmanager from 2.1.7.Final-redhat-00001 to 2.1.14.Final-redhat-00001 JBEAP-17273 - [GSS](7.2.z) Upgrade jboss-logging from 3.3.2.Final-redhat-00001 to 3.3.3.Final-redhat-00001 JBEAP-17274 - [GSS](7.2.z) Upgrade Wildfly Elytron from 1.6.3.Final-redhat-00001 to 1.6.4.Final-redhat-00001 JBEAP-17276 - [GSS](7.2.z) Upgrade wildfly-transaction-client from 1.1.4.Final-redhat-00001 to 1.1.6.Final-redhat-00001 JBEAP-17277 - [GSS](7.2.z) Upgrade Undertow from 2.0.22 to 2.0.25.SP1 JBEAP-17278 - [GSS](7.2.z) Upgrade JBoss Marshalling from 2.0.7 to 2.0.9 JBEAP-17294 - [GSS](7.2.z) Upgrade weld from 3.0.6.Final-redhat-00001 to 3.0.6.Final-redhat-00002 JBEAP-17311 - [GSS](7.2.z) Upgrade jboss-jaxrs-api_2.1_spec from 1.0.1.Final-redhat-00001 to 1.0.3.Final-redhat-00001 JBEAP-17320 - [GSS](7.2.z) Upgrade PicketBox from 5.0.3.Final-redhat-3 to 5.0.3.Final-redhat-00004 JBEAP-17321 - [GSS](7.2.z) Upgrade Narayana from 5.9.3.Final to 5.9.6.Final JBEAP-17334 - (7.2.z) Upgrade Elytron-Tool from 1.4.2 to 1.4.3.Final JBEAP-17527 - [GSS](7.2.z) Upgrade Hibernate ORM from 5.3.11 to 5.3.11.SP1 7

Trust: 2.52

sources: NVD: CVE-2019-14379 // JVNDB: JVNDB-2019-007329 // VULHUB: VHN-146319 // VULMON: CVE-2019-14379 // PACKETSTORM: 166313 // PACKETSTORM: 162350 // PACKETSTORM: 154843 // PACKETSTORM: 162493 // PACKETSTORM: 154687 // PACKETSTORM: 154850 // PACKETSTORM: 154672 // PACKETSTORM: 154665

AFFECTED PRODUCTS

vendor:fasterxmlmodel:jackson-databindscope:ltversion:2.9.9.2

Trust: 1.8

vendor:oraclemodel:retail xstore point of servicescope:eqversion:17.0

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:8.0

Trust: 1.0

vendor:oraclemodel:primavera unifierscope:lteversion:17.12

Trust: 1.0

vendor:oraclemodel:retail xstore point of servicescope:eqversion:16.0

Trust: 1.0

vendor:oraclemodel:goldengate stream analyticsscope:ltversion:19.1.0.0.1

Trust: 1.0

vendor:oraclemodel:jd edwards enterpriseone toolsscope:eqversion:9.2

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:eqversion:18.8.0

Trust: 1.0

vendor:oraclemodel:banking platformscope:eqversion:2.6.0

Trust: 1.0

vendor:oraclemodel:primavera unifierscope:eqversion:16.2

Trust: 1.0

vendor:fasterxmlmodel:jackson-databindscope:ltversion:2.7.9.6

Trust: 1.0

vendor:redhatmodel:jboss enterprise application platformscope:eqversion:7.2

Trust: 1.0

vendor:oraclemodel:communications diameter signaling routerscope:eqversion:8.2

Trust: 1.0

vendor:oraclemodel:communications instant messaging serverscope:eqversion:10.0.1.3.0

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:30

Trust: 1.0

vendor:oraclemodel:siebel engineering - installer \& deploymentscope:lteversion:19.8

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:eqversion:16.2

Trust: 1.0

vendor:fasterxmlmodel:jackson-databindscope:gteversion:2.0.0

Trust: 1.0

vendor:redhatmodel:openshift container platformscope:eqversion:4.1

Trust: 1.0

vendor:oraclemodel:communications diameter signaling routerscope:eqversion:8.0.0

Trust: 1.0

vendor:oraclemodel:financial services analytical applications infrastructurescope:gteversion:8.0.2

Trust: 1.0

vendor:netappmodel:oncommand workflow automationscope:eqversion: -

Trust: 1.0

vendor:oraclemodel:financial services analytical applications infrastructurescope:lteversion:8.0.8

Trust: 1.0

vendor:oraclemodel:retail customer management and segmentation foundationscope:eqversion:17.0

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:31

Trust: 1.0

vendor:redhatmodel:openshift container platformscope:eqversion:3.11

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:29

Trust: 1.0

vendor:oraclemodel:siebel ui frameworkscope:lteversion:19.10

Trust: 1.0

vendor:netappmodel:service level managerscope:eqversion: -

Trust: 1.0

vendor:netappmodel:active iq unified managerscope:gteversion:9.5

Trust: 1.0

vendor:oraclemodel:primavera unifierscope:gteversion:17.7

Trust: 1.0

vendor:netappmodel:active iq unified managerscope:gteversion:7.3

Trust: 1.0

vendor:oraclemodel:banking platformscope:eqversion:2.7.0

Trust: 1.0

vendor:netappmodel:snapcenterscope:eqversion: -

Trust: 1.0

vendor:oraclemodel:primavera unifierscope:eqversion:16.1

Trust: 1.0

vendor:fasterxmlmodel:jackson-databindscope:ltversion:2.6.7.3

Trust: 1.0

vendor:fasterxmlmodel:jackson-databindscope:gteversion:2.7.0

Trust: 1.0

vendor:oraclemodel:banking platformscope:eqversion:2.4.1

Trust: 1.0

vendor:oraclemodel:banking platformscope:eqversion:2.6.1

Trust: 1.0

vendor:fasterxmlmodel:jackson-databindscope:ltversion:2.8.11.4

Trust: 1.0

vendor:oraclemodel:banking platformscope:eqversion:2.5.0

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:eqversion:17.12

Trust: 1.0

vendor:redhatmodel:jboss enterprise application platformscope:eqversion:7.3

Trust: 1.0

vendor:oraclemodel:banking platformscope:eqversion:2.7.1

Trust: 1.0

vendor:oraclemodel:communications diameter signaling routerscope:eqversion:8.1

Trust: 1.0

vendor:oraclemodel:jd edwards enterpriseone orchestratorscope:eqversion:9.2

Trust: 1.0

vendor:oraclemodel:banking platformscope:eqversion:2.4.0

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:eqversion:15.2

Trust: 1.0

vendor:oraclemodel:retail xstore point of servicescope:eqversion:18.0

Trust: 1.0

vendor:fasterxmlmodel:jackson-databindscope:gteversion:2.8.0

Trust: 1.0

vendor:fasterxmlmodel:jackson-databindscope:gteversion:2.9.0

Trust: 1.0

vendor:oraclemodel:communications diameter signaling routerscope:eqversion:8.2.1

Trust: 1.0

vendor:oraclemodel:primavera unifierscope:eqversion:18.8

Trust: 1.0

vendor:oraclemodel:retail xstore point of servicescope:eqversion:15.0

Trust: 1.0

vendor:oraclemodel:retail xstore point of servicescope:eqversion:7.1

Trust: 1.0

vendor:applemodel:xcodescope:ltversion:13.3

Trust: 1.0

vendor:redhatmodel:single sign-onscope:eqversion:7.3

Trust: 1.0

sources: JVNDB: JVNDB-2019-007329 // NVD: CVE-2019-14379

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-14379
value: CRITICAL

Trust: 1.0

NVD: CVE-2019-14379
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201907-1434
value: CRITICAL

Trust: 0.6

VULHUB: VHN-146319
value: HIGH

Trust: 0.1

VULMON: CVE-2019-14379
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-14379
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-146319
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-14379
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2019-14379
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-146319 // VULMON: CVE-2019-14379 // JVNDB: JVNDB-2019-007329 // CNNVD: CNNVD-201907-1434 // NVD: CVE-2019-14379

PROBLEMTYPE DATA

problemtype:CWE-1321

Trust: 1.0

problemtype:CWE-20

Trust: 0.9

problemtype:CWE-915

Trust: 0.1

sources: VULHUB: VHN-146319 // JVNDB: JVNDB-2019-007329 // NVD: CVE-2019-14379

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201907-1434

TYPE

code execution

Trust: 0.8

sources: PACKETSTORM: 166313 // PACKETSTORM: 162350 // PACKETSTORM: 154843 // PACKETSTORM: 162493 // PACKETSTORM: 154687 // PACKETSTORM: 154850 // PACKETSTORM: 154672 // PACKETSTORM: 154665

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-007329

PATCH

title:Comparing changesurl:https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.9.1...jackson-databind-2.9.9.2

Trust: 0.8

title:Block one more gadget type (ehcache, CVE-2019-14379) #2387url:https://github.com/FasterXML/jackson-databind/issues/2387

Trust: 0.8

title:FasterXML jackson-databind Security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=95557

Trust: 0.6

title:Red Hat: Important: rh-maven35-jackson-databind security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192743 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Red Hat Process Automation Manager 7.5.0 Security Updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20193297 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Red Hat Decision Manager 7.5.0 Security Updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20193292 - Security Advisory

Trust: 0.1

title:Debian CVElist Bug Report Logs: jackson-databind: CVE-2019-14361 CVE-2019-14379url:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=a0e42c604708bdf7d86284f91b76327e

Trust: 0.1

title:Red Hat: Important: Red Hat OpenShift Application Runtimes Vert.x 3.8.3 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20193901 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Red Hat Single Sign-On 7.3.4 security update on RHEL 8url:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20193046 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.4 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192938 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Red Hat Single Sign-On 7.3.4 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20193050 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Red Hat Single Sign-On 7.3.4 security update on RHEL 7url:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20193045 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Red Hat Single Sign-On 7.3.4 security update on RHEL 6url:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20193044 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Red Hat OpenShift Application Runtimes Thorntail 2.5.0 security & bug fix updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192998 - Security Advisory

Trust: 0.1

title:Red Hat: CVE-2019-14379url:https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2019-14379

Trust: 0.1

title:Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.4 on RHEL 8 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192937 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.4 on RHEL 7 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192936 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.4 on RHEL 6 Security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192935 - Security Advisory

Trust: 0.1

title:IBM: IBM Security Bulletin: IBM Security Guardium is affected by a jackson-databind vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=8e202227ddeed5e361f0c0e3dbbf0fe3

Trust: 0.1

title:Red Hat: Important: Red Hat Data Grid 7.3.3 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20200727 - Security Advisory

Trust: 0.1

title:IBM: IBM Security Bulletin: Vulnerabilities in FasterXML Jackson libraries affect IBM Cúram Social Program Management (CVE-2019-14439, CVE-2019-14379, CVE-2019-12814, CVE-2019-12086)url:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=7577d61736064271602a887577c2f766

Trust: 0.1

title:Red Hat: Important: Red Hat Fuse 7.6.0 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20200983 - Security Advisory

Trust: 0.1

title:Red Hat: Important: OpenShift Container Platform 4.1.18 logging-elasticsearch5 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192858 - Security Advisory

Trust: 0.1

title:Red Hat: Important: OpenShift Container Platform logging-elasticsearch5-container security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20193149 - Security Advisory

Trust: 0.1

title:Hitachi Security Advisories: Multiple Vulnerabilities in Hitachi Ops Center Analyzer viewpointurl:https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories&qid=hitachi-sec-2020-109

Trust: 0.1

title:Hitachi Security Advisories: Multiple Vulnerabilities in Cosminexusurl:https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories&qid=hitachi-sec-2021-109

Trust: 0.1

title:IBM: Security Bulletin: z/Transaction Processing Facility is affected by multiple vulnerabilities in the jackson-databind, jackson-dataformat-xml, jackson-core, slf4j-ext, and cxf-core packagesurl:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=f974282a27702bae4111bf7716ee6cf6

Trust: 0.1

title:IBM: Security Bulletin: Multiple vulnerabilities in Data-Binding for Jackson shipped with IBM Operations Analytics – Log Analysisurl:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=1db4c8cb14383c63d0c04205c943ef8a

Trust: 0.1

title:IBM: Security Bulletin: IBM Cognos Analytics has addressed multiple vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=2ec7385c474071281be069b54d841de6

Trust: 0.1

title:commonsurl:https://github.com/heike2718/commons

Trust: 0.1

title:Jackson-deserialization-PoCurl:https://github.com/galimba/Jackson-deserialization-PoC

Trust: 0.1

title:cybsecurl:https://github.com/ilmari666/cybsec

Trust: 0.1

sources: VULMON: CVE-2019-14379 // JVNDB: JVNDB-2019-007329 // CNNVD: CNNVD-201907-1434

EXTERNAL IDS

db:NVDid:CVE-2019-14379

Trust: 3.4

db:PACKETSTORMid:166313

Trust: 0.8

db:PACKETSTORMid:162493

Trust: 0.8

db:PACKETSTORMid:162350

Trust: 0.8

db:JVNDBid:JVNDB-2019-007329

Trust: 0.8

db:PACKETSTORMid:154469

Trust: 0.7

db:CNNVDid:CNNVD-201907-1434

Trust: 0.7

db:CS-HELPid:SB2022060909

Trust: 0.6

db:CS-HELPid:SB2022031501

Trust: 0.6

db:CS-HELPid:SB2021050708

Trust: 0.6

db:CS-HELPid:SB2021042826

Trust: 0.6

db:AUSCERTid:ESB-2019.4754

Trust: 0.6

db:AUSCERTid:ESB-2019.4370

Trust: 0.6

db:AUSCERTid:ESB-2019.3481

Trust: 0.6

db:AUSCERTid:ESB-2019.4323

Trust: 0.6

db:AUSCERTid:ESB-2020.1076

Trust: 0.6

db:AUSCERTid:ESB-2019.4588

Trust: 0.6

db:AUSCERTid:ESB-2020.1440

Trust: 0.6

db:AUSCERTid:ESB-2021.1573

Trust: 0.6

db:AUSCERTid:ESB-2019.3074

Trust: 0.6

db:AUSCERTid:ESB-2021.1437

Trust: 0.6

db:AUSCERTid:ESB-2019.3836

Trust: 0.6

db:AUSCERTid:ESB-2019.3643

Trust: 0.6

db:AUSCERTid:ESB-2020.0381

Trust: 0.6

db:AUSCERTid:ESB-2020.0832

Trust: 0.6

db:PACKETSTORMid:155382

Trust: 0.6

db:PACKETSTORMid:156941

Trust: 0.6

db:PACKETSTORMid:156628

Trust: 0.6

db:NSFOCUSid:45801

Trust: 0.6

db:VULHUBid:VHN-146319

Trust: 0.1

db:VULMONid:CVE-2019-14379

Trust: 0.1

db:PACKETSTORMid:154843

Trust: 0.1

db:PACKETSTORMid:154687

Trust: 0.1

db:PACKETSTORMid:154850

Trust: 0.1

db:PACKETSTORMid:154672

Trust: 0.1

db:PACKETSTORMid:154665

Trust: 0.1

sources: VULHUB: VHN-146319 // VULMON: CVE-2019-14379 // JVNDB: JVNDB-2019-007329 // PACKETSTORM: 166313 // PACKETSTORM: 162350 // PACKETSTORM: 154843 // PACKETSTORM: 162493 // PACKETSTORM: 154687 // PACKETSTORM: 154850 // PACKETSTORM: 154672 // PACKETSTORM: 154665 // CNNVD: CNNVD-201907-1434 // NVD: CVE-2019-14379

REFERENCES

url:https://access.redhat.com/errata/rhsa-2019:2743

Trust: 2.5

url:https://access.redhat.com/errata/rhsa-2019:3044

Trust: 2.5

url:https://access.redhat.com/errata/rhsa-2019:3050

Trust: 2.5

url:https://www.oracle.com/security-alerts/cpujul2020.html

Trust: 2.4

url:https://lists.debian.org/debian-lts-announce/2019/08/msg00011.html

Trust: 2.4

url:https://access.redhat.com/errata/rhsa-2019:2858

Trust: 2.4

url:https://access.redhat.com/errata/rhsa-2019:3045

Trust: 2.4

url:https://access.redhat.com/errata/rhsa-2019:3046

Trust: 2.4

url:https://access.redhat.com/errata/rhsa-2019:3901

Trust: 2.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-14379

Trust: 2.2

url:https://access.redhat.com/errata/rhsa-2019:2935

Trust: 1.9

url:https://access.redhat.com/errata/rhsa-2019:2937

Trust: 1.9

url:https://access.redhat.com/errata/rhsa-2019:2938

Trust: 1.9

url:https://support.apple.com/kb/ht213189

Trust: 1.8

url:https://security.netapp.com/advisory/ntap-20190814-0001/

Trust: 1.8

url:http://seclists.org/fulldisclosure/2022/mar/23

Trust: 1.8

url:https://github.com/fasterxml/jackson-databind/compare/jackson-databind-2.9.9.1...jackson-databind-2.9.9.2

Trust: 1.8

url:https://github.com/fasterxml/jackson-databind/issues/2387

Trust: 1.8

url:https://www.oracle.com/security-alerts/cpuapr2021.html

Trust: 1.8

url:https://www.oracle.com/security-alerts/cpuapr2020.html

Trust: 1.8

url:https://www.oracle.com/security-alerts/cpujan2020.html

Trust: 1.8

url:https://www.oracle.com/security-alerts/cpuoct2020.html

Trust: 1.8

url:https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

Trust: 1.8

url:https://access.redhat.com/errata/rhba-2019:2824

Trust: 1.8

url:https://access.redhat.com/errata/rhsa-2019:2936

Trust: 1.8

url:https://access.redhat.com/errata/rhsa-2019:2998

Trust: 1.8

url:https://access.redhat.com/errata/rhsa-2019:3149

Trust: 1.8

url:https://access.redhat.com/errata/rhsa-2019:3200

Trust: 1.8

url:https://access.redhat.com/errata/rhsa-2019:3292

Trust: 1.8

url:https://access.redhat.com/errata/rhsa-2019:3297

Trust: 1.8

url:https://access.redhat.com/errata/rhsa-2020:0727

Trust: 1.8

url:https://lists.apache.org/thread.html/0d4b630d9ee724aee50703397d9d1afa2b2befc9395ba7797d0ccea9%40%3cdev.tomee.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/0fcef7321095ce0bc597d468d150cff3d647f4cb3aef3bd4d20e1c69%40%3ccommits.tinkerpop.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/2766188be238a446a250ef76801037d452979152d85bce5e46805815%40%3cissues.iceberg.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/2d2a76440becb610b9a9cb49b15eac3934b02c2dbcaacde1000353e4%40%3cdev.tomee.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/34717424b4d08b74f65c09a083d6dd1cb0763f37a15d6de135998c1d%40%3cdev.tomee.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3cdev.drill.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/525bcf949a4b0da87a375cbad2680b8beccde749522f24c49befe7fb%40%3ccommits.pulsar.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/56c8042873595b8c863054c7bfccab4bf2c01c6f5abedae249d914b9%40%3cdev.tomee.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/5ecc333113b139429f4f05000d4aa2886974d4df3269c1dd990bb319%40%3cdev.tomee.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/5fc0e16b7af2590bf1e97c76c136291c4fdb244ee63c65c485c9a7a1%40%3cdev.tomee.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/6788e4c991f75b89d290ad06b463fcd30bcae99fee610345a35b7bc6%40%3cissues.iceberg.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/689c6bcc6c7612eee71e453a115a4c8581e7b718537025d4b265783d%40%3cissues.iceberg.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/75f482fdc84abe6d0c8f438a76437c335a7bbeb5cddd4d70b4bc0cbf%40%3cissues.iceberg.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/859815b2e9f1575acbb2b260b73861c16ca49bca627fa0c46419051f%40%3cissues.iceberg.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/8723b52c2544e6cb804bc8a36622c584acd1bd6c53f2b6034c9fea54%40%3cissues.iceberg.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/87e46591de8925f719664a845572d184027258c5a7af0a471b53c77b%40%3cdev.tomee.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef%40%3cdev.struts.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/99944f86abefde389da9b4040ea2327c6aa0b53a2ff9352bd4cfec17%40%3cissues.iceberg.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3cdev.drill.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/d161ff3d59c5a8213400dd6afb1cce1fac4f687c32d1e0c0bfbfaa2d%40%3cissues.iceberg.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/e25e734c315f70d8876a846926cfe3bfa1a4888044f146e844caf72f%40%3ccommits.ambari.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/ee0a051428d2c719acfa297d0854a189ea5e284ef3ed491fa672f4be%40%3cdev.tomee.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/f17f63b0f8a57e4a5759e01d25cffc0548f0b61ff5c6bfd704ad2f2a%40%3ccommits.ambari.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3cissues.drill.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3cissues.bookkeeper.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3cissues.geode.apache.org%3e

Trust: 1.0

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ovrzdn2t6az6djczj3vsiqivhbvmvwbl/

Trust: 1.0

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/txrvxnrfhjsqwfhprjqri5upmz63b544/

Trust: 1.0

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ukuale2tuckekohe2d342pqxn4mwcslc/

Trust: 1.0

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ukuale2tuckekohe2d342pqxn4mwcslc/

Trust: 0.8

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ovrzdn2t6az6djczj3vsiqivhbvmvwbl/

Trust: 0.8

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/txrvxnrfhjsqwfhprjqri5upmz63b544/

Trust: 0.8

url:https://lists.apache.org/thread.html/e25e734c315f70d8876a846926cfe3bfa1a4888044f146e844caf72f@%3ccommits.ambari.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/f17f63b0f8a57e4a5759e01d25cffc0548f0b61ff5c6bfd704ad2f2a@%3ccommits.ambari.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3cissues.bookkeeper.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3cdev.drill.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3cdev.drill.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3cissues.drill.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3cissues.geode.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/75f482fdc84abe6d0c8f438a76437c335a7bbeb5cddd4d70b4bc0cbf@%3cissues.iceberg.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/689c6bcc6c7612eee71e453a115a4c8581e7b718537025d4b265783d@%3cissues.iceberg.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/99944f86abefde389da9b4040ea2327c6aa0b53a2ff9352bd4cfec17@%3cissues.iceberg.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/d161ff3d59c5a8213400dd6afb1cce1fac4f687c32d1e0c0bfbfaa2d@%3cissues.iceberg.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/2766188be238a446a250ef76801037d452979152d85bce5e46805815@%3cissues.iceberg.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/8723b52c2544e6cb804bc8a36622c584acd1bd6c53f2b6034c9fea54@%3cissues.iceberg.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/859815b2e9f1575acbb2b260b73861c16ca49bca627fa0c46419051f@%3cissues.iceberg.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/6788e4c991f75b89d290ad06b463fcd30bcae99fee610345a35b7bc6@%3cissues.iceberg.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/525bcf949a4b0da87a375cbad2680b8beccde749522f24c49befe7fb@%3ccommits.pulsar.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef@%3cdev.struts.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/0fcef7321095ce0bc597d468d150cff3d647f4cb3aef3bd4d20e1c69@%3ccommits.tinkerpop.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/56c8042873595b8c863054c7bfccab4bf2c01c6f5abedae249d914b9@%3cdev.tomee.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/0d4b630d9ee724aee50703397d9d1afa2b2befc9395ba7797d0ccea9@%3cdev.tomee.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/ee0a051428d2c719acfa297d0854a189ea5e284ef3ed491fa672f4be@%3cdev.tomee.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/2d2a76440becb610b9a9cb49b15eac3934b02c2dbcaacde1000353e4@%3cdev.tomee.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/34717424b4d08b74f65c09a083d6dd1cb0763f37a15d6de135998c1d@%3cdev.tomee.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/5ecc333113b139429f4f05000d4aa2886974d4df3269c1dd990bb319@%3cdev.tomee.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/87e46591de8925f719664a845572d184027258c5a7af0a471b53c77b@%3cdev.tomee.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/5fc0e16b7af2590bf1e97c76c136291c4fdb244ee63c65c485c9a7a1@%3cdev.tomee.apache.org%3e

Trust: 0.8

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-14379

Trust: 0.8

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.7

url:https://access.redhat.com/security/team/contact/

Trust: 0.7

url:https://access.redhat.com/security/cve/cve-2019-14379

Trust: 0.7

url:https://bugzilla.redhat.com/):

Trust: 0.6

url:https://issues.jboss.org/):

Trust: 0.6

url:https://www.ibm.com/support/pages/node/1118283

Trust: 0.6

url:https://www.ibm.com/support/pages/node/1086039

Trust: 0.6

url:https://www.ibm.com/support/pages/node/1285282

Trust: 0.6

url:https://www.ibm.com/support/pages/node/1072724

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.3074/

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022060909

Trust: 0.6

url:https://packetstormsecurity.com/files/155382/red-hat-security-advisory-2019-3901-01.html

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-android-mobile-sdk-compile-builder-includes-vulnerable-components/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.4754/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-fasterxml-jackson-databind-affect-apache-solr-shipped-with-ibm-operations-analytics-log-analysis/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.4588/

Trust: 0.6

url:https://packetstormsecurity.com/files/166313/apple-security-advisory-2022-03-14-7.html

Trust: 0.6

url:https://www.oracle.com/security-alerts/cpujan2020verbose.html

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-jackson-databind-affect-ibm-sterling-b2b-integrator-2/

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021042826

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cognos-business-intelligence-has-addressed-multiple-vulnerabilities-q12021/

Trust: 0.6

url:https://support.apple.com/en-us/ht213189

Trust: 0.6

url:https://packetstormsecurity.com/files/154469/red-hat-security-advisory-2019-2743-01.html

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cognos-analytics-has-addressed-multiple-vulnerabilities-3/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1573

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.3643/

Trust: 0.6

url:https://vigilance.fr/vulnerability/jackson-databind-code-execution-via-subtypevalidator-30021

Trust: 0.6

url:https://www.ibm.com/support/pages/node/1106763

Trust: 0.6

url:https://packetstormsecurity.com/files/156941/red-hat-security-advisory-2020-0983-01.html

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-release-for-ibm-security-identity-governance-and-intelligence-in-response-to-security-vulnerabilities-2/

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021050708

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.3481/

Trust: 0.6

url:https://packetstormsecurity.com/files/162493/red-hat-security-advisory-2021-1515-01.html

Trust: 0.6

url:http://www.nsfocus.net/vulndb/45801

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.0832/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1437

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.4323/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.3836/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-affect-ibm-network-performance-insight-cve-2019-14379-cve-2019-17531-cve-2019-14439-and-cve-2019-14540/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.4370/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.0381/

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022031501

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.1076/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-affects-ibm-jazz-foundation-and-ibm-engineering-products/

Trust: 0.6

url:https://packetstormsecurity.com/files/156628/red-hat-security-advisory-2020-0727-01.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.1440/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-fasterxml-jackson-databind-affect-ibm-spectrum-protect-plus-cve-2019-16943-cve-2019-16942-cve-2019-17531-cve-2019-17267-cve-2019-14540-cve-2019-163/

Trust: 0.6

url:https://packetstormsecurity.com/files/162350/red-hat-security-advisory-2021-1230-01.html

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2019-10184

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2019-12086

Trust: 0.5

url:https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2019-12814

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2019-10184

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2019-12814

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2019-12086

Trust: 0.5

url:https://access.redhat.com/articles/11258

Trust: 0.3

url:https://access.redhat.com/security/team/key/

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-10202

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-10202

Trust: 0.3

url:https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/html-single/installation_guide/

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-10212

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-10212

Trust: 0.3

url:https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-12384

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-12384

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-36189

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2018-19360

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-36188

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2018-14720

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2018-14718

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-20190

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2018-14718

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-36179

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2018-19361

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-36185

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-35490

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2018-14719

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2018-14719

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-36180

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2018-14720

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-35491

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-35490

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-35728

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-36180

Trust: 0.2

url:https://listman.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-36181

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-35491

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-36182

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-36183

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-36186

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2018-19360

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-24750

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-36187

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2018-19362

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-36183

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2018-19362

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-36188

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2018-14721

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-36179

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-36182

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-36185

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2018-14721

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-24750

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-36186

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-36187

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-36189

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-36184

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-36181

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-36184

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-20190

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2018-19361

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-35728

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-14832

Trust: 0.2

url:https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.3/

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-14820

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-14832

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-14820

Trust: 0.2

url:https://cwe.mitre.org/data/definitions/1321.html

Trust: 0.1

url:http://tools.cisco.com/security/center/viewalert.x?alertid=60520

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://github.com/galimba/jackson-deserialization-poc

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22604

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22602

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22607

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22608

Trust: 0.1

url:https://support.apple.com/ht213189.

Trust: 0.1

url:https://developer.apple.com/xcode/downloads/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22606

Trust: 0.1

url:https://support.apple.com/en-us/ht201222.

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22601

Trust: 0.1

url:https://www.apple.com/support/security/pgp/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22605

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-44228

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22603

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3449

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3449

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.6/updating/updating-cluster

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:1230

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel

Trust: 0.1

url:https://access.redhat.com/errata/rhba-2021:1232

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-2163

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-15586

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.7/logging/cluster-logging-u

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-16845

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-16845

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-15586

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:1515

Trust: 0.1

url:https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=appplatform&downloadtype=securitypatches&version=7.2

Trust: 0.1

url:https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=core.service.rhsso&downloadtype=securitypatches&version=7.3

Trust: 0.1

sources: VULHUB: VHN-146319 // VULMON: CVE-2019-14379 // JVNDB: JVNDB-2019-007329 // PACKETSTORM: 166313 // PACKETSTORM: 162350 // PACKETSTORM: 154843 // PACKETSTORM: 162493 // PACKETSTORM: 154687 // PACKETSTORM: 154850 // PACKETSTORM: 154672 // PACKETSTORM: 154665 // CNNVD: CNNVD-201907-1434 // NVD: CVE-2019-14379

CREDITS

Red Hat

Trust: 1.3

sources: PACKETSTORM: 162350 // PACKETSTORM: 154843 // PACKETSTORM: 162493 // PACKETSTORM: 154687 // PACKETSTORM: 154850 // PACKETSTORM: 154672 // PACKETSTORM: 154665 // CNNVD: CNNVD-201907-1434

SOURCES

db:VULHUBid:VHN-146319
db:VULMONid:CVE-2019-14379
db:JVNDBid:JVNDB-2019-007329
db:PACKETSTORMid:166313
db:PACKETSTORMid:162350
db:PACKETSTORMid:154843
db:PACKETSTORMid:162493
db:PACKETSTORMid:154687
db:PACKETSTORMid:154850
db:PACKETSTORMid:154672
db:PACKETSTORMid:154665
db:CNNVDid:CNNVD-201907-1434
db:NVDid:CVE-2019-14379

LAST UPDATE DATE

2024-11-07T20:17:28.948000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-146319date:2022-12-02T00:00:00
db:VULMONid:CVE-2019-14379date:2022-12-02T00:00:00
db:JVNDBid:JVNDB-2019-007329date:2019-08-07T00:00:00
db:CNNVDid:CNNVD-201907-1434date:2022-12-05T00:00:00
db:NVDid:CVE-2019-14379date:2023-11-07T03:04:54.240

SOURCES RELEASE DATE

db:VULHUBid:VHN-146319date:2019-07-29T00:00:00
db:VULMONid:CVE-2019-14379date:2019-07-29T00:00:00
db:JVNDBid:JVNDB-2019-007329date:2019-08-07T00:00:00
db:PACKETSTORMid:166313date:2022-03-15T15:45:58
db:PACKETSTORMid:162350date:2021-04-27T15:37:46
db:PACKETSTORMid:154843date:2019-10-14T20:22:22
db:PACKETSTORMid:162493date:2021-05-06T15:03:00
db:PACKETSTORMid:154687date:2019-09-30T18:22:22
db:PACKETSTORMid:154850date:2019-10-15T00:11:31
db:PACKETSTORMid:154672date:2019-09-30T18:22:22
db:PACKETSTORMid:154665date:2019-09-30T19:22:22
db:CNNVDid:CNNVD-201907-1434date:2019-07-29T00:00:00
db:NVDid:CVE-2019-14379date:2019-07-29T12:15:16.633