Details of VAR-201907-0806

ID

VAR-201907-0806

CVE

CVE-2019-14379

TITLE

FasterXML jackson-databind Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-007329

DESCRIPTION

SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code execution. FasterXML jackson-databind Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. FasterXML Jackson is a data processing tool for Java developed by American FasterXML Company. jackson-databind is one of the components with data binding function. The SubTypeValidator.java file in versions earlier than FasterXML jackson-databind 2.9.9.2 has an input validation error vulnerability. An attacker could exploit this vulnerability to execute code. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2022-03-14-7 Xcode 13.3 Xcode 13.3 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213189. iTMSTransporter Available for: macOS Monterey 12 and later Impact: Multiple issues in iTMSTransporter Description: Multiple issues were addressed with updating FasterXML jackson-databind and Apache Log4j2. CVE-2019-14379 CVE-2021-44228 otool Available for: macOS Monterey 12 and later Impact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2022-22601: hjy79425575 CVE-2022-22602: hjy79425575 CVE-2022-22603: hjy79425575 CVE-2022-22604: hjy79425575 CVE-2022-22605: hjy79425575 CVE-2022-22606: hjy79425575 CVE-2022-22607: hjy79425575 CVE-2022-22608: hjy79425575 Additional recognition iTMSTransporter We would like to acknowledge Anthony Shaw of Microsoft for their assistance. ld64 We would like to acknowledge Pan ZhenPeng (@Peterpan0927) of Alibaba Security Pandora Lab for their assistance. Xcode IDE We would like to acknowledge an anonymous researcher for their assistance. Xcode 13.3 may be obtained from: https://developer.apple.com/xcode/downloads/ To check that the Xcode has been updated: * Select Xcode in the menu bar * Select About Xcode * The version after applying this update will be "Xcode 13.3". All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222. Solution: For OpenShift Container Platform 4.1 see the following documentation, which will be updated shortly for release 4.1.18, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.openshift.com/container-platform/4.1/release_notes/ocp-4-1-rel ease-notes.html 4. Summary: Openshift Logging Bug Fix Release (5.0.3) This release includes a security update. JIRA issues fixed (https://issues.jboss.org/): LOG-1224 - Release 5.0 - ClusterLogForwarder namespace-specific log forwarding does not work as expected LOG-1232 - 5.0 - Bug 1859004 - Sometimes the eventrouter couldn't gather event logs. LOG-1234 - CVE-2020-15586 CVE-2020-16845 openshift-eventrouter: various flaws [openshift-4] LOG-1299 - Release 5.0 Forwarding logs to Kafka using Chained certificates fails with error "state=error: certificate verify failed (unable to get local issuer certificate)" 5. The References section of this erratum contains a download link (you must log in to download the update). The JBoss server process must be restarted for the update to take effect. See the Red Hat JBoss Enterprise Application Platform 7.2.4 Release Notes for information about the most significant bug fixes and enhancements included in this release. Security Fix(es): * jackson-databind: default typing mishandling leading to remote code execution (CVE-2019-14379) * jackson-databind: failure to block the logback-core class from polymorphic deserialization leading to remote code execution (CVE-2019-12384) * jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server via crafted JSON message (CVE-2019-12814) * undertow: DEBUG log for io.undertow.request.security if enabled leaks credentials to log files (CVE-2019-10212) * codehaus: incomplete fix for unsafe deserialization in jackson-databind vulnerabilities (CVE-2019-10202) * jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server (CVE-2019-12086) * undertow: Information leak in requests for directories without trailing slashes (CVE-2019-10184) 4. Solution: Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications. Bugs fixed (https://bugzilla.redhat.com/): 1713068 - CVE-2019-10184 undertow: Information leak in requests for directories without trailing slashes 1713468 - CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server. 1725795 - CVE-2019-12814 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server via crafted JSON message. JIRA issues fixed (https://issues.jboss.org/): JBEAP-16455 - [GSS](7.2.z) Upgrade Infinispan from 9.3.6 to 9.3.7 JBEAP-16779 - [GSS](7.2.z) Upgrade Hibernate ORM from 5.3.10 to 5.3.11 JBEAP-17045 - [GSS](7.2.z) Upgrade JSF based on Mojarra 2.3.5.SP3-redhat-00001 to 2.3.5.SP3-redhat-00002 JBEAP-17062 - [GSS](7.2.z) Upgrade Artemis from 2.7.0.redhat-00057 to 2.9.0.redhat-00005 JBEAP-17073 - [GSS](7.2.z) Upgrade jboss-ejb-client from 4.0.20 to 4.0.23 JBEAP-17109 - (7.2.z) Upgrade XNIO from 3.6.6.Final-redhat-00001 to 3.7.3.Final-redhat-00001 JBEAP-17112 - [GSS](7.2.z) Upgrade JBoss Remoting from 5.0.12 to 5.0.14.SP1 JBEAP-17142 - Tracker bug for the EAP 7.2.4 release for RHEL-6 JBEAP-17162 - [GSS](7.2.z) Upgrade jgroups from 4.0.19 to 4.0.20 JBEAP-17178 - (7.2.z) Upgrade IronJacamar from 1.4.16.Final to 1.4.17.Final JBEAP-17182 - (7.2.z) Upgrade PicketLink from 2.5.5.SP12-redhat-00006 to 2.5.5.SP12-redhat-00007 JBEAP-17183 - (7.2.z) Upgrade PicketLink bindings from 2.5.5.SP12-redhat-00006 to 2.5.5.SP12-redhat-00007 JBEAP-17223 - [GSS](7.2.z) Upgrade WildFly Core from 6.0.15 to 6.0.16 JBEAP-17238 - [GSS](7.2.z) Upgrade HAL from 3.0.13 to 3.0.16 JBEAP-17250 - [GSS](7.2.z) Upgrade JBoss MSC from 1.4.5 to 1.4.8 JBEAP-17271 - [GSS](7.2.z) Upgrade jboss-logmanager from 2.1.7.Final-redhat-00001 to 2.1.14.Final-redhat-00001 JBEAP-17273 - [GSS](7.2.z) Upgrade jboss-logging from 3.3.2.Final-redhat-00001 to 3.3.3.Final-redhat-00001 JBEAP-17274 - [GSS](7.2.z) Upgrade Wildfly Elytron from 1.6.3.Final-redhat-00001 to 1.6.4.Final-redhat-00001 JBEAP-17276 - [GSS](7.2.z) Upgrade wildfly-transaction-client from 1.1.4.Final-redhat-00001 to 1.1.6.Final-redhat-00001 JBEAP-17277 - [GSS](7.2.z) Upgrade Undertow from 2.0.22 to 2.0.25.SP1 JBEAP-17278 - [GSS](7.2.z) Upgrade JBoss Marshalling from 2.0.7 to 2.0.9 JBEAP-17294 - [GSS](7.2.z) Upgrade weld from 3.0.6.Final-redhat-00001 to 3.0.6.Final-redhat-00002 JBEAP-17311 - [GSS](7.2.z) Upgrade jboss-jaxrs-api_2.1_spec from 1.0.1.Final-redhat-00001 to 1.0.3.Final-redhat-00001 JBEAP-17320 - [GSS](7.2.z) Upgrade PicketBox from 5.0.3.Final-redhat-3 to 5.0.3.Final-redhat-00004 JBEAP-17321 - [GSS](7.2.z) Upgrade Narayana from 5.9.3.Final to 5.9.6.Final JBEAP-17334 - (7.2.z) Upgrade Elytron-Tool from 1.4.2 to 1.4.3.Final JBEAP-17527 - [GSS](7.2.z) Upgrade Hibernate ORM from 5.3.11 to 5.3.11.SP1 7. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: rh-maven35-jackson-databind security update Advisory ID: RHSA-2019:2743-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2019:2743 Issue date: 2019-09-12 CVE Names: CVE-2019-14379 ==================================================================== 1. Summary: An update for rh-maven35-jackson-databind is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch 3. Description: The jackson-databind package provides general data-binding functionality for Jackson, which works on top of Jackson core streaming API. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Package List: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7): Source: rh-maven35-jackson-databind-2.7.6-2.7.el7.src.rpm noarch: rh-maven35-jackson-databind-2.7.6-2.7.el7.noarch.rpm rh-maven35-jackson-databind-javadoc-2.7.6-2.7.el7.noarch.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7): Source: rh-maven35-jackson-databind-2.7.6-2.7.el7.src.rpm noarch: rh-maven35-jackson-databind-2.7.6-2.7.el7.noarch.rpm rh-maven35-jackson-databind-javadoc-2.7.6-2.7.el7.noarch.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4): Source: rh-maven35-jackson-databind-2.7.6-2.7.el7.src.rpm noarch: rh-maven35-jackson-databind-2.7.6-2.7.el7.noarch.rpm rh-maven35-jackson-databind-javadoc-2.7.6-2.7.el7.noarch.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5): Source: rh-maven35-jackson-databind-2.7.6-2.7.el7.src.rpm noarch: rh-maven35-jackson-databind-2.7.6-2.7.el7.noarch.rpm rh-maven35-jackson-databind-javadoc-2.7.6-2.7.el7.noarch.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6): Source: rh-maven35-jackson-databind-2.7.6-2.7.el7.src.rpm noarch: rh-maven35-jackson-databind-2.7.6-2.7.el7.noarch.rpm rh-maven35-jackson-databind-javadoc-2.7.6-2.7.el7.noarch.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7): Source: rh-maven35-jackson-databind-2.7.6-2.7.el7.src.rpm noarch: rh-maven35-jackson-databind-2.7.6-2.7.el7.noarch.rpm rh-maven35-jackson-databind-javadoc-2.7.6-2.7.el7.noarch.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7): Source: rh-maven35-jackson-databind-2.7.6-2.7.el7.src.rpm noarch: rh-maven35-jackson-databind-2.7.6-2.7.el7.noarch.rpm rh-maven35-jackson-databind-javadoc-2.7.6-2.7.el7.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2019-14379 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXXoxo9zjgjWX9erEAQgnUQ//VHrxWLcryArhSsnrUbUtyWNHlQTS9i98 dG0A3Pw+0NRsZN6LWaqpd3DMOa4Lf7cotCfYwD4aKSBqSH443pF9H2rqQoER8iF4 GVNAfoRrjhqur0NcBVO11EeuxNPIH84hc583f5dr3LtekFdhsANXRY7F5JV/lUuB 3YXzcUFjr9N8mcEr0c7pv95Zo/tLKXrgyYcPebb/lgj65W1t2NdyQ1ZgoZ9XmKcQ VNQsRxPcaEnOCaHOj5SwRO8BvKAi2DUuu+zg3Lv2hmn0Z0XKnvk7T5dbZlXxxRCi Hjq5tnmS5KQPnFpz3xbQgX7ZyuILPnnag65VOx5AvGF0HdL7Nx3Pbvtt0fUue3Ip sEqbV+LnQPZWlg3alXBIDNzFiergRcyVr+ke+pPsgGfajPE2T9ki3oTioswp3Vuk Ls8BxWb6Q1ZBaGooKRNPeTs52jncQR5k9Jf4QUuKv7WNzT6HQB9doDasUdqgUncu vSvJlrynR3Pu1mEpyAfhnwL+np6VvHzeALGZg0YKhHnu+y2Mj22sj/WXiH1fKKTZ qBxPJLZX6qAbH8za5ozPzPKgN1X1WO3ZyPqTte1AG5aWjUCykUM35HVSs7lnIMMP q2VpUBZPTs8pOlJA+zGqzFoyd/9lW3xMQioVh+OtkPh7RBkQcGa1XSBiwMl8dLOg gGTyKk3fb1A=gNa6 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 2.43

sources: NVD: CVE-2019-14379 // JVNDB: JVNDB-2019-007329 // VULHUB: VHN-146319 // VULMON: CVE-2019-14379 // PACKETSTORM: 154913 // PACKETSTORM: 166313 // PACKETSTORM: 154649 // PACKETSTORM: 162493 // PACKETSTORM: 154687 // PACKETSTORM: 154672 // PACKETSTORM: 154469

AFFECTED PRODUCTS

vendor:	fasterxml	model:	jackson-databind	scope:	lt	version:	2.9.9.2	Trust: 1.8
vendor:	oracle	model:	retail xstore point of service	scope:	eq	version:	17.0	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	8.0	Trust: 1.0
vendor:	oracle	model:	primavera unifier	scope:	lte	version:	17.12	Trust: 1.0
vendor:	oracle	model:	retail xstore point of service	scope:	eq	version:	16.0	Trust: 1.0
vendor:	oracle	model:	goldengate stream analytics	scope:	lt	version:	19.1.0.0.1	Trust: 1.0
vendor:	oracle	model:	jd edwards enterpriseone tools	scope:	eq	version:	9.2	Trust: 1.0
vendor:	oracle	model:	primavera gateway	scope:	eq	version:	18.8.0	Trust: 1.0
vendor:	oracle	model:	banking platform	scope:	eq	version:	2.6.0	Trust: 1.0
vendor:	oracle	model:	primavera unifier	scope:	eq	version:	16.2	Trust: 1.0
vendor:	fasterxml	model:	jackson-databind	scope:	lt	version:	2.7.9.6	Trust: 1.0
vendor:	redhat	model:	jboss enterprise application platform	scope:	eq	version:	7.2	Trust: 1.0
vendor:	oracle	model:	communications diameter signaling router	scope:	eq	version:	8.2	Trust: 1.0
vendor:	oracle	model:	communications instant messaging server	scope:	eq	version:	10.0.1.3.0	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	30	Trust: 1.0
vendor:	oracle	model:	siebel engineering - installer \& deployment	scope:	lte	version:	19.8	Trust: 1.0
vendor:	oracle	model:	primavera gateway	scope:	eq	version:	16.2	Trust: 1.0
vendor:	fasterxml	model:	jackson-databind	scope:	gte	version:	2.0.0	Trust: 1.0
vendor:	redhat	model:	openshift container platform	scope:	eq	version:	4.1	Trust: 1.0
vendor:	oracle	model:	communications diameter signaling router	scope:	eq	version:	8.0.0	Trust: 1.0
vendor:	oracle	model:	financial services analytical applications infrastructure	scope:	gte	version:	8.0.2	Trust: 1.0
vendor:	netapp	model:	oncommand workflow automation	scope:	eq	version:	-	Trust: 1.0
vendor:	oracle	model:	financial services analytical applications infrastructure	scope:	lte	version:	8.0.8	Trust: 1.0
vendor:	oracle	model:	retail customer management and segmentation foundation	scope:	eq	version:	17.0	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	31	Trust: 1.0
vendor:	redhat	model:	openshift container platform	scope:	eq	version:	3.11	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	29	Trust: 1.0
vendor:	oracle	model:	siebel ui framework	scope:	lte	version:	19.10	Trust: 1.0
vendor:	netapp	model:	service level manager	scope:	eq	version:	-	Trust: 1.0
vendor:	netapp	model:	active iq unified manager	scope:	gte	version:	9.5	Trust: 1.0
vendor:	oracle	model:	primavera unifier	scope:	gte	version:	17.7	Trust: 1.0
vendor:	netapp	model:	active iq unified manager	scope:	gte	version:	7.3	Trust: 1.0
vendor:	oracle	model:	banking platform	scope:	eq	version:	2.7.0	Trust: 1.0
vendor:	netapp	model:	snapcenter	scope:	eq	version:	-	Trust: 1.0
vendor:	oracle	model:	primavera unifier	scope:	eq	version:	16.1	Trust: 1.0
vendor:	fasterxml	model:	jackson-databind	scope:	lt	version:	2.6.7.3	Trust: 1.0
vendor:	fasterxml	model:	jackson-databind	scope:	gte	version:	2.7.0	Trust: 1.0
vendor:	oracle	model:	banking platform	scope:	eq	version:	2.4.1	Trust: 1.0
vendor:	oracle	model:	banking platform	scope:	eq	version:	2.6.1	Trust: 1.0
vendor:	fasterxml	model:	jackson-databind	scope:	lt	version:	2.8.11.4	Trust: 1.0
vendor:	oracle	model:	banking platform	scope:	eq	version:	2.5.0	Trust: 1.0
vendor:	oracle	model:	primavera gateway	scope:	eq	version:	17.12	Trust: 1.0
vendor:	redhat	model:	jboss enterprise application platform	scope:	eq	version:	7.3	Trust: 1.0
vendor:	oracle	model:	banking platform	scope:	eq	version:	2.7.1	Trust: 1.0
vendor:	oracle	model:	communications diameter signaling router	scope:	eq	version:	8.1	Trust: 1.0
vendor:	oracle	model:	jd edwards enterpriseone orchestrator	scope:	eq	version:	9.2	Trust: 1.0
vendor:	oracle	model:	banking platform	scope:	eq	version:	2.4.0	Trust: 1.0
vendor:	oracle	model:	primavera gateway	scope:	eq	version:	15.2	Trust: 1.0
vendor:	oracle	model:	retail xstore point of service	scope:	eq	version:	18.0	Trust: 1.0
vendor:	fasterxml	model:	jackson-databind	scope:	gte	version:	2.8.0	Trust: 1.0
vendor:	fasterxml	model:	jackson-databind	scope:	gte	version:	2.9.0	Trust: 1.0
vendor:	oracle	model:	communications diameter signaling router	scope:	eq	version:	8.2.1	Trust: 1.0
vendor:	oracle	model:	primavera unifier	scope:	eq	version:	18.8	Trust: 1.0
vendor:	oracle	model:	retail xstore point of service	scope:	eq	version:	15.0	Trust: 1.0
vendor:	oracle	model:	retail xstore point of service	scope:	eq	version:	7.1	Trust: 1.0
vendor:	apple	model:	xcode	scope:	lt	version:	13.3	Trust: 1.0
vendor:	redhat	model:	single sign-on	scope:	eq	version:	7.3	Trust: 1.0

sources: JVNDB: JVNDB-2019-007329 // NVD: CVE-2019-14379

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-14379
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2019-14379
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-201907-1434
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-146319
value:	HIGH
Trust: 0.1
VULMON:	CVE-2019-14379
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2019-14379
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-146319
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-14379
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2019-14379
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-146319 // VULMON: CVE-2019-14379 // JVNDB: JVNDB-2019-007329 // CNNVD: CNNVD-201907-1434 // NVD: CVE-2019-14379

PROBLEMTYPE DATA

problemtype:	CWE-1321	Trust: 1.0
problemtype:	CWE-20	Trust: 0.9
problemtype:	CWE-915	Trust: 0.1

sources: VULHUB: VHN-146319 // JVNDB: JVNDB-2019-007329 // NVD: CVE-2019-14379

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201907-1434

TYPE

code execution

Trust: 0.7

sources: PACKETSTORM: 154913 // PACKETSTORM: 166313 // PACKETSTORM: 154649 // PACKETSTORM: 162493 // PACKETSTORM: 154687 // PACKETSTORM: 154672 // PACKETSTORM: 154469

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-007329

PATCH

title:	Comparing changes	url:	https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.9.1...jackson-databind-2.9.9.2	Trust: 0.8
title:	Block one more gadget type (ehcache, CVE-2019-14379) #2387	url:	https://github.com/FasterXML/jackson-databind/issues/2387	Trust: 0.8
title:	FasterXML jackson-databind Security vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=95557	Trust: 0.6
title:	Red Hat: Important: rh-maven35-jackson-databind security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192743 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat Process Automation Manager 7.5.0 Security Update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20193297 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat Decision Manager 7.5.0 Security Update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20193292 - Security Advisory	Trust: 0.1
title:	Debian CVElist Bug Report Logs: jackson-databind: CVE-2019-14361 CVE-2019-14379	url:	https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=a0e42c604708bdf7d86284f91b76327e	Trust: 0.1
title:	Red Hat: Important: Red Hat OpenShift Application Runtimes Vert.x 3.8.3 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20193901 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat Single Sign-On 7.3.4 security update on RHEL 8	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20193046 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.4 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192938 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat Single Sign-On 7.3.4 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20193050 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat Single Sign-On 7.3.4 security update on RHEL 7	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20193045 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat Single Sign-On 7.3.4 security update on RHEL 6	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20193044 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat OpenShift Application Runtimes Thorntail 2.5.0 security & bug fix update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192998 - Security Advisory	Trust: 0.1
title:	Red Hat: CVE-2019-14379	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2019-14379	Trust: 0.1
title:	Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.4 on RHEL 8 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192937 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.4 on RHEL 7 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192936 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.4 on RHEL 6 Security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192935 - Security Advisory	Trust: 0.1
title:	IBM: IBM Security Bulletin: IBM Security Guardium is affected by a jackson-databind vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=8e202227ddeed5e361f0c0e3dbbf0fe3	Trust: 0.1
title:	Red Hat: Important: Red Hat Data Grid 7.3.3 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20200727 - Security Advisory	Trust: 0.1
title:	IBM: IBM Security Bulletin: Vulnerabilities in FasterXML Jackson libraries affect IBM Cúram Social Program Management (CVE-2019-14439, CVE-2019-14379, CVE-2019-12814, CVE-2019-12086)	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=7577d61736064271602a887577c2f766	Trust: 0.1
title:	Red Hat: Important: Red Hat Fuse 7.6.0 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20200983 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: OpenShift Container Platform 4.1.18 logging-elasticsearch5 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192858 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: OpenShift Container Platform logging-elasticsearch5-container security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20193149 - Security Advisory	Trust: 0.1
title:	Hitachi Security Advisories: Multiple Vulnerabilities in Hitachi Ops Center Analyzer viewpoint	url:	https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories&qid=hitachi-sec-2020-109	Trust: 0.1
title:	Hitachi Security Advisories: Multiple Vulnerabilities in Cosminexus	url:	https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories&qid=hitachi-sec-2021-109	Trust: 0.1
title:	IBM: Security Bulletin: z/Transaction Processing Facility is affected by multiple vulnerabilities in the jackson-databind, jackson-dataformat-xml, jackson-core, slf4j-ext, and cxf-core packages	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=f974282a27702bae4111bf7716ee6cf6	Trust: 0.1
title:	IBM: Security Bulletin: Multiple vulnerabilities in Data-Binding for Jackson shipped with IBM Operations Analytics – Log Analysis	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=1db4c8cb14383c63d0c04205c943ef8a	Trust: 0.1
title:	IBM: Security Bulletin: IBM Cognos Analytics has addressed multiple vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=2ec7385c474071281be069b54d841de6	Trust: 0.1
title:	commons	url:	https://github.com/heike2718/commons	Trust: 0.1
title:	Jackson-deserialization-PoC	url:	https://github.com/galimba/Jackson-deserialization-PoC	Trust: 0.1
title:	cybsec	url:	https://github.com/ilmari666/cybsec	Trust: 0.1

sources: VULMON: CVE-2019-14379 // JVNDB: JVNDB-2019-007329 // CNNVD: CNNVD-201907-1434

EXTERNAL IDS

db:	NVD	id:	CVE-2019-14379	Trust: 3.3
db:	PACKETSTORM	id:	166313	Trust: 0.8
db:	PACKETSTORM	id:	154469	Trust: 0.8
db:	PACKETSTORM	id:	162493	Trust: 0.8
db:	JVNDB	id:	JVNDB-2019-007329	Trust: 0.8
db:	PACKETSTORM	id:	162350	Trust: 0.7
db:	CNNVD	id:	CNNVD-201907-1434	Trust: 0.7
db:	CS-HELP	id:	SB2022060909	Trust: 0.6
db:	CS-HELP	id:	SB2022031501	Trust: 0.6
db:	CS-HELP	id:	SB2021050708	Trust: 0.6
db:	CS-HELP	id:	SB2021042826	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.4754	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.4370	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.3481	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.4323	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.1076	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.4588	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.1440	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.1573	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.3074	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.1437	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.3836	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.3643	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.0381	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.0832	Trust: 0.6
db:	PACKETSTORM	id:	155382	Trust: 0.6
db:	PACKETSTORM	id:	156941	Trust: 0.6
db:	PACKETSTORM	id:	156628	Trust: 0.6
db:	NSFOCUS	id:	45801	Trust: 0.6
db:	VULHUB	id:	VHN-146319	Trust: 0.1
db:	VULMON	id:	CVE-2019-14379	Trust: 0.1
db:	PACKETSTORM	id:	154913	Trust: 0.1
db:	PACKETSTORM	id:	154649	Trust: 0.1
db:	PACKETSTORM	id:	154687	Trust: 0.1
db:	PACKETSTORM	id:	154672	Trust: 0.1

sources: VULHUB: VHN-146319 // VULMON: CVE-2019-14379 // JVNDB: JVNDB-2019-007329 // PACKETSTORM: 154913 // PACKETSTORM: 166313 // PACKETSTORM: 154649 // PACKETSTORM: 162493 // PACKETSTORM: 154687 // PACKETSTORM: 154672 // PACKETSTORM: 154469 // CNNVD: CNNVD-201907-1434 // NVD: CVE-2019-14379

REFERENCES

url:	https://access.redhat.com/errata/rhsa-2019:2743	Trust: 2.6
url:	https://access.redhat.com/errata/rhsa-2019:2858	Trust: 2.5
url:	https://www.oracle.com/security-alerts/cpujul2020.html	Trust: 2.4
url:	https://lists.debian.org/debian-lts-announce/2019/08/msg00011.html	Trust: 2.4
url:	https://access.redhat.com/errata/rhsa-2019:3044	Trust: 2.4
url:	https://access.redhat.com/errata/rhsa-2019:3045	Trust: 2.4
url:	https://access.redhat.com/errata/rhsa-2019:3046	Trust: 2.4
url:	https://access.redhat.com/errata/rhsa-2019:3050	Trust: 2.4
url:	https://access.redhat.com/errata/rhsa-2019:3901	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2019-14379	Trust: 2.1
url:	https://access.redhat.com/errata/rhsa-2019:2935	Trust: 1.9
url:	https://access.redhat.com/errata/rhsa-2019:2938	Trust: 1.9
url:	https://access.redhat.com/errata/rhsa-2019:3149	Trust: 1.9
url:	https://support.apple.com/kb/ht213189	Trust: 1.8
url:	https://security.netapp.com/advisory/ntap-20190814-0001/	Trust: 1.8
url:	http://seclists.org/fulldisclosure/2022/mar/23	Trust: 1.8
url:	https://github.com/fasterxml/jackson-databind/compare/jackson-databind-2.9.9.1...jackson-databind-2.9.9.2	Trust: 1.8
url:	https://github.com/fasterxml/jackson-databind/issues/2387	Trust: 1.8
url:	https://www.oracle.com/security-alerts/cpuapr2021.html	Trust: 1.8
url:	https://www.oracle.com/security-alerts/cpuapr2020.html	Trust: 1.8
url:	https://www.oracle.com/security-alerts/cpujan2020.html	Trust: 1.8
url:	https://www.oracle.com/security-alerts/cpuoct2020.html	Trust: 1.8
url:	https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html	Trust: 1.8
url:	https://access.redhat.com/errata/rhba-2019:2824	Trust: 1.8
url:	https://access.redhat.com/errata/rhsa-2019:2936	Trust: 1.8
url:	https://access.redhat.com/errata/rhsa-2019:2937	Trust: 1.8
url:	https://access.redhat.com/errata/rhsa-2019:2998	Trust: 1.8
url:	https://access.redhat.com/errata/rhsa-2019:3200	Trust: 1.8
url:	https://access.redhat.com/errata/rhsa-2019:3292	Trust: 1.8
url:	https://access.redhat.com/errata/rhsa-2019:3297	Trust: 1.8
url:	https://access.redhat.com/errata/rhsa-2020:0727	Trust: 1.8
url:	https://lists.apache.org/thread.html/0d4b630d9ee724aee50703397d9d1afa2b2befc9395ba7797d0ccea9%40%3cdev.tomee.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/0fcef7321095ce0bc597d468d150cff3d647f4cb3aef3bd4d20e1c69%40%3ccommits.tinkerpop.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/2766188be238a446a250ef76801037d452979152d85bce5e46805815%40%3cissues.iceberg.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/2d2a76440becb610b9a9cb49b15eac3934b02c2dbcaacde1000353e4%40%3cdev.tomee.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/34717424b4d08b74f65c09a083d6dd1cb0763f37a15d6de135998c1d%40%3cdev.tomee.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3cdev.drill.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/525bcf949a4b0da87a375cbad2680b8beccde749522f24c49befe7fb%40%3ccommits.pulsar.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/56c8042873595b8c863054c7bfccab4bf2c01c6f5abedae249d914b9%40%3cdev.tomee.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/5ecc333113b139429f4f05000d4aa2886974d4df3269c1dd990bb319%40%3cdev.tomee.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/5fc0e16b7af2590bf1e97c76c136291c4fdb244ee63c65c485c9a7a1%40%3cdev.tomee.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/6788e4c991f75b89d290ad06b463fcd30bcae99fee610345a35b7bc6%40%3cissues.iceberg.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/689c6bcc6c7612eee71e453a115a4c8581e7b718537025d4b265783d%40%3cissues.iceberg.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/75f482fdc84abe6d0c8f438a76437c335a7bbeb5cddd4d70b4bc0cbf%40%3cissues.iceberg.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/859815b2e9f1575acbb2b260b73861c16ca49bca627fa0c46419051f%40%3cissues.iceberg.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/8723b52c2544e6cb804bc8a36622c584acd1bd6c53f2b6034c9fea54%40%3cissues.iceberg.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/87e46591de8925f719664a845572d184027258c5a7af0a471b53c77b%40%3cdev.tomee.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef%40%3cdev.struts.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/99944f86abefde389da9b4040ea2327c6aa0b53a2ff9352bd4cfec17%40%3cissues.iceberg.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3cdev.drill.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/d161ff3d59c5a8213400dd6afb1cce1fac4f687c32d1e0c0bfbfaa2d%40%3cissues.iceberg.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/e25e734c315f70d8876a846926cfe3bfa1a4888044f146e844caf72f%40%3ccommits.ambari.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/ee0a051428d2c719acfa297d0854a189ea5e284ef3ed491fa672f4be%40%3cdev.tomee.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/f17f63b0f8a57e4a5759e01d25cffc0548f0b61ff5c6bfd704ad2f2a%40%3ccommits.ambari.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3cissues.drill.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3cissues.bookkeeper.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3cissues.geode.apache.org%3e	Trust: 1.0
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ovrzdn2t6az6djczj3vsiqivhbvmvwbl/	Trust: 1.0
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/txrvxnrfhjsqwfhprjqri5upmz63b544/	Trust: 1.0
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ukuale2tuckekohe2d342pqxn4mwcslc/	Trust: 1.0
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ukuale2tuckekohe2d342pqxn4mwcslc/	Trust: 0.8
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ovrzdn2t6az6djczj3vsiqivhbvmvwbl/	Trust: 0.8
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/txrvxnrfhjsqwfhprjqri5upmz63b544/	Trust: 0.8
url:	https://lists.apache.org/thread.html/e25e734c315f70d8876a846926cfe3bfa1a4888044f146e844caf72f@%3ccommits.ambari.apache.org%3e	Trust: 0.8
url:	https://lists.apache.org/thread.html/f17f63b0f8a57e4a5759e01d25cffc0548f0b61ff5c6bfd704ad2f2a@%3ccommits.ambari.apache.org%3e	Trust: 0.8
url:	https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3cissues.bookkeeper.apache.org%3e	Trust: 0.8
url:	https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3cdev.drill.apache.org%3e	Trust: 0.8
url:	https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3cdev.drill.apache.org%3e	Trust: 0.8
url:	https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3cissues.drill.apache.org%3e	Trust: 0.8
url:	https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3cissues.geode.apache.org%3e	Trust: 0.8
url:	https://lists.apache.org/thread.html/75f482fdc84abe6d0c8f438a76437c335a7bbeb5cddd4d70b4bc0cbf@%3cissues.iceberg.apache.org%3e	Trust: 0.8
url:	https://lists.apache.org/thread.html/689c6bcc6c7612eee71e453a115a4c8581e7b718537025d4b265783d@%3cissues.iceberg.apache.org%3e	Trust: 0.8
url:	https://lists.apache.org/thread.html/99944f86abefde389da9b4040ea2327c6aa0b53a2ff9352bd4cfec17@%3cissues.iceberg.apache.org%3e	Trust: 0.8
url:	https://lists.apache.org/thread.html/d161ff3d59c5a8213400dd6afb1cce1fac4f687c32d1e0c0bfbfaa2d@%3cissues.iceberg.apache.org%3e	Trust: 0.8
url:	https://lists.apache.org/thread.html/2766188be238a446a250ef76801037d452979152d85bce5e46805815@%3cissues.iceberg.apache.org%3e	Trust: 0.8
url:	https://lists.apache.org/thread.html/8723b52c2544e6cb804bc8a36622c584acd1bd6c53f2b6034c9fea54@%3cissues.iceberg.apache.org%3e	Trust: 0.8
url:	https://lists.apache.org/thread.html/859815b2e9f1575acbb2b260b73861c16ca49bca627fa0c46419051f@%3cissues.iceberg.apache.org%3e	Trust: 0.8
url:	https://lists.apache.org/thread.html/6788e4c991f75b89d290ad06b463fcd30bcae99fee610345a35b7bc6@%3cissues.iceberg.apache.org%3e	Trust: 0.8
url:	https://lists.apache.org/thread.html/525bcf949a4b0da87a375cbad2680b8beccde749522f24c49befe7fb@%3ccommits.pulsar.apache.org%3e	Trust: 0.8
url:	https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef@%3cdev.struts.apache.org%3e	Trust: 0.8
url:	https://lists.apache.org/thread.html/0fcef7321095ce0bc597d468d150cff3d647f4cb3aef3bd4d20e1c69@%3ccommits.tinkerpop.apache.org%3e	Trust: 0.8
url:	https://lists.apache.org/thread.html/56c8042873595b8c863054c7bfccab4bf2c01c6f5abedae249d914b9@%3cdev.tomee.apache.org%3e	Trust: 0.8
url:	https://lists.apache.org/thread.html/0d4b630d9ee724aee50703397d9d1afa2b2befc9395ba7797d0ccea9@%3cdev.tomee.apache.org%3e	Trust: 0.8
url:	https://lists.apache.org/thread.html/ee0a051428d2c719acfa297d0854a189ea5e284ef3ed491fa672f4be@%3cdev.tomee.apache.org%3e	Trust: 0.8
url:	https://lists.apache.org/thread.html/2d2a76440becb610b9a9cb49b15eac3934b02c2dbcaacde1000353e4@%3cdev.tomee.apache.org%3e	Trust: 0.8
url:	https://lists.apache.org/thread.html/34717424b4d08b74f65c09a083d6dd1cb0763f37a15d6de135998c1d@%3cdev.tomee.apache.org%3e	Trust: 0.8
url:	https://lists.apache.org/thread.html/5ecc333113b139429f4f05000d4aa2886974d4df3269c1dd990bb319@%3cdev.tomee.apache.org%3e	Trust: 0.8
url:	https://lists.apache.org/thread.html/87e46591de8925f719664a845572d184027258c5a7af0a471b53c77b@%3cdev.tomee.apache.org%3e	Trust: 0.8
url:	https://lists.apache.org/thread.html/5fc0e16b7af2590bf1e97c76c136291c4fdb244ee63c65c485c9a7a1@%3cdev.tomee.apache.org%3e	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-14379	Trust: 0.8
url:	https://access.redhat.com/security/updates/classification/#important	Trust: 0.6
url:	https://access.redhat.com/security/team/contact/	Trust: 0.6
url:	https://access.redhat.com/security/cve/cve-2019-14379	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/1118283	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/1086039	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/1285282	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/1072724	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.3074/	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022060909	Trust: 0.6
url:	https://packetstormsecurity.com/files/155382/red-hat-security-advisory-2019-3901-01.html	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-android-mobile-sdk-compile-builder-includes-vulnerable-components/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.4754/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-fasterxml-jackson-databind-affect-apache-solr-shipped-with-ibm-operations-analytics-log-analysis/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.4588/	Trust: 0.6
url:	https://packetstormsecurity.com/files/166313/apple-security-advisory-2022-03-14-7.html	Trust: 0.6
url:	https://www.oracle.com/security-alerts/cpujan2020verbose.html	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-jackson-databind-affect-ibm-sterling-b2b-integrator-2/	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021042826	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cognos-business-intelligence-has-addressed-multiple-vulnerabilities-q12021/	Trust: 0.6
url:	https://support.apple.com/en-us/ht213189	Trust: 0.6
url:	https://packetstormsecurity.com/files/154469/red-hat-security-advisory-2019-2743-01.html	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cognos-analytics-has-addressed-multiple-vulnerabilities-3/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.1573	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.3643/	Trust: 0.6
url:	https://vigilance.fr/vulnerability/jackson-databind-code-execution-via-subtypevalidator-30021	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/1106763	Trust: 0.6
url:	https://packetstormsecurity.com/files/156941/red-hat-security-advisory-2020-0983-01.html	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-release-for-ibm-security-identity-governance-and-intelligence-in-response-to-security-vulnerabilities-2/	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021050708	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.3481/	Trust: 0.6
url:	https://packetstormsecurity.com/files/162493/red-hat-security-advisory-2021-1515-01.html	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/45801	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.0832/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.1437	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.4323/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.3836/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-affect-ibm-network-performance-insight-cve-2019-14379-cve-2019-17531-cve-2019-14439-and-cve-2019-14540/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.4370/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.0381/	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022031501	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.1076/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-affects-ibm-jazz-foundation-and-ibm-engineering-products/	Trust: 0.6
url:	https://packetstormsecurity.com/files/156628/red-hat-security-advisory-2020-0727-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.1440/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-fasterxml-jackson-databind-affect-ibm-spectrum-protect-plus-cve-2019-16943-cve-2019-16942-cve-2019-17531-cve-2019-17267-cve-2019-14540-cve-2019-163/	Trust: 0.6
url:	https://packetstormsecurity.com/files/162350/red-hat-security-advisory-2021-1230-01.html	Trust: 0.6
url:	https://www.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.5
url:	https://bugzilla.redhat.com/):	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2019-12086	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2019-12814	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2019-12384	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2019-12384	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2019-12814	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2019-12086	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2018-19360	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2018-14720	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2018-14718	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2018-14718	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2018-19361	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2018-14719	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2018-14719	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2018-14720	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2018-19360	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2018-19362	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2018-19362	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2018-14721	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2018-14721	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2018-19361	Trust: 0.3
url:	https://issues.jboss.org/):	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2017-15095	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-12022	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2017-7525	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2018-7489	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2018-5968	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-10237	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-12023	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2017-17485	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2018-12023	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2018-12022	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2017-7525	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-11307	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-7489	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2018-10237	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-5968	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2017-17485	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2017-15095	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2018-11307	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2019-10184	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2019-10202	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-10202	Trust: 0.2
url:	https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/html-single/installation_guide/	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-10212	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2019-10212	Trust: 0.2
url:	https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-10184	Trust: 0.2
url:	https://access.redhat.com/articles/11258	Trust: 0.2
url:	https://access.redhat.com/security/team/key/	Trust: 0.2
url:	https://cwe.mitre.org/data/definitions/1321.html	Trust: 0.1
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=60520	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://github.com/galimba/jackson-deserialization-poc	Trust: 0.1
url:	https://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_r	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22604	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22602	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22607	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22608	Trust: 0.1
url:	https://support.apple.com/ht213189.	Trust: 0.1
url:	https://developer.apple.com/xcode/downloads/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22606	Trust: 0.1
url:	https://support.apple.com/en-us/ht201222.	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22601	Trust: 0.1
url:	https://www.apple.com/support/security/pgp/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22605	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-44228	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22603	Trust: 0.1
url:	https://docs.openshift.com/container-platform/4.1/release_notes/ocp-4-1-rel	Trust: 0.1
url:	https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-2163	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-36188	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-36189	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-15586	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-20190	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-36179	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-36185	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-35490	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-36180	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-35491	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-35490	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-35728	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-36180	Trust: 0.1
url:	https://docs.openshift.com/container-platform/4.7/logging/cluster-logging-u	Trust: 0.1
url:	https://listman.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-36181	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-35491	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-36182	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-36183	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-36186	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-24750	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-36187	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-36183	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-16845	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-36188	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-36179	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-36182	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-16845	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-36185	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-24750	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-36186	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-36187	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-36189	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-15586	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:1515	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-36184	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-36181	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-36184	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-20190	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-35728	Trust: 0.1
url:	https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=appplatform&downloadtype=securitypatches&version=7.2	Trust: 0.1

CREDITS

Red Hat

Trust: 1.2

sources: PACKETSTORM: 154913 // PACKETSTORM: 154649 // PACKETSTORM: 162493 // PACKETSTORM: 154687 // PACKETSTORM: 154672 // PACKETSTORM: 154469 // CNNVD: CNNVD-201907-1434

SOURCES

db:	VULHUB	id:	VHN-146319
db:	VULMON	id:	CVE-2019-14379
db:	JVNDB	id:	JVNDB-2019-007329
db:	PACKETSTORM	id:	154913
db:	PACKETSTORM	id:	166313
db:	PACKETSTORM	id:	154649
db:	PACKETSTORM	id:	162493
db:	PACKETSTORM	id:	154687
db:	PACKETSTORM	id:	154672
db:	PACKETSTORM	id:	154469
db:	CNNVD	id:	CNNVD-201907-1434
db:	NVD	id:	CVE-2019-14379

LAST UPDATE DATE

2024-11-20T21:36:52.423000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-146319	date:	2022-12-02T00:00:00
db:	VULMON	id:	CVE-2019-14379	date:	2022-12-02T00:00:00
db:	JVNDB	id:	JVNDB-2019-007329	date:	2019-08-07T00:00:00
db:	CNNVD	id:	CNNVD-201907-1434	date:	2022-12-05T00:00:00
db:	NVD	id:	CVE-2019-14379	date:	2023-11-07T03:04:54.240

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-146319	date:	2019-07-29T00:00:00
db:	VULMON	id:	CVE-2019-14379	date:	2019-07-29T00:00:00
db:	JVNDB	id:	JVNDB-2019-007329	date:	2019-08-07T00:00:00
db:	PACKETSTORM	id:	154913	date:	2019-10-19T15:55:08
db:	PACKETSTORM	id:	166313	date:	2022-03-15T15:45:58
db:	PACKETSTORM	id:	154649	date:	2019-09-28T11:11:11
db:	PACKETSTORM	id:	162493	date:	2021-05-06T15:03:00
db:	PACKETSTORM	id:	154687	date:	2019-09-30T18:22:22
db:	PACKETSTORM	id:	154672	date:	2019-09-30T18:22:22
db:	PACKETSTORM	id:	154469	date:	2019-09-12T14:32:34
db:	CNNVD	id:	CNNVD-201907-1434	date:	2019-07-29T00:00:00
db:	NVD	id:	CVE-2019-14379	date:	2019-07-29T12:15:16.633