ID

VAR-201907-0806


CVE

CVE-2019-14379


TITLE

FasterXML jackson-databind Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-007329

DESCRIPTION

SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code execution. FasterXML jackson-databind Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. FasterXML Jackson is a data processing tool for Java developed by American FasterXML Company. jackson-databind is one of the components with data binding function. The SubTypeValidator.java file in versions earlier than FasterXML jackson-databind 2.9.9.2 has an input validation error vulnerability. An attacker could exploit this vulnerability to execute code. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2022-03-14-7 Xcode 13.3 Xcode 13.3 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213189. iTMSTransporter Available for: macOS Monterey 12 and later Impact: Multiple issues in iTMSTransporter Description: Multiple issues were addressed with updating FasterXML jackson-databind and Apache Log4j2. CVE-2019-14379 CVE-2021-44228 otool Available for: macOS Monterey 12 and later Impact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2022-22601: hjy79425575 CVE-2022-22602: hjy79425575 CVE-2022-22603: hjy79425575 CVE-2022-22604: hjy79425575 CVE-2022-22605: hjy79425575 CVE-2022-22606: hjy79425575 CVE-2022-22607: hjy79425575 CVE-2022-22608: hjy79425575 Additional recognition iTMSTransporter We would like to acknowledge Anthony Shaw of Microsoft for their assistance. ld64 We would like to acknowledge Pan ZhenPeng (@Peterpan0927) of Alibaba Security Pandora Lab for their assistance. Xcode IDE We would like to acknowledge an anonymous researcher for their assistance. Xcode 13.3 may be obtained from: https://developer.apple.com/xcode/downloads/ To check that the Xcode has been updated: * Select Xcode in the menu bar * Select About Xcode * The version after applying this update will be "Xcode 13.3". All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222. Solution: For OpenShift Container Platform 4.1 see the following documentation, which will be updated shortly for release 4.1.18, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.openshift.com/container-platform/4.1/release_notes/ocp-4-1-rel ease-notes.html 4. Summary: Openshift Logging Bug Fix Release (5.0.3) This release includes a security update. JIRA issues fixed (https://issues.jboss.org/): LOG-1224 - Release 5.0 - ClusterLogForwarder namespace-specific log forwarding does not work as expected LOG-1232 - 5.0 - Bug 1859004 - Sometimes the eventrouter couldn't gather event logs. LOG-1234 - CVE-2020-15586 CVE-2020-16845 openshift-eventrouter: various flaws [openshift-4] LOG-1299 - Release 5.0 Forwarding logs to Kafka using Chained certificates fails with error "state=error: certificate verify failed (unable to get local issuer certificate)" 5. The References section of this erratum contains a download link (you must log in to download the update). The JBoss server process must be restarted for the update to take effect. See the Red Hat JBoss Enterprise Application Platform 7.2.4 Release Notes for information about the most significant bug fixes and enhancements included in this release. Security Fix(es): * jackson-databind: default typing mishandling leading to remote code execution (CVE-2019-14379) * jackson-databind: failure to block the logback-core class from polymorphic deserialization leading to remote code execution (CVE-2019-12384) * jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server via crafted JSON message (CVE-2019-12814) * undertow: DEBUG log for io.undertow.request.security if enabled leaks credentials to log files (CVE-2019-10212) * codehaus: incomplete fix for unsafe deserialization in jackson-databind vulnerabilities (CVE-2019-10202) * jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server (CVE-2019-12086) * undertow: Information leak in requests for directories without trailing slashes (CVE-2019-10184) 4. Solution: Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications. Bugs fixed (https://bugzilla.redhat.com/): 1713068 - CVE-2019-10184 undertow: Information leak in requests for directories without trailing slashes 1713468 - CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server. 1725795 - CVE-2019-12814 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server via crafted JSON message. JIRA issues fixed (https://issues.jboss.org/): JBEAP-16455 - [GSS](7.2.z) Upgrade Infinispan from 9.3.6 to 9.3.7 JBEAP-16779 - [GSS](7.2.z) Upgrade Hibernate ORM from 5.3.10 to 5.3.11 JBEAP-17045 - [GSS](7.2.z) Upgrade JSF based on Mojarra 2.3.5.SP3-redhat-00001 to 2.3.5.SP3-redhat-00002 JBEAP-17062 - [GSS](7.2.z) Upgrade Artemis from 2.7.0.redhat-00057 to 2.9.0.redhat-00005 JBEAP-17073 - [GSS](7.2.z) Upgrade jboss-ejb-client from 4.0.20 to 4.0.23 JBEAP-17109 - (7.2.z) Upgrade XNIO from 3.6.6.Final-redhat-00001 to 3.7.3.Final-redhat-00001 JBEAP-17112 - [GSS](7.2.z) Upgrade JBoss Remoting from 5.0.12 to 5.0.14.SP1 JBEAP-17142 - Tracker bug for the EAP 7.2.4 release for RHEL-6 JBEAP-17162 - [GSS](7.2.z) Upgrade jgroups from 4.0.19 to 4.0.20 JBEAP-17178 - (7.2.z) Upgrade IronJacamar from 1.4.16.Final to 1.4.17.Final JBEAP-17182 - (7.2.z) Upgrade PicketLink from 2.5.5.SP12-redhat-00006 to 2.5.5.SP12-redhat-00007 JBEAP-17183 - (7.2.z) Upgrade PicketLink bindings from 2.5.5.SP12-redhat-00006 to 2.5.5.SP12-redhat-00007 JBEAP-17223 - [GSS](7.2.z) Upgrade WildFly Core from 6.0.15 to 6.0.16 JBEAP-17238 - [GSS](7.2.z) Upgrade HAL from 3.0.13 to 3.0.16 JBEAP-17250 - [GSS](7.2.z) Upgrade JBoss MSC from 1.4.5 to 1.4.8 JBEAP-17271 - [GSS](7.2.z) Upgrade jboss-logmanager from 2.1.7.Final-redhat-00001 to 2.1.14.Final-redhat-00001 JBEAP-17273 - [GSS](7.2.z) Upgrade jboss-logging from 3.3.2.Final-redhat-00001 to 3.3.3.Final-redhat-00001 JBEAP-17274 - [GSS](7.2.z) Upgrade Wildfly Elytron from 1.6.3.Final-redhat-00001 to 1.6.4.Final-redhat-00001 JBEAP-17276 - [GSS](7.2.z) Upgrade wildfly-transaction-client from 1.1.4.Final-redhat-00001 to 1.1.6.Final-redhat-00001 JBEAP-17277 - [GSS](7.2.z) Upgrade Undertow from 2.0.22 to 2.0.25.SP1 JBEAP-17278 - [GSS](7.2.z) Upgrade JBoss Marshalling from 2.0.7 to 2.0.9 JBEAP-17294 - [GSS](7.2.z) Upgrade weld from 3.0.6.Final-redhat-00001 to 3.0.6.Final-redhat-00002 JBEAP-17311 - [GSS](7.2.z) Upgrade jboss-jaxrs-api_2.1_spec from 1.0.1.Final-redhat-00001 to 1.0.3.Final-redhat-00001 JBEAP-17320 - [GSS](7.2.z) Upgrade PicketBox from 5.0.3.Final-redhat-3 to 5.0.3.Final-redhat-00004 JBEAP-17321 - [GSS](7.2.z) Upgrade Narayana from 5.9.3.Final to 5.9.6.Final JBEAP-17334 - (7.2.z) Upgrade Elytron-Tool from 1.4.2 to 1.4.3.Final JBEAP-17527 - [GSS](7.2.z) Upgrade Hibernate ORM from 5.3.11 to 5.3.11.SP1 7. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: rh-maven35-jackson-databind security update Advisory ID: RHSA-2019:2743-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2019:2743 Issue date: 2019-09-12 CVE Names: CVE-2019-14379 ==================================================================== 1. Summary: An update for rh-maven35-jackson-databind is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch 3. Description: The jackson-databind package provides general data-binding functionality for Jackson, which works on top of Jackson core streaming API. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Package List: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7): Source: rh-maven35-jackson-databind-2.7.6-2.7.el7.src.rpm noarch: rh-maven35-jackson-databind-2.7.6-2.7.el7.noarch.rpm rh-maven35-jackson-databind-javadoc-2.7.6-2.7.el7.noarch.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7): Source: rh-maven35-jackson-databind-2.7.6-2.7.el7.src.rpm noarch: rh-maven35-jackson-databind-2.7.6-2.7.el7.noarch.rpm rh-maven35-jackson-databind-javadoc-2.7.6-2.7.el7.noarch.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4): Source: rh-maven35-jackson-databind-2.7.6-2.7.el7.src.rpm noarch: rh-maven35-jackson-databind-2.7.6-2.7.el7.noarch.rpm rh-maven35-jackson-databind-javadoc-2.7.6-2.7.el7.noarch.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5): Source: rh-maven35-jackson-databind-2.7.6-2.7.el7.src.rpm noarch: rh-maven35-jackson-databind-2.7.6-2.7.el7.noarch.rpm rh-maven35-jackson-databind-javadoc-2.7.6-2.7.el7.noarch.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6): Source: rh-maven35-jackson-databind-2.7.6-2.7.el7.src.rpm noarch: rh-maven35-jackson-databind-2.7.6-2.7.el7.noarch.rpm rh-maven35-jackson-databind-javadoc-2.7.6-2.7.el7.noarch.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7): Source: rh-maven35-jackson-databind-2.7.6-2.7.el7.src.rpm noarch: rh-maven35-jackson-databind-2.7.6-2.7.el7.noarch.rpm rh-maven35-jackson-databind-javadoc-2.7.6-2.7.el7.noarch.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7): Source: rh-maven35-jackson-databind-2.7.6-2.7.el7.src.rpm noarch: rh-maven35-jackson-databind-2.7.6-2.7.el7.noarch.rpm rh-maven35-jackson-databind-javadoc-2.7.6-2.7.el7.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2019-14379 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXXoxo9zjgjWX9erEAQgnUQ//VHrxWLcryArhSsnrUbUtyWNHlQTS9i98 dG0A3Pw+0NRsZN6LWaqpd3DMOa4Lf7cotCfYwD4aKSBqSH443pF9H2rqQoER8iF4 GVNAfoRrjhqur0NcBVO11EeuxNPIH84hc583f5dr3LtekFdhsANXRY7F5JV/lUuB 3YXzcUFjr9N8mcEr0c7pv95Zo/tLKXrgyYcPebb/lgj65W1t2NdyQ1ZgoZ9XmKcQ VNQsRxPcaEnOCaHOj5SwRO8BvKAi2DUuu+zg3Lv2hmn0Z0XKnvk7T5dbZlXxxRCi Hjq5tnmS5KQPnFpz3xbQgX7ZyuILPnnag65VOx5AvGF0HdL7Nx3Pbvtt0fUue3Ip sEqbV+LnQPZWlg3alXBIDNzFiergRcyVr+ke+pPsgGfajPE2T9ki3oTioswp3Vuk Ls8BxWb6Q1ZBaGooKRNPeTs52jncQR5k9Jf4QUuKv7WNzT6HQB9doDasUdqgUncu vSvJlrynR3Pu1mEpyAfhnwL+np6VvHzeALGZg0YKhHnu+y2Mj22sj/WXiH1fKKTZ qBxPJLZX6qAbH8za5ozPzPKgN1X1WO3ZyPqTte1AG5aWjUCykUM35HVSs7lnIMMP q2VpUBZPTs8pOlJA+zGqzFoyd/9lW3xMQioVh+OtkPh7RBkQcGa1XSBiwMl8dLOg gGTyKk3fb1A=gNa6 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 2.43

sources: NVD: CVE-2019-14379 // JVNDB: JVNDB-2019-007329 // VULHUB: VHN-146319 // VULMON: CVE-2019-14379 // PACKETSTORM: 154913 // PACKETSTORM: 166313 // PACKETSTORM: 154649 // PACKETSTORM: 162493 // PACKETSTORM: 154687 // PACKETSTORM: 154672 // PACKETSTORM: 154469

AFFECTED PRODUCTS

vendor:fasterxmlmodel:jackson-databindscope:ltversion:2.9.9.2

Trust: 1.8

vendor:oraclemodel:retail xstore point of servicescope:eqversion:17.0

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:8.0

Trust: 1.0

vendor:oraclemodel:primavera unifierscope:lteversion:17.12

Trust: 1.0

vendor:oraclemodel:retail xstore point of servicescope:eqversion:16.0

Trust: 1.0

vendor:oraclemodel:goldengate stream analyticsscope:ltversion:19.1.0.0.1

Trust: 1.0

vendor:oraclemodel:jd edwards enterpriseone toolsscope:eqversion:9.2

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:eqversion:18.8.0

Trust: 1.0

vendor:oraclemodel:banking platformscope:eqversion:2.6.0

Trust: 1.0

vendor:oraclemodel:primavera unifierscope:eqversion:16.2

Trust: 1.0

vendor:fasterxmlmodel:jackson-databindscope:ltversion:2.7.9.6

Trust: 1.0

vendor:redhatmodel:jboss enterprise application platformscope:eqversion:7.2

Trust: 1.0

vendor:oraclemodel:communications diameter signaling routerscope:eqversion:8.2

Trust: 1.0

vendor:oraclemodel:communications instant messaging serverscope:eqversion:10.0.1.3.0

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:30

Trust: 1.0

vendor:oraclemodel:siebel engineering - installer \& deploymentscope:lteversion:19.8

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:eqversion:16.2

Trust: 1.0

vendor:fasterxmlmodel:jackson-databindscope:gteversion:2.0.0

Trust: 1.0

vendor:redhatmodel:openshift container platformscope:eqversion:4.1

Trust: 1.0

vendor:oraclemodel:communications diameter signaling routerscope:eqversion:8.0.0

Trust: 1.0

vendor:oraclemodel:financial services analytical applications infrastructurescope:gteversion:8.0.2

Trust: 1.0

vendor:netappmodel:oncommand workflow automationscope:eqversion: -

Trust: 1.0

vendor:oraclemodel:financial services analytical applications infrastructurescope:lteversion:8.0.8

Trust: 1.0

vendor:oraclemodel:retail customer management and segmentation foundationscope:eqversion:17.0

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:31

Trust: 1.0

vendor:redhatmodel:openshift container platformscope:eqversion:3.11

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:29

Trust: 1.0

vendor:oraclemodel:siebel ui frameworkscope:lteversion:19.10

Trust: 1.0

vendor:netappmodel:service level managerscope:eqversion: -

Trust: 1.0

vendor:netappmodel:active iq unified managerscope:gteversion:9.5

Trust: 1.0

vendor:oraclemodel:primavera unifierscope:gteversion:17.7

Trust: 1.0

vendor:netappmodel:active iq unified managerscope:gteversion:7.3

Trust: 1.0

vendor:oraclemodel:banking platformscope:eqversion:2.7.0

Trust: 1.0

vendor:netappmodel:snapcenterscope:eqversion: -

Trust: 1.0

vendor:oraclemodel:primavera unifierscope:eqversion:16.1

Trust: 1.0

vendor:fasterxmlmodel:jackson-databindscope:ltversion:2.6.7.3

Trust: 1.0

vendor:fasterxmlmodel:jackson-databindscope:gteversion:2.7.0

Trust: 1.0

vendor:oraclemodel:banking platformscope:eqversion:2.4.1

Trust: 1.0

vendor:oraclemodel:banking platformscope:eqversion:2.6.1

Trust: 1.0

vendor:fasterxmlmodel:jackson-databindscope:ltversion:2.8.11.4

Trust: 1.0

vendor:oraclemodel:banking platformscope:eqversion:2.5.0

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:eqversion:17.12

Trust: 1.0

vendor:redhatmodel:jboss enterprise application platformscope:eqversion:7.3

Trust: 1.0

vendor:oraclemodel:banking platformscope:eqversion:2.7.1

Trust: 1.0

vendor:oraclemodel:communications diameter signaling routerscope:eqversion:8.1

Trust: 1.0

vendor:oraclemodel:jd edwards enterpriseone orchestratorscope:eqversion:9.2

Trust: 1.0

vendor:oraclemodel:banking platformscope:eqversion:2.4.0

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:eqversion:15.2

Trust: 1.0

vendor:oraclemodel:retail xstore point of servicescope:eqversion:18.0

Trust: 1.0

vendor:fasterxmlmodel:jackson-databindscope:gteversion:2.8.0

Trust: 1.0

vendor:fasterxmlmodel:jackson-databindscope:gteversion:2.9.0

Trust: 1.0

vendor:oraclemodel:communications diameter signaling routerscope:eqversion:8.2.1

Trust: 1.0

vendor:oraclemodel:primavera unifierscope:eqversion:18.8

Trust: 1.0

vendor:oraclemodel:retail xstore point of servicescope:eqversion:15.0

Trust: 1.0

vendor:oraclemodel:retail xstore point of servicescope:eqversion:7.1

Trust: 1.0

vendor:applemodel:xcodescope:ltversion:13.3

Trust: 1.0

vendor:redhatmodel:single sign-onscope:eqversion:7.3

Trust: 1.0

sources: JVNDB: JVNDB-2019-007329 // NVD: CVE-2019-14379

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-14379
value: CRITICAL

Trust: 1.0

NVD: CVE-2019-14379
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201907-1434
value: CRITICAL

Trust: 0.6

VULHUB: VHN-146319
value: HIGH

Trust: 0.1

VULMON: CVE-2019-14379
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-14379
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-146319
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-14379
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2019-14379
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-146319 // VULMON: CVE-2019-14379 // JVNDB: JVNDB-2019-007329 // CNNVD: CNNVD-201907-1434 // NVD: CVE-2019-14379

PROBLEMTYPE DATA

problemtype:CWE-1321

Trust: 1.0

problemtype:CWE-20

Trust: 0.9

problemtype:CWE-915

Trust: 0.1

sources: VULHUB: VHN-146319 // JVNDB: JVNDB-2019-007329 // NVD: CVE-2019-14379

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201907-1434

TYPE

code execution

Trust: 0.7

sources: PACKETSTORM: 154913 // PACKETSTORM: 166313 // PACKETSTORM: 154649 // PACKETSTORM: 162493 // PACKETSTORM: 154687 // PACKETSTORM: 154672 // PACKETSTORM: 154469

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-007329

PATCH

title:Comparing changesurl:https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.9.1...jackson-databind-2.9.9.2

Trust: 0.8

title:Block one more gadget type (ehcache, CVE-2019-14379) #2387url:https://github.com/FasterXML/jackson-databind/issues/2387

Trust: 0.8

title:FasterXML jackson-databind Security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=95557

Trust: 0.6

title:Red Hat: Important: rh-maven35-jackson-databind security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192743 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Red Hat Process Automation Manager 7.5.0 Security Updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20193297 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Red Hat Decision Manager 7.5.0 Security Updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20193292 - Security Advisory

Trust: 0.1

title:Debian CVElist Bug Report Logs: jackson-databind: CVE-2019-14361 CVE-2019-14379url:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=a0e42c604708bdf7d86284f91b76327e

Trust: 0.1

title:Red Hat: Important: Red Hat OpenShift Application Runtimes Vert.x 3.8.3 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20193901 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Red Hat Single Sign-On 7.3.4 security update on RHEL 8url:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20193046 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.4 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192938 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Red Hat Single Sign-On 7.3.4 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20193050 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Red Hat Single Sign-On 7.3.4 security update on RHEL 7url:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20193045 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Red Hat Single Sign-On 7.3.4 security update on RHEL 6url:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20193044 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Red Hat OpenShift Application Runtimes Thorntail 2.5.0 security & bug fix updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192998 - Security Advisory

Trust: 0.1

title:Red Hat: CVE-2019-14379url:https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2019-14379

Trust: 0.1

title:Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.4 on RHEL 8 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192937 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.4 on RHEL 7 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192936 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.4 on RHEL 6 Security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192935 - Security Advisory

Trust: 0.1

title:IBM: IBM Security Bulletin: IBM Security Guardium is affected by a jackson-databind vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=8e202227ddeed5e361f0c0e3dbbf0fe3

Trust: 0.1

title:Red Hat: Important: Red Hat Data Grid 7.3.3 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20200727 - Security Advisory

Trust: 0.1

title:IBM: IBM Security Bulletin: Vulnerabilities in FasterXML Jackson libraries affect IBM Cúram Social Program Management (CVE-2019-14439, CVE-2019-14379, CVE-2019-12814, CVE-2019-12086)url:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=7577d61736064271602a887577c2f766

Trust: 0.1

title:Red Hat: Important: Red Hat Fuse 7.6.0 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20200983 - Security Advisory

Trust: 0.1

title:Red Hat: Important: OpenShift Container Platform 4.1.18 logging-elasticsearch5 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192858 - Security Advisory

Trust: 0.1

title:Red Hat: Important: OpenShift Container Platform logging-elasticsearch5-container security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20193149 - Security Advisory

Trust: 0.1

title:Hitachi Security Advisories: Multiple Vulnerabilities in Hitachi Ops Center Analyzer viewpointurl:https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories&qid=hitachi-sec-2020-109

Trust: 0.1

title:Hitachi Security Advisories: Multiple Vulnerabilities in Cosminexusurl:https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories&qid=hitachi-sec-2021-109

Trust: 0.1

title:IBM: Security Bulletin: z/Transaction Processing Facility is affected by multiple vulnerabilities in the jackson-databind, jackson-dataformat-xml, jackson-core, slf4j-ext, and cxf-core packagesurl:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=f974282a27702bae4111bf7716ee6cf6

Trust: 0.1

title:IBM: Security Bulletin: Multiple vulnerabilities in Data-Binding for Jackson shipped with IBM Operations Analytics – Log Analysisurl:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=1db4c8cb14383c63d0c04205c943ef8a

Trust: 0.1

title:IBM: Security Bulletin: IBM Cognos Analytics has addressed multiple vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=2ec7385c474071281be069b54d841de6

Trust: 0.1

title:commonsurl:https://github.com/heike2718/commons

Trust: 0.1

title:Jackson-deserialization-PoCurl:https://github.com/galimba/Jackson-deserialization-PoC

Trust: 0.1

title:cybsecurl:https://github.com/ilmari666/cybsec

Trust: 0.1

sources: VULMON: CVE-2019-14379 // JVNDB: JVNDB-2019-007329 // CNNVD: CNNVD-201907-1434

EXTERNAL IDS

db:NVDid:CVE-2019-14379

Trust: 3.3

db:PACKETSTORMid:166313

Trust: 0.8

db:PACKETSTORMid:154469

Trust: 0.8

db:PACKETSTORMid:162493

Trust: 0.8

db:JVNDBid:JVNDB-2019-007329

Trust: 0.8

db:PACKETSTORMid:162350

Trust: 0.7

db:CNNVDid:CNNVD-201907-1434

Trust: 0.7

db:CS-HELPid:SB2022060909

Trust: 0.6

db:CS-HELPid:SB2022031501

Trust: 0.6

db:CS-HELPid:SB2021050708

Trust: 0.6

db:CS-HELPid:SB2021042826

Trust: 0.6

db:AUSCERTid:ESB-2019.4754

Trust: 0.6

db:AUSCERTid:ESB-2019.4370

Trust: 0.6

db:AUSCERTid:ESB-2019.3481

Trust: 0.6

db:AUSCERTid:ESB-2019.4323

Trust: 0.6

db:AUSCERTid:ESB-2020.1076

Trust: 0.6

db:AUSCERTid:ESB-2019.4588

Trust: 0.6

db:AUSCERTid:ESB-2020.1440

Trust: 0.6

db:AUSCERTid:ESB-2021.1573

Trust: 0.6

db:AUSCERTid:ESB-2019.3074

Trust: 0.6

db:AUSCERTid:ESB-2021.1437

Trust: 0.6

db:AUSCERTid:ESB-2019.3836

Trust: 0.6

db:AUSCERTid:ESB-2019.3643

Trust: 0.6

db:AUSCERTid:ESB-2020.0381

Trust: 0.6

db:AUSCERTid:ESB-2020.0832

Trust: 0.6

db:PACKETSTORMid:155382

Trust: 0.6

db:PACKETSTORMid:156941

Trust: 0.6

db:PACKETSTORMid:156628

Trust: 0.6

db:NSFOCUSid:45801

Trust: 0.6

db:VULHUBid:VHN-146319

Trust: 0.1

db:VULMONid:CVE-2019-14379

Trust: 0.1

db:PACKETSTORMid:154913

Trust: 0.1

db:PACKETSTORMid:154649

Trust: 0.1

db:PACKETSTORMid:154687

Trust: 0.1

db:PACKETSTORMid:154672

Trust: 0.1

sources: VULHUB: VHN-146319 // VULMON: CVE-2019-14379 // JVNDB: JVNDB-2019-007329 // PACKETSTORM: 154913 // PACKETSTORM: 166313 // PACKETSTORM: 154649 // PACKETSTORM: 162493 // PACKETSTORM: 154687 // PACKETSTORM: 154672 // PACKETSTORM: 154469 // CNNVD: CNNVD-201907-1434 // NVD: CVE-2019-14379

REFERENCES

url:https://access.redhat.com/errata/rhsa-2019:2743

Trust: 2.6

url:https://access.redhat.com/errata/rhsa-2019:2858

Trust: 2.5

url:https://www.oracle.com/security-alerts/cpujul2020.html

Trust: 2.4

url:https://lists.debian.org/debian-lts-announce/2019/08/msg00011.html

Trust: 2.4

url:https://access.redhat.com/errata/rhsa-2019:3044

Trust: 2.4

url:https://access.redhat.com/errata/rhsa-2019:3045

Trust: 2.4

url:https://access.redhat.com/errata/rhsa-2019:3046

Trust: 2.4

url:https://access.redhat.com/errata/rhsa-2019:3050

Trust: 2.4

url:https://access.redhat.com/errata/rhsa-2019:3901

Trust: 2.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-14379

Trust: 2.1

url:https://access.redhat.com/errata/rhsa-2019:2935

Trust: 1.9

url:https://access.redhat.com/errata/rhsa-2019:2938

Trust: 1.9

url:https://access.redhat.com/errata/rhsa-2019:3149

Trust: 1.9

url:https://support.apple.com/kb/ht213189

Trust: 1.8

url:https://security.netapp.com/advisory/ntap-20190814-0001/

Trust: 1.8

url:http://seclists.org/fulldisclosure/2022/mar/23

Trust: 1.8

url:https://github.com/fasterxml/jackson-databind/compare/jackson-databind-2.9.9.1...jackson-databind-2.9.9.2

Trust: 1.8

url:https://github.com/fasterxml/jackson-databind/issues/2387

Trust: 1.8

url:https://www.oracle.com/security-alerts/cpuapr2021.html

Trust: 1.8

url:https://www.oracle.com/security-alerts/cpuapr2020.html

Trust: 1.8

url:https://www.oracle.com/security-alerts/cpujan2020.html

Trust: 1.8

url:https://www.oracle.com/security-alerts/cpuoct2020.html

Trust: 1.8

url:https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

Trust: 1.8

url:https://access.redhat.com/errata/rhba-2019:2824

Trust: 1.8

url:https://access.redhat.com/errata/rhsa-2019:2936

Trust: 1.8

url:https://access.redhat.com/errata/rhsa-2019:2937

Trust: 1.8

url:https://access.redhat.com/errata/rhsa-2019:2998

Trust: 1.8

url:https://access.redhat.com/errata/rhsa-2019:3200

Trust: 1.8

url:https://access.redhat.com/errata/rhsa-2019:3292

Trust: 1.8

url:https://access.redhat.com/errata/rhsa-2019:3297

Trust: 1.8

url:https://access.redhat.com/errata/rhsa-2020:0727

Trust: 1.8

url:https://lists.apache.org/thread.html/0d4b630d9ee724aee50703397d9d1afa2b2befc9395ba7797d0ccea9%40%3cdev.tomee.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/0fcef7321095ce0bc597d468d150cff3d647f4cb3aef3bd4d20e1c69%40%3ccommits.tinkerpop.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/2766188be238a446a250ef76801037d452979152d85bce5e46805815%40%3cissues.iceberg.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/2d2a76440becb610b9a9cb49b15eac3934b02c2dbcaacde1000353e4%40%3cdev.tomee.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/34717424b4d08b74f65c09a083d6dd1cb0763f37a15d6de135998c1d%40%3cdev.tomee.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3cdev.drill.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/525bcf949a4b0da87a375cbad2680b8beccde749522f24c49befe7fb%40%3ccommits.pulsar.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/56c8042873595b8c863054c7bfccab4bf2c01c6f5abedae249d914b9%40%3cdev.tomee.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/5ecc333113b139429f4f05000d4aa2886974d4df3269c1dd990bb319%40%3cdev.tomee.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/5fc0e16b7af2590bf1e97c76c136291c4fdb244ee63c65c485c9a7a1%40%3cdev.tomee.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/6788e4c991f75b89d290ad06b463fcd30bcae99fee610345a35b7bc6%40%3cissues.iceberg.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/689c6bcc6c7612eee71e453a115a4c8581e7b718537025d4b265783d%40%3cissues.iceberg.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/75f482fdc84abe6d0c8f438a76437c335a7bbeb5cddd4d70b4bc0cbf%40%3cissues.iceberg.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/859815b2e9f1575acbb2b260b73861c16ca49bca627fa0c46419051f%40%3cissues.iceberg.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/8723b52c2544e6cb804bc8a36622c584acd1bd6c53f2b6034c9fea54%40%3cissues.iceberg.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/87e46591de8925f719664a845572d184027258c5a7af0a471b53c77b%40%3cdev.tomee.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef%40%3cdev.struts.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/99944f86abefde389da9b4040ea2327c6aa0b53a2ff9352bd4cfec17%40%3cissues.iceberg.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3cdev.drill.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/d161ff3d59c5a8213400dd6afb1cce1fac4f687c32d1e0c0bfbfaa2d%40%3cissues.iceberg.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/e25e734c315f70d8876a846926cfe3bfa1a4888044f146e844caf72f%40%3ccommits.ambari.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/ee0a051428d2c719acfa297d0854a189ea5e284ef3ed491fa672f4be%40%3cdev.tomee.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/f17f63b0f8a57e4a5759e01d25cffc0548f0b61ff5c6bfd704ad2f2a%40%3ccommits.ambari.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3cissues.drill.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3cissues.bookkeeper.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3cissues.geode.apache.org%3e

Trust: 1.0

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ovrzdn2t6az6djczj3vsiqivhbvmvwbl/

Trust: 1.0

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/txrvxnrfhjsqwfhprjqri5upmz63b544/

Trust: 1.0

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ukuale2tuckekohe2d342pqxn4mwcslc/

Trust: 1.0

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ukuale2tuckekohe2d342pqxn4mwcslc/

Trust: 0.8

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ovrzdn2t6az6djczj3vsiqivhbvmvwbl/

Trust: 0.8

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/txrvxnrfhjsqwfhprjqri5upmz63b544/

Trust: 0.8

url:https://lists.apache.org/thread.html/e25e734c315f70d8876a846926cfe3bfa1a4888044f146e844caf72f@%3ccommits.ambari.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/f17f63b0f8a57e4a5759e01d25cffc0548f0b61ff5c6bfd704ad2f2a@%3ccommits.ambari.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3cissues.bookkeeper.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3cdev.drill.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3cdev.drill.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3cissues.drill.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3cissues.geode.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/75f482fdc84abe6d0c8f438a76437c335a7bbeb5cddd4d70b4bc0cbf@%3cissues.iceberg.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/689c6bcc6c7612eee71e453a115a4c8581e7b718537025d4b265783d@%3cissues.iceberg.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/99944f86abefde389da9b4040ea2327c6aa0b53a2ff9352bd4cfec17@%3cissues.iceberg.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/d161ff3d59c5a8213400dd6afb1cce1fac4f687c32d1e0c0bfbfaa2d@%3cissues.iceberg.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/2766188be238a446a250ef76801037d452979152d85bce5e46805815@%3cissues.iceberg.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/8723b52c2544e6cb804bc8a36622c584acd1bd6c53f2b6034c9fea54@%3cissues.iceberg.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/859815b2e9f1575acbb2b260b73861c16ca49bca627fa0c46419051f@%3cissues.iceberg.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/6788e4c991f75b89d290ad06b463fcd30bcae99fee610345a35b7bc6@%3cissues.iceberg.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/525bcf949a4b0da87a375cbad2680b8beccde749522f24c49befe7fb@%3ccommits.pulsar.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef@%3cdev.struts.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/0fcef7321095ce0bc597d468d150cff3d647f4cb3aef3bd4d20e1c69@%3ccommits.tinkerpop.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/56c8042873595b8c863054c7bfccab4bf2c01c6f5abedae249d914b9@%3cdev.tomee.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/0d4b630d9ee724aee50703397d9d1afa2b2befc9395ba7797d0ccea9@%3cdev.tomee.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/ee0a051428d2c719acfa297d0854a189ea5e284ef3ed491fa672f4be@%3cdev.tomee.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/2d2a76440becb610b9a9cb49b15eac3934b02c2dbcaacde1000353e4@%3cdev.tomee.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/34717424b4d08b74f65c09a083d6dd1cb0763f37a15d6de135998c1d@%3cdev.tomee.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/5ecc333113b139429f4f05000d4aa2886974d4df3269c1dd990bb319@%3cdev.tomee.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/87e46591de8925f719664a845572d184027258c5a7af0a471b53c77b@%3cdev.tomee.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/5fc0e16b7af2590bf1e97c76c136291c4fdb244ee63c65c485c9a7a1@%3cdev.tomee.apache.org%3e

Trust: 0.8

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-14379

Trust: 0.8

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.6

url:https://access.redhat.com/security/team/contact/

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2019-14379

Trust: 0.6

url:https://www.ibm.com/support/pages/node/1118283

Trust: 0.6

url:https://www.ibm.com/support/pages/node/1086039

Trust: 0.6

url:https://www.ibm.com/support/pages/node/1285282

Trust: 0.6

url:https://www.ibm.com/support/pages/node/1072724

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.3074/

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022060909

Trust: 0.6

url:https://packetstormsecurity.com/files/155382/red-hat-security-advisory-2019-3901-01.html

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-android-mobile-sdk-compile-builder-includes-vulnerable-components/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.4754/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-fasterxml-jackson-databind-affect-apache-solr-shipped-with-ibm-operations-analytics-log-analysis/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.4588/

Trust: 0.6

url:https://packetstormsecurity.com/files/166313/apple-security-advisory-2022-03-14-7.html

Trust: 0.6

url:https://www.oracle.com/security-alerts/cpujan2020verbose.html

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-jackson-databind-affect-ibm-sterling-b2b-integrator-2/

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021042826

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cognos-business-intelligence-has-addressed-multiple-vulnerabilities-q12021/

Trust: 0.6

url:https://support.apple.com/en-us/ht213189

Trust: 0.6

url:https://packetstormsecurity.com/files/154469/red-hat-security-advisory-2019-2743-01.html

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cognos-analytics-has-addressed-multiple-vulnerabilities-3/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1573

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.3643/

Trust: 0.6

url:https://vigilance.fr/vulnerability/jackson-databind-code-execution-via-subtypevalidator-30021

Trust: 0.6

url:https://www.ibm.com/support/pages/node/1106763

Trust: 0.6

url:https://packetstormsecurity.com/files/156941/red-hat-security-advisory-2020-0983-01.html

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-release-for-ibm-security-identity-governance-and-intelligence-in-response-to-security-vulnerabilities-2/

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021050708

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.3481/

Trust: 0.6

url:https://packetstormsecurity.com/files/162493/red-hat-security-advisory-2021-1515-01.html

Trust: 0.6

url:http://www.nsfocus.net/vulndb/45801

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.0832/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1437

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.4323/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.3836/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-affect-ibm-network-performance-insight-cve-2019-14379-cve-2019-17531-cve-2019-14439-and-cve-2019-14540/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.4370/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.0381/

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022031501

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.1076/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-affects-ibm-jazz-foundation-and-ibm-engineering-products/

Trust: 0.6

url:https://packetstormsecurity.com/files/156628/red-hat-security-advisory-2020-0727-01.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.1440/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-fasterxml-jackson-databind-affect-ibm-spectrum-protect-plus-cve-2019-16943-cve-2019-16942-cve-2019-17531-cve-2019-17267-cve-2019-14540-cve-2019-163/

Trust: 0.6

url:https://packetstormsecurity.com/files/162350/red-hat-security-advisory-2021-1230-01.html

Trust: 0.6

url:https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.5

url:https://bugzilla.redhat.com/):

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2019-12086

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-12814

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-12384

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2019-12384

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2019-12814

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2019-12086

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2018-19360

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2018-14720

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2018-14718

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2018-14718

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2018-19361

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2018-14719

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2018-14719

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2018-14720

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2018-19360

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2018-19362

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2018-19362

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2018-14721

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2018-14721

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2018-19361

Trust: 0.3

url:https://issues.jboss.org/):

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2017-15095

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2018-12022

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2017-7525

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2018-7489

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2018-5968

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2018-10237

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2018-12023

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2017-17485

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2018-12023

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2018-12022

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2017-7525

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2018-11307

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2018-7489

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2018-10237

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2018-5968

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2017-17485

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2017-15095

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2018-11307

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-10184

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-10202

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-10202

Trust: 0.2

url:https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/html-single/installation_guide/

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-10212

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-10212

Trust: 0.2

url:https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-10184

Trust: 0.2

url:https://access.redhat.com/articles/11258

Trust: 0.2

url:https://access.redhat.com/security/team/key/

Trust: 0.2

url:https://cwe.mitre.org/data/definitions/1321.html

Trust: 0.1

url:http://tools.cisco.com/security/center/viewalert.x?alertid=60520

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://github.com/galimba/jackson-deserialization-poc

Trust: 0.1

url:https://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_r

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22604

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22602

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22607

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22608

Trust: 0.1

url:https://support.apple.com/ht213189.

Trust: 0.1

url:https://developer.apple.com/xcode/downloads/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22606

Trust: 0.1

url:https://support.apple.com/en-us/ht201222.

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22601

Trust: 0.1

url:https://www.apple.com/support/security/pgp/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22605

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-44228

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22603

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.1/release_notes/ocp-4-1-rel

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-2163

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-36188

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-36189

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-15586

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-20190

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-36179

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-36185

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-35490

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-36180

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-35491

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-35490

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-35728

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-36180

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.7/logging/cluster-logging-u

Trust: 0.1

url:https://listman.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-36181

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-35491

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-36182

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-36183

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-36186

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-24750

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-36187

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-36183

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-16845

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-36188

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-36179

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-36182

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-16845

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-36185

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-24750

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-36186

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-36187

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-36189

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-15586

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:1515

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-36184

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-36181

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-36184

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-20190

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-35728

Trust: 0.1

url:https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=appplatform&downloadtype=securitypatches&version=7.2

Trust: 0.1

sources: VULHUB: VHN-146319 // VULMON: CVE-2019-14379 // JVNDB: JVNDB-2019-007329 // PACKETSTORM: 154913 // PACKETSTORM: 166313 // PACKETSTORM: 154649 // PACKETSTORM: 162493 // PACKETSTORM: 154687 // PACKETSTORM: 154672 // PACKETSTORM: 154469 // CNNVD: CNNVD-201907-1434 // NVD: CVE-2019-14379

CREDITS

Red Hat

Trust: 1.2

sources: PACKETSTORM: 154913 // PACKETSTORM: 154649 // PACKETSTORM: 162493 // PACKETSTORM: 154687 // PACKETSTORM: 154672 // PACKETSTORM: 154469 // CNNVD: CNNVD-201907-1434

SOURCES

db:VULHUBid:VHN-146319
db:VULMONid:CVE-2019-14379
db:JVNDBid:JVNDB-2019-007329
db:PACKETSTORMid:154913
db:PACKETSTORMid:166313
db:PACKETSTORMid:154649
db:PACKETSTORMid:162493
db:PACKETSTORMid:154687
db:PACKETSTORMid:154672
db:PACKETSTORMid:154469
db:CNNVDid:CNNVD-201907-1434
db:NVDid:CVE-2019-14379

LAST UPDATE DATE

2024-11-20T21:36:52.423000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-146319date:2022-12-02T00:00:00
db:VULMONid:CVE-2019-14379date:2022-12-02T00:00:00
db:JVNDBid:JVNDB-2019-007329date:2019-08-07T00:00:00
db:CNNVDid:CNNVD-201907-1434date:2022-12-05T00:00:00
db:NVDid:CVE-2019-14379date:2023-11-07T03:04:54.240

SOURCES RELEASE DATE

db:VULHUBid:VHN-146319date:2019-07-29T00:00:00
db:VULMONid:CVE-2019-14379date:2019-07-29T00:00:00
db:JVNDBid:JVNDB-2019-007329date:2019-08-07T00:00:00
db:PACKETSTORMid:154913date:2019-10-19T15:55:08
db:PACKETSTORMid:166313date:2022-03-15T15:45:58
db:PACKETSTORMid:154649date:2019-09-28T11:11:11
db:PACKETSTORMid:162493date:2021-05-06T15:03:00
db:PACKETSTORMid:154687date:2019-09-30T18:22:22
db:PACKETSTORMid:154672date:2019-09-30T18:22:22
db:PACKETSTORMid:154469date:2019-09-12T14:32:34
db:CNNVDid:CNNVD-201907-1434date:2019-07-29T00:00:00
db:NVDid:CVE-2019-14379date:2019-07-29T12:15:16.633