ID

VAR-202012-1539


CVE

CVE-2020-35728


TITLE

FasterXML, LLC  of  Jackson-databind  Vulnerabilities related to deserialization of untrusted data in products from multiple vendors

Trust: 0.8

sources: JVNDB: JVNDB-2020-018320

DESCRIPTION

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl). FasterXML, LLC of Jackson-databind There are vulnerabilities related to the deserialization of untrusted data in products from multiple vendors, such as:Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. FasterXML jackson-databind is a library based on JAVA that can convert data formats such as XML and JSON to JAVA objects. Jackson can easily convert Java objects into json objects and xml documents, as well as convert json and xml into Java objects. FasterXML jackson-databind versions 2.x to 2.9.10.8 have a security vulnerability, which stems from incorrectly handling the interaction between serialization widgets and types, involving com.oracle.wls.shaded.org.apache. xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: OpenShift Container Platform 4.6.26 security and extras update Advisory ID: RHSA-2021:1230-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2021:1230 Issue date: 2021-04-27 CVE Names: CVE-2018-14718 CVE-2018-14719 CVE-2018-14720 CVE-2018-14721 CVE-2018-19360 CVE-2018-19361 CVE-2018-19362 CVE-2019-14379 CVE-2020-24750 CVE-2020-35490 CVE-2020-35491 CVE-2020-35728 CVE-2020-36179 CVE-2020-36180 CVE-2020-36181 CVE-2020-36182 CVE-2020-36183 CVE-2020-36184 CVE-2020-36185 CVE-2020-36186 CVE-2020-36187 CVE-2020-36188 CVE-2020-36189 CVE-2021-3449 CVE-2021-20190 ===================================================================== 1. Summary: Red Hat OpenShift Container Platform release 4.6.26 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. 3. Solution: This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.6.26. See the following advisory for the container images for this release: https://access.redhat.com/errata/RHBA-2021:1232 All OpenShift Container Platform 4.6 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster - -between-minor.html#understanding-upgrade-channels_updating-cluster-between - -minor For OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel ease-notes.html Details on how to access this content are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster - -cli.html 4. Bugs fixed (https://bugzilla.redhat.com/): 1666415 - CVE-2018-14718 jackson-databind: arbitrary code execution in slf4j-ext class 1666418 - CVE-2018-14719 jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes 1666423 - CVE-2018-14720 jackson-databind: exfiltration/XXE in some JDK classes 1666428 - CVE-2018-14721 jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class 1666482 - CVE-2018-19360 jackson-databind: improper polymorphic deserialization in axis2-transport-jms class 1666484 - CVE-2018-19361 jackson-databind: improper polymorphic deserialization in openjpa class 1666489 - CVE-2018-19362 jackson-databind: improper polymorphic deserialization in jboss-common-core class 1737517 - CVE-2019-14379 jackson-databind: default typing mishandling leading to remote code execution 1859004 - Sometimes the eventrouter couldn't gather event logs. References: https://access.redhat.com/security/cve/CVE-2018-14718 https://access.redhat.com/security/cve/CVE-2018-14719 https://access.redhat.com/security/cve/CVE-2018-14720 https://access.redhat.com/security/cve/CVE-2018-14721 https://access.redhat.com/security/cve/CVE-2018-19360 https://access.redhat.com/security/cve/CVE-2018-19361 https://access.redhat.com/security/cve/CVE-2018-19362 https://access.redhat.com/security/cve/CVE-2019-14379 https://access.redhat.com/security/cve/CVE-2020-24750 https://access.redhat.com/security/cve/CVE-2020-35490 https://access.redhat.com/security/cve/CVE-2020-35491 https://access.redhat.com/security/cve/CVE-2020-35728 https://access.redhat.com/security/cve/CVE-2020-36179 https://access.redhat.com/security/cve/CVE-2020-36180 https://access.redhat.com/security/cve/CVE-2020-36181 https://access.redhat.com/security/cve/CVE-2020-36182 https://access.redhat.com/security/cve/CVE-2020-36183 https://access.redhat.com/security/cve/CVE-2020-36184 https://access.redhat.com/security/cve/CVE-2020-36185 https://access.redhat.com/security/cve/CVE-2020-36186 https://access.redhat.com/security/cve/CVE-2020-36187 https://access.redhat.com/security/cve/CVE-2020-36188 https://access.redhat.com/security/cve/CVE-2020-36189 https://access.redhat.com/security/cve/CVE-2021-3449 https://access.redhat.com/security/cve/CVE-2021-20190 https://access.redhat.com/security/updates/classification/#important 6. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYIfTktzjgjWX9erEAQg+8A//QGo1YBtlmSC7RqagNERfByPYx5YNGlfi 2RIAMqi0QrGUVuvnQxQUs5Zm9sLF559qyH56geUi2q4ICVr+rgAeUhLtsx6GLuJC xe9w4Gz8ozN6jIvTGKPx9lnTafIvR+ddgUPk389Eqo6PDPWlw7PHvaBlNHa8hGF7 6rUnTdED/G+JnXANJnAkvc+gW0BLeAYaOI+1wTOx1neicwfa+POqC8rCzYl8ESjD 8NlVG3+wu0pZK9zRTBg67TcPi+bsdyh4R6w4Uxg0w1vJkN6IdUHd+CDhqJzNDpNe pDHqPm5zAwe4iTDrV1+FJQYpx6iy9oeSPiAD/+L/JRGZ51ij5eLHpxbeL8SzpcH6 JtOpYrxVktvihnVydP1ALYlQpQvAUkmY3EcE7flNujebJNlG1MFwctaxHtDarXTL 2m4mlI4ccX2kHPYt/t0GYchRf2e7kA6Ph12SpV3tNC3zCn9JGZva4OXpyyQmvmHi 9PMifX/XTU5k4k6xXZE5ljo0YOnnKlM/4mDGBxGFiNGcsQSZhnhCALI1W6U6oGK0 uef8BrOrEFx9UHENIEqoRYp2T7d6EO3oA/mTfl3H8Ddi1qyg/U1mwJw2aE5hOTVO xkXaBb1nCb2SxcW6kMbcCeSJX9qSclcNetQI9/HrF3lxC/eCpNk5B4F6Q2AztXbL zm97KOYD3LQ= =CKcx -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . JIRA issues fixed (https://issues.jboss.org/): LOG-1224 - Release 5.0 - ClusterLogForwarder namespace-specific log forwarding does not work as expected LOG-1232 - 5.0 - Bug 1859004 - Sometimes the eventrouter couldn't gather event logs. LOG-1234 - CVE-2020-15586 CVE-2020-16845 openshift-eventrouter: various flaws [openshift-4] LOG-1299 - Release 5.0 Forwarding logs to Kafka using Chained certificates fails with error "state=error: certificate verify failed (unable to get local issuer certificate)" 5

Trust: 2.52

sources: NVD: CVE-2020-35728 // JVNDB: JVNDB-2020-018320 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-379341 // VULMON: CVE-2020-35728 // PACKETSTORM: 162350 // PACKETSTORM: 162493

AFFECTED PRODUCTS

vendor:oraclemodel:banking extensibility workbenchscope:eqversion:14.2

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:gteversion:18.8.0

Trust: 1.0

vendor:oraclemodel:banking corporate lending process managementscope:eqversion:14.3

Trust: 1.0

vendor:oraclemodel:primavera unifierscope:lteversion:17.12

Trust: 1.0

vendor:oraclemodel:retail xstore point of servicescope:eqversion:19.0.2

Trust: 1.0

vendor:oraclemodel:banking credit facilities process managementscope:eqversion:14.5

Trust: 1.0

vendor:oraclemodel:communications services gatekeeperscope:eqversion:7.0

Trust: 1.0

vendor:oraclemodel:retail service backbonescope:eqversion:14.1.3.2

Trust: 1.0

vendor:oraclemodel:communications convergent charging controllerscope:eqversion:12.0.4.0.0

Trust: 1.0

vendor:fasterxmlmodel:jackson-databindscope:ltversion:2.9.10.8

Trust: 1.0

vendor:oraclemodel:communications unified inventory managementscope:eqversion:7.4.1

Trust: 1.0

vendor:oraclemodel:banking supply chain financescope:eqversion:14.5

Trust: 1.0

vendor:oraclemodel:insurance policy administrationscope:eqversion:11.0.2

Trust: 1.0

vendor:oraclemodel:communications cloud native core unified data repositoryscope:eqversion:1.4.0

Trust: 1.0

vendor:oraclemodel:banking extensibility workbenchscope:eqversion:14.5

Trust: 1.0

vendor:oraclemodel:commerce platformscope:gteversion:11.3.0

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:gteversion:19.12.0

Trust: 1.0

vendor:oraclemodel:blockchain platformscope:lteversion:21.1.2

Trust: 1.0

vendor:oraclemodel:insurance rules palettescope:lteversion:11.3.0

Trust: 1.0

vendor:oraclemodel:retail service backbonescope:eqversion:15.0.3.1

Trust: 1.0

vendor:oraclemodel:communications session route managerscope:gteversion:8.2.0.0

Trust: 1.0

vendor:oraclemodel:banking corporate lending process managementscope:eqversion:14.5

Trust: 1.0

vendor:oraclemodel:webcenter portalscope:eqversion:12.2.1.4.0

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:lteversion:17.12.11

Trust: 1.0

vendor:oraclemodel:communications element managerscope:gteversion:8.2.0.0

Trust: 1.0

vendor:oraclemodel:insurance policy administrationscope:gteversion:11.1.0

Trust: 1.0

vendor:oraclemodel:communications diameter signaling routescope:lteversion:8.5.0.0

Trust: 1.0

vendor:oraclemodel:primavera unifierscope:eqversion:20.12

Trust: 1.0

vendor:oraclemodel:retail customer management and segmentation foundationscope:lteversion:19.0

Trust: 1.0

vendor:oraclemodel:commerce platformscope:lteversion:11.3.2

Trust: 1.0

vendor:oraclemodel:communications session report managerscope:lteversion:8.2.2.1

Trust: 1.0

vendor:oraclemodel:banking treasury managementscope:eqversion:14.4

Trust: 1.0

vendor:fasterxmlmodel:jackson-databindscope:gteversion:2.9.0

Trust: 1.0

vendor:oraclemodel:banking credit facilities process managementscope:eqversion:14.3

Trust: 1.0

vendor:oraclemodel:communications session report managerscope:gteversion:8.0.0.0

Trust: 1.0

vendor:oraclemodel:primavera unifierscope:gteversion:18.8

Trust: 1.0

vendor:oraclemodel:banking virtual account managementscope:eqversion:14.5.0

Trust: 1.0

vendor:oraclemodel:retail merchandising systemscope:eqversion:15.0.3

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:eqversion:20.12.0

Trust: 1.0

vendor:oraclemodel:banking supply chain financescope:eqversion:14.2

Trust: 1.0

vendor:oraclemodel:webcenter portalscope:eqversion:12.2.1.3.0

Trust: 1.0

vendor:oraclemodel:banking virtual account managementscope:eqversion:14.2.0

Trust: 1.0

vendor:oraclemodel:communications network charging and controlscope:eqversion:12.0.4.0.0

Trust: 1.0

vendor:oraclemodel:banking extensibility workbenchscope:eqversion:14.3

Trust: 1.0

vendor:oraclemodel:application testing suitescope:eqversion:13.3.0.1

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:9.0

Trust: 1.0

vendor:oraclemodel:insurance policy administrationscope:lteversion:11.3.0

Trust: 1.0

vendor:oraclemodel:insurance rules palettescope:gteversion:11.1.0

Trust: 1.0

vendor:oraclemodel:banking corporate lending process managementscope:eqversion:14.2

Trust: 1.0

vendor:oraclemodel:communications billing and revenue managementscope:eqversion:7.5.0.23.0

Trust: 1.0

vendor:oraclemodel:agile plmscope:eqversion:9.3.6

Trust: 1.0

vendor:oraclemodel:communications session route managerscope:lteversion:8.2.2.1

Trust: 1.0

vendor:oraclemodel:communications element managerscope:lteversion:8.2.4.0

Trust: 1.0

vendor:netappmodel:service level managerscope:eqversion: -

Trust: 1.0

vendor:oraclemodel:primavera unifierscope:lteversion:19.12

Trust: 1.0

vendor:oraclemodel:communications billing and revenue managementscope:eqversion:12.0.0.3.0

Trust: 1.0

vendor:oraclemodel:primavera unifierscope:gteversion:17.7

Trust: 1.0

vendor:oraclemodel:communications policy managementscope:eqversion:12.5.0

Trust: 1.0

vendor:oraclemodel:jd edwards enterpriseone orchestratorscope:ltversion:9.2.5.3

Trust: 1.0

vendor:oraclemodel:communications evolved communications application serverscope:eqversion:7.1

Trust: 1.0

vendor:oraclemodel:retail customer management and segmentation foundationscope:gteversion:16.0

Trust: 1.0

vendor:oraclemodel:communications cloud native core policyscope:eqversion:1.14.0

Trust: 1.0

vendor:oraclemodel:insurance rules palettescope:eqversion:11.0.2

Trust: 1.0

vendor:oraclemodel:banking virtual account managementscope:eqversion:14.3.0

Trust: 1.0

vendor:oraclemodel:communications diameter signaling routescope:gteversion:8.0.0.0

Trust: 1.0

vendor:oraclemodel:retail xstore point of servicescope:eqversion:18.0.3

Trust: 1.0

vendor:oraclemodel:retail xstore point of servicescope:eqversion:16.0.6

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:lteversion:19.12.10

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:gteversion:17.12.0

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:lteversion:18.8.11

Trust: 1.0

vendor:oraclemodel:retail service backbonescope:eqversion:16.0.3.0

Trust: 1.0

vendor:oraclemodel:goldengate application adaptersscope:eqversion:19.1.0.0.0

Trust: 1.0

vendor:oraclemodel:banking supply chain financescope:eqversion:14.3

Trust: 1.0

vendor:oraclemodel:autovuescope:eqversion:21.0.2

Trust: 1.0

vendor:oraclemodel:banking credit facilities process managementscope:eqversion:14.2

Trust: 1.0

vendor:oraclemodel:jd edwards enterpriseone toolsscope:ltversion:9.2.5.3

Trust: 1.0

vendor:oraclemodel:data integratorscope:eqversion:12.2.1.4.0

Trust: 1.0

vendor:oraclemodel:commerce platformscope:eqversion:11.2.0

Trust: 1.0

vendor:oraclemodel:retail xstore point of servicescope:eqversion:17.0.4

Trust: 1.0

vendor:オラクルmodel:oracle communications session report managerscope: - version: -

Trust: 0.8

vendor:オラクルmodel:jd edwards enterpriseone orchestratorscope: - version: -

Trust: 0.8

vendor:オラクルmodel:oracle banking corporate lending process managementscope: - version: -

Trust: 0.8

vendor:fasterxmlmodel:jackson-databindscope: - version: -

Trust: 0.8

vendor:オラクルmodel:oracle communications network charging and controlscope: - version: -

Trust: 0.8

vendor:オラクルmodel:oracle goldengate application adaptersscope: - version: -

Trust: 0.8

vendor:オラクルmodel:oracle banking virtual account managementscope: - version: -

Trust: 0.8

vendor:オラクルmodel:oracle communications unified inventory managementscope: - version: -

Trust: 0.8

vendor:netappmodel:service level managerscope: - version: -

Trust: 0.8

vendor:オラクルmodel:oracle autovuescope: - version: -

Trust: 0.8

vendor:オラクルmodel:oracle application testing suitescope: - version: -

Trust: 0.8

vendor:オラクルmodel:oracle banking extensibility workbenchscope: - version: -

Trust: 0.8

vendor:オラクルmodel:oracle commerce platformscope: - version: -

Trust: 0.8

vendor:オラクルmodel:oracle insurance rules palettescope: - version: -

Trust: 0.8

vendor:オラクルmodel:oracle banking credit facilities process managementscope: - version: -

Trust: 0.8

vendor:オラクルmodel:oracle communications billing and revenue managementscope: - version: -

Trust: 0.8

vendor:オラクルmodel:oracle agile plmscope: - version: -

Trust: 0.8

vendor:オラクルmodel:oracle banking supply chain financescope: - version: -

Trust: 0.8

vendor:オラクルmodel:oracle communications policy managementscope: - version: -

Trust: 0.8

vendor:オラクルmodel:oracle insurance policy administrationscope: - version: -

Trust: 0.8

vendor:オラクルmodel:oracle data integratorscope: - version: -

Trust: 0.8

vendor:オラクルmodel:primavera gatewayscope: - version: -

Trust: 0.8

vendor:オラクルmodel:blockchain platform servicescope: - version: -

Trust: 0.8

vendor:オラクルmodel:oracle communications evolved communications application serverscope: - version: -

Trust: 0.8

vendor:オラクルmodel:jd edwards enterpriseone toolsscope: - version: -

Trust: 0.8

vendor:オラクルmodel:oracle banking treasury managementscope: - version: -

Trust: 0.8

vendor:オラクルmodel:oracle communications services gatekeeperscope: - version: -

Trust: 0.8

vendor:debianmodel:gnu/linuxscope: - version: -

Trust: 0.8

vendor:オラクルmodel:primavera unifierscope: - version: -

Trust: 0.8

vendor:オラクルmodel:oracle communications diameter signaling routerscope: - version: -

Trust: 0.8

vendor:オラクルmodel:oracle communications cloud native core policyscope: - version: -

Trust: 0.8

vendor:オラクルmodel:communications session route managerscope: - version: -

Trust: 0.8

vendor:オラクルmodel:oracle communications convergent charging controllerscope: - version: -

Trust: 0.8

vendor:オラクルmodel:oracle communications session element managerscope: - version: -

Trust: 0.8

vendor:オラクルmodel:oracle communications cloud native core unified data repositoryscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-018320 // NVD: CVE-2020-35728

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-35728
value: HIGH

Trust: 1.0

NVD: CVE-2020-35728
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202012-1602
value: HIGH

Trust: 0.6

VULHUB: VHN-379341
value: MEDIUM

Trust: 0.1

VULMON: CVE-2020-35728
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-35728
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-379341
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-35728
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2020-35728
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-379341 // VULMON: CVE-2020-35728 // JVNDB: JVNDB-2020-018320 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202012-1602 // NVD: CVE-2020-35728

PROBLEMTYPE DATA

problemtype:CWE-502

Trust: 1.1

problemtype:Deserialization of untrusted data (CWE-502) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-379341 // JVNDB: JVNDB-2020-018320 // NVD: CVE-2020-35728

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202012-1602

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:Oracle Critical Patch Update Advisory - October 2021url:https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html

Trust: 0.8

title:Hitachi Security Advisories: Multiple Vulnerabilities in Cosminexusurl:https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories&qid=hitachi-sec-2021-128

Trust: 0.1

title:Awesome Starsurl:https://github.com/NetW0rK1le3r/awesome-hacking-lists

Trust: 0.1

title:Awesome Starsurl:https://github.com/readloud/Awesome-Stars

Trust: 0.1

title:Vulnerabilityurl:https://github.com/tzwlhack/Vulnerability

Trust: 0.1

title:更新于 2023-11-27 08:36:01 安全 开发 未分类 杂七杂八url:https://github.com/20142995/sectool

Trust: 0.1

title:SecBooks SecBooks目录url:https://github.com/SexyBeast233/SecBooks

Trust: 0.1

title:PoC in GitHuburl:https://github.com/developer3000S/PoC-in-GitHub

Trust: 0.1

title:PoC in GitHuburl:https://github.com/hectorgie/PoC-in-GitHub

Trust: 0.1

sources: VULMON: CVE-2020-35728 // JVNDB: JVNDB-2020-018320

EXTERNAL IDS

db:NVDid:CVE-2020-35728

Trust: 3.6

db:PACKETSTORMid:162493

Trust: 0.8

db:PACKETSTORMid:162350

Trust: 0.8

db:JVNDBid:JVNDB-2020-018320

Trust: 0.8

db:CNNVDid:CNNVD-202012-1602

Trust: 0.7

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:AUSCERTid:ESB-2021.0334

Trust: 0.6

db:AUSCERTid:ESB-2021.1397

Trust: 0.6

db:AUSCERTid:ESB-2021.1437

Trust: 0.6

db:AUSCERTid:ESB-2021.1573

Trust: 0.6

db:CS-HELPid:SB2021050708

Trust: 0.6

db:CS-HELPid:SB2022060909

Trust: 0.6

db:CS-HELPid:SB2021042826

Trust: 0.6

db:VULHUBid:VHN-379341

Trust: 0.1

db:VULMONid:CVE-2020-35728

Trust: 0.1

sources: VULHUB: VHN-379341 // VULMON: CVE-2020-35728 // JVNDB: JVNDB-2020-018320 // PACKETSTORM: 162350 // PACKETSTORM: 162493 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202012-1602 // NVD: CVE-2020-35728

REFERENCES

url:https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062

Trust: 1.9

url:https://security.netapp.com/advisory/ntap-20210129-0007/

Trust: 1.8

url:https://github.com/fasterxml/jackson-databind/issues/2999

Trust: 1.8

url:https://www.oracle.com//security-alerts/cpujul2021.html

Trust: 1.8

url:https://www.oracle.com/security-alerts/cpuapr2021.html

Trust: 1.8

url:https://www.oracle.com/security-alerts/cpuapr2022.html

Trust: 1.8

url:https://www.oracle.com/security-alerts/cpujan2022.html

Trust: 1.8

url:https://www.oracle.com/security-alerts/cpujul2022.html

Trust: 1.8

url:https://www.oracle.com/security-alerts/cpuoct2021.html

Trust: 1.8

url:https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2020-35728

Trust: 1.6

url:https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062

Trust: 0.7

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022060909

Trust: 0.6

url:https://packetstormsecurity.com/files/162493/red-hat-security-advisory-2021-1515-01.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.0334/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1437

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-network-performance-insight-1-3-1-was-affected-by-jackson-databind-vulnerability-cve-2020-35728/

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021042826

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-ibm-cloud-pak-for-data-affected-by-vulnerability-in-fasterxml-jackson-databind-9/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1397

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1573

Trust: 0.6

url:https://www.ibm.com/support/pages/node/6525182

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021050708

Trust: 0.6

url:https://packetstormsecurity.com/files/162350/red-hat-security-advisory-2021-1230-01.html

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2020-36189

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2018-19360

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-36188

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-14379

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2018-14720

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2018-14718

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-20190

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2018-14718

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-36179

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2018-19361

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-36185

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-35490

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2018-14719

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2018-14719

Trust: 0.2

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-36180

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2018-14720

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-35491

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-35490

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-35728

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-36180

Trust: 0.2

url:https://listman.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-36181

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-35491

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-36182

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-36183

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-36186

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2018-19360

Trust: 0.2

url:https://access.redhat.com/security/team/contact/

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-24750

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-36187

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2018-19362

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-36183

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2018-19362

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-36188

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2018-14721

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-36179

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-36182

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-36185

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2018-14721

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-24750

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-36186

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-36187

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-36189

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-36184

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-36181

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-36184

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-20190

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2018-19361

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-14379

Trust: 0.2

url:https://cwe.mitre.org/data/definitions/502.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hitachi-sec-2021-128/index.html

Trust: 0.1

url:https://github.com/readloud/awesome-stars

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3449

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3449

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.6/updating/updating-cluster

Trust: 0.1

url:https://bugzilla.redhat.com/):

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:1230

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel

Trust: 0.1

url:https://access.redhat.com/errata/rhba-2021:1232

Trust: 0.1

url:https://issues.jboss.org/):

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-2163

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-15586

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.7/logging/cluster-logging-u

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-16845

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-16845

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-15586

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:1515

Trust: 0.1

sources: VULHUB: VHN-379341 // VULMON: CVE-2020-35728 // JVNDB: JVNDB-2020-018320 // PACKETSTORM: 162350 // PACKETSTORM: 162493 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202012-1602 // NVD: CVE-2020-35728

CREDITS

Red Hat

Trust: 0.8

sources: PACKETSTORM: 162350 // PACKETSTORM: 162493 // CNNVD: CNNVD-202012-1602

SOURCES

db:VULHUBid:VHN-379341
db:VULMONid:CVE-2020-35728
db:JVNDBid:JVNDB-2020-018320
db:PACKETSTORMid:162350
db:PACKETSTORMid:162493
db:CNNVDid:CNNVD-202104-975
db:CNNVDid:CNNVD-202012-1602
db:NVDid:CVE-2020-35728

LAST UPDATE DATE

2024-08-14T12:27:34.393000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-379341date:2022-09-02T00:00:00
db:VULMONid:CVE-2020-35728date:2023-11-07T00:00:00
db:JVNDBid:JVNDB-2020-018320date:2024-07-25T00:54:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:CNNVDid:CNNVD-202012-1602date:2022-07-26T00:00:00
db:NVDid:CVE-2020-35728date:2023-11-07T03:22:02.627

SOURCES RELEASE DATE

db:VULHUBid:VHN-379341date:2020-12-27T00:00:00
db:VULMONid:CVE-2020-35728date:2020-12-27T00:00:00
db:JVNDBid:JVNDB-2020-018320date:2024-07-25T00:00:00
db:PACKETSTORMid:162350date:2021-04-27T15:37:46
db:PACKETSTORMid:162493date:2021-05-06T15:03:00
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:CNNVDid:CNNVD-202012-1602date:2020-12-27T00:00:00
db:NVDid:CVE-2020-35728date:2020-12-27T05:15:11.590