ID

VAR-202203-1400


CVE

CVE-2020-36518


TITLE

jackson-databind  Out-of-bounds write vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-017234

DESCRIPTION

jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects. jackson-databind Exists in an out-of-bounds write vulnerability.Service operation interruption (DoS) It may be in a state. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Installation instructions are available from the Fuse 7.11.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.11/ 4. Bugs fixed (https://bugzilla.redhat.com/): 1838332 - CVE-2020-9484 tomcat: deserialization flaw in session persistence storage leading to RCE 1887810 - CVE-2020-15250 junit4: TemporaryFolder is shared between all users across system which could result in information disclosure 1893070 - CVE-2020-25689 wildfly-core: memory leak in WildFly host-controller in domain mode while not able to reconnect to domain-controller 1893125 - CVE-2020-7020 elasticsearch: not properly preserving security permissions when executing complex queries may lead to information disclosure 1917209 - CVE-2021-24122 tomcat: Information disclosure when using NTFS file system 1930291 - CVE-2020-29582 kotlin: vulnerable Java API was used for temporary file and folder creation which could result in information disclosure 1934032 - CVE-2021-25122 tomcat: Request mix-up with h2c 1934061 - CVE-2021-25329 tomcat: Incomplete fix for CVE-2020-9484 (RCE via session persistence) 1966735 - CVE-2021-29505 XStream: remote command execution attack by manipulating the processed input stream 1973413 - CVE-2021-33813 jdom: XXE allows attackers to cause a DoS via a crafted HTTP request 1976052 - CVE-2021-3644 wildfly-core: Invalid Sensitivity Classification of Vault Expression 1977064 - CVE-2021-22119 spring-security: Denial-of-Service (DoS) attack via initiation of Authorization Request 1977362 - CVE-2021-3629 undertow: potential security issue in flow control over HTTP/2 may lead to DOS 1981407 - CVE-2021-3642 wildfly-elytron: possible timing attack in ScramServer 1981533 - CVE-2021-33037 tomcat: HTTP request smuggling when used with a reverse proxy 1981544 - CVE-2021-30640 tomcat: JNDI realm authentication weakness 1981895 - CVE-2021-35515 apache-commons-compress: infinite loop when reading a specially crafted 7Z archive 1981900 - CVE-2021-35516 apache-commons-compress: excessive memory allocation when reading a specially crafted 7Z archive 1981903 - CVE-2021-35517 apache-commons-compress: excessive memory allocation when reading a specially crafted TAR archive 1981909 - CVE-2021-36090 apache-commons-compress: excessive memory allocation when reading a specially crafted ZIP archive 2004820 - CVE-2021-41079 tomcat: Infinite loop while reading an unexpected TLS packet when using OpenSSL JSSE engine 2007557 - CVE-2021-3807 nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes 2009041 - CVE-2021-38153 Kafka: Timing Attack Vulnerability for Apache Kafka Connect and Clients 2010378 - CVE-2021-3859 undertow: client side invocation timeout raised when calling over HTTP2 2011190 - CVE-2021-40690 xml-security: XPath Transform abuse allows for information disclosure 2014356 - CVE-2021-42340 tomcat: OutOfMemoryError caused by HTTP upgrade connection leak could lead to DoS 2020583 - CVE-2021-2471 mysql-connector-java: unauthorized access to critical 2031958 - CVE-2021-43797 netty: control chars in header names may lead to HTTP request smuggling 2033560 - CVE-2021-42550 logback: remote code execution through JNDI call from within its configuration file 2034388 - CVE-2021-4178 kubernetes-client: Insecure deserialization in unmarshalYaml method 2034584 - CVE-2021-22096 springframework: malicious input leads to insertion of additional log entries 2039903 - CVE-2021-22569 protobuf-java: potential DoS in the parsing procedure for binary data 2044596 - CVE-2022-23221 h2: Loading of custom classes from remote servers through JNDI 2046279 - CVE-2022-22932 karaf: path traversal flaws 2046282 - CVE-2021-41766 karaf: insecure java deserialization 2047343 - CVE-2022-21363 mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors 2047417 - CVE-2022-23181 tomcat: local privilege escalation vulnerability 2049778 - CVE-2022-23596 junrar: A carefully crafted RAR archive can trigger an infinite loop while extracting 2049783 - CVE-2021-43859 xstream: Injecting highly recursive collections or maps can cause a DoS 2050863 - CVE-2022-21724 jdbc-postgresql: Unchecked Class Instantiation when providing Plugin Classes 2055480 - CVE-2021-22060 springframework: Additional Log Injection in Spring Framework (follow-up to CVE-2021-22096) 2058763 - CVE-2022-24614 metadata-extractor: Out-of-memory when reading a specially crafted JPEG file 2063292 - CVE-2022-26336 poi-scratchpad: A carefully crafted TNEF file can cause an out of memory exception 2063601 - CVE-2022-23913 artemis-commons: Apache ActiveMQ Artemis DoS 2064007 - CVE-2022-26520 postgresql-jdbc: Arbitrary File Write Vulnerability 2064226 - CVE-2022-0084 xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr 2064698 - CVE-2020-36518 jackson-databind: denial of service via a large depth of nested objects 2069414 - CVE-2022-22950 spring-expression: Denial of service via specially crafted SpEL expression 2072339 - CVE-2022-1259 undertow: potential security issue in flow control over HTTP/2 may lead to DOS(incomplete fix for CVE-2021-3629) 2073890 - CVE-2022-1319 undertow: Double AJP response for 400 from EAP 7 results in CPING failures 2075441 - CVE-2022-22968 Spring Framework: Data Binding Rules Vulnerability 2081879 - CVE-2021-22573 google-oauth-client: Token signature not verified 2087214 - CVE-2022-22976 springframework: BCrypt skips salt rounds for work factor of 31 2087272 - CVE-2022-22970 springframework: DoS via data binding to multipartFile or servlet part 2087274 - CVE-2022-22971 springframework: DoS with STOMP over WebSocket 2087606 - CVE-2022-22978 springframework: Authorization Bypass in RegexRequestMatcher 2088523 - CVE-2022-30126 tika-core: Regular Expression Denial of Service in standards extractor 2100654 - CVE-2022-25845 fastjson: autoType shutdown restriction bypass leads to deserialization 5. Description: Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.6.1 on RHEL 9 serves as a replacement for Red Hat Single Sign-On 7.6.0, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2031958 - CVE-2021-43797 netty: control chars in header names may lead to HTTP request smuggling 2039403 - CVE-2021-42392 h2: Remote Code Execution in Console 2040268 - CVE-2022-0225 keycloak: Stored XSS in groups dropdown 2060929 - CVE-2022-0866 wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled 2064226 - CVE-2022-0084 xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr 2064698 - CVE-2020-36518 jackson-databind: denial of service via a large depth of nested objects 2115392 - CVE-2022-2668 keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console 6. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat Data Grid 8.3.1 security update Advisory ID: RHSA-2022:2232-01 Product: Red Hat JBoss Data Grid Advisory URL: https://access.redhat.com/errata/RHSA-2022:2232 Issue date: 2022-05-12 CVE Names: CVE-2020-36518 CVE-2021-38153 CVE-2022-0084 ===================================================================== 1. Summary: An update for Red Hat Data Grid is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat Data Grid is an in-memory, distributed, NoSQL datastore solution. It increases application response times and allows for dramatically improving performance while providing availability, reliability, and elastic scale. Data Grid 8.3.1 replaces Data Grid 8.3.0 and includes bug fixes and enhancements. Find out more about Data Grid 8.3.1 in the Release Notes[3]. Security Fix(es): * jackson-databind: denial of service via a large depth of nested objects [jdg-8] (CVE-2020-36518) * kafka-clients: Kafka: Timing Attack Vulnerability for Apache Kafka Connect and Clients [jdg-8] (CVE-2021-38153) * xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr [jdg-8] (CVE-2022-0084) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: To install this update, do the following: 1. Download the Data Grid 8.3.1 Server patch from the customer portal[²]. 2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on. 3. Install the Data Grid 8.3.1 Server patch. 4. Restart Data Grid to ensure the changes take effect. For more information about Data Grid 8.3.1, refer to the 8.3.1 Release Notes[³] 4. Bugs fixed (https://bugzilla.redhat.com/): 2009041 - CVE-2021-38153 Kafka: Timing Attack Vulnerability for Apache Kafka Connect and Clients 2064226 - CVE-2022-0084 xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr 2064698 - CVE-2020-36518 jackson-databind: denial of service via a large depth of nested objects 5. References: https://access.redhat.com/security/cve/CVE-2020-36518 https://access.redhat.com/security/cve/CVE-2021-38153 https://access.redhat.com/security/cve/CVE-2022-0084 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=data.grid&downloadType=securityPatches&version=8.3 https://access.redhat.com/documentation/en-us/red_hat_data_grid/8.3/html-single/red_hat_data_grid_8.3_release_notes/index 6. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYn0zH9zjgjWX9erEAQhZLw/+JPEE+waFwwS+b4v4/LLIwTjtFhXPqZYP WArn7i/vjG6ktOsZU397wdlik4Sv+tmPVX+aElmXLnTALJiOsm7iWjEjuT8qPhqt c2V9xN6vEQC7V1IXdwbUQwlkt3r40XbfhsGc4KKHjA8J5fWECwkByM5ofQ4j59jO lxpIPa5yRjCV8/4p7lKAXFYMeBInZtb8i4c7pYVnA9Eq+o2bRpV9P3/ES9q8xGF8 yVBC1Gt/fDZlmDznxlzUEih4HMxmW1uwQhZFHbw6jp6D0bYCn1wWrC6y7FYUmRJ6 /13BnHV27naz+xBGuSA6EB+AKmzlA85NyIimN2h63AT8VJb2IYv0vM2JMb0JRdK0 8SAE6hYmjodKxVcqANsBRiiea3vR9GTLN71zCXP8Pmk0dsI1GK29s574QuxUpKSQ YY8vXaL0K3j35IsGzmr7AvlYCQr1d3GPFaTnnj3XK+asRDMDrFvw8sCsNjLGRgHI dzZdcjpnIi3DXsp3ic1qRbZHpd9C/3o1r7hU++/nkkNNKXjGmzU+EAutaVHXxgLO XyuIIScDVb5kNrBpH5krzqU2TA31TFz0RGN5Am6vm8zc5rGyW7iMijAAreU8icgn Vt6KDpeDYuTffOBgo9WLR7kmo4xq7w94e1rDFxmGhL2OlsJI7S9gTxMhn/lONxTy IZnZKy4mPpA= =6Kqs -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . CVE-2022-42003 In FasterXML jackson-databind resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. CVE-2022-42004 In FasterXML jackson-databind resource exhaustion can occur because of a lack of a check in BeanDeserializerBase.deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization. For the stable distribution (bullseye), these problems have been fixed in version 2.12.1-1+deb11u1. We recommend that you upgrade your jackson-databind packages. For the detailed security status of jackson-databind please refer to its security tracker page at: https://security-tracker.debian.org/tracker/jackson-databind Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmN2F+5fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeTcpQ//VTj9dn4OgfxhkETwsSvSNpSXbF3qdV2l7S4L7Bz9TWpdpUxR+FtnI+wF /j6w9o/hlanB/LoPR9Dphy3Mbz90Rp3/6T4or5IW6zWvLn5FoXMKuqnhJULxP1ae 91zUOi0U/v+2zr1t0vDh2eFOF4UwDcgoXVMkiUtsRml59EhsgvHPT7xtxq4/DkwJ zR3MO0eRgXgFmxdannGen01IPb5Jld1u86SJyOWCAJrJOM/8BCyozIL+AqtK7qZt BBYPa7zGWkCGW9qEZtYb/1qq0oHWL9xT8LAoaSBTzOhvg8DD6MyNQf25Z1fsWGHC f8ohPMbjYvuImK8moQTkyQr8oOWM0wAu0wYIHz7ds2XkdjakEgCx0UIa9Ah19ezE sD9BI/HOV7W19f+N8vcDU4qfr/qNFVh1PEmRR/D6oPnDd9DmlkuEesK+3v5M6nk7 67WXiQ8jMNrj50H2xZHjApwWhaHhkeK3eZMRZOUpkEvIffVlRHPkKA/e+kD3df8e ubR+cwK4m0LYB+wzYJUc22JuCC4WB5incrZ8923kkbLw6STOYarlZEyHScEcAgfN z/cPZgL7vYM8/3FYHJuBzCYC3Wjgm8aP9tQ2M8VhFidQdOfvOPDI2uPzvhDM2CZ8 GUcvHF2JrE5STz2nQvLEbC+b3YKFjPnk1d/HO3CHZmBlK08k+ic=Q/nd -----END PGP SIGNATURE----- . Solution: For OpenShift Container Platform 4.10 see the following documentation, which will be updated shortly, for detailed release notes: https://docs.openshift.com/container-platform/4.10/logging/cluster-logging-release-notes.html For Red Hat OpenShift Logging 5.4, see the following instructions to apply this update: https://docs.openshift.com/container-platform/4.10/logging/cluster-logging-upgrading.html 4. JIRA issues fixed (https://issues.jboss.org/): LOG-3250 - [release-5.4] FluentdQueueLengthIncreasing rule failing to be evaluated. LOG-3252 - [release-5.4]Adding Valid Subscription Annotation 6. The following advisory data is extracted from: https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_3061.json Red Hat officially shut down their mailing list notifications October 10, 2023. Due to this, Packet Storm has recreated the below data as a reference point to raise awareness. It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment

Trust: 2.43

sources: NVD: CVE-2020-36518 // JVNDB: JVNDB-2020-017234 // VULHUB: VHN-415522 // PACKETSTORM: 167841 // PACKETSTORM: 169728 // PACKETSTORM: 169725 // PACKETSTORM: 167157 // PACKETSTORM: 170179 // PACKETSTORM: 169926 // PACKETSTORM: 169920 // PACKETSTORM: 178714

AFFECTED PRODUCTS

vendor:日立model:ucosminexus service platformscope: - version: -

Trust: 1.6

vendor:日立model:ucosminexus application serverscope: - version: -

Trust: 1.6

vendor:日立model:ucosminexus primary server basescope: - version: -

Trust: 1.6

vendor:oraclemodel:primavera p6 enterprise project portfolio managementscope:gteversion:19.12.0

Trust: 1.0

vendor:oraclemodel:communications cloud native core network slice selection functionscope:eqversion:22.1.1

Trust: 1.0

vendor:oraclemodel:utilities frameworkscope:eqversion:4.4.0.0.0

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:gteversion:18.8.0

Trust: 1.0

vendor:fasterxmlmodel:jackson-databindscope:gteversion:2.13.0

Trust: 1.0

vendor:oraclemodel:primavera unifierscope:lteversion:17.12

Trust: 1.0

vendor:oraclemodel:primavera p6 enterprise project portfolio managementscope:gteversion:18.8.0.0

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:lteversion:20.12.18

Trust: 1.0

vendor:oraclemodel:primavera p6 enterprise project portfolio managementscope:lteversion:17.12.20.4

Trust: 1.0

vendor:oraclemodel:financial services enterprise case managementscope:lteversion:8.1.2.1

Trust: 1.0

vendor:oraclemodel:primavera unifierscope:gteversion:17.0

Trust: 1.0

vendor:oraclemodel:financial services behavior detection platformscope:gteversion:8.1.1.0

Trust: 1.0

vendor:oraclemodel:commerce platformscope:eqversion:11.3.0

Trust: 1.0

vendor:oraclemodel:coherencescope:eqversion:14.1.1.0.0

Trust: 1.0

vendor:fasterxmlmodel:jackson-databindscope:ltversion:2.12.6.1

Trust: 1.0

vendor:oraclemodel:sd-wan edgescope:eqversion:9.0

Trust: 1.0

vendor:oraclemodel:weblogic serverscope:eqversion:12.2.1.3.0

Trust: 1.0

vendor:oraclemodel:financial services analytical applications infrastructurescope:eqversion:8.1.2.0

Trust: 1.0

vendor:oraclemodel:communications billing and revenue managementscope:lteversion:12.0.0.6.0

Trust: 1.0

vendor:oraclemodel:communications cloud native core service communication proxyscope:eqversion:22.2.0

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:gteversion:19.12.0

Trust: 1.0

vendor:oraclemodel:primavera unifierscope:eqversion:21.12

Trust: 1.0

vendor:oraclemodel:financial services enterprise case managementscope:eqversion:8.0.7.2

Trust: 1.0

vendor:oraclemodel:utilities frameworkscope:eqversion:4.3.0.6.0

Trust: 1.0

vendor:oraclemodel:financial services enterprise case managementscope:eqversion:8.0.7.1

Trust: 1.0

vendor:oraclemodel:financial services analytical applications infrastructurescope:eqversion:8.1.2.1

Trust: 1.0

vendor:oraclemodel:big data spatial and graphscope:ltversion:23.1

Trust: 1.0

vendor:oraclemodel:weblogic serverscope:eqversion:14.1.1.0.0

Trust: 1.0

vendor:netappmodel:active iq unified managerscope:eqversion: -

Trust: 1.0

vendor:netappmodel:oncommand insightscope:eqversion: -

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:11.0

Trust: 1.0

vendor:oraclemodel:primavera p6 enterprise project portfolio managementscope:gteversion:17.12.0.0

Trust: 1.0

vendor:oraclemodel:financial services trade-based anti money launderingscope:eqversion:8.0.7

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:lteversion:17.12.11

Trust: 1.0

vendor:oraclemodel:financial services analytical applications infrastructurescope:lteversion:8.1.0.0

Trust: 1.0

vendor:oraclemodel:communications cloud native core consolescope:eqversion:1.9.0

Trust: 1.0

vendor:oraclemodel:financial services analytical applications infrastructurescope:eqversion:8.1.1.0

Trust: 1.0

vendor:netappmodel:cloud insights acquisition unitscope:eqversion: -

Trust: 1.0

vendor:oraclemodel:primavera unifierscope:eqversion:20.12

Trust: 1.0

vendor:oraclemodel:primavera p6 enterprise project portfolio managementscope:gteversion:20.12.0.0

Trust: 1.0

vendor:oraclemodel:financial services behavior detection platformscope:eqversion:8.0.7.0.0

Trust: 1.0

vendor:oraclemodel:communications billing and revenue managementscope:gteversion:12.0.0.4.0

Trust: 1.0

vendor:oraclemodel:global lifecycle management opatchscope:ltversion:12.2.0.1.30

Trust: 1.0

vendor:oraclemodel:peoplesoft enterprise peopletoolsscope:eqversion:8.58

Trust: 1.0

vendor:oraclemodel:utilities frameworkscope:eqversion:4.4.0.3.0

Trust: 1.0

vendor:oraclemodel:financial services enterprise case managementscope:gteversion:8.1.1.0

Trust: 1.0

vendor:oraclemodel:spatial studioscope:ltversion:20.1.0

Trust: 1.0

vendor:oraclemodel:global lifecycle management nextgen oui frameworkscope:ltversion:13.9.4.2.2

Trust: 1.0

vendor:oraclemodel:peoplesoft enterprise peopletoolsscope:eqversion:8.59

Trust: 1.0

vendor:oraclemodel:communications cloud native core binding support functionscope:eqversion:22.1.3

Trust: 1.0

vendor:oraclemodel:communications cloud native core network repository functionscope:eqversion:22.2.0

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:9.0

Trust: 1.0

vendor:oraclemodel:communications cloud native core network slice selection functionscope:eqversion:22.1.0

Trust: 1.0

vendor:oraclemodel:primavera unifierscope:eqversion:18.0

Trust: 1.0

vendor:oraclemodel:graph server and clientscope:ltversion:22.2.0

Trust: 1.0

vendor:oraclemodel:retail sales auditscope:eqversion:15.0.3.1

Trust: 1.0

vendor:oraclemodel:financial services enterprise case managementscope:eqversion:8.0.8.1

Trust: 1.0

vendor:oraclemodel:commerce platformscope:eqversion:11.3.2

Trust: 1.0

vendor:oraclemodel:health sciences empirica signalscope:eqversion:9.1.0.5.2

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:lteversion:19.12.13

Trust: 1.0

vendor:netappmodel:oncommand workflow automationscope:eqversion: -

Trust: 1.0

vendor:oraclemodel:utilities frameworkscope:eqversion:4.4.0.2.0

Trust: 1.0

vendor:oraclemodel:financial services behavior detection platformscope:eqversion:8.0.8

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:lteversion:21.12.1

Trust: 1.0

vendor:oraclemodel:global lifecycle management nextgen oui frameworkscope:eqversion:13.9.4.2.2

Trust: 1.0

vendor:oraclemodel:financial services analytical applications infrastructurescope:gteversion:8.0.7

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:10.0

Trust: 1.0

vendor:oraclemodel:sd-wan edgescope:eqversion:9.1

Trust: 1.0

vendor:oraclemodel:financial services crime and compliance management studioscope:eqversion:8.0.8.3.0

Trust: 1.0

vendor:oraclemodel:communications cloud native core security edge protection proxyscope:eqversion:22.1.1

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:lteversion:18.8.14

Trust: 1.0

vendor:oraclemodel:primavera p6 enterprise project portfolio managementscope:lteversion:18.8.25.4

Trust: 1.0

vendor:oraclemodel:financial services crime and compliance management studioscope:eqversion:8.0.8.2.0

Trust: 1.0

vendor:oraclemodel:communications cloud native core unified data repositoryscope:eqversion:22.2.0

Trust: 1.0

vendor:oraclemodel:financial services behavior detection platformscope:lteversion:8.1.2.1

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:gteversion:21.12.0

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:gteversion:17.12.0

Trust: 1.0

vendor:fasterxmlmodel:jackson-databindscope:ltversion:2.13.2.1

Trust: 1.0

vendor:oraclemodel:financial services enterprise case managementscope:eqversion:8.0.8.0

Trust: 1.0

vendor:netappmodel:snap creator frameworkscope:eqversion: -

Trust: 1.0

vendor:oraclemodel:communications cloud native core network repository functionscope:eqversion:22.1.2

Trust: 1.0

vendor:oraclemodel:commerce platformscope:eqversion:11.3.1

Trust: 1.0

vendor:oraclemodel:primavera p6 enterprise project portfolio managementscope:lteversion:19.12.19.0

Trust: 1.0

vendor:oraclemodel:weblogic serverscope:eqversion:12.2.1.4.0

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:gteversion:20.12.0

Trust: 1.0

vendor:oraclemodel:financial services trade-based anti money launderingscope:eqversion:8.0.8

Trust: 1.0

vendor:oraclemodel:utilities frameworkscope:eqversion:4.3.0.5.0

Trust: 1.0

vendor:oraclemodel:primavera unifierscope:eqversion:19.12

Trust: 1.0

vendor:oraclemodel:primavera p6 enterprise project portfolio managementscope:lteversion:21.12.4.0

Trust: 1.0

vendor:oraclemodel:utilities frameworkscope:eqversion:4.4.0.5.0

Trust: 1.0

vendor:日立model:ucosminexus service architectscope: - version: -

Trust: 0.8

vendor:日立model:hitachi global link managerscope: - version: -

Trust: 0.8

vendor:日立model:hitachi ops center automatorscope: - version: -

Trust: 0.8

vendor:日立model:hitachi replication managerscope: - version: -

Trust: 0.8

vendor:fasterxmlmodel:jackson-databindscope: - version: -

Trust: 0.8

vendor:日立model:hitachi tuning managerscope: - version: -

Trust: 0.8

vendor:日立model:cosminexus component containerscope: - version: -

Trust: 0.8

vendor:日立model:hitachi tiered storage managerscope: - version: -

Trust: 0.8

vendor:日立model:ucosminexus application server-rscope: - version: -

Trust: 0.8

vendor:日立model:hitachi ops center common servicesscope: - version: -

Trust: 0.8

vendor:日立model:ucosminexus developerscope: - version: -

Trust: 0.8

vendor:日立model:hitachi automation directorscope: - version: -

Trust: 0.8

vendor:日立model:hitachi infrastructure analytics advisorscope: - version: -

Trust: 0.8

vendor:日立model:hitachi ops center viewpointscope: - version: -

Trust: 0.8

vendor:日立model:hitachi compute systems managerscope: - version: -

Trust: 0.8

vendor:日立model:hitachi device managerscope: - version: -

Trust: 0.8

vendor:日立model:hitachi ops center administratorscope: - version: -

Trust: 0.8

vendor:日立model:hitachi ops center analyzerscope: - version: -

Trust: 0.8

vendor:日立model:hitachi ops center analyzer viewpointscope: - version: -

Trust: 0.8

vendor:オラクルmodel:oracle communications cloud native core consolescope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-017234 // NVD: CVE-2020-36518

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-36518
value: HIGH

Trust: 1.0

NVD: CVE-2020-36518
value: HIGH

Trust: 0.8

VULHUB: VHN-415522
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-36518
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-415522
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-36518
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2020-36518
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-415522 // JVNDB: JVNDB-2020-017234 // NVD: CVE-2020-36518

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.1

problemtype:Out-of-bounds writing (CWE-787) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-415522 // JVNDB: JVNDB-2020-017234 // NVD: CVE-2020-36518

TYPE

code execution, xss

Trust: 0.2

sources: PACKETSTORM: 169728 // PACKETSTORM: 169725

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-415522

PATCH

title:hitachi-sec-2023-116 Software product security informationurl:https://github.com/FasterXML/jackson-databind/issues/2816

Trust: 0.8

sources: JVNDB: JVNDB-2020-017234

EXTERNAL IDS

db:NVDid:CVE-2020-36518

Trust: 3.5

db:JVNid:JVNVU95897514

Trust: 0.8

db:JVNDBid:JVNDB-2020-017234

Trust: 0.8

db:PACKETSTORMid:169920

Trust: 0.2

db:PACKETSTORMid:170179

Trust: 0.2

db:PACKETSTORMid:169728

Trust: 0.2

db:PACKETSTORMid:169725

Trust: 0.2

db:PACKETSTORMid:167841

Trust: 0.2

db:PACKETSTORMid:167157

Trust: 0.2

db:PACKETSTORMid:169926

Trust: 0.2

db:PACKETSTORMid:168646

Trust: 0.1

db:PACKETSTORMid:170602

Trust: 0.1

db:PACKETSTORMid:168333

Trust: 0.1

db:PACKETSTORMid:167842

Trust: 0.1

db:PACKETSTORMid:170162

Trust: 0.1

db:PACKETSTORMid:169727

Trust: 0.1

db:PACKETSTORMid:167579

Trust: 0.1

db:PACKETSTORMid:169729

Trust: 0.1

db:PACKETSTORMid:167422

Trust: 0.1

db:PACKETSTORMid:168631

Trust: 0.1

db:PACKETSTORMid:167423

Trust: 0.1

db:PACKETSTORMid:167523

Trust: 0.1

db:PACKETSTORMid:167424

Trust: 0.1

db:VULHUBid:VHN-415522

Trust: 0.1

db:PACKETSTORMid:178714

Trust: 0.1

sources: VULHUB: VHN-415522 // JVNDB: JVNDB-2020-017234 // PACKETSTORM: 167841 // PACKETSTORM: 169728 // PACKETSTORM: 169725 // PACKETSTORM: 167157 // PACKETSTORM: 170179 // PACKETSTORM: 169926 // PACKETSTORM: 169920 // PACKETSTORM: 178714 // NVD: CVE-2020-36518

REFERENCES

url:https://nvd.nist.gov/vuln/detail/cve-2020-36518

Trust: 1.6

url:https://security.netapp.com/advisory/ntap-20220506-0004/

Trust: 1.1

url:https://www.debian.org/security/2022/dsa-5283

Trust: 1.1

url:https://github.com/fasterxml/jackson-databind/issues/2816

Trust: 1.1

url:https://www.oracle.com/security-alerts/cpuapr2022.html

Trust: 1.1

url:https://www.oracle.com/security-alerts/cpujul2022.html

Trust: 1.1

url:https://lists.debian.org/debian-lts-announce/2022/05/msg00001.html

Trust: 1.1

url:https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html

Trust: 1.1

url:https://jvn.jp/vu/jvnvu95897514/index.html

Trust: 0.8

url:https://access.redhat.com/security/team/contact/

Trust: 0.6

url:https://bugzilla.redhat.com/):

Trust: 0.6

url:https://listman.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2020-36518

Trust: 0.6

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2022-0084

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2021-43797

Trust: 0.3

url:https://access.redhat.com/articles/11258

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2022-0084

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-38153

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-2668

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-0866

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-42392

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-0225

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-42392

Trust: 0.2

url:https://access.redhat.com/security/team/key/

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-0225

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-43797

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-0866

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-2668

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-26710

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-22628

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-3515

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2016-3709

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-35527

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-35525

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-26709

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-22629

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-42003

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2016-3709

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-35527

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-30293

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-1304

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-26717

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-26716

Trust: 0.2

url:https://issues.jboss.org/):

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-35525

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-22624

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-2509

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-26700

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-26719

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-42004

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-37434

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-22662

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-3629

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-29582

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-40690

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-25122

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-25845

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-22060

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-22573

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-25122

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-2471

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-26336

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-22119

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-24122

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_fuse/7.11/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-22569

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-22970

Trust: 0.1

url:https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions&product=jboss.fuse&version=7.11.0

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-7020

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-22119

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-23913

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-35517

Trust: 0.1

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-35516

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-33813

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-21724

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-22950

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-22932

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-30126

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-22978

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-33037

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-25329

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-42340

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3642

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3859

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-30640

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-4178

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-22971

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-22096

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3807

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-41079

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-15250

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-23181

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-15250

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-22096

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-22976

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-22573

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-7020

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-22968

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-1319

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-24614

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-25689

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-22569

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-23596

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25689

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-24122

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-36090

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-23221

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-22060

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-21363

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-9484

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-43859

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-26520

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-2471

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-42550

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-9484

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-41766

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-29505

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-29582

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-1259

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-35515

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:5532

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3644

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:7409

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:7411

Trust: 0.1

url:https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=data.grid&downloadtype=securitypatches&version=8.3

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_data_grid/8.3/html-single/red_hat_data_grid_8.3_release_notes/index

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:2232

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-38153

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-36516

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-24448

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:8889

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-21618

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0168

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-21628

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0617

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0924

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0562

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-2639

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0908

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-1055

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-2068

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0865

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-2097

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-26373

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-20368

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-1048

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3640

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0561

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0617

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-39399

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0562

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0854

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.9/logging/cluster-logging-upgrading.html

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-29581

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-1016

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-2078

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-22844

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-42898

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-2938

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-21499

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-1927

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-36946

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0865

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-1897

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-36558

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-27405

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0909

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-1852

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0561

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0854

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-27406

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0168

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-21624

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-1785

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-21626

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.9/logging/cluster-logging-release-notes.html

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-28390

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-36558

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-1586

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30002

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-27950

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-27404

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-2586

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-23960

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3640

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-30002

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0891

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-1184

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-25255

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-34903

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-21619

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-1292

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-1355

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-36516

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-28893

Trust: 0.1

url:https://www.debian.org/security/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-42003

Trust: 0.1

url:https://security-tracker.debian.org/tracker/jackson-databind

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-42004

Trust: 0.1

url:https://www.debian.org/security/faq

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-26716

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-1304

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22629

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.10/logging/cluster-logging-release-notes.html

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22624

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.10/logging/cluster-logging-upgrading.html

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:7435

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22628

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22662

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-32149

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-2509

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-26710

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-26709

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-40674

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-26700

Trust: 0.1

url:https://issues.redhat.com/browse/rhel-19140

Trust: 0.1

url:https://issues.redhat.com/browse/rhel-12764

Trust: 0.1

url:https://issues.redhat.com/browse/rhel-16724

Trust: 0.1

url:https://issues.redhat.com/browse/rhel-22445

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2024:3061

Trust: 0.1

url:https://issues.redhat.com/browse/rhel-12765

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.10_release_notes/index

Trust: 0.1

url:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_3061.json

Trust: 0.1

url:https://bugzilla.redhat.com/show_bug.cgi?id=2064698

Trust: 0.1

sources: VULHUB: VHN-415522 // JVNDB: JVNDB-2020-017234 // PACKETSTORM: 167841 // PACKETSTORM: 169728 // PACKETSTORM: 169725 // PACKETSTORM: 167157 // PACKETSTORM: 170179 // PACKETSTORM: 169926 // PACKETSTORM: 169920 // PACKETSTORM: 178714 // NVD: CVE-2020-36518

CREDITS

Red Hat

Trust: 0.7

sources: PACKETSTORM: 167841 // PACKETSTORM: 169728 // PACKETSTORM: 169725 // PACKETSTORM: 167157 // PACKETSTORM: 170179 // PACKETSTORM: 169920 // PACKETSTORM: 178714

SOURCES

db:VULHUBid:VHN-415522
db:JVNDBid:JVNDB-2020-017234
db:PACKETSTORMid:167841
db:PACKETSTORMid:169728
db:PACKETSTORMid:169725
db:PACKETSTORMid:167157
db:PACKETSTORMid:170179
db:PACKETSTORMid:169926
db:PACKETSTORMid:169920
db:PACKETSTORMid:178714
db:NVDid:CVE-2020-36518

LAST UPDATE DATE

2024-11-20T22:20:06.779000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-415522date:2022-11-29T00:00:00
db:JVNDBid:JVNDB-2020-017234date:2024-07-22T06:01:00
db:NVDid:CVE-2020-36518date:2022-11-29T22:12:38.183

SOURCES RELEASE DATE

db:VULHUBid:VHN-415522date:2022-03-11T00:00:00
db:JVNDBid:JVNDB-2020-017234date:2022-07-14T00:00:00
db:PACKETSTORMid:167841date:2022-07-27T17:27:19
db:PACKETSTORMid:169728date:2022-11-04T13:43:56
db:PACKETSTORMid:169725date:2022-11-04T13:43:17
db:PACKETSTORMid:167157date:2022-05-12T16:34:47
db:PACKETSTORMid:170179date:2022-12-09T14:52:40
db:PACKETSTORMid:169926date:2022-11-17T13:26:14
db:PACKETSTORMid:169920date:2022-11-17T13:23:05
db:PACKETSTORMid:178714date:2024-05-23T14:01:51
db:NVDid:CVE-2020-36518date:2022-03-11T07:15:07.800