ID

VAR-201907-0806


CVE

CVE-2019-14379


TITLE

FasterXML jackson-databind Input validation error vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-201907-1434

DESCRIPTION

SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code execution. FasterXML Jackson is a data processing tool for Java developed by American FasterXML Company. jackson-databind is one of the components with data binding function. The SubTypeValidator.java file in versions earlier than FasterXML jackson-databind 2.9.9.2 has an input validation error vulnerability. An attacker could exploit this vulnerability to execute code. Description: Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services. (CVE-2019-12814) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution: For OpenShift Container Platform 4.1 see the following documentation, which will be updated shortly for release 4.1.18, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.openshift.com/container-platform/4.1/release_notes/ocp-4-1-rel ease-notes.html 4. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat Single Sign-On 7.3.4 security update on RHEL 6 Advisory ID: RHSA-2019:3044-01 Product: Red Hat Single Sign-On Advisory URL: https://access.redhat.com/errata/RHSA-2019:3044 Issue date: 2019-10-14 CVE Names: CVE-2019-10184 CVE-2019-12086 CVE-2019-12814 CVE-2019-14379 CVE-2019-14820 CVE-2019-14832 ===================================================================== 1. Summary: New Red Hat Single Sign-On 7.3.4 packages are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Single Sign-On 7.3 for RHEL 6 Server - noarch 3. Description: Red Hat Single Sign-On 7.3 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.3.4 on RHEL 6 serves as a replacement for Red Hat Single Sign-On 7.3.3, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix(es): * keycloak: cross-realm user access auth bypass (CVE-2019-14832) * keycloak: adapter endpoints are exposed via arbitrary URLs (CVE-2019-14820) * jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server via crafted JSON message (CVE-2019-12814) * jackson-databind: default typing mishandling leading to remote code execution (CVE-2019-14379) * jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server (CVE-2019-12086) * undertow: Information leak in requests for directories without trailing slashes (CVE-2019-10184) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1649870 - CVE-2019-14820 keycloak: adapter endpoints are exposed via arbitrary URLs 1713068 - CVE-2019-10184 undertow: Information leak in requests for directories without trailing slashes 1713468 - CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server. 1725795 - CVE-2019-12814 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server via crafted JSON message. JIRA issues fixed (https://issues.jboss.org/): KEYCLOAK-11454 - Tracker bug for the RH-SSO 7.3.4 release for RHEL7 7. Package List: Red Hat Single Sign-On 7.3 for RHEL 6 Server: Source: rh-sso7-keycloak-4.8.13-1.Final_redhat_00001.1.el6sso.src.rpm noarch: rh-sso7-keycloak-4.8.13-1.Final_redhat_00001.1.el6sso.noarch.rpm rh-sso7-keycloak-server-4.8.13-1.Final_redhat_00001.1.el6sso.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 8. References: https://access.redhat.com/security/cve/CVE-2019-10184 https://access.redhat.com/security/cve/CVE-2019-12086 https://access.redhat.com/security/cve/CVE-2019-12814 https://access.redhat.com/security/cve/CVE-2019-14379 https://access.redhat.com/security/cve/CVE-2019-14820 https://access.redhat.com/security/cve/CVE-2019-14832 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.3/ 9. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXaS+r9zjgjWX9erEAQizTBAAmTcTk3Q7rVco9Xx4dWdTBrNeB3cKhnoj Fhkwvdoo4MVgaDWv2P9h9/JFoaCvgw6ZP2ZBbwB0wXq2+F70GFexx/nP44TlL3Kg JBAjCLvYT24Ahtxg9U6bmZwi1++fogj9TfJcC1C7k+TZHvoz3W+BCIO3OFWC2xYb mkT943QgXEALZ+KjAZqG0fE3RvH28zZy1RQO5x0Vb+qr6KTTzEF/VvtQFOiKVtok qyKa+59Ddzr/YLy+QPN4+tOMWNbGJhUnarssUVodgc/1OAEGJLPGB7iez9ekwTNf AzRL9nrMUI+DYs2pz/Cks9aban3uWmjXCn4OxfyBS2vJKiwXIxpHOh8Zfl9NlB7e X2NMGeU34Dem1ofhTErZCDbpkCUHYuiTgaJ53JoWAzVfX3gGb44GFDxN7kQ2DG6q lScmZjNPtI2GJ0h+4L6ViSHOhNOpTSHlfaMsatC4kE50qjNagGC2jcgS9mmYwclX gLuLa+RlbMeZSYSVb4pl2rkKvwdR5tbrLBfznoeT46UPHKT+1Yyd28jlClTNBMoP qroivgayFrYkC/oj0ud0V3POKyxpdZS1rf7GZrwN+etESHn9RZwnzsj413fQtIaw xP5xCmpqGCbBe2JZRLizd+voOn1oZbZSNYpZfGfghQHZ9IuKrECqJ8KQhv5yx2GD cxVVfwDI8os= =akLu -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . LOG-1234 - CVE-2020-15586 CVE-2020-16845 openshift-eventrouter: various flaws [openshift-4] LOG-1299 - Release 5.0 Forwarding logs to Kafka using Chained certificates fails with error "state=error: certificate verify failed (unable to get local issuer certificate)" 5. The References section of this erratum contains a download link (you must log in to download the update). The JBoss server process must be restarted for the update to take effect. Solution: Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications. JIRA issues fixed (https://issues.jboss.org/): JBEAP-16455 - [GSS](7.2.z) Upgrade Infinispan from 9.3.6 to 9.3.7 JBEAP-16779 - [GSS](7.2.z) Upgrade Hibernate ORM from 5.3.10 to 5.3.11 JBEAP-17045 - [GSS](7.2.z) Upgrade JSF based on Mojarra 2.3.5.SP3-redhat-00001 to 2.3.5.SP3-redhat-00002 JBEAP-17062 - [GSS](7.2.z) Upgrade Artemis from 2.7.0.redhat-00057 to 2.9.0.redhat-00005 JBEAP-17073 - [GSS](7.2.z) Upgrade jboss-ejb-client from 4.0.20 to 4.0.23 JBEAP-17109 - (7.2.z) Upgrade XNIO from 3.6.6.Final-redhat-00001 to 3.7.3.Final-redhat-00001 JBEAP-17112 - [GSS](7.2.z) Upgrade JBoss Remoting from 5.0.12 to 5.0.14.SP1 JBEAP-17142 - Tracker bug for the EAP 7.2.4 release for RHEL-6 JBEAP-17162 - [GSS](7.2.z) Upgrade jgroups from 4.0.19 to 4.0.20 JBEAP-17178 - (7.2.z) Upgrade IronJacamar from 1.4.16.Final to 1.4.17.Final JBEAP-17182 - (7.2.z) Upgrade PicketLink from 2.5.5.SP12-redhat-00006 to 2.5.5.SP12-redhat-00007 JBEAP-17183 - (7.2.z) Upgrade PicketLink bindings from 2.5.5.SP12-redhat-00006 to 2.5.5.SP12-redhat-00007 JBEAP-17223 - [GSS](7.2.z) Upgrade WildFly Core from 6.0.15 to 6.0.16 JBEAP-17238 - [GSS](7.2.z) Upgrade HAL from 3.0.13 to 3.0.16 JBEAP-17250 - [GSS](7.2.z) Upgrade JBoss MSC from 1.4.5 to 1.4.8 JBEAP-17271 - [GSS](7.2.z) Upgrade jboss-logmanager from 2.1.7.Final-redhat-00001 to 2.1.14.Final-redhat-00001 JBEAP-17273 - [GSS](7.2.z) Upgrade jboss-logging from 3.3.2.Final-redhat-00001 to 3.3.3.Final-redhat-00001 JBEAP-17274 - [GSS](7.2.z) Upgrade Wildfly Elytron from 1.6.3.Final-redhat-00001 to 1.6.4.Final-redhat-00001 JBEAP-17276 - [GSS](7.2.z) Upgrade wildfly-transaction-client from 1.1.4.Final-redhat-00001 to 1.1.6.Final-redhat-00001 JBEAP-17277 - [GSS](7.2.z) Upgrade Undertow from 2.0.22 to 2.0.25.SP1 JBEAP-17278 - [GSS](7.2.z) Upgrade JBoss Marshalling from 2.0.7 to 2.0.9 JBEAP-17294 - [GSS](7.2.z) Upgrade weld from 3.0.6.Final-redhat-00001 to 3.0.6.Final-redhat-00002 JBEAP-17311 - [GSS](7.2.z) Upgrade jboss-jaxrs-api_2.1_spec from 1.0.1.Final-redhat-00001 to 1.0.3.Final-redhat-00001 JBEAP-17320 - [GSS](7.2.z) Upgrade PicketBox from 5.0.3.Final-redhat-3 to 5.0.3.Final-redhat-00004 JBEAP-17321 - [GSS](7.2.z) Upgrade Narayana from 5.9.3.Final to 5.9.6.Final JBEAP-17334 - (7.2.z) Upgrade Elytron-Tool from 1.4.2 to 1.4.3.Final JBEAP-17527 - [GSS](7.2.z) Upgrade Hibernate ORM from 5.3.11 to 5.3.11.SP1 7

Trust: 1.89

sources: NVD: CVE-2019-14379 // VULHUB: VHN-146319 // VULMON: CVE-2019-14379 // PACKETSTORM: 155054 // PACKETSTORM: 154649 // PACKETSTORM: 154843 // PACKETSTORM: 162493 // PACKETSTORM: 154687 // PACKETSTORM: 154850 // PACKETSTORM: 154672 // PACKETSTORM: 154844 // PACKETSTORM: 154793

AFFECTED PRODUCTS

vendor:netappmodel:active iq unified managerscope:gteversion:9.5

Trust: 1.0

vendor:oraclemodel:banking platformscope:eqversion:2.7.1

Trust: 1.0

vendor:oraclemodel:financial services analytical applications infrastructurescope:lteversion:8.0.8

Trust: 1.0

vendor:fasterxmlmodel:jackson-databindscope:ltversion:2.9.9.2

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:eqversion:16.2

Trust: 1.0

vendor:oraclemodel:communications diameter signaling routerscope:eqversion:8.2.1

Trust: 1.0

vendor:oraclemodel:banking platformscope:eqversion:2.5.0

Trust: 1.0

vendor:applemodel:xcodescope:ltversion:13.3

Trust: 1.0

vendor:oraclemodel:primavera unifierscope:lteversion:17.12

Trust: 1.0

vendor:oraclemodel:primavera unifierscope:eqversion:16.1

Trust: 1.0

vendor:oraclemodel:retail xstore point of servicescope:eqversion:15.0

Trust: 1.0

vendor:fasterxmlmodel:jackson-databindscope:gteversion:2.7.0

Trust: 1.0

vendor:oraclemodel:communications diameter signaling routerscope:eqversion:8.2

Trust: 1.0

vendor:fasterxmlmodel:jackson-databindscope:ltversion:2.7.9.6

Trust: 1.0

vendor:oraclemodel:banking platformscope:eqversion:2.6.1

Trust: 1.0

vendor:netappmodel:active iq unified managerscope:gteversion:7.3

Trust: 1.0

vendor:oraclemodel:retail xstore point of servicescope:eqversion:18.0

Trust: 1.0

vendor:netappmodel:snapcenterscope:eqversion: -

Trust: 1.0

vendor:oraclemodel:communications diameter signaling routerscope:eqversion:8.0.0

Trust: 1.0

vendor:fasterxmlmodel:jackson-databindscope:gteversion:2.0.0

Trust: 1.0

vendor:redhatmodel:single sign-onscope:eqversion:7.3

Trust: 1.0

vendor:oraclemodel:banking platformscope:eqversion:2.4.0

Trust: 1.0

vendor:oraclemodel:siebel engineering - installer \& deploymentscope:lteversion:19.8

Trust: 1.0

vendor:fasterxmlmodel:jackson-databindscope:ltversion:2.8.11.4

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:eqversion:18.8.0

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:8.0

Trust: 1.0

vendor:fasterxmlmodel:jackson-databindscope:gteversion:2.8.0

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:29

Trust: 1.0

vendor:oraclemodel:banking platformscope:eqversion:2.7.0

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:eqversion:17.12

Trust: 1.0

vendor:oraclemodel:retail customer management and segmentation foundationscope:eqversion:17.0

Trust: 1.0

vendor:netappmodel:oncommand workflow automationscope:eqversion: -

Trust: 1.0

vendor:oraclemodel:primavera unifierscope:eqversion:16.2

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:30

Trust: 1.0

vendor:oraclemodel:primavera unifierscope:eqversion:18.8

Trust: 1.0

vendor:oraclemodel:communications diameter signaling routerscope:eqversion:8.1

Trust: 1.0

vendor:oraclemodel:retail xstore point of servicescope:eqversion:16.0

Trust: 1.0

vendor:oraclemodel:communications instant messaging serverscope:eqversion:10.0.1.3.0

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:31

Trust: 1.0

vendor:redhatmodel:jboss enterprise application platformscope:eqversion:7.2

Trust: 1.0

vendor:oraclemodel:jd edwards enterpriseone orchestratorscope:eqversion:9.2

Trust: 1.0

vendor:oraclemodel:banking platformscope:eqversion:2.6.0

Trust: 1.0

vendor:fasterxmlmodel:jackson-databindscope:ltversion:2.6.7.3

Trust: 1.0

vendor:redhatmodel:openshift container platformscope:eqversion:4.1

Trust: 1.0

vendor:oraclemodel:goldengate stream analyticsscope:ltversion:19.1.0.0.1

Trust: 1.0

vendor:oraclemodel:primavera unifierscope:gteversion:17.7

Trust: 1.0

vendor:netappmodel:service level managerscope:eqversion: -

Trust: 1.0

vendor:oraclemodel:banking platformscope:eqversion:2.4.1

Trust: 1.0

vendor:oraclemodel:retail xstore point of servicescope:eqversion:17.0

Trust: 1.0

vendor:redhatmodel:jboss enterprise application platformscope:eqversion:7.3

Trust: 1.0

vendor:oraclemodel:siebel ui frameworkscope:lteversion:19.10

Trust: 1.0

vendor:redhatmodel:openshift container platformscope:eqversion:3.11

Trust: 1.0

vendor:oraclemodel:jd edwards enterpriseone toolsscope:eqversion:9.2

Trust: 1.0

vendor:oraclemodel:retail xstore point of servicescope:eqversion:7.1

Trust: 1.0

vendor:oraclemodel:financial services analytical applications infrastructurescope:gteversion:8.0.2

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:eqversion:15.2

Trust: 1.0

vendor:fasterxmlmodel:jackson-databindscope:gteversion:2.9.0

Trust: 1.0

sources: NVD: CVE-2019-14379

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-14379
value: CRITICAL

Trust: 1.0

CNNVD: CNNVD-201907-1434
value: CRITICAL

Trust: 0.6

VULHUB: VHN-146319
value: HIGH

Trust: 0.1

VULMON: CVE-2019-14379
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-14379
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

VULHUB: VHN-146319
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-14379
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-146319 // VULMON: CVE-2019-14379 // CNNVD: CNNVD-201907-1434 // NVD: CVE-2019-14379

PROBLEMTYPE DATA

problemtype:CWE-1321

Trust: 1.0

problemtype:CWE-20

Trust: 0.1

problemtype:CWE-915

Trust: 0.1

sources: VULHUB: VHN-146319 // NVD: CVE-2019-14379

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201907-1434

TYPE

code execution

Trust: 0.9

sources: PACKETSTORM: 155054 // PACKETSTORM: 154649 // PACKETSTORM: 154843 // PACKETSTORM: 162493 // PACKETSTORM: 154687 // PACKETSTORM: 154850 // PACKETSTORM: 154672 // PACKETSTORM: 154844 // PACKETSTORM: 154793

PATCH

title:FasterXML jackson-databind Security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=95557

Trust: 0.6

title:Red Hat: Important: rh-maven35-jackson-databind security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192743 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Red Hat Process Automation Manager 7.5.0 Security Updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20193297 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Red Hat Decision Manager 7.5.0 Security Updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20193292 - Security Advisory

Trust: 0.1

title:Debian CVElist Bug Report Logs: jackson-databind: CVE-2019-14361 CVE-2019-14379url:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=a0e42c604708bdf7d86284f91b76327e

Trust: 0.1

title:Red Hat: Important: Red Hat OpenShift Application Runtimes Vert.x 3.8.3 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20193901 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Red Hat Single Sign-On 7.3.4 security update on RHEL 8url:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20193046 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.4 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192938 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Red Hat Single Sign-On 7.3.4 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20193050 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Red Hat Single Sign-On 7.3.4 security update on RHEL 7url:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20193045 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Red Hat Single Sign-On 7.3.4 security update on RHEL 6url:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20193044 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Red Hat OpenShift Application Runtimes Thorntail 2.5.0 security & bug fix updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192998 - Security Advisory

Trust: 0.1

title:Red Hat: CVE-2019-14379url:https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2019-14379

Trust: 0.1

title:Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.4 on RHEL 8 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192937 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.4 on RHEL 7 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192936 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.4 on RHEL 6 Security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192935 - Security Advisory

Trust: 0.1

title:IBM: IBM Security Bulletin: IBM Security Guardium is affected by a jackson-databind vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=8e202227ddeed5e361f0c0e3dbbf0fe3

Trust: 0.1

title:Red Hat: Important: Red Hat Data Grid 7.3.3 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20200727 - Security Advisory

Trust: 0.1

title:IBM: IBM Security Bulletin: Vulnerabilities in FasterXML Jackson libraries affect IBM Cúram Social Program Management (CVE-2019-14439, CVE-2019-14379, CVE-2019-12814, CVE-2019-12086)url:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=7577d61736064271602a887577c2f766

Trust: 0.1

title:Red Hat: Important: Red Hat Fuse 7.6.0 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20200983 - Security Advisory

Trust: 0.1

title:Red Hat: Important: OpenShift Container Platform 4.1.18 logging-elasticsearch5 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192858 - Security Advisory

Trust: 0.1

title:Red Hat: Important: OpenShift Container Platform logging-elasticsearch5-container security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20193149 - Security Advisory

Trust: 0.1

title:Hitachi Security Advisories: Multiple Vulnerabilities in Hitachi Ops Center Analyzer viewpointurl:https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories&qid=hitachi-sec-2020-109

Trust: 0.1

title:Hitachi Security Advisories: Multiple Vulnerabilities in Cosminexusurl:https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories&qid=hitachi-sec-2021-109

Trust: 0.1

title:IBM: Security Bulletin: z/Transaction Processing Facility is affected by multiple vulnerabilities in the jackson-databind, jackson-dataformat-xml, jackson-core, slf4j-ext, and cxf-core packagesurl:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=f974282a27702bae4111bf7716ee6cf6

Trust: 0.1

title:IBM: Security Bulletin: Multiple vulnerabilities in Data-Binding for Jackson shipped with IBM Operations Analytics – Log Analysisurl:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=1db4c8cb14383c63d0c04205c943ef8a

Trust: 0.1

title:IBM: Security Bulletin: IBM Cognos Analytics has addressed multiple vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=2ec7385c474071281be069b54d841de6

Trust: 0.1

title:commonsurl:https://github.com/heike2718/commons

Trust: 0.1

title:Jackson-deserialization-PoCurl:https://github.com/galimba/Jackson-deserialization-PoC

Trust: 0.1

title:cybsecurl:https://github.com/ilmari666/cybsec

Trust: 0.1

sources: VULMON: CVE-2019-14379 // CNNVD: CNNVD-201907-1434

EXTERNAL IDS

db:NVDid:CVE-2019-14379

Trust: 2.7

db:PACKETSTORMid:162493

Trust: 0.8

db:PACKETSTORMid:166313

Trust: 0.7

db:PACKETSTORMid:154469

Trust: 0.7

db:PACKETSTORMid:162350

Trust: 0.7

db:CNNVDid:CNNVD-201907-1434

Trust: 0.7

db:CS-HELPid:SB2022060909

Trust: 0.6

db:CS-HELPid:SB2022031501

Trust: 0.6

db:CS-HELPid:SB2021050708

Trust: 0.6

db:CS-HELPid:SB2021042826

Trust: 0.6

db:AUSCERTid:ESB-2019.4754

Trust: 0.6

db:AUSCERTid:ESB-2019.4370

Trust: 0.6

db:AUSCERTid:ESB-2019.3481

Trust: 0.6

db:AUSCERTid:ESB-2019.4323

Trust: 0.6

db:AUSCERTid:ESB-2020.1076

Trust: 0.6

db:AUSCERTid:ESB-2019.4588

Trust: 0.6

db:AUSCERTid:ESB-2020.1440

Trust: 0.6

db:AUSCERTid:ESB-2021.1573

Trust: 0.6

db:AUSCERTid:ESB-2019.3074

Trust: 0.6

db:AUSCERTid:ESB-2021.1437

Trust: 0.6

db:AUSCERTid:ESB-2019.3836

Trust: 0.6

db:AUSCERTid:ESB-2019.3643

Trust: 0.6

db:AUSCERTid:ESB-2020.0381

Trust: 0.6

db:AUSCERTid:ESB-2020.0832

Trust: 0.6

db:PACKETSTORMid:155382

Trust: 0.6

db:PACKETSTORMid:156941

Trust: 0.6

db:PACKETSTORMid:156628

Trust: 0.6

db:NSFOCUSid:45801

Trust: 0.6

db:VULHUBid:VHN-146319

Trust: 0.1

db:VULMONid:CVE-2019-14379

Trust: 0.1

db:PACKETSTORMid:155054

Trust: 0.1

db:PACKETSTORMid:154649

Trust: 0.1

db:PACKETSTORMid:154843

Trust: 0.1

db:PACKETSTORMid:154687

Trust: 0.1

db:PACKETSTORMid:154850

Trust: 0.1

db:PACKETSTORMid:154672

Trust: 0.1

db:PACKETSTORMid:154844

Trust: 0.1

db:PACKETSTORMid:154793

Trust: 0.1

sources: VULHUB: VHN-146319 // VULMON: CVE-2019-14379 // PACKETSTORM: 155054 // PACKETSTORM: 154649 // PACKETSTORM: 154843 // PACKETSTORM: 162493 // PACKETSTORM: 154687 // PACKETSTORM: 154850 // PACKETSTORM: 154672 // PACKETSTORM: 154844 // PACKETSTORM: 154793 // CNNVD: CNNVD-201907-1434 // NVD: CVE-2019-14379

REFERENCES

url:https://access.redhat.com/errata/rhsa-2019:2743

Trust: 2.5

url:https://access.redhat.com/errata/rhsa-2019:2858

Trust: 2.5

url:https://access.redhat.com/errata/rhsa-2019:3044

Trust: 2.5

url:https://access.redhat.com/errata/rhsa-2019:3045

Trust: 2.5

url:https://access.redhat.com/errata/rhsa-2019:3050

Trust: 2.5

url:https://www.oracle.com/security-alerts/cpujul2020.html

Trust: 2.4

url:https://lists.debian.org/debian-lts-announce/2019/08/msg00011.html

Trust: 2.4

url:https://access.redhat.com/errata/rhsa-2019:3046

Trust: 2.4

url:https://access.redhat.com/errata/rhsa-2019:3901

Trust: 2.4

url:https://access.redhat.com/errata/rhsa-2019:2935

Trust: 1.9

url:https://access.redhat.com/errata/rhsa-2019:2938

Trust: 1.9

url:https://access.redhat.com/errata/rhsa-2019:2998

Trust: 1.9

url:https://access.redhat.com/errata/rhsa-2019:3297

Trust: 1.9

url:https://support.apple.com/kb/ht213189

Trust: 1.8

url:https://security.netapp.com/advisory/ntap-20190814-0001/

Trust: 1.8

url:http://seclists.org/fulldisclosure/2022/mar/23

Trust: 1.8

url:https://github.com/fasterxml/jackson-databind/compare/jackson-databind-2.9.9.1...jackson-databind-2.9.9.2

Trust: 1.8

url:https://github.com/fasterxml/jackson-databind/issues/2387

Trust: 1.8

url:https://www.oracle.com/security-alerts/cpuapr2021.html

Trust: 1.8

url:https://www.oracle.com/security-alerts/cpuapr2020.html

Trust: 1.8

url:https://www.oracle.com/security-alerts/cpujan2020.html

Trust: 1.8

url:https://www.oracle.com/security-alerts/cpuoct2020.html

Trust: 1.8

url:https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

Trust: 1.8

url:https://access.redhat.com/errata/rhba-2019:2824

Trust: 1.8

url:https://access.redhat.com/errata/rhsa-2019:2936

Trust: 1.8

url:https://access.redhat.com/errata/rhsa-2019:2937

Trust: 1.8

url:https://access.redhat.com/errata/rhsa-2019:3149

Trust: 1.8

url:https://access.redhat.com/errata/rhsa-2019:3200

Trust: 1.8

url:https://access.redhat.com/errata/rhsa-2019:3292

Trust: 1.8

url:https://access.redhat.com/errata/rhsa-2020:0727

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2019-14379

Trust: 1.5

url:https://lists.apache.org/thread.html/34717424b4d08b74f65c09a083d6dd1cb0763f37a15d6de135998c1d%40%3cdev.tomee.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/6788e4c991f75b89d290ad06b463fcd30bcae99fee610345a35b7bc6%40%3cissues.iceberg.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/5ecc333113b139429f4f05000d4aa2886974d4df3269c1dd990bb319%40%3cdev.tomee.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3cissues.drill.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3cdev.drill.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef%40%3cdev.struts.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/0d4b630d9ee724aee50703397d9d1afa2b2befc9395ba7797d0ccea9%40%3cdev.tomee.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/0fcef7321095ce0bc597d468d150cff3d647f4cb3aef3bd4d20e1c69%40%3ccommits.tinkerpop.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/99944f86abefde389da9b4040ea2327c6aa0b53a2ff9352bd4cfec17%40%3cissues.iceberg.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/75f482fdc84abe6d0c8f438a76437c335a7bbeb5cddd4d70b4bc0cbf%40%3cissues.iceberg.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3cissues.geode.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3cdev.drill.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/5fc0e16b7af2590bf1e97c76c136291c4fdb244ee63c65c485c9a7a1%40%3cdev.tomee.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/2766188be238a446a250ef76801037d452979152d85bce5e46805815%40%3cissues.iceberg.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/ee0a051428d2c719acfa297d0854a189ea5e284ef3ed491fa672f4be%40%3cdev.tomee.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/f17f63b0f8a57e4a5759e01d25cffc0548f0b61ff5c6bfd704ad2f2a%40%3ccommits.ambari.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/859815b2e9f1575acbb2b260b73861c16ca49bca627fa0c46419051f%40%3cissues.iceberg.apache.org%3e

Trust: 1.0

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ukuale2tuckekohe2d342pqxn4mwcslc/

Trust: 1.0

url:https://lists.apache.org/thread.html/2d2a76440becb610b9a9cb49b15eac3934b02c2dbcaacde1000353e4%40%3cdev.tomee.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3cissues.bookkeeper.apache.org%3e

Trust: 1.0

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/txrvxnrfhjsqwfhprjqri5upmz63b544/

Trust: 1.0

url:https://lists.apache.org/thread.html/525bcf949a4b0da87a375cbad2680b8beccde749522f24c49befe7fb%40%3ccommits.pulsar.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/87e46591de8925f719664a845572d184027258c5a7af0a471b53c77b%40%3cdev.tomee.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/689c6bcc6c7612eee71e453a115a4c8581e7b718537025d4b265783d%40%3cissues.iceberg.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/56c8042873595b8c863054c7bfccab4bf2c01c6f5abedae249d914b9%40%3cdev.tomee.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/8723b52c2544e6cb804bc8a36622c584acd1bd6c53f2b6034c9fea54%40%3cissues.iceberg.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/d161ff3d59c5a8213400dd6afb1cce1fac4f687c32d1e0c0bfbfaa2d%40%3cissues.iceberg.apache.org%3e

Trust: 1.0

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ovrzdn2t6az6djczj3vsiqivhbvmvwbl/

Trust: 1.0

url:https://lists.apache.org/thread.html/e25e734c315f70d8876a846926cfe3bfa1a4888044f146e844caf72f%40%3ccommits.ambari.apache.org%3e

Trust: 1.0

url:https://access.redhat.com/security/team/contact/

Trust: 0.9

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.9

url:https://access.redhat.com/security/cve/cve-2019-14379

Trust: 0.9

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ukuale2tuckekohe2d342pqxn4mwcslc/

Trust: 0.8

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ovrzdn2t6az6djczj3vsiqivhbvmvwbl/

Trust: 0.8

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/txrvxnrfhjsqwfhprjqri5upmz63b544/

Trust: 0.8

url:https://lists.apache.org/thread.html/e25e734c315f70d8876a846926cfe3bfa1a4888044f146e844caf72f@%3ccommits.ambari.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/f17f63b0f8a57e4a5759e01d25cffc0548f0b61ff5c6bfd704ad2f2a@%3ccommits.ambari.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3cissues.bookkeeper.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3cdev.drill.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3cdev.drill.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3cissues.drill.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3cissues.geode.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/75f482fdc84abe6d0c8f438a76437c335a7bbeb5cddd4d70b4bc0cbf@%3cissues.iceberg.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/689c6bcc6c7612eee71e453a115a4c8581e7b718537025d4b265783d@%3cissues.iceberg.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/99944f86abefde389da9b4040ea2327c6aa0b53a2ff9352bd4cfec17@%3cissues.iceberg.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/d161ff3d59c5a8213400dd6afb1cce1fac4f687c32d1e0c0bfbfaa2d@%3cissues.iceberg.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/2766188be238a446a250ef76801037d452979152d85bce5e46805815@%3cissues.iceberg.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/8723b52c2544e6cb804bc8a36622c584acd1bd6c53f2b6034c9fea54@%3cissues.iceberg.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/859815b2e9f1575acbb2b260b73861c16ca49bca627fa0c46419051f@%3cissues.iceberg.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/6788e4c991f75b89d290ad06b463fcd30bcae99fee610345a35b7bc6@%3cissues.iceberg.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/525bcf949a4b0da87a375cbad2680b8beccde749522f24c49befe7fb@%3ccommits.pulsar.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef@%3cdev.struts.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/0fcef7321095ce0bc597d468d150cff3d647f4cb3aef3bd4d20e1c69@%3ccommits.tinkerpop.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/56c8042873595b8c863054c7bfccab4bf2c01c6f5abedae249d914b9@%3cdev.tomee.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/0d4b630d9ee724aee50703397d9d1afa2b2befc9395ba7797d0ccea9@%3cdev.tomee.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/ee0a051428d2c719acfa297d0854a189ea5e284ef3ed491fa672f4be@%3cdev.tomee.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/2d2a76440becb610b9a9cb49b15eac3934b02c2dbcaacde1000353e4@%3cdev.tomee.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/34717424b4d08b74f65c09a083d6dd1cb0763f37a15d6de135998c1d@%3cdev.tomee.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/5ecc333113b139429f4f05000d4aa2886974d4df3269c1dd990bb319@%3cdev.tomee.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/87e46591de8925f719664a845572d184027258c5a7af0a471b53c77b@%3cdev.tomee.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/5fc0e16b7af2590bf1e97c76c136291c4fdb244ee63c65c485c9a7a1@%3cdev.tomee.apache.org%3e

Trust: 0.8

url:https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.8

url:https://bugzilla.redhat.com/):

Trust: 0.8

url:https://access.redhat.com/security/cve/cve-2019-12814

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2019-12814

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2019-12086

Trust: 0.7

url:https://access.redhat.com/security/cve/cve-2019-12086

Trust: 0.7

url:https://issues.jboss.org/):

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2019-10184

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2019-10184

Trust: 0.6

url:https://www.ibm.com/support/pages/node/1118283

Trust: 0.6

url:https://www.ibm.com/support/pages/node/1086039

Trust: 0.6

url:https://www.ibm.com/support/pages/node/1285282

Trust: 0.6

url:https://www.ibm.com/support/pages/node/1072724

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.3074/

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022060909

Trust: 0.6

url:https://packetstormsecurity.com/files/155382/red-hat-security-advisory-2019-3901-01.html

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-android-mobile-sdk-compile-builder-includes-vulnerable-components/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.4754/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-fasterxml-jackson-databind-affect-apache-solr-shipped-with-ibm-operations-analytics-log-analysis/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.4588/

Trust: 0.6

url:https://packetstormsecurity.com/files/166313/apple-security-advisory-2022-03-14-7.html

Trust: 0.6

url:https://www.oracle.com/security-alerts/cpujan2020verbose.html

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-jackson-databind-affect-ibm-sterling-b2b-integrator-2/

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021042826

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cognos-business-intelligence-has-addressed-multiple-vulnerabilities-q12021/

Trust: 0.6

url:https://support.apple.com/en-us/ht213189

Trust: 0.6

url:https://packetstormsecurity.com/files/154469/red-hat-security-advisory-2019-2743-01.html

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cognos-analytics-has-addressed-multiple-vulnerabilities-3/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1573

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.3643/

Trust: 0.6

url:https://vigilance.fr/vulnerability/jackson-databind-code-execution-via-subtypevalidator-30021

Trust: 0.6

url:https://www.ibm.com/support/pages/node/1106763

Trust: 0.6

url:https://packetstormsecurity.com/files/156941/red-hat-security-advisory-2020-0983-01.html

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-release-for-ibm-security-identity-governance-and-intelligence-in-response-to-security-vulnerabilities-2/

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021050708

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.3481/

Trust: 0.6

url:https://packetstormsecurity.com/files/162493/red-hat-security-advisory-2021-1515-01.html

Trust: 0.6

url:http://www.nsfocus.net/vulndb/45801

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.0832/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1437

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.4323/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.3836/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-affect-ibm-network-performance-insight-cve-2019-14379-cve-2019-17531-cve-2019-14439-and-cve-2019-14540/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.4370/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.0381/

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022031501

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.1076/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-affects-ibm-jazz-foundation-and-ibm-engineering-products/

Trust: 0.6

url:https://packetstormsecurity.com/files/156628/red-hat-security-advisory-2020-0727-01.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.1440/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-fasterxml-jackson-databind-affect-ibm-spectrum-protect-plus-cve-2019-16943-cve-2019-16942-cve-2019-17531-cve-2019-17267-cve-2019-14540-cve-2019-163/

Trust: 0.6

url:https://packetstormsecurity.com/files/162350/red-hat-security-advisory-2021-1230-01.html

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2019-12384

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2019-12384

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2019-14832

Trust: 0.3

url:https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.3/

Trust: 0.3

url:https://access.redhat.com/articles/11258

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-14820

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-14832

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-14820

Trust: 0.3

url:https://access.redhat.com/security/team/key/

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-10212

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-10212

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2018-19360

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2018-14720

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2018-14718

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2018-14718

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2018-19361

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2018-14719

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2018-14719

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2018-14720

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2018-19360

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2018-19362

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2018-19362

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2018-14721

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2018-14721

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2018-19361

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-10202

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-10202

Trust: 0.2

url:https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/html-single/installation_guide/

Trust: 0.2

url:https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/

Trust: 0.2

url:https://cwe.mitre.org/data/definitions/1321.html

Trust: 0.1

url:http://tools.cisco.com/security/center/viewalert.x?alertid=60520

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://github.com/galimba/jackson-deserialization-poc

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_process_automation_manager/7.5/html/release_notes_for_red_hat_process_automation_manager_7.5/index

Trust: 0.1

url:https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions&product=rhpam&version=7.5.0

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-15095

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-12022

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-7525

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-7489

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-5968

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-10237

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-12023

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-17485

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.1/release_notes/ocp-4-1-rel

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-12023

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-12022

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2017-7525

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-11307

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-7489

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-10237

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-5968

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2017-17485

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2017-15095

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-11307

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-2163

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-36188

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-36189

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-15586

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-20190

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-36179

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-36185

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-35490

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-36180

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-35491

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-35490

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-35728

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-36180

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.7/logging/cluster-logging-u

Trust: 0.1

url:https://listman.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-36181

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-35491

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-36182

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-36183

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-36186

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-24750

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-36187

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-36183

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-16845

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-36188

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-36179

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-36182

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-16845

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-36185

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-24750

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-36186

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-36187

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-36189

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-15586

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:1515

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-36184

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-36181

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-36184

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-20190

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-35728

Trust: 0.1

url:https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=appplatform&downloadtype=securitypatches&version=7.2

Trust: 0.1

url:https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=core.service.rhsso&downloadtype=securitypatches&version=7.3

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-3888

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-3868

Trust: 0.1

url:https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions&product\xcatrhoar.thorntail&version=2.5.0

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-3888

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-3868

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_openshift_application_runtimes/1/html/release_notes_for_thorntail_2/

Trust: 0.1

sources: VULHUB: VHN-146319 // VULMON: CVE-2019-14379 // PACKETSTORM: 155054 // PACKETSTORM: 154649 // PACKETSTORM: 154843 // PACKETSTORM: 162493 // PACKETSTORM: 154687 // PACKETSTORM: 154850 // PACKETSTORM: 154672 // PACKETSTORM: 154844 // PACKETSTORM: 154793 // CNNVD: CNNVD-201907-1434 // NVD: CVE-2019-14379

CREDITS

Red Hat

Trust: 1.5

sources: PACKETSTORM: 155054 // PACKETSTORM: 154649 // PACKETSTORM: 154843 // PACKETSTORM: 162493 // PACKETSTORM: 154687 // PACKETSTORM: 154850 // PACKETSTORM: 154672 // PACKETSTORM: 154844 // PACKETSTORM: 154793 // CNNVD: CNNVD-201907-1434

SOURCES

db:VULHUBid:VHN-146319
db:VULMONid:CVE-2019-14379
db:PACKETSTORMid:155054
db:PACKETSTORMid:154649
db:PACKETSTORMid:154843
db:PACKETSTORMid:162493
db:PACKETSTORMid:154687
db:PACKETSTORMid:154850
db:PACKETSTORMid:154672
db:PACKETSTORMid:154844
db:PACKETSTORMid:154793
db:CNNVDid:CNNVD-201907-1434
db:NVDid:CVE-2019-14379

LAST UPDATE DATE

2024-12-21T21:38:55.110000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-146319date:2022-12-02T00:00:00
db:VULMONid:CVE-2019-14379date:2022-12-02T00:00:00
db:CNNVDid:CNNVD-201907-1434date:2022-12-05T00:00:00
db:NVDid:CVE-2019-14379date:2024-11-21T04:26:37.530

SOURCES RELEASE DATE

db:VULHUBid:VHN-146319date:2019-07-29T00:00:00
db:VULMONid:CVE-2019-14379date:2019-07-29T00:00:00
db:PACKETSTORMid:155054date:2019-11-01T17:01:40
db:PACKETSTORMid:154649date:2019-09-28T11:11:11
db:PACKETSTORMid:154843date:2019-10-14T20:22:22
db:PACKETSTORMid:162493date:2021-05-06T15:03:00
db:PACKETSTORMid:154687date:2019-09-30T18:22:22
db:PACKETSTORMid:154850date:2019-10-15T00:11:31
db:PACKETSTORMid:154672date:2019-09-30T18:22:22
db:PACKETSTORMid:154844date:2019-10-14T20:33:33
db:PACKETSTORMid:154793date:2019-10-10T14:44:58
db:CNNVDid:CNNVD-201907-1434date:2019-07-29T00:00:00
db:NVDid:CVE-2019-14379date:2019-07-29T12:15:16.633