Details of VAR-201907-0806

ID

VAR-201907-0806

CVE

CVE-2019-14379

TITLE

FasterXML jackson-databind Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-007329

DESCRIPTION

SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code execution. FasterXML jackson-databind Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. FasterXML Jackson is a data processing tool for Java developed by American FasterXML Company. jackson-databind is one of the components with data binding function. The SubTypeValidator.java file in versions earlier than FasterXML jackson-databind 2.9.9.2 has an input validation error vulnerability. An attacker could exploit this vulnerability to execute code. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2022-03-14-7 Xcode 13.3 Xcode 13.3 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213189. iTMSTransporter Available for: macOS Monterey 12 and later Impact: Multiple issues in iTMSTransporter Description: Multiple issues were addressed with updating FasterXML jackson-databind and Apache Log4j2. CVE-2019-14379 CVE-2021-44228 otool Available for: macOS Monterey 12 and later Impact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2022-22601: hjy79425575 CVE-2022-22602: hjy79425575 CVE-2022-22603: hjy79425575 CVE-2022-22604: hjy79425575 CVE-2022-22605: hjy79425575 CVE-2022-22606: hjy79425575 CVE-2022-22607: hjy79425575 CVE-2022-22608: hjy79425575 Additional recognition iTMSTransporter We would like to acknowledge Anthony Shaw of Microsoft for their assistance. ld64 We would like to acknowledge Pan ZhenPeng (@Peterpan0927) of Alibaba Security Pandora Lab for their assistance. Xcode IDE We would like to acknowledge an anonymous researcher for their assistance. Xcode 13.3 may be obtained from: https://developer.apple.com/xcode/downloads/ To check that the Xcode has been updated: * Select Xcode in the menu bar * Select About Xcode * The version after applying this update will be "Xcode 13.3". All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222. Security Fix(es): * jackson-databind: arbitrary code execution in slf4j-ext class (CVE-2018-14718) * jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes (CVE-2018-14719) * jackson-databind: improper polymorphic deserialization in axis2-transport-jms class (CVE-2018-19360) * jackson-databind: improper polymorphic deserialization in openjpa class (CVE-2018-19361) * jackson-databind: improper polymorphic deserialization in jboss-common-core class (CVE-2018-19362) * jackson-databind: default typing mishandling leading to remote code execution (CVE-2019-14379) * jackson-databind: Serialization gadgets in com.pastdev.httpcomponents.configuration.JndiConfiguration (CVE-2020-24750) * jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource (CVE-2020-35490) * jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource (CVE-2020-35491) * jackson-databind: mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (CVE-2020-35728) * jackson-databind: mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS (CVE-2020-36179) * jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS (CVE-2020-36180) * jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS (CVE-2020-36181) * jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS (CVE-2020-36182) * jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool (CVE-2020-36183) * jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource (CVE-2020-36184) * jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource (CVE-2020-36185) * jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource (CVE-2020-36186) * jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource (CVE-2020-36187) * jackson-databind: mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource (CVE-2020-36188) * jackson-databind: mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSourc e (CVE-2020-36189) * jackson-databind: mishandles the interaction between serialization gadgets and typing, related to javax.swing (CVE-2021-20190) * jackson-databind: exfiltration/XXE in some JDK classes (CVE-2018-14720) * jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class (CVE-2018-14721) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. See the following advisory for the container images for this release: https://access.redhat.com/errata/RHBA-2021:1232 All OpenShift Container Platform 4.6 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster - -between-minor.html#understanding-upgrade-channels_updating-cluster-between - -minor For OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel ease-notes.html Details on how to access this content are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster - -cli.html 4. 1882310 - CVE-2020-24750 jackson-databind: Serialization gadgets in com.pastdev.httpcomponents.configuration.JndiConfiguration 1909266 - CVE-2020-35490 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource 1909269 - CVE-2020-35491 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource 1911502 - CVE-2020-35728 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool 1913871 - CVE-2020-36179 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS 1913872 - CVE-2020-36180 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS 1913874 - CVE-2020-36181 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS 1913926 - CVE-2020-36182 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS 1913927 - CVE-2020-36183 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool 1913928 - CVE-2020-36184 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource 1913929 - CVE-2020-36185 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource 1913931 - CVE-2020-36186 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource 1913933 - CVE-2020-36187 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource 1913934 - CVE-2020-36188 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource 1913937 - CVE-2020-36189 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource 1916633 - CVE-2021-20190 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to javax.swing 1925361 - [4.6] ClusterLogForwarder namespace-specific log forwarding does not work as expected 1950894 - Placeholder bug for OCP 4.6.0 extras release 5. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat Single Sign-On 7.3.4 security update on RHEL 6 Advisory ID: RHSA-2019:3044-01 Product: Red Hat Single Sign-On Advisory URL: https://access.redhat.com/errata/RHSA-2019:3044 Issue date: 2019-10-14 CVE Names: CVE-2019-10184 CVE-2019-12086 CVE-2019-12814 CVE-2019-14379 CVE-2019-14820 CVE-2019-14832 ===================================================================== 1. Summary: New Red Hat Single Sign-On 7.3.4 packages are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Single Sign-On 7.3 for RHEL 6 Server - noarch 3. Description: Red Hat Single Sign-On 7.3 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.3.4 on RHEL 6 serves as a replacement for Red Hat Single Sign-On 7.3.3, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix(es): * keycloak: cross-realm user access auth bypass (CVE-2019-14832) * keycloak: adapter endpoints are exposed via arbitrary URLs (CVE-2019-14820) * jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server via crafted JSON message (CVE-2019-12814) * jackson-databind: default typing mishandling leading to remote code execution (CVE-2019-14379) * jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server (CVE-2019-12086) * undertow: Information leak in requests for directories without trailing slashes (CVE-2019-10184) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1649870 - CVE-2019-14820 keycloak: adapter endpoints are exposed via arbitrary URLs 1713068 - CVE-2019-10184 undertow: Information leak in requests for directories without trailing slashes 1713468 - CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server. 1725795 - CVE-2019-12814 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server via crafted JSON message. JIRA issues fixed (https://issues.jboss.org/): KEYCLOAK-11454 - Tracker bug for the RH-SSO 7.3.4 release for RHEL7 7. Package List: Red Hat Single Sign-On 7.3 for RHEL 6 Server: Source: rh-sso7-keycloak-4.8.13-1.Final_redhat_00001.1.el6sso.src.rpm noarch: rh-sso7-keycloak-4.8.13-1.Final_redhat_00001.1.el6sso.noarch.rpm rh-sso7-keycloak-server-4.8.13-1.Final_redhat_00001.1.el6sso.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 8. References: https://access.redhat.com/security/cve/CVE-2019-10184 https://access.redhat.com/security/cve/CVE-2019-12086 https://access.redhat.com/security/cve/CVE-2019-12814 https://access.redhat.com/security/cve/CVE-2019-14379 https://access.redhat.com/security/cve/CVE-2019-14820 https://access.redhat.com/security/cve/CVE-2019-14832 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.3/ 9. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXaS+r9zjgjWX9erEAQizTBAAmTcTk3Q7rVco9Xx4dWdTBrNeB3cKhnoj Fhkwvdoo4MVgaDWv2P9h9/JFoaCvgw6ZP2ZBbwB0wXq2+F70GFexx/nP44TlL3Kg JBAjCLvYT24Ahtxg9U6bmZwi1++fogj9TfJcC1C7k+TZHvoz3W+BCIO3OFWC2xYb mkT943QgXEALZ+KjAZqG0fE3RvH28zZy1RQO5x0Vb+qr6KTTzEF/VvtQFOiKVtok qyKa+59Ddzr/YLy+QPN4+tOMWNbGJhUnarssUVodgc/1OAEGJLPGB7iez9ekwTNf AzRL9nrMUI+DYs2pz/Cks9aban3uWmjXCn4OxfyBS2vJKiwXIxpHOh8Zfl9NlB7e X2NMGeU34Dem1ofhTErZCDbpkCUHYuiTgaJ53JoWAzVfX3gGb44GFDxN7kQ2DG6q lScmZjNPtI2GJ0h+4L6ViSHOhNOpTSHlfaMsatC4kE50qjNagGC2jcgS9mmYwclX gLuLa+RlbMeZSYSVb4pl2rkKvwdR5tbrLBfznoeT46UPHKT+1Yyd28jlClTNBMoP qroivgayFrYkC/oj0ud0V3POKyxpdZS1rf7GZrwN+etESHn9RZwnzsj413fQtIaw xP5xCmpqGCbBe2JZRLizd+voOn1oZbZSNYpZfGfghQHZ9IuKrECqJ8KQhv5yx2GD cxVVfwDI8os= =akLu -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . LOG-1234 - CVE-2020-15586 CVE-2020-16845 openshift-eventrouter: various flaws [openshift-4] LOG-1299 - Release 5.0 Forwarding logs to Kafka using Chained certificates fails with error "state=error: certificate verify failed (unable to get local issuer certificate)" 5. The References section of this erratum contains a download link (you must log in to download the update). The JBoss server process must be restarted for the update to take effect. JIRA issues fixed (https://issues.jboss.org/): JBEAP-16455 - [GSS](7.2.z) Upgrade Infinispan from 9.3.6 to 9.3.7 JBEAP-16779 - [GSS](7.2.z) Upgrade Hibernate ORM from 5.3.10 to 5.3.11 JBEAP-17045 - [GSS](7.2.z) Upgrade JSF based on Mojarra 2.3.5.SP3-redhat-00001 to 2.3.5.SP3-redhat-00002 JBEAP-17062 - [GSS](7.2.z) Upgrade Artemis from 2.7.0.redhat-00057 to 2.9.0.redhat-00005 JBEAP-17073 - [GSS](7.2.z) Upgrade jboss-ejb-client from 4.0.20 to 4.0.23 JBEAP-17109 - (7.2.z) Upgrade XNIO from 3.6.6.Final-redhat-00001 to 3.7.3.Final-redhat-00001 JBEAP-17112 - [GSS](7.2.z) Upgrade JBoss Remoting from 5.0.12 to 5.0.14.SP1 JBEAP-17144 - Tracker bug for the EAP 7.2.4 release for RHEL-8 JBEAP-17162 - [GSS](7.2.z) Upgrade jgroups from 4.0.19 to 4.0.20 JBEAP-17178 - (7.2.z) Upgrade IronJacamar from 1.4.16.Final to 1.4.17.Final JBEAP-17182 - (7.2.z) Upgrade PicketLink from 2.5.5.SP12-redhat-00006 to 2.5.5.SP12-redhat-00007 JBEAP-17183 - (7.2.z) Upgrade PicketLink bindings from 2.5.5.SP12-redhat-00006 to 2.5.5.SP12-redhat-00007 JBEAP-17223 - [GSS](7.2.z) Upgrade WildFly Core from 6.0.15 to 6.0.16 JBEAP-17238 - [GSS](7.2.z) Upgrade HAL from 3.0.13 to 3.0.16 JBEAP-17250 - [GSS](7.2.z) Upgrade JBoss MSC from 1.4.5 to 1.4.8 JBEAP-17271 - [GSS](7.2.z) Upgrade jboss-logmanager from 2.1.7.Final-redhat-00001 to 2.1.14.Final-redhat-00001 JBEAP-17273 - [GSS](7.2.z) Upgrade jboss-logging from 3.3.2.Final-redhat-00001 to 3.3.3.Final-redhat-00001 JBEAP-17274 - [GSS](7.2.z) Upgrade Wildfly Elytron from 1.6.3.Final-redhat-00001 to 1.6.4.Final-redhat-00001 JBEAP-17276 - [GSS](7.2.z) Upgrade wildfly-transaction-client from 1.1.4.Final-redhat-00001 to 1.1.6.Final-redhat-00001 JBEAP-17277 - [GSS](7.2.z) Upgrade Undertow from 2.0.22 to 2.0.25.SP1 JBEAP-17278 - [GSS](7.2.z) Upgrade JBoss Marshalling from 2.0.7 to 2.0.9 JBEAP-17294 - [GSS](7.2.z) Upgrade weld from 3.0.6.Final-redhat-00001 to 3.0.6.Final-redhat-00002 JBEAP-17311 - [GSS](7.2.z) Upgrade jboss-jaxrs-api_2.1_spec from 1.0.1.Final-redhat-00001 to 1.0.3.Final-redhat-00001 JBEAP-17320 - [GSS](7.2.z) Upgrade PicketBox from 5.0.3.Final-redhat-3 to 5.0.3.Final-redhat-00004 JBEAP-17321 - [GSS](7.2.z) Upgrade Narayana from 5.9.3.Final to 5.9.6.Final JBEAP-17334 - (7.2.z) Upgrade Elytron-Tool from 1.4.2 to 1.4.3.Final JBEAP-17527 - [GSS](7.2.z) Upgrade Hibernate ORM from 5.3.11 to 5.3.11.SP1 7

Trust: 2.52

sources: NVD: CVE-2019-14379 // JVNDB: JVNDB-2019-007329 // VULHUB: VHN-146319 // VULMON: CVE-2019-14379 // PACKETSTORM: 166313 // PACKETSTORM: 162350 // PACKETSTORM: 154843 // PACKETSTORM: 162493 // PACKETSTORM: 154687 // PACKETSTORM: 154850 // PACKETSTORM: 154672 // PACKETSTORM: 154665

AFFECTED PRODUCTS

vendor:	fasterxml	model:	jackson-databind	scope:	lt	version:	2.9.9.2	Trust: 1.8
vendor:	oracle	model:	retail xstore point of service	scope:	eq	version:	17.0	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	8.0	Trust: 1.0
vendor:	oracle	model:	primavera unifier	scope:	lte	version:	17.12	Trust: 1.0
vendor:	oracle	model:	retail xstore point of service	scope:	eq	version:	16.0	Trust: 1.0
vendor:	oracle	model:	goldengate stream analytics	scope:	lt	version:	19.1.0.0.1	Trust: 1.0
vendor:	oracle	model:	jd edwards enterpriseone tools	scope:	eq	version:	9.2	Trust: 1.0
vendor:	oracle	model:	primavera gateway	scope:	eq	version:	18.8.0	Trust: 1.0
vendor:	oracle	model:	banking platform	scope:	eq	version:	2.6.0	Trust: 1.0
vendor:	oracle	model:	primavera unifier	scope:	eq	version:	16.2	Trust: 1.0
vendor:	fasterxml	model:	jackson-databind	scope:	lt	version:	2.7.9.6	Trust: 1.0
vendor:	redhat	model:	jboss enterprise application platform	scope:	eq	version:	7.2	Trust: 1.0
vendor:	oracle	model:	communications diameter signaling router	scope:	eq	version:	8.2	Trust: 1.0
vendor:	oracle	model:	communications instant messaging server	scope:	eq	version:	10.0.1.3.0	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	30	Trust: 1.0
vendor:	oracle	model:	siebel engineering - installer \& deployment	scope:	lte	version:	19.8	Trust: 1.0
vendor:	oracle	model:	primavera gateway	scope:	eq	version:	16.2	Trust: 1.0
vendor:	fasterxml	model:	jackson-databind	scope:	gte	version:	2.0.0	Trust: 1.0
vendor:	redhat	model:	openshift container platform	scope:	eq	version:	4.1	Trust: 1.0
vendor:	oracle	model:	communications diameter signaling router	scope:	eq	version:	8.0.0	Trust: 1.0
vendor:	oracle	model:	financial services analytical applications infrastructure	scope:	gte	version:	8.0.2	Trust: 1.0
vendor:	netapp	model:	oncommand workflow automation	scope:	eq	version:	-	Trust: 1.0
vendor:	oracle	model:	financial services analytical applications infrastructure	scope:	lte	version:	8.0.8	Trust: 1.0
vendor:	oracle	model:	retail customer management and segmentation foundation	scope:	eq	version:	17.0	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	31	Trust: 1.0
vendor:	redhat	model:	openshift container platform	scope:	eq	version:	3.11	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	29	Trust: 1.0
vendor:	oracle	model:	siebel ui framework	scope:	lte	version:	19.10	Trust: 1.0
vendor:	netapp	model:	service level manager	scope:	eq	version:	-	Trust: 1.0
vendor:	netapp	model:	active iq unified manager	scope:	gte	version:	9.5	Trust: 1.0
vendor:	oracle	model:	primavera unifier	scope:	gte	version:	17.7	Trust: 1.0
vendor:	netapp	model:	active iq unified manager	scope:	gte	version:	7.3	Trust: 1.0
vendor:	oracle	model:	banking platform	scope:	eq	version:	2.7.0	Trust: 1.0
vendor:	netapp	model:	snapcenter	scope:	eq	version:	-	Trust: 1.0
vendor:	oracle	model:	primavera unifier	scope:	eq	version:	16.1	Trust: 1.0
vendor:	fasterxml	model:	jackson-databind	scope:	lt	version:	2.6.7.3	Trust: 1.0
vendor:	fasterxml	model:	jackson-databind	scope:	gte	version:	2.7.0	Trust: 1.0
vendor:	oracle	model:	banking platform	scope:	eq	version:	2.4.1	Trust: 1.0
vendor:	oracle	model:	banking platform	scope:	eq	version:	2.6.1	Trust: 1.0
vendor:	fasterxml	model:	jackson-databind	scope:	lt	version:	2.8.11.4	Trust: 1.0
vendor:	oracle	model:	banking platform	scope:	eq	version:	2.5.0	Trust: 1.0
vendor:	oracle	model:	primavera gateway	scope:	eq	version:	17.12	Trust: 1.0
vendor:	redhat	model:	jboss enterprise application platform	scope:	eq	version:	7.3	Trust: 1.0
vendor:	oracle	model:	banking platform	scope:	eq	version:	2.7.1	Trust: 1.0
vendor:	oracle	model:	communications diameter signaling router	scope:	eq	version:	8.1	Trust: 1.0
vendor:	oracle	model:	jd edwards enterpriseone orchestrator	scope:	eq	version:	9.2	Trust: 1.0
vendor:	oracle	model:	banking platform	scope:	eq	version:	2.4.0	Trust: 1.0
vendor:	oracle	model:	primavera gateway	scope:	eq	version:	15.2	Trust: 1.0
vendor:	oracle	model:	retail xstore point of service	scope:	eq	version:	18.0	Trust: 1.0
vendor:	fasterxml	model:	jackson-databind	scope:	gte	version:	2.8.0	Trust: 1.0
vendor:	fasterxml	model:	jackson-databind	scope:	gte	version:	2.9.0	Trust: 1.0
vendor:	oracle	model:	communications diameter signaling router	scope:	eq	version:	8.2.1	Trust: 1.0
vendor:	oracle	model:	primavera unifier	scope:	eq	version:	18.8	Trust: 1.0
vendor:	oracle	model:	retail xstore point of service	scope:	eq	version:	15.0	Trust: 1.0
vendor:	oracle	model:	retail xstore point of service	scope:	eq	version:	7.1	Trust: 1.0
vendor:	apple	model:	xcode	scope:	lt	version:	13.3	Trust: 1.0
vendor:	redhat	model:	single sign-on	scope:	eq	version:	7.3	Trust: 1.0

sources: JVNDB: JVNDB-2019-007329 // NVD: CVE-2019-14379

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-14379
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2019-14379
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-201907-1434
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-146319
value:	HIGH
Trust: 0.1
VULMON:	CVE-2019-14379
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2019-14379
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-146319
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-14379
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2019-14379
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-146319 // VULMON: CVE-2019-14379 // JVNDB: JVNDB-2019-007329 // CNNVD: CNNVD-201907-1434 // NVD: CVE-2019-14379

PROBLEMTYPE DATA

problemtype:	CWE-1321	Trust: 1.0
problemtype:	CWE-20	Trust: 0.9
problemtype:	CWE-915	Trust: 0.1

sources: VULHUB: VHN-146319 // JVNDB: JVNDB-2019-007329 // NVD: CVE-2019-14379

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201907-1434

TYPE

code execution

Trust: 0.8

sources: PACKETSTORM: 166313 // PACKETSTORM: 162350 // PACKETSTORM: 154843 // PACKETSTORM: 162493 // PACKETSTORM: 154687 // PACKETSTORM: 154850 // PACKETSTORM: 154672 // PACKETSTORM: 154665

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-007329

PATCH

title:	Comparing changes	url:	https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.9.1...jackson-databind-2.9.9.2	Trust: 0.8
title:	Block one more gadget type (ehcache, CVE-2019-14379) #2387	url:	https://github.com/FasterXML/jackson-databind/issues/2387	Trust: 0.8
title:	FasterXML jackson-databind Security vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=95557	Trust: 0.6
title:	Red Hat: Important: rh-maven35-jackson-databind security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192743 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat Process Automation Manager 7.5.0 Security Update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20193297 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat Decision Manager 7.5.0 Security Update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20193292 - Security Advisory	Trust: 0.1
title:	Debian CVElist Bug Report Logs: jackson-databind: CVE-2019-14361 CVE-2019-14379	url:	https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=a0e42c604708bdf7d86284f91b76327e	Trust: 0.1
title:	Red Hat: Important: Red Hat OpenShift Application Runtimes Vert.x 3.8.3 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20193901 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat Single Sign-On 7.3.4 security update on RHEL 8	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20193046 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.4 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192938 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat Single Sign-On 7.3.4 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20193050 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat Single Sign-On 7.3.4 security update on RHEL 7	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20193045 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat Single Sign-On 7.3.4 security update on RHEL 6	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20193044 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat OpenShift Application Runtimes Thorntail 2.5.0 security & bug fix update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192998 - Security Advisory	Trust: 0.1
title:	Red Hat: CVE-2019-14379	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2019-14379	Trust: 0.1
title:	Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.4 on RHEL 8 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192937 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.4 on RHEL 7 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192936 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.4 on RHEL 6 Security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192935 - Security Advisory	Trust: 0.1
title:	IBM: IBM Security Bulletin: IBM Security Guardium is affected by a jackson-databind vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=8e202227ddeed5e361f0c0e3dbbf0fe3	Trust: 0.1
title:	Red Hat: Important: Red Hat Data Grid 7.3.3 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20200727 - Security Advisory	Trust: 0.1
title:	IBM: IBM Security Bulletin: Vulnerabilities in FasterXML Jackson libraries affect IBM Cúram Social Program Management (CVE-2019-14439, CVE-2019-14379, CVE-2019-12814, CVE-2019-12086)	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=7577d61736064271602a887577c2f766	Trust: 0.1
title:	Red Hat: Important: Red Hat Fuse 7.6.0 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20200983 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: OpenShift Container Platform 4.1.18 logging-elasticsearch5 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192858 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: OpenShift Container Platform logging-elasticsearch5-container security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20193149 - Security Advisory	Trust: 0.1
title:	Hitachi Security Advisories: Multiple Vulnerabilities in Hitachi Ops Center Analyzer viewpoint	url:	https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories&qid=hitachi-sec-2020-109	Trust: 0.1
title:	Hitachi Security Advisories: Multiple Vulnerabilities in Cosminexus	url:	https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories&qid=hitachi-sec-2021-109	Trust: 0.1
title:	IBM: Security Bulletin: z/Transaction Processing Facility is affected by multiple vulnerabilities in the jackson-databind, jackson-dataformat-xml, jackson-core, slf4j-ext, and cxf-core packages	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=f974282a27702bae4111bf7716ee6cf6	Trust: 0.1
title:	IBM: Security Bulletin: Multiple vulnerabilities in Data-Binding for Jackson shipped with IBM Operations Analytics – Log Analysis	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=1db4c8cb14383c63d0c04205c943ef8a	Trust: 0.1
title:	IBM: Security Bulletin: IBM Cognos Analytics has addressed multiple vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=2ec7385c474071281be069b54d841de6	Trust: 0.1
title:	commons	url:	https://github.com/heike2718/commons	Trust: 0.1
title:	Jackson-deserialization-PoC	url:	https://github.com/galimba/Jackson-deserialization-PoC	Trust: 0.1
title:	cybsec	url:	https://github.com/ilmari666/cybsec	Trust: 0.1

sources: VULMON: CVE-2019-14379 // JVNDB: JVNDB-2019-007329 // CNNVD: CNNVD-201907-1434

EXTERNAL IDS

db:	NVD	id:	CVE-2019-14379	Trust: 3.4
db:	PACKETSTORM	id:	166313	Trust: 0.8
db:	PACKETSTORM	id:	162493	Trust: 0.8
db:	PACKETSTORM	id:	162350	Trust: 0.8
db:	JVNDB	id:	JVNDB-2019-007329	Trust: 0.8
db:	PACKETSTORM	id:	154469	Trust: 0.7
db:	CNNVD	id:	CNNVD-201907-1434	Trust: 0.7
db:	CS-HELP	id:	SB2022060909	Trust: 0.6
db:	CS-HELP	id:	SB2022031501	Trust: 0.6
db:	CS-HELP	id:	SB2021050708	Trust: 0.6
db:	CS-HELP	id:	SB2021042826	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.4754	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.4370	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.3481	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.4323	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.1076	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.4588	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.1440	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.1573	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.3074	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.1437	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.3836	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.3643	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.0381	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.0832	Trust: 0.6
db:	PACKETSTORM	id:	155382	Trust: 0.6
db:	PACKETSTORM	id:	156941	Trust: 0.6
db:	PACKETSTORM	id:	156628	Trust: 0.6
db:	NSFOCUS	id:	45801	Trust: 0.6
db:	VULHUB	id:	VHN-146319	Trust: 0.1
db:	VULMON	id:	CVE-2019-14379	Trust: 0.1
db:	PACKETSTORM	id:	154843	Trust: 0.1
db:	PACKETSTORM	id:	154687	Trust: 0.1
db:	PACKETSTORM	id:	154850	Trust: 0.1
db:	PACKETSTORM	id:	154672	Trust: 0.1
db:	PACKETSTORM	id:	154665	Trust: 0.1

sources: VULHUB: VHN-146319 // VULMON: CVE-2019-14379 // JVNDB: JVNDB-2019-007329 // PACKETSTORM: 166313 // PACKETSTORM: 162350 // PACKETSTORM: 154843 // PACKETSTORM: 162493 // PACKETSTORM: 154687 // PACKETSTORM: 154850 // PACKETSTORM: 154672 // PACKETSTORM: 154665 // CNNVD: CNNVD-201907-1434 // NVD: CVE-2019-14379

REFERENCES

url:	https://access.redhat.com/errata/rhsa-2019:2743	Trust: 2.5
url:	https://access.redhat.com/errata/rhsa-2019:3044	Trust: 2.5
url:	https://access.redhat.com/errata/rhsa-2019:3050	Trust: 2.5
url:	https://www.oracle.com/security-alerts/cpujul2020.html	Trust: 2.4
url:	https://lists.debian.org/debian-lts-announce/2019/08/msg00011.html	Trust: 2.4
url:	https://access.redhat.com/errata/rhsa-2019:2858	Trust: 2.4
url:	https://access.redhat.com/errata/rhsa-2019:3045	Trust: 2.4
url:	https://access.redhat.com/errata/rhsa-2019:3046	Trust: 2.4
url:	https://access.redhat.com/errata/rhsa-2019:3901	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2019-14379	Trust: 2.2
url:	https://access.redhat.com/errata/rhsa-2019:2935	Trust: 1.9
url:	https://access.redhat.com/errata/rhsa-2019:2937	Trust: 1.9
url:	https://access.redhat.com/errata/rhsa-2019:2938	Trust: 1.9
url:	https://support.apple.com/kb/ht213189	Trust: 1.8
url:	https://security.netapp.com/advisory/ntap-20190814-0001/	Trust: 1.8
url:	http://seclists.org/fulldisclosure/2022/mar/23	Trust: 1.8
url:	https://github.com/fasterxml/jackson-databind/compare/jackson-databind-2.9.9.1...jackson-databind-2.9.9.2	Trust: 1.8
url:	https://github.com/fasterxml/jackson-databind/issues/2387	Trust: 1.8
url:	https://www.oracle.com/security-alerts/cpuapr2021.html	Trust: 1.8
url:	https://www.oracle.com/security-alerts/cpuapr2020.html	Trust: 1.8
url:	https://www.oracle.com/security-alerts/cpujan2020.html	Trust: 1.8
url:	https://www.oracle.com/security-alerts/cpuoct2020.html	Trust: 1.8
url:	https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html	Trust: 1.8
url:	https://access.redhat.com/errata/rhba-2019:2824	Trust: 1.8
url:	https://access.redhat.com/errata/rhsa-2019:2936	Trust: 1.8
url:	https://access.redhat.com/errata/rhsa-2019:2998	Trust: 1.8
url:	https://access.redhat.com/errata/rhsa-2019:3149	Trust: 1.8
url:	https://access.redhat.com/errata/rhsa-2019:3200	Trust: 1.8
url:	https://access.redhat.com/errata/rhsa-2019:3292	Trust: 1.8
url:	https://access.redhat.com/errata/rhsa-2019:3297	Trust: 1.8
url:	https://access.redhat.com/errata/rhsa-2020:0727	Trust: 1.8
url:	https://lists.apache.org/thread.html/0d4b630d9ee724aee50703397d9d1afa2b2befc9395ba7797d0ccea9%40%3cdev.tomee.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/0fcef7321095ce0bc597d468d150cff3d647f4cb3aef3bd4d20e1c69%40%3ccommits.tinkerpop.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/2766188be238a446a250ef76801037d452979152d85bce5e46805815%40%3cissues.iceberg.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/2d2a76440becb610b9a9cb49b15eac3934b02c2dbcaacde1000353e4%40%3cdev.tomee.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/34717424b4d08b74f65c09a083d6dd1cb0763f37a15d6de135998c1d%40%3cdev.tomee.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3cdev.drill.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/525bcf949a4b0da87a375cbad2680b8beccde749522f24c49befe7fb%40%3ccommits.pulsar.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/56c8042873595b8c863054c7bfccab4bf2c01c6f5abedae249d914b9%40%3cdev.tomee.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/5ecc333113b139429f4f05000d4aa2886974d4df3269c1dd990bb319%40%3cdev.tomee.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/5fc0e16b7af2590bf1e97c76c136291c4fdb244ee63c65c485c9a7a1%40%3cdev.tomee.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/6788e4c991f75b89d290ad06b463fcd30bcae99fee610345a35b7bc6%40%3cissues.iceberg.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/689c6bcc6c7612eee71e453a115a4c8581e7b718537025d4b265783d%40%3cissues.iceberg.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/75f482fdc84abe6d0c8f438a76437c335a7bbeb5cddd4d70b4bc0cbf%40%3cissues.iceberg.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/859815b2e9f1575acbb2b260b73861c16ca49bca627fa0c46419051f%40%3cissues.iceberg.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/8723b52c2544e6cb804bc8a36622c584acd1bd6c53f2b6034c9fea54%40%3cissues.iceberg.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/87e46591de8925f719664a845572d184027258c5a7af0a471b53c77b%40%3cdev.tomee.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef%40%3cdev.struts.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/99944f86abefde389da9b4040ea2327c6aa0b53a2ff9352bd4cfec17%40%3cissues.iceberg.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3cdev.drill.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/d161ff3d59c5a8213400dd6afb1cce1fac4f687c32d1e0c0bfbfaa2d%40%3cissues.iceberg.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/e25e734c315f70d8876a846926cfe3bfa1a4888044f146e844caf72f%40%3ccommits.ambari.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/ee0a051428d2c719acfa297d0854a189ea5e284ef3ed491fa672f4be%40%3cdev.tomee.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/f17f63b0f8a57e4a5759e01d25cffc0548f0b61ff5c6bfd704ad2f2a%40%3ccommits.ambari.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3cissues.drill.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3cissues.bookkeeper.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3cissues.geode.apache.org%3e	Trust: 1.0
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ovrzdn2t6az6djczj3vsiqivhbvmvwbl/	Trust: 1.0
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/txrvxnrfhjsqwfhprjqri5upmz63b544/	Trust: 1.0
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ukuale2tuckekohe2d342pqxn4mwcslc/	Trust: 1.0
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ukuale2tuckekohe2d342pqxn4mwcslc/	Trust: 0.8
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ovrzdn2t6az6djczj3vsiqivhbvmvwbl/	Trust: 0.8
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/txrvxnrfhjsqwfhprjqri5upmz63b544/	Trust: 0.8
url:	https://lists.apache.org/thread.html/e25e734c315f70d8876a846926cfe3bfa1a4888044f146e844caf72f@%3ccommits.ambari.apache.org%3e	Trust: 0.8
url:	https://lists.apache.org/thread.html/f17f63b0f8a57e4a5759e01d25cffc0548f0b61ff5c6bfd704ad2f2a@%3ccommits.ambari.apache.org%3e	Trust: 0.8
url:	https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3cissues.bookkeeper.apache.org%3e	Trust: 0.8
url:	https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3cdev.drill.apache.org%3e	Trust: 0.8
url:	https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3cdev.drill.apache.org%3e	Trust: 0.8
url:	https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3cissues.drill.apache.org%3e	Trust: 0.8
url:	https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3cissues.geode.apache.org%3e	Trust: 0.8
url:	https://lists.apache.org/thread.html/75f482fdc84abe6d0c8f438a76437c335a7bbeb5cddd4d70b4bc0cbf@%3cissues.iceberg.apache.org%3e	Trust: 0.8
url:	https://lists.apache.org/thread.html/689c6bcc6c7612eee71e453a115a4c8581e7b718537025d4b265783d@%3cissues.iceberg.apache.org%3e	Trust: 0.8
url:	https://lists.apache.org/thread.html/99944f86abefde389da9b4040ea2327c6aa0b53a2ff9352bd4cfec17@%3cissues.iceberg.apache.org%3e	Trust: 0.8
url:	https://lists.apache.org/thread.html/d161ff3d59c5a8213400dd6afb1cce1fac4f687c32d1e0c0bfbfaa2d@%3cissues.iceberg.apache.org%3e	Trust: 0.8
url:	https://lists.apache.org/thread.html/2766188be238a446a250ef76801037d452979152d85bce5e46805815@%3cissues.iceberg.apache.org%3e	Trust: 0.8
url:	https://lists.apache.org/thread.html/8723b52c2544e6cb804bc8a36622c584acd1bd6c53f2b6034c9fea54@%3cissues.iceberg.apache.org%3e	Trust: 0.8
url:	https://lists.apache.org/thread.html/859815b2e9f1575acbb2b260b73861c16ca49bca627fa0c46419051f@%3cissues.iceberg.apache.org%3e	Trust: 0.8
url:	https://lists.apache.org/thread.html/6788e4c991f75b89d290ad06b463fcd30bcae99fee610345a35b7bc6@%3cissues.iceberg.apache.org%3e	Trust: 0.8
url:	https://lists.apache.org/thread.html/525bcf949a4b0da87a375cbad2680b8beccde749522f24c49befe7fb@%3ccommits.pulsar.apache.org%3e	Trust: 0.8
url:	https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef@%3cdev.struts.apache.org%3e	Trust: 0.8
url:	https://lists.apache.org/thread.html/0fcef7321095ce0bc597d468d150cff3d647f4cb3aef3bd4d20e1c69@%3ccommits.tinkerpop.apache.org%3e	Trust: 0.8
url:	https://lists.apache.org/thread.html/56c8042873595b8c863054c7bfccab4bf2c01c6f5abedae249d914b9@%3cdev.tomee.apache.org%3e	Trust: 0.8
url:	https://lists.apache.org/thread.html/0d4b630d9ee724aee50703397d9d1afa2b2befc9395ba7797d0ccea9@%3cdev.tomee.apache.org%3e	Trust: 0.8
url:	https://lists.apache.org/thread.html/ee0a051428d2c719acfa297d0854a189ea5e284ef3ed491fa672f4be@%3cdev.tomee.apache.org%3e	Trust: 0.8
url:	https://lists.apache.org/thread.html/2d2a76440becb610b9a9cb49b15eac3934b02c2dbcaacde1000353e4@%3cdev.tomee.apache.org%3e	Trust: 0.8
url:	https://lists.apache.org/thread.html/34717424b4d08b74f65c09a083d6dd1cb0763f37a15d6de135998c1d@%3cdev.tomee.apache.org%3e	Trust: 0.8
url:	https://lists.apache.org/thread.html/5ecc333113b139429f4f05000d4aa2886974d4df3269c1dd990bb319@%3cdev.tomee.apache.org%3e	Trust: 0.8
url:	https://lists.apache.org/thread.html/87e46591de8925f719664a845572d184027258c5a7af0a471b53c77b@%3cdev.tomee.apache.org%3e	Trust: 0.8
url:	https://lists.apache.org/thread.html/5fc0e16b7af2590bf1e97c76c136291c4fdb244ee63c65c485c9a7a1@%3cdev.tomee.apache.org%3e	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-14379	Trust: 0.8
url:	https://access.redhat.com/security/updates/classification/#important	Trust: 0.7
url:	https://access.redhat.com/security/team/contact/	Trust: 0.7
url:	https://access.redhat.com/security/cve/cve-2019-14379	Trust: 0.7
url:	https://bugzilla.redhat.com/):	Trust: 0.6
url:	https://issues.jboss.org/):	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/1118283	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/1086039	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/1285282	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/1072724	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.3074/	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022060909	Trust: 0.6
url:	https://packetstormsecurity.com/files/155382/red-hat-security-advisory-2019-3901-01.html	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-android-mobile-sdk-compile-builder-includes-vulnerable-components/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.4754/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-fasterxml-jackson-databind-affect-apache-solr-shipped-with-ibm-operations-analytics-log-analysis/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.4588/	Trust: 0.6
url:	https://packetstormsecurity.com/files/166313/apple-security-advisory-2022-03-14-7.html	Trust: 0.6
url:	https://www.oracle.com/security-alerts/cpujan2020verbose.html	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-jackson-databind-affect-ibm-sterling-b2b-integrator-2/	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021042826	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cognos-business-intelligence-has-addressed-multiple-vulnerabilities-q12021/	Trust: 0.6
url:	https://support.apple.com/en-us/ht213189	Trust: 0.6
url:	https://packetstormsecurity.com/files/154469/red-hat-security-advisory-2019-2743-01.html	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cognos-analytics-has-addressed-multiple-vulnerabilities-3/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.1573	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.3643/	Trust: 0.6
url:	https://vigilance.fr/vulnerability/jackson-databind-code-execution-via-subtypevalidator-30021	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/1106763	Trust: 0.6
url:	https://packetstormsecurity.com/files/156941/red-hat-security-advisory-2020-0983-01.html	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-release-for-ibm-security-identity-governance-and-intelligence-in-response-to-security-vulnerabilities-2/	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021050708	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.3481/	Trust: 0.6
url:	https://packetstormsecurity.com/files/162493/red-hat-security-advisory-2021-1515-01.html	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/45801	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.0832/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.1437	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.4323/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.3836/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-affect-ibm-network-performance-insight-cve-2019-14379-cve-2019-17531-cve-2019-14439-and-cve-2019-14540/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.4370/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.0381/	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022031501	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.1076/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-affects-ibm-jazz-foundation-and-ibm-engineering-products/	Trust: 0.6
url:	https://packetstormsecurity.com/files/156628/red-hat-security-advisory-2020-0727-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.1440/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-fasterxml-jackson-databind-affect-ibm-spectrum-protect-plus-cve-2019-16943-cve-2019-16942-cve-2019-17531-cve-2019-17267-cve-2019-14540-cve-2019-163/	Trust: 0.6
url:	https://packetstormsecurity.com/files/162350/red-hat-security-advisory-2021-1230-01.html	Trust: 0.6
url:	https://access.redhat.com/security/cve/cve-2019-10184	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2019-12086	Trust: 0.5
url:	https://www.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2019-12814	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2019-10184	Trust: 0.5
url:	https://access.redhat.com/security/cve/cve-2019-12814	Trust: 0.5
url:	https://access.redhat.com/security/cve/cve-2019-12086	Trust: 0.5
url:	https://access.redhat.com/articles/11258	Trust: 0.3
url:	https://access.redhat.com/security/team/key/	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2019-10202	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-10202	Trust: 0.3
url:	https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/html-single/installation_guide/	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-10212	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2019-10212	Trust: 0.3
url:	https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-12384	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2019-12384	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2020-36189	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2018-19360	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-36188	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-14720	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2018-14718	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-20190	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-14718	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-36179	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-19361	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-36185	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-35490	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2018-14719	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-14719	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-36180	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2018-14720	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-35491	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-35490	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-35728	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-36180	Trust: 0.2
url:	https://listman.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-36181	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-35491	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-36182	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-36183	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-36186	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-19360	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-24750	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-36187	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2018-19362	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-36183	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-19362	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-36188	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2018-14721	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-36179	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-36182	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-36185	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-14721	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-24750	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-36186	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-36187	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-36189	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-36184	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-36181	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-36184	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-20190	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2018-19361	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-35728	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2019-14832	Trust: 0.2
url:	https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.3/	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2019-14820	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-14832	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-14820	Trust: 0.2
url:	https://cwe.mitre.org/data/definitions/1321.html	Trust: 0.1
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=60520	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://github.com/galimba/jackson-deserialization-poc	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22604	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22602	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22607	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22608	Trust: 0.1
url:	https://support.apple.com/ht213189.	Trust: 0.1
url:	https://developer.apple.com/xcode/downloads/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22606	Trust: 0.1
url:	https://support.apple.com/en-us/ht201222.	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22601	Trust: 0.1
url:	https://www.apple.com/support/security/pgp/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22605	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-44228	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22603	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-3449	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-3449	Trust: 0.1
url:	https://docs.openshift.com/container-platform/4.6/updating/updating-cluster	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:1230	Trust: 0.1
url:	https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel	Trust: 0.1
url:	https://access.redhat.com/errata/rhba-2021:1232	Trust: 0.1
url:	https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-2163	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-15586	Trust: 0.1
url:	https://docs.openshift.com/container-platform/4.7/logging/cluster-logging-u	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-16845	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-16845	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-15586	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:1515	Trust: 0.1
url:	https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=appplatform&downloadtype=securitypatches&version=7.2	Trust: 0.1
url:	https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=core.service.rhsso&downloadtype=securitypatches&version=7.3	Trust: 0.1

CREDITS

Red Hat

Trust: 1.3

sources: PACKETSTORM: 162350 // PACKETSTORM: 154843 // PACKETSTORM: 162493 // PACKETSTORM: 154687 // PACKETSTORM: 154850 // PACKETSTORM: 154672 // PACKETSTORM: 154665 // CNNVD: CNNVD-201907-1434

SOURCES

db:	VULHUB	id:	VHN-146319
db:	VULMON	id:	CVE-2019-14379
db:	JVNDB	id:	JVNDB-2019-007329
db:	PACKETSTORM	id:	166313
db:	PACKETSTORM	id:	162350
db:	PACKETSTORM	id:	154843
db:	PACKETSTORM	id:	162493
db:	PACKETSTORM	id:	154687
db:	PACKETSTORM	id:	154850
db:	PACKETSTORM	id:	154672
db:	PACKETSTORM	id:	154665
db:	CNNVD	id:	CNNVD-201907-1434
db:	NVD	id:	CVE-2019-14379

LAST UPDATE DATE

2024-11-07T20:17:28.948000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-146319	date:	2022-12-02T00:00:00
db:	VULMON	id:	CVE-2019-14379	date:	2022-12-02T00:00:00
db:	JVNDB	id:	JVNDB-2019-007329	date:	2019-08-07T00:00:00
db:	CNNVD	id:	CNNVD-201907-1434	date:	2022-12-05T00:00:00
db:	NVD	id:	CVE-2019-14379	date:	2023-11-07T03:04:54.240

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-146319	date:	2019-07-29T00:00:00
db:	VULMON	id:	CVE-2019-14379	date:	2019-07-29T00:00:00
db:	JVNDB	id:	JVNDB-2019-007329	date:	2019-08-07T00:00:00
db:	PACKETSTORM	id:	166313	date:	2022-03-15T15:45:58
db:	PACKETSTORM	id:	162350	date:	2021-04-27T15:37:46
db:	PACKETSTORM	id:	154843	date:	2019-10-14T20:22:22
db:	PACKETSTORM	id:	162493	date:	2021-05-06T15:03:00
db:	PACKETSTORM	id:	154687	date:	2019-09-30T18:22:22
db:	PACKETSTORM	id:	154850	date:	2019-10-15T00:11:31
db:	PACKETSTORM	id:	154672	date:	2019-09-30T18:22:22
db:	PACKETSTORM	id:	154665	date:	2019-09-30T19:22:22
db:	CNNVD	id:	CNNVD-201907-1434	date:	2019-07-29T00:00:00
db:	NVD	id:	CVE-2019-14379	date:	2019-07-29T12:15:16.633