Details of VAR-202101-1935

ID

VAR-202101-1935

CVE

CVE-2020-36187

TITLE

FasterXML jackson-databind Untrusted Data Deserialization Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-015591

DESCRIPTION

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource. FasterXML jackson-databind There is a vulnerability in deserialization of untrusted data.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. FasterXML jackson-databind is a library based on JAVA that can convert data formats such as XML and JSON to JAVA objects. Jackson can easily convert Java objects into json objects and xml documents, as well as convert json and xml into Java objects. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: OpenShift Container Platform 4.6.26 security and extras update Advisory ID: RHSA-2021:1230-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2021:1230 Issue date: 2021-04-27 CVE Names: CVE-2018-14718 CVE-2018-14719 CVE-2018-14720 CVE-2018-14721 CVE-2018-19360 CVE-2018-19361 CVE-2018-19362 CVE-2019-14379 CVE-2020-24750 CVE-2020-35490 CVE-2020-35491 CVE-2020-35728 CVE-2020-36179 CVE-2020-36180 CVE-2020-36181 CVE-2020-36182 CVE-2020-36183 CVE-2020-36184 CVE-2020-36185 CVE-2020-36186 CVE-2020-36187 CVE-2020-36188 CVE-2020-36189 CVE-2021-3449 CVE-2021-20190 ===================================================================== 1. Summary: Red Hat OpenShift Container Platform release 4.6.26 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. 3. Solution: This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.6.26. See the following advisory for the container images for this release: https://access.redhat.com/errata/RHBA-2021:1232 All OpenShift Container Platform 4.6 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster - -between-minor.html#understanding-upgrade-channels_updating-cluster-between - -minor For OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel ease-notes.html Details on how to access this content are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster - -cli.html 4. Bugs fixed (https://bugzilla.redhat.com/): 1666415 - CVE-2018-14718 jackson-databind: arbitrary code execution in slf4j-ext class 1666418 - CVE-2018-14719 jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes 1666423 - CVE-2018-14720 jackson-databind: exfiltration/XXE in some JDK classes 1666428 - CVE-2018-14721 jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class 1666482 - CVE-2018-19360 jackson-databind: improper polymorphic deserialization in axis2-transport-jms class 1666484 - CVE-2018-19361 jackson-databind: improper polymorphic deserialization in openjpa class 1666489 - CVE-2018-19362 jackson-databind: improper polymorphic deserialization in jboss-common-core class 1737517 - CVE-2019-14379 jackson-databind: default typing mishandling leading to remote code execution 1859004 - Sometimes the eventrouter couldn't gather event logs. References: https://access.redhat.com/security/cve/CVE-2018-14718 https://access.redhat.com/security/cve/CVE-2018-14719 https://access.redhat.com/security/cve/CVE-2018-14720 https://access.redhat.com/security/cve/CVE-2018-14721 https://access.redhat.com/security/cve/CVE-2018-19360 https://access.redhat.com/security/cve/CVE-2018-19361 https://access.redhat.com/security/cve/CVE-2018-19362 https://access.redhat.com/security/cve/CVE-2019-14379 https://access.redhat.com/security/cve/CVE-2020-24750 https://access.redhat.com/security/cve/CVE-2020-35490 https://access.redhat.com/security/cve/CVE-2020-35491 https://access.redhat.com/security/cve/CVE-2020-35728 https://access.redhat.com/security/cve/CVE-2020-36179 https://access.redhat.com/security/cve/CVE-2020-36180 https://access.redhat.com/security/cve/CVE-2020-36181 https://access.redhat.com/security/cve/CVE-2020-36182 https://access.redhat.com/security/cve/CVE-2020-36183 https://access.redhat.com/security/cve/CVE-2020-36184 https://access.redhat.com/security/cve/CVE-2020-36185 https://access.redhat.com/security/cve/CVE-2020-36186 https://access.redhat.com/security/cve/CVE-2020-36187 https://access.redhat.com/security/cve/CVE-2020-36188 https://access.redhat.com/security/cve/CVE-2020-36189 https://access.redhat.com/security/cve/CVE-2021-3449 https://access.redhat.com/security/cve/CVE-2021-20190 https://access.redhat.com/security/updates/classification/#important 6. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYIfTktzjgjWX9erEAQg+8A//QGo1YBtlmSC7RqagNERfByPYx5YNGlfi 2RIAMqi0QrGUVuvnQxQUs5Zm9sLF559qyH56geUi2q4ICVr+rgAeUhLtsx6GLuJC xe9w4Gz8ozN6jIvTGKPx9lnTafIvR+ddgUPk389Eqo6PDPWlw7PHvaBlNHa8hGF7 6rUnTdED/G+JnXANJnAkvc+gW0BLeAYaOI+1wTOx1neicwfa+POqC8rCzYl8ESjD 8NlVG3+wu0pZK9zRTBg67TcPi+bsdyh4R6w4Uxg0w1vJkN6IdUHd+CDhqJzNDpNe pDHqPm5zAwe4iTDrV1+FJQYpx6iy9oeSPiAD/+L/JRGZ51ij5eLHpxbeL8SzpcH6 JtOpYrxVktvihnVydP1ALYlQpQvAUkmY3EcE7flNujebJNlG1MFwctaxHtDarXTL 2m4mlI4ccX2kHPYt/t0GYchRf2e7kA6Ph12SpV3tNC3zCn9JGZva4OXpyyQmvmHi 9PMifX/XTU5k4k6xXZE5ljo0YOnnKlM/4mDGBxGFiNGcsQSZhnhCALI1W6U6oGK0 uef8BrOrEFx9UHENIEqoRYp2T7d6EO3oA/mTfl3H8Ddi1qyg/U1mwJw2aE5hOTVO xkXaBb1nCb2SxcW6kMbcCeSJX9qSclcNetQI9/HrF3lxC/eCpNk5B4F6Q2AztXbL zm97KOYD3LQ= =CKcx -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . JIRA issues fixed (https://issues.jboss.org/): LOG-1224 - Release 5.0 - ClusterLogForwarder namespace-specific log forwarding does not work as expected LOG-1232 - 5.0 - Bug 1859004 - Sometimes the eventrouter couldn't gather event logs. LOG-1234 - CVE-2020-15586 CVE-2020-16845 openshift-eventrouter: various flaws [openshift-4] LOG-1299 - Release 5.0 Forwarding logs to Kafka using Chained certificates fails with error "state=error: certificate verify failed (unable to get local issuer certificate)" 5

Trust: 2.52

sources: NVD: CVE-2020-36187 // JVNDB: JVNDB-2020-015591 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-381454 // VULMON: CVE-2020-36187 // PACKETSTORM: 162350 // PACKETSTORM: 162493

AFFECTED PRODUCTS

vendor:	oracle	model:	banking extensibility workbench	scope:	eq	version:	14.2	Trust: 1.0
vendor:	oracle	model:	primavera gateway	scope:	gte	version:	18.8.0	Trust: 1.0
vendor:	oracle	model:	banking corporate lending process management	scope:	eq	version:	14.3	Trust: 1.0
vendor:	oracle	model:	primavera unifier	scope:	lte	version:	17.12	Trust: 1.0
vendor:	oracle	model:	retail xstore point of service	scope:	eq	version:	19.0.2	Trust: 1.0
vendor:	oracle	model:	banking credit facilities process management	scope:	eq	version:	14.5	Trust: 1.0
vendor:	oracle	model:	communications services gatekeeper	scope:	eq	version:	7.0	Trust: 1.0
vendor:	oracle	model:	primavera unifier	scope:	eq	version:	17.2	Trust: 1.0
vendor:	oracle	model:	retail service backbone	scope:	eq	version:	14.1.3.2	Trust: 1.0
vendor:	oracle	model:	communications convergent charging controller	scope:	eq	version:	12.0.4.0.0	Trust: 1.0
vendor:	fasterxml	model:	jackson-databind	scope:	lt	version:	2.9.10.8	Trust: 1.0
vendor:	oracle	model:	communications unified inventory management	scope:	eq	version:	7.4.1	Trust: 1.0
vendor:	oracle	model:	banking supply chain finance	scope:	eq	version:	14.5	Trust: 1.0
vendor:	oracle	model:	insurance policy administration	scope:	eq	version:	11.0.2	Trust: 1.0
vendor:	oracle	model:	communications cloud native core unified data repository	scope:	eq	version:	1.4.0	Trust: 1.0
vendor:	oracle	model:	banking extensibility workbench	scope:	eq	version:	14.5	Trust: 1.0
vendor:	oracle	model:	autovue for agile product lifecycle management	scope:	eq	version:	21.0.2	Trust: 1.0
vendor:	oracle	model:	commerce platform	scope:	gte	version:	11.3.0	Trust: 1.0
vendor:	oracle	model:	primavera gateway	scope:	gte	version:	19.12.0	Trust: 1.0
vendor:	oracle	model:	blockchain platform	scope:	lte	version:	21.1.2	Trust: 1.0
vendor:	oracle	model:	insurance rules palette	scope:	lte	version:	11.3.0	Trust: 1.0
vendor:	oracle	model:	retail service backbone	scope:	eq	version:	15.0.3.1	Trust: 1.0
vendor:	oracle	model:	communications session route manager	scope:	gte	version:	8.2.0.0	Trust: 1.0
vendor:	oracle	model:	banking corporate lending process management	scope:	eq	version:	14.5	Trust: 1.0
vendor:	oracle	model:	banking treasury management	scope:	eq	version:	4.4	Trust: 1.0
vendor:	oracle	model:	webcenter portal	scope:	eq	version:	12.2.1.4.0	Trust: 1.0
vendor:	oracle	model:	primavera gateway	scope:	lte	version:	17.12.11	Trust: 1.0
vendor:	oracle	model:	communications element manager	scope:	gte	version:	8.2.0.0	Trust: 1.0
vendor:	oracle	model:	insurance policy administration	scope:	gte	version:	11.1.0	Trust: 1.0
vendor:	oracle	model:	communications diameter signaling route	scope:	lte	version:	8.5.0.0	Trust: 1.0
vendor:	oracle	model:	primavera unifier	scope:	eq	version:	20.12	Trust: 1.0
vendor:	oracle	model:	retail customer management and segmentation foundation	scope:	lte	version:	19.0	Trust: 1.0
vendor:	oracle	model:	commerce platform	scope:	lte	version:	11.3.2	Trust: 1.0
vendor:	oracle	model:	communications session report manager	scope:	lte	version:	8.2.2.1	Trust: 1.0
vendor:	oracle	model:	documaker	scope:	eq	version:	12.6.3	Trust: 1.0
vendor:	oracle	model:	banking credit facilities process management	scope:	eq	version:	14.3	Trust: 1.0
vendor:	oracle	model:	communications session report manager	scope:	gte	version:	8.0.0.0	Trust: 1.0
vendor:	oracle	model:	banking virtual account management	scope:	eq	version:	14.5.0	Trust: 1.0
vendor:	oracle	model:	documaker	scope:	eq	version:	12.6.4	Trust: 1.0
vendor:	oracle	model:	retail merchandising system	scope:	eq	version:	15.0.3	Trust: 1.0
vendor:	oracle	model:	primavera gateway	scope:	eq	version:	20.12.0	Trust: 1.0
vendor:	oracle	model:	banking supply chain finance	scope:	eq	version:	14.2	Trust: 1.0
vendor:	oracle	model:	webcenter portal	scope:	eq	version:	12.2.1.3.0	Trust: 1.0
vendor:	oracle	model:	banking virtual account management	scope:	eq	version:	14.2.0	Trust: 1.0
vendor:	oracle	model:	communications network charging and control	scope:	eq	version:	12.0.4.0.0	Trust: 1.0
vendor:	oracle	model:	banking extensibility workbench	scope:	eq	version:	14.3	Trust: 1.0
vendor:	oracle	model:	application testing suite	scope:	eq	version:	13.3.0.1	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	9.0	Trust: 1.0
vendor:	oracle	model:	insurance policy administration	scope:	lte	version:	11.3.0	Trust: 1.0
vendor:	oracle	model:	documaker	scope:	eq	version:	12.6.0	Trust: 1.0
vendor:	oracle	model:	communications instant messaging server	scope:	eq	version:	10.0.1.5.0	Trust: 1.0
vendor:	oracle	model:	insurance rules palette	scope:	gte	version:	11.1.0	Trust: 1.0
vendor:	oracle	model:	banking corporate lending process management	scope:	eq	version:	14.2	Trust: 1.0
vendor:	oracle	model:	communications billing and revenue management	scope:	eq	version:	7.5.0.23.0	Trust: 1.0
vendor:	oracle	model:	agile plm	scope:	eq	version:	9.3.6	Trust: 1.0
vendor:	fasterxml	model:	jackson-databind	scope:	gte	version:	2.0.0	Trust: 1.0
vendor:	oracle	model:	communications session route manager	scope:	lte	version:	8.2.2.1	Trust: 1.0
vendor:	oracle	model:	communications element manager	scope:	lte	version:	8.2.4.0	Trust: 1.0
vendor:	fasterxml	model:	jackson-databind	scope:	lt	version:	2.6.7.5	Trust: 1.0
vendor:	netapp	model:	service level manager	scope:	eq	version:	-	Trust: 1.0
vendor:	oracle	model:	communications billing and revenue management	scope:	eq	version:	12.0.0.3.0	Trust: 1.0
vendor:	oracle	model:	primavera unifier	scope:	gte	version:	17.7	Trust: 1.0
vendor:	oracle	model:	communications policy management	scope:	eq	version:	12.5.0	Trust: 1.0
vendor:	oracle	model:	jd edwards enterpriseone orchestrator	scope:	lt	version:	9.2.5.3	Trust: 1.0
vendor:	oracle	model:	communications evolved communications application server	scope:	eq	version:	7.1	Trust: 1.0
vendor:	oracle	model:	retail customer management and segmentation foundation	scope:	gte	version:	16.0	Trust: 1.0
vendor:	oracle	model:	communications cloud native core policy	scope:	eq	version:	1.14.0	Trust: 1.0
vendor:	fasterxml	model:	jackson-databind	scope:	gte	version:	2.7.0	Trust: 1.0
vendor:	oracle	model:	communications offline mediation controller	scope:	eq	version:	12.0.0.3	Trust: 1.0
vendor:	oracle	model:	insurance rules palette	scope:	eq	version:	11.0.2	Trust: 1.0
vendor:	oracle	model:	banking virtual account management	scope:	eq	version:	14.3.0	Trust: 1.0
vendor:	oracle	model:	communications diameter signaling route	scope:	gte	version:	8.0.0.0	Trust: 1.0
vendor:	oracle	model:	retail xstore point of service	scope:	eq	version:	18.0.3	Trust: 1.0
vendor:	oracle	model:	retail xstore point of service	scope:	eq	version:	16.0.6	Trust: 1.0
vendor:	oracle	model:	primavera gateway	scope:	lte	version:	19.12.10	Trust: 1.0
vendor:	oracle	model:	primavera gateway	scope:	gte	version:	17.12.0	Trust: 1.0
vendor:	oracle	model:	primavera gateway	scope:	lte	version:	18.8.11	Trust: 1.0
vendor:	oracle	model:	retail service backbone	scope:	eq	version:	16.0.3.0	Trust: 1.0
vendor:	oracle	model:	goldengate application adapters	scope:	eq	version:	19.1.0.0.0	Trust: 1.0
vendor:	oracle	model:	communications pricing design center	scope:	eq	version:	12.0.0.4.0	Trust: 1.0
vendor:	oracle	model:	banking supply chain finance	scope:	eq	version:	14.3	Trust: 1.0
vendor:	netapp	model:	cloud backup	scope:	eq	version:	-	Trust: 1.0
vendor:	oracle	model:	banking credit facilities process management	scope:	eq	version:	14.2	Trust: 1.0
vendor:	oracle	model:	primavera unifier	scope:	eq	version:	18.8	Trust: 1.0
vendor:	oracle	model:	jd edwards enterpriseone tools	scope:	lt	version:	9.2.5.3	Trust: 1.0
vendor:	oracle	model:	data integrator	scope:	eq	version:	12.2.1.4.0	Trust: 1.0
vendor:	oracle	model:	primavera unifier	scope:	eq	version:	19.12	Trust: 1.0
vendor:	oracle	model:	commerce platform	scope:	eq	version:	11.2.0	Trust: 1.0
vendor:	oracle	model:	retail xstore point of service	scope:	eq	version:	17.0.4	Trust: 1.0
vendor:	netapp	model:	service level manager	scope:	-	version:	-	Trust: 0.8
vendor:	debian	model:	gnu/linux	scope:	-	version:	-	Trust: 0.8
vendor:	fasterxml	model:	jackson-databind	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2020-015591 // NVD: CVE-2020-36187

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-36187
value:	HIGH
Trust: 1.0
NVD:	CVE-2020-36187
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202101-331
value:	HIGH
Trust: 0.6
VULHUB:	VHN-381454
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2020-36187
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-36187
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-381454
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-36187
baseSeverity:	HIGH
baseScore:	8.1
vectorString:	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.2
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2020-36187
baseSeverity:	HIGH
baseScore:	8.1
vectorString:	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-381454 // VULMON: CVE-2020-36187 // JVNDB: JVNDB-2020-015591 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202101-331 // NVD: CVE-2020-36187

PROBLEMTYPE DATA

problemtype:	CWE-502	Trust: 1.1
problemtype:	Deserialization of untrusted data (CWE-502) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-381454 // JVNDB: JVNDB-2020-015591 // NVD: CVE-2020-36187

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202101-331

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:	NTAP-20210205-0005	url:	https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html	Trust: 0.8
title:	FasterXML jackson-databind Fixes for code issue vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=138937	Trust: 0.6
title:	IBM: Security Bulletin: IBM Security Guardium is affected by a jackson-databind vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=d264422afa3e01b012ccac75b242e1cb	Trust: 0.1
title:	Hitachi Security Advisories: Multiple Vulnerabilities in Cosminexus	url:	https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories&qid=hitachi-sec-2021-128	Trust: 0.1
title:	IBM: Security Bulletin: z/Transaction Processing Facility is affected by multiple vulnerabilities in the jackson-databind, jackson-dataformat-xml, jackson-core, slf4j-ext, and cxf-core packages	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=f974282a27702bae4111bf7716ee6cf6	Trust: 0.1
title:	Al1ex	url:	https://github.com/Al1ex/Al1ex	Trust: 0.1

sources: VULMON: CVE-2020-36187 // JVNDB: JVNDB-2020-015591 // CNNVD: CNNVD-202101-331

EXTERNAL IDS

db:	NVD	id:	CVE-2020-36187	Trust: 2.8
db:	PACKETSTORM	id:	162350	Trust: 0.8
db:	PACKETSTORM	id:	162493	Trust: 0.8
db:	JVNDB	id:	JVNDB-2020-015591	Trust: 0.8
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	CS-HELP	id:	SB2021110515	Trust: 0.6
db:	CS-HELP	id:	SB2021050708	Trust: 0.6
db:	CS-HELP	id:	SB2022060909	Trust: 0.6
db:	CS-HELP	id:	SB2021042826	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.1397	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.1437	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.1573	Trust: 0.6
db:	CNNVD	id:	CNNVD-202101-331	Trust: 0.6
db:	VULHUB	id:	VHN-381454	Trust: 0.1
db:	VULMON	id:	CVE-2020-36187	Trust: 0.1

sources: VULHUB: VHN-381454 // VULMON: CVE-2020-36187 // JVNDB: JVNDB-2020-015591 // PACKETSTORM: 162350 // PACKETSTORM: 162493 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202101-331 // NVD: CVE-2020-36187

REFERENCES

url:	https://security.netapp.com/advisory/ntap-20210205-0005/	Trust: 1.8
url:	https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062	Trust: 1.8
url:	https://github.com/fasterxml/jackson-databind/issues/2997	Trust: 1.8
url:	https://www.oracle.com//security-alerts/cpujul2021.html	Trust: 1.8
url:	https://www.oracle.com/security-alerts/cpuapr2021.html	Trust: 1.8
url:	https://www.oracle.com/security-alerts/cpuapr2022.html	Trust: 1.8
url:	https://www.oracle.com/security-alerts/cpujan2022.html	Trust: 1.8
url:	https://www.oracle.com/security-alerts/cpujul2022.html	Trust: 1.8
url:	https://www.oracle.com/security-alerts/cpuoct2021.html	Trust: 1.8
url:	https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2020-36187	Trust: 1.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-jackson-databind-vulnerability-6/	Trust: 0.7
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022060909	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-jackson-databind-vulnerabilities-cve-2020-36185-36181-36189-36188-36184-36180-impacts-ibm-aspera-high-speed-transfer-server-and-aspera-high-speed-transfer-endpoint-versions-prior-to/	Trust: 0.6
url:	https://packetstormsecurity.com/files/162493/red-hat-security-advisory-2021-1515-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.1437	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/6455267	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021110515	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021042826	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/6528214	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-jackson-databind-affects-ibm-sterling-b2b-integrator/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.1397	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.1573	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/6525182	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-ibm-network-performance-insight-1-3-1-was-affected-by-multiple-vulnerabilities-in-jackson-databind/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-jackson-databind-vulnerability-8/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-jackson-databind-vulnerability-7/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-node-js-and-fasterxml-jackson-databind-affect-ibm-spectrum-protect-plus/	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021050708	Trust: 0.6
url:	https://packetstormsecurity.com/files/162350/red-hat-security-advisory-2021-1230-01.html	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2020-36189	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2018-19360	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-36188	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-14379	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-14720	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2018-14718	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-20190	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-14718	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-36179	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-19361	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-36185	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-35490	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2018-14719	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-14719	Trust: 0.2
url:	https://access.redhat.com/security/updates/classification/#important	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-36180	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2018-14720	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-35491	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-35490	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-35728	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-36180	Trust: 0.2
url:	https://listman.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-36181	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-35491	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-36182	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-36183	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-36186	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-19360	Trust: 0.2
url:	https://access.redhat.com/security/team/contact/	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-24750	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2018-19362	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-36183	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-19362	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-36188	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2018-14721	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-36179	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-36182	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-36185	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-14721	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-24750	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-36186	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-36187	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-36189	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-36184	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-36181	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-36184	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-20190	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2018-19361	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-35728	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2019-14379	Trust: 0.2
url:	https://cwe.mitre.org/data/definitions/502.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://github.com/al1ex/al1ex	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-3449	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-3449	Trust: 0.1
url:	https://docs.openshift.com/container-platform/4.6/updating/updating-cluster	Trust: 0.1
url:	https://bugzilla.redhat.com/):	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:1230	Trust: 0.1
url:	https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel	Trust: 0.1
url:	https://access.redhat.com/errata/rhba-2021:1232	Trust: 0.1
url:	https://issues.jboss.org/):	Trust: 0.1
url:	https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-2163	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-15586	Trust: 0.1
url:	https://docs.openshift.com/container-platform/4.7/logging/cluster-logging-u	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-16845	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-16845	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-15586	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:1515	Trust: 0.1

CREDITS

Red Hat

Trust: 0.8

sources: PACKETSTORM: 162350 // PACKETSTORM: 162493 // CNNVD: CNNVD-202101-331

SOURCES

db:	VULHUB	id:	VHN-381454
db:	VULMON	id:	CVE-2020-36187
db:	JVNDB	id:	JVNDB-2020-015591
db:	PACKETSTORM	id:	162350
db:	PACKETSTORM	id:	162493
db:	CNNVD	id:	CNNVD-202104-975
db:	CNNVD	id:	CNNVD-202101-331
db:	NVD	id:	CVE-2020-36187

LAST UPDATE DATE

2024-08-14T13:18:03.944000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-381454	date:	2022-09-02T00:00:00
db:	VULMON	id:	CVE-2020-36187	date:	2022-09-02T00:00:00
db:	JVNDB	id:	JVNDB-2020-015591	date:	2021-10-06T01:05:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	CNNVD	id:	CNNVD-202101-331	date:	2022-07-26T00:00:00
db:	NVD	id:	CVE-2020-36187	date:	2023-09-13T14:57:25.667

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-381454	date:	2021-01-06T00:00:00
db:	VULMON	id:	CVE-2020-36187	date:	2021-01-06T00:00:00
db:	JVNDB	id:	JVNDB-2020-015591	date:	2021-10-06T00:00:00
db:	PACKETSTORM	id:	162350	date:	2021-04-27T15:37:46
db:	PACKETSTORM	id:	162493	date:	2021-05-06T15:03:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	CNNVD	id:	CNNVD-202101-331	date:	2021-01-06T00:00:00
db:	NVD	id:	CVE-2020-36187	date:	2021-01-06T23:15:13.170