Search

Find a vulnerability

Search criteria

    26 vulnerabilities found for financial_services_price_creation_and_discovery by oracle

    CVE-2020-11022 (GCVE-0-2020-11022)

    Vulnerability from nvd – Published: 2020-04-29 00:00 – Updated: 2026-04-13 13:53
    VLAI
    Title
    jQuery has a potential XSS vulnerability
    Summary
    In jQuery starting with 1.12.0 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    URL Tags
    https://github.com/jquery/jquery/security/advisor… x_refsource_CONFIRM
    https://github.com/maximebf/php-debugbar/issues/447 x_refsource_MISC
    https://github.com/jquery/jquery/commit/1d61fd940… x_refsource_MISC
    https://github.com/maximebf/php-debugbar/commit/8… x_refsource_MISC
    https://lists.fedoraproject.org/archives/list/pac… x_refsource_MISC
    https://lists.opensuse.org/opensuse-security-anno… x_refsource_MISC
    https://lists.opensuse.org/opensuse-security-anno… x_refsource_MISC
    https://lists.opensuse.org/opensuse-security-anno… x_refsource_MISC
    https://packetstormsecurity.com/files/162159/jQue… x_refsource_MISC
    https://security.gentoo.org/glsa/202007-03 x_refsource_MISC
    https://www.debian.org/security/2020/dsa-4693 x_refsource_MISC
    https://www.drupal.org/sa-core-2020-002 x_refsource_MISC
    https://www.oracle.com/security-alerts/cpuApr2021.html x_refsource_MISC
    https://www.oracle.com/security-alerts/cpuapr2022.html x_refsource_MISC
    https://www.oracle.com/security-alerts/cpujan2021.html x_refsource_MISC
    https://www.oracle.com/security-alerts/cpujan2022.html x_refsource_MISC
    https://www.oracle.com/security-alerts/cpujul2020.html x_refsource_MISC
    https://www.oracle.com/security-alerts/cpujul2021.html x_refsource_MISC
    https://www.oracle.com/security-alerts/cpujul2022.html x_refsource_MISC
    https://www.oracle.com/security-alerts/cpuoct2020.html x_refsource_MISC
    https://www.oracle.com/security-alerts/cpuoct2021.html x_refsource_MISC
    https://www.tenable.com/security/tns-2020-10 x_refsource_MISC
    https://www.tenable.com/security/tns-2020-11 x_refsource_MISC
    https://www.tenable.com/security/tns-2021-02 x_refsource_MISC
    https://www.tenable.com/security/tns-2021-10 x_refsource_MISC
    https://blog.jquery.com/2020/04/10/jquery-3-5-0-r… x_refsource_MISC
    https://github.com/jquery/jquery/releases/tag/3.5.0 x_refsource_MISC
    https://github.com/rubysec/ruby-advisory-db/blob/… x_refsource_MISC
    https://jquery.com/upgrade-guide/3.5 x_refsource_MISC
    https://lists.apache.org/thread.html/r0483ba00727… x_refsource_MISC
    https://lists.apache.org/thread.html/r49ce4243b47… x_refsource_MISC
    https://lists.apache.org/thread.html/r54565a8f025… x_refsource_MISC
    https://lists.apache.org/thread.html/r564585d97bc… x_refsource_MISC
    https://lists.apache.org/thread.html/r706cfbc0984… x_refsource_MISC
    https://lists.apache.org/thread.html/r8f70b0f65d6… x_refsource_MISC
    https://lists.apache.org/thread.html/rbb448222ba6… x_refsource_MISC
    https://lists.apache.org/thread.html/rdf44341677c… x_refsource_MISC
    https://lists.apache.org/thread.html/re4ae96fa5c1… x_refsource_MISC
    https://lists.apache.org/thread.html/rede9cfaa756… x_refsource_MISC
    https://lists.apache.org/thread.html/ree3bd8ddb23… x_refsource_MISC
    https://lists.debian.org/debian-lts-announce/2021… x_refsource_MISC
    https://lists.debian.org/debian-lts-announce/2023… x_refsource_MISC
    https://lists.fedoraproject.org/archives/list/pac… x_refsource_MISC
    https://lists.fedoraproject.org/archives/list/pac… x_refsource_MISC
    https://lists.fedoraproject.org/archives/list/pac… x_refsource_MISC
    https://lists.fedoraproject.org/archives/list/pac… x_refsource_MISC
    http://security.netapp.com/advisory/ntap-20200511-0006 x_refsource_MISC
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://jquery.com/upgrade-guide/3.5/ x_transferred
    https://blog.jquery.com/2020/04/10/jquery-3-5-0-r… x_transferred
    https://security.netapp.com/advisory/ntap-2020051… x_transferred
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_transferred
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_transferred
    https://lists.apache.org/thread.html/rdf44341677c… mailing-listx_transferred
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://lists.apache.org/thread.html/r706cfbc0984… mailing-listx_transferred
    https://lists.apache.org/thread.html/rbb448222ba6… mailing-listx_transferred
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_transferred
    https://lists.apache.org/thread.html/r49ce4243b47… mailing-listx_transferred
    https://lists.apache.org/thread.html/r8f70b0f65d6… mailing-listx_transferred
    https://lists.apache.org/thread.html/r564585d97bc… mailing-listx_transferred
    https://lists.apache.org/thread.html/ree3bd8ddb23… mailing-listx_transferred
    https://lists.apache.org/thread.html/rede9cfaa756… mailing-listx_transferred
    https://lists.apache.org/thread.html/r54565a8f025… mailing-listx_transferred
    https://lists.apache.org/thread.html/re4ae96fa5c1… mailing-listx_transferred
    http://packetstormsecurity.com/files/162159/jQuer… x_transferred
    https://www.oracle.com//security-alerts/cpujul2021.html x_transferred
    https://lists.apache.org/thread.html/r0483ba00727… mailing-listx_transferred
    Impacted products
    Vendor Product Version
    jquery jQuery Affected: >= 1.12.0, < 3.5.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T11:21:14.453Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "DSA-4693",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2020/dsa-4693"
              },
              {
                "name": "FEDORA-2020-11be4b36d4",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/"
              },
              {
                "name": "FEDORA-2020-36d2db5f51",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jquery.com/upgrade-guide/3.5/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20200511-0006/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.drupal.org/sa-core-2020-002"
              },
              {
                "name": "openSUSE-SU-2020:1060",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html"
              },
              {
                "name": "GLSA-202007-03",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202007-03"
              },
              {
                "name": "openSUSE-SU-2020:1106",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html"
              },
              {
                "name": "[airflow-commits] 20200820 [GitHub] [airflow] breser opened a new issue #10429: jquery dependency needs to be updated to 3.5.0 or newer",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133%40%3Ccommits.airflow.apache.org%3E"
              },
              {
                "name": "FEDORA-2020-fbb94073a1",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/"
              },
              {
                "name": "FEDORA-2020-0b32a59b54",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/"
              },
              {
                "name": "FEDORA-2020-fe94df8c34",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
              },
              {
                "name": "[flink-issues] 20201105 [jira] [Created] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d%40%3Cissues.flink.apache.org%3E"
              },
              {
                "name": "[flink-dev] 20201105 [jira] [Created] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67%40%3Cdev.flink.apache.org%3E"
              },
              {
                "name": "openSUSE-SU-2020:1888",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html"
              },
              {
                "name": "[flink-issues] 20201129 [jira] [Commented] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48%40%3Cissues.flink.apache.org%3E"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.tenable.com/security/tns-2020-11"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.tenable.com/security/tns-2020-10"
              },
              {
                "name": "[flink-issues] 20210209 [jira] [Commented] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c%40%3Cissues.flink.apache.org%3E"
              },
              {
                "name": "[flink-issues] 20210209 [jira] [Comment Edited] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760%40%3Cissues.flink.apache.org%3E"
              },
              {
                "name": "[debian-lts-announce] 20210326 [SECURITY] [DLA 2608-1] jquery security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html"
              },
              {
                "name": "[flink-issues] 20210422 [jira] [Updated] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2%40%3Cissues.flink.apache.org%3E"
              },
              {
                "name": "[flink-issues] 20210422 [jira] [Commented] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4%40%3Cissues.flink.apache.org%3E"
              },
              {
                "name": "[flink-issues] 20210429 [jira] [Commented] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae%40%3Cissues.flink.apache.org%3E"
              },
              {
                "name": "[flink-issues] 20210429 [jira] [Updated] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108%40%3Cissues.flink.apache.org%3E"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.tenable.com/security/tns-2021-10"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.tenable.com/security/tns-2021-02"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
              },
              {
                "name": "[flink-issues] 20211031 [jira] [Updated] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36%40%3Cissues.flink.apache.org%3E"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
              },
              {
                "name": "[debian-lts-announce] 20230831 [SECURITY] [DLA 3551-1] otrs2 security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "jQuery",
              "vendor": "jquery",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 1.12.0, \u003c 3.5.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In jQuery starting with 1.12.0 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery\u0027s DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-13T13:53:08.239Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2"
            },
            {
              "name": "https://github.com/maximebf/php-debugbar/issues/447",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/maximebf/php-debugbar/issues/447"
            },
            {
              "name": "https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77"
            },
            {
              "name": "https://github.com/maximebf/php-debugbar/commit/847216e60544258c881f2733d699bbcfeefac0fc",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/maximebf/php-debugbar/commit/847216e60544258c881f2733d699bbcfeefac0fc"
            },
            {
              "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W"
            },
            {
              "name": "https://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html"
            },
            {
              "name": "https://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html"
            },
            {
              "name": "https://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html"
            },
            {
              "name": "https://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html"
            },
            {
              "name": "https://security.gentoo.org/glsa/202007-03",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://security.gentoo.org/glsa/202007-03"
            },
            {
              "name": "https://www.debian.org/security/2020/dsa-4693",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.debian.org/security/2020/dsa-4693"
            },
            {
              "name": "https://www.drupal.org/sa-core-2020-002",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.drupal.org/sa-core-2020-002"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2021.html",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2022.html",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2021.html",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujul2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2022.html",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            },
            {
              "name": "https://www.tenable.com/security/tns-2020-10",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.tenable.com/security/tns-2020-10"
            },
            {
              "name": "https://www.tenable.com/security/tns-2020-11",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.tenable.com/security/tns-2020-11"
            },
            {
              "name": "https://www.tenable.com/security/tns-2021-02",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.tenable.com/security/tns-2021-02"
            },
            {
              "name": "https://www.tenable.com/security/tns-2021-10",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.tenable.com/security/tns-2021-10"
            },
            {
              "name": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released"
            },
            {
              "name": "https://github.com/jquery/jquery/releases/tag/3.5.0",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/jquery/jquery/releases/tag/3.5.0"
            },
            {
              "name": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/jquery-rails/CVE-2020-11022.yml",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/jquery-rails/CVE-2020-11022.yml"
            },
            {
              "name": "https://jquery.com/upgrade-guide/3.5",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jquery.com/upgrade-guide/3.5"
            },
            {
              "name": "https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36@%3Cissues.flink.apache.org%3E",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36@%3Cissues.flink.apache.org%3E"
            },
            {
              "name": "https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48@%3Cissues.flink.apache.org%3E",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48@%3Cissues.flink.apache.org%3E"
            },
            {
              "name": "https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae@%3Cissues.flink.apache.org%3E",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae@%3Cissues.flink.apache.org%3E"
            },
            {
              "name": "https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760@%3Cissues.flink.apache.org%3E",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760@%3Cissues.flink.apache.org%3E"
            },
            {
              "name": "https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d@%3Cissues.flink.apache.org%3E",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d@%3Cissues.flink.apache.org%3E"
            },
            {
              "name": "https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c@%3Cissues.flink.apache.org%3E",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c@%3Cissues.flink.apache.org%3E"
            },
            {
              "name": "https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67@%3Cdev.flink.apache.org%3E",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67@%3Cdev.flink.apache.org%3E"
            },
            {
              "name": "https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133@%3Ccommits.airflow.apache.org%3E",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133@%3Ccommits.airflow.apache.org%3E"
            },
            {
              "name": "https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108@%3Cissues.flink.apache.org%3E",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108@%3Cissues.flink.apache.org%3E"
            },
            {
              "name": "https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4@%3Cissues.flink.apache.org%3E",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4@%3Cissues.flink.apache.org%3E"
            },
            {
              "name": "https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2@%3Cissues.flink.apache.org%3E",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2@%3Cissues.flink.apache.org%3E"
            },
            {
              "name": "https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html"
            },
            {
              "name": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
            },
            {
              "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY"
            },
            {
              "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K"
            },
            {
              "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4"
            },
            {
              "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B"
            },
            {
              "name": "http://security.netapp.com/advisory/ntap-20200511-0006",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://security.netapp.com/advisory/ntap-20200511-0006"
            }
          ],
          "source": {
            "advisory": "GHSA-gxr4-xjj5-5px2",
            "discovery": "UNKNOWN"
          },
          "title": "jQuery has a potential XSS vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2020-11022",
        "datePublished": "2020-04-29T00:00:00.000Z",
        "dateReserved": "2020-03-30T00:00:00.000Z",
        "dateUpdated": "2026-04-13T13:53:08.239Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2020-9488 (GCVE-0-2020-9488)

    Vulnerability from nvd – Published: 2020-04-27 15:36 – Updated: 2026-05-29 16:07
    VLAI
    Summary
    Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. Fixed in Apache Log4j 2.12.3 and 2.13.1
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Improper Validation of Certificate with Host Mismatch
    • CWE-295 - Improper Certificate Validation
    Assigner
    References
    URL Tags
    https://lists.apache.org/thread.html/r8c001b9a95c… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/r2f209d27134… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/r7641ee788e1… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/rd8e87c4d69d… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/r4285398e558… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/r0df3d7a5acb… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/r7e739f29617… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/r9a79175c393… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/rbc45eb0f53f… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/rec34b1cccf9… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/r48efc7cb5ae… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/rd55f65c6822… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/rc6b81c01361… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/r7e5c10534ed… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/r8e96c340004… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/rf1c2a81a080… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/r0a2699f7241… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/r48bcd06049c… mailing-listx_refsource_MLIST
    https://www.oracle.com/security-alerts/cpujul2020.html x_refsource_MISC
    https://issues.apache.org/jira/browse/LOG4J2-2819 x_refsource_CONFIRM
    https://security.netapp.com/advisory/ntap-2020050… x_refsource_CONFIRM
    https://lists.apache.org/thread.html/r393943de452… mailing-listx_refsource_MLIST
    https://www.oracle.com/security-alerts/cpuoct2020.html x_refsource_MISC
    https://lists.apache.org/thread.html/r1fc73f0e16e… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/ra632b329b2a… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/r4ed1f49616a… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/r4db540cafc5… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/r9776e71e3c6… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/r65578f3761a… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/rd0e44e8ef71… mailing-listx_refsource_MLIST
    https://www.oracle.com/security-alerts/cpujan2021.html x_refsource_MISC
    https://lists.apache.org/thread.html/re024d86dffa… x_refsource_MISC
    https://lists.apache.org/thread.html/rbc7642b9800… x_refsource_MISC
    https://lists.apache.org/thread.html/r3d1d00441c5… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/rc2dbc4633a6… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/rd5d58088812… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/r33864a0fc17… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/r4d5dc9f3520… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/r22a56beb76d… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/r5a68258e5ab… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/ra051e07a0ee… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/rf9fa47ab664… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/r45916179811… mailing-listx_refsource_MLIST
    https://www.oracle.com/security-alerts/cpuApr2021.html x_refsource_MISC
    https://lists.apache.org/thread.html/r2721aba31a8… mailing-listx_refsource_MLIST
    https://www.oracle.com/security-alerts/cpuoct2021.html x_refsource_MISC
    https://www.debian.org/security/2021/dsa-5020 vendor-advisoryx_refsource_DEBIAN
    https://lists.debian.org/debian-lts-announce/2021… mailing-listx_refsource_MLIST
    https://www.oracle.com/security-alerts/cpuapr2022.html x_refsource_MISC
    Impacted products
    Vendor Product Version
    Apache Apache Log4j Affected: log4j-core 2.13.0
    Affected: log4j-core , < 2.12.3 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T10:26:16.370Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[zookeeper-issues] 20200504 [jira] [Created] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r8c001b9a95c0bbec06f4457721edd94935a55932e64b82cc5582b846%40%3Cissues.zookeeper.apache.org%3E"
              },
              {
                "name": "[zookeeper-dev] 20200504 [jira] [Created] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r2f209d271349bafd91537a558a279c08ebcff8fa3e547357d58833e6%40%3Cdev.zookeeper.apache.org%3E"
              },
              {
                "name": "[zookeeper-notifications] 20200504 Build failed in Jenkins: zookeeper-master-maven-owasp #489",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r7641ee788e1eb1be4bb206a7d15f8a64ec6ef23e5ec6132d5a567695%40%3Cnotifications.zookeeper.apache.org%3E"
              },
              {
                "name": "[zookeeper-issues] 20200504 [jira] [Assigned] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/rd8e87c4d69df335d0ba7d815b63be8bd8a6352f429765c52eb07ddac%40%3Cissues.zookeeper.apache.org%3E"
              },
              {
                "name": "[zookeeper-issues] 20200504 [jira] [Commented] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r4285398e5585a0456d3d9db021a4fce6e6fcf3ec027dfa13a450ec98%40%3Cissues.zookeeper.apache.org%3E"
              },
              {
                "name": "[zookeeper-dev] 20200504 log4j SmtpAppender related CVE",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r0df3d7a5acb98c57e64ab9266aa21eeee1d9b399addb96f9cf1cbe05%40%3Cdev.zookeeper.apache.org%3E"
              },
              {
                "name": "[zookeeper-notifications] 20200504 [GitHub] [zookeeper] symat opened a new pull request #1346: ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r7e739f2961753af95e2a3a637828fb88bfca68e5d6b0221d483a9ee5%40%3Cnotifications.zookeeper.apache.org%3E"
              },
              {
                "name": "[zookeeper-issues] 20200504 [jira] [Updated] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r9a79175c393d14d760a0ae3731b4a873230a16ef321aa9ca48a810cd%40%3Cissues.zookeeper.apache.org%3E"
              },
              {
                "name": "[zookeeper-commits] 20200504 [zookeeper] branch master updated: ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/rbc45eb0f53fd6242af3e666c2189464f848a851d408289840cecc6e3%40%3Ccommits.zookeeper.apache.org%3E"
              },
              {
                "name": "[zookeeper-commits] 20200504 [zookeeper] branch branch-3.5 updated: ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/rec34b1cccf907898e7cb36051ffac3ccf1ea89d0b261a2a3b3fb267f%40%3Ccommits.zookeeper.apache.org%3E"
              },
              {
                "name": "[zookeeper-commits] 20200504 [zookeeper] branch branch-3.6 updated: ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r48efc7cb5aeb4e1f67aaa06fb4b5479a5635d12f07d0b93fc2d08809%40%3Ccommits.zookeeper.apache.org%3E"
              },
              {
                "name": "[zookeeper-issues] 20200504 [jira] [Resolved] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/rd55f65c6822ff235eda435d31488cfbb9aa7055cdf47481ebee777cc%40%3Cissues.zookeeper.apache.org%3E"
              },
              {
                "name": "[zookeeper-notifications] 20200504 [GitHub] [zookeeper] symat commented on pull request #1346: ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/rc6b81c013618d1de1b5d6b8c1088aaf87b4bacc10c2371f15a566701%40%3Cnotifications.zookeeper.apache.org%3E"
              },
              {
                "name": "[kafka-dev] 20200514 [jira] [Created] (KAFKA-9996) upgrade zookeeper to 3.5.8 to address security vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r7e5c10534ed06bf805473ac85e8412fe3908a8fa4cabf5027bf11220%40%3Cdev.kafka.apache.org%3E"
              },
              {
                "name": "[kafka-jira] 20200514 [jira] [Created] (KAFKA-9996) upgrade zookeeper to 3.5.8 to address security vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r8e96c340004b7898cad3204ea51280ef6e4b553a684e1452bf1b18b1%40%3Cjira.kafka.apache.org%3E"
              },
              {
                "name": "[kafka-dev] 20200514 [jira] [Created] (KAFKA-9997) upgrade log4j lib to address CVE-2020-9488",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/rf1c2a81a08034c688b8f15cf58a4cfab322d00002ca46d20133bee20%40%3Cdev.kafka.apache.org%3E"
              },
              {
                "name": "[kafka-jira] 20200514 [jira] [Created] (KAFKA-9997) upgrade log4j lib to address CVE-2020-9488",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r0a2699f724156a558afd1abb6c044fb9132caa66dce861b82699722a%40%3Cjira.kafka.apache.org%3E"
              },
              {
                "name": "[kafka-jira] 20200515 [jira] [Commented] (KAFKA-9997) upgrade log4j lib to address CVE-2020-9488",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r48bcd06049c1779ef709564544c3d8a32ae6ee5c3b7281a606ac4463%40%3Cjira.kafka.apache.org%3E"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://issues.apache.org/jira/browse/LOG4J2-2819"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20200504-0003/"
              },
              {
                "name": "[db-torque-dev] 20200715 Build failed in Jenkins: Torque4-trunk #685",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r393943de452406f0f6f4b3def9f8d3c071f96323c1f6ed1a098f7fe4%40%3Ctorque-dev.db.apache.org%3E"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
              },
              {
                "name": "[hive-issues] 20201207 [jira] [Work started] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r1fc73f0e16ec2fa249d3ad39a5194afb9cc5afb4c023dc0bab5a5881%40%3Cissues.hive.apache.org%3E"
              },
              {
                "name": "[hive-issues] 20201207 [jira] [Assigned] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/ra632b329b2ae2324fabbad5da204c4ec2e171ff60348ec4ba698fd40%40%3Cissues.hive.apache.org%3E"
              },
              {
                "name": "[hive-issues] 20201207 [jira] [Updated] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r4ed1f49616a8603832d378cb9d13e7a8b9b27972bb46d946ccd8491f%40%3Cissues.hive.apache.org%3E"
              },
              {
                "name": "[hive-dev] 20201207 [jira] [Created] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r4db540cafc5d7232c62e076051ef661d37d345015b2e59b3f81a932f%40%3Cdev.hive.apache.org%3E"
              },
              {
                "name": "[hive-issues] 20201208 [jira] [Work logged] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r9776e71e3c67c5d13a91c1eba0dc025b48b802eb7561cc6956d6961c%40%3Cissues.hive.apache.org%3E"
              },
              {
                "name": "[hive-issues] 20201208 [jira] [Updated] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r65578f3761a89bc164e8964acd5d913b9f8fd997967b195a89a97ca3%40%3Cissues.hive.apache.org%3E"
              },
              {
                "name": "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/re024d86dffa72ad800f2848d0c77ed93f0b78ee808350b477a6ed987%40%3Cgitbox.hive.apache.org%3E"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/rbc7642b9800249553f13457e46b813bea1aec99d2bc9106510e00ff3%40%3Ctorque-dev.db.apache.org%3E"
              },
              {
                "name": "[hive-issues] 20210125 [jira] [Work logged] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r3d1d00441c55144a4013adda74b051ae7864128ebcfb6ee9721a2eb3%40%3Cissues.hive.apache.org%3E"
              },
              {
                "name": "[db-torque-dev] 20210127 Re: Items for our (delayed) quarterly report to the board?",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/rc2dbc4633a6eea1fcbce6831876cfa17b73759a98c65326d1896cb1a%40%3Ctorque-dev.db.apache.org%3E"
              },
              {
                "name": "[db-torque-dev] 20210128 Antwort: Re: Items for our (delayed) quarterly report to the board?",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/rd5d58088812cf8e677d99b07f73c654014c524c94e7fedbdee047604%40%3Ctorque-dev.db.apache.org%3E"
              },
              {
                "name": "[hive-issues] 20210209 [jira] [Resolved] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r33864a0fc171c1c4bf680645ebb6d4f8057899ab294a43e1e4fe9d04%40%3Cissues.hive.apache.org%3E"
              },
              {
                "name": "[hive-dev] 20210216 [jira] [Created] (HIVE-24787) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r4d5dc9f3520071338d9ebc26f9f158a43ae28a91923d176b550a807b%40%3Cdev.hive.apache.org%3E"
              },
              {
                "name": "[hive-issues] 20210216 [jira] [Resolved] (HIVE-24787) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r22a56beb76dd8cf18e24fda9072f1e05990f49d6439662d3782a392f%40%3Cissues.hive.apache.org%3E"
              },
              {
                "name": "[hive-issues] 20210216 [jira] [Assigned] (HIVE-24787) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r5a68258e5ab12532dc179edae3d6e87037fa3b50ab9d63a90c432507%40%3Cissues.hive.apache.org%3E"
              },
              {
                "name": "[hive-issues] 20210218 [jira] [Updated] (HIVE-24787) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/ra051e07a0eea4943fa104247e69596f094951f51512d42c924e86c75%40%3Cissues.hive.apache.org%3E"
              },
              {
                "name": "[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E"
              },
              {
                "name": "[flink-issues] 20210510 [GitHub] [flink] zentol opened a new pull request #15879: [FLINK-22407][build] Bump log4j to 2.24.1",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r45916179811a32cbaa500f972de9098e6ee80ee81c7f134fce83e03a%40%3Cissues.flink.apache.org%3E"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
              },
              {
                "name": "[kafka-users] 20210617 vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r2721aba31a8562639c4b937150897e24f78f747cdbda8641c0f659fe%40%3Cusers.kafka.apache.org%3E"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
              },
              {
                "name": "DSA-5020",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2021/dsa-5020"
              },
              {
                "name": "[debian-lts-announce] 20211226 [SECURITY] [DLA 2852-1] apache-log4j2 security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00017.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 3.7,
                  "baseSeverity": "LOW",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-9488",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-29T16:07:49.364275Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-295",
                    "description": "CWE-295 Improper Certificate Validation",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-29T16:07:52.931Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Apache Log4j",
              "vendor": "Apache",
              "versions": [
                {
                  "status": "affected",
                  "version": "log4j-core 2.13.0"
                },
                {
                  "lessThan": "2.12.3",
                  "status": "affected",
                  "version": "log4j-core",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. Fixed in Apache Log4j 2.12.3 and 2.13.1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Improper Validation of Certificate with Host Mismatch",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-19T23:23:40.000Z",
            "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
            "shortName": "apache"
          },
          "references": [
            {
              "name": "[zookeeper-issues] 20200504 [jira] [Created] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/r8c001b9a95c0bbec06f4457721edd94935a55932e64b82cc5582b846%40%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-dev] 20200504 [jira] [Created] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/r2f209d271349bafd91537a558a279c08ebcff8fa3e547357d58833e6%40%3Cdev.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-notifications] 20200504 Build failed in Jenkins: zookeeper-master-maven-owasp #489",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/r7641ee788e1eb1be4bb206a7d15f8a64ec6ef23e5ec6132d5a567695%40%3Cnotifications.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-issues] 20200504 [jira] [Assigned] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/rd8e87c4d69df335d0ba7d815b63be8bd8a6352f429765c52eb07ddac%40%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-issues] 20200504 [jira] [Commented] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/r4285398e5585a0456d3d9db021a4fce6e6fcf3ec027dfa13a450ec98%40%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-dev] 20200504 log4j SmtpAppender related CVE",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/r0df3d7a5acb98c57e64ab9266aa21eeee1d9b399addb96f9cf1cbe05%40%3Cdev.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-notifications] 20200504 [GitHub] [zookeeper] symat opened a new pull request #1346: ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/r7e739f2961753af95e2a3a637828fb88bfca68e5d6b0221d483a9ee5%40%3Cnotifications.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-issues] 20200504 [jira] [Updated] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/r9a79175c393d14d760a0ae3731b4a873230a16ef321aa9ca48a810cd%40%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-commits] 20200504 [zookeeper] branch master updated: ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/rbc45eb0f53fd6242af3e666c2189464f848a851d408289840cecc6e3%40%3Ccommits.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-commits] 20200504 [zookeeper] branch branch-3.5 updated: ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/rec34b1cccf907898e7cb36051ffac3ccf1ea89d0b261a2a3b3fb267f%40%3Ccommits.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-commits] 20200504 [zookeeper] branch branch-3.6 updated: ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/r48efc7cb5aeb4e1f67aaa06fb4b5479a5635d12f07d0b93fc2d08809%40%3Ccommits.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-issues] 20200504 [jira] [Resolved] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/rd55f65c6822ff235eda435d31488cfbb9aa7055cdf47481ebee777cc%40%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-notifications] 20200504 [GitHub] [zookeeper] symat commented on pull request #1346: ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/rc6b81c013618d1de1b5d6b8c1088aaf87b4bacc10c2371f15a566701%40%3Cnotifications.zookeeper.apache.org%3E"
            },
            {
              "name": "[kafka-dev] 20200514 [jira] [Created] (KAFKA-9996) upgrade zookeeper to 3.5.8 to address security vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/r7e5c10534ed06bf805473ac85e8412fe3908a8fa4cabf5027bf11220%40%3Cdev.kafka.apache.org%3E"
            },
            {
              "name": "[kafka-jira] 20200514 [jira] [Created] (KAFKA-9996) upgrade zookeeper to 3.5.8 to address security vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/r8e96c340004b7898cad3204ea51280ef6e4b553a684e1452bf1b18b1%40%3Cjira.kafka.apache.org%3E"
            },
            {
              "name": "[kafka-dev] 20200514 [jira] [Created] (KAFKA-9997) upgrade log4j lib to address CVE-2020-9488",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/rf1c2a81a08034c688b8f15cf58a4cfab322d00002ca46d20133bee20%40%3Cdev.kafka.apache.org%3E"
            },
            {
              "name": "[kafka-jira] 20200514 [jira] [Created] (KAFKA-9997) upgrade log4j lib to address CVE-2020-9488",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/r0a2699f724156a558afd1abb6c044fb9132caa66dce861b82699722a%40%3Cjira.kafka.apache.org%3E"
            },
            {
              "name": "[kafka-jira] 20200515 [jira] [Commented] (KAFKA-9997) upgrade log4j lib to address CVE-2020-9488",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/r48bcd06049c1779ef709564544c3d8a32ae6ee5c3b7281a606ac4463%40%3Cjira.kafka.apache.org%3E"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://issues.apache.org/jira/browse/LOG4J2-2819"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20200504-0003/"
            },
            {
              "name": "[db-torque-dev] 20200715 Build failed in Jenkins: Torque4-trunk #685",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/r393943de452406f0f6f4b3def9f8d3c071f96323c1f6ed1a098f7fe4%40%3Ctorque-dev.db.apache.org%3E"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "name": "[hive-issues] 20201207 [jira] [Work started] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/r1fc73f0e16ec2fa249d3ad39a5194afb9cc5afb4c023dc0bab5a5881%40%3Cissues.hive.apache.org%3E"
            },
            {
              "name": "[hive-issues] 20201207 [jira] [Assigned] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/ra632b329b2ae2324fabbad5da204c4ec2e171ff60348ec4ba698fd40%40%3Cissues.hive.apache.org%3E"
            },
            {
              "name": "[hive-issues] 20201207 [jira] [Updated] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/r4ed1f49616a8603832d378cb9d13e7a8b9b27972bb46d946ccd8491f%40%3Cissues.hive.apache.org%3E"
            },
            {
              "name": "[hive-dev] 20201207 [jira] [Created] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/r4db540cafc5d7232c62e076051ef661d37d345015b2e59b3f81a932f%40%3Cdev.hive.apache.org%3E"
            },
            {
              "name": "[hive-issues] 20201208 [jira] [Work logged] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/r9776e71e3c67c5d13a91c1eba0dc025b48b802eb7561cc6956d6961c%40%3Cissues.hive.apache.org%3E"
            },
            {
              "name": "[hive-issues] 20201208 [jira] [Updated] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/r65578f3761a89bc164e8964acd5d913b9f8fd997967b195a89a97ca3%40%3Cissues.hive.apache.org%3E"
            },
            {
              "name": "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.apache.org/thread.html/re024d86dffa72ad800f2848d0c77ed93f0b78ee808350b477a6ed987%40%3Cgitbox.hive.apache.org%3E"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.apache.org/thread.html/rbc7642b9800249553f13457e46b813bea1aec99d2bc9106510e00ff3%40%3Ctorque-dev.db.apache.org%3E"
            },
            {
              "name": "[hive-issues] 20210125 [jira] [Work logged] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/r3d1d00441c55144a4013adda74b051ae7864128ebcfb6ee9721a2eb3%40%3Cissues.hive.apache.org%3E"
            },
            {
              "name": "[db-torque-dev] 20210127 Re: Items for our (delayed) quarterly report to the board?",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/rc2dbc4633a6eea1fcbce6831876cfa17b73759a98c65326d1896cb1a%40%3Ctorque-dev.db.apache.org%3E"
            },
            {
              "name": "[db-torque-dev] 20210128 Antwort: Re: Items for our (delayed) quarterly report to the board?",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/rd5d58088812cf8e677d99b07f73c654014c524c94e7fedbdee047604%40%3Ctorque-dev.db.apache.org%3E"
            },
            {
              "name": "[hive-issues] 20210209 [jira] [Resolved] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/r33864a0fc171c1c4bf680645ebb6d4f8057899ab294a43e1e4fe9d04%40%3Cissues.hive.apache.org%3E"
            },
            {
              "name": "[hive-dev] 20210216 [jira] [Created] (HIVE-24787) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/r4d5dc9f3520071338d9ebc26f9f158a43ae28a91923d176b550a807b%40%3Cdev.hive.apache.org%3E"
            },
            {
              "name": "[hive-issues] 20210216 [jira] [Resolved] (HIVE-24787) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/r22a56beb76dd8cf18e24fda9072f1e05990f49d6439662d3782a392f%40%3Cissues.hive.apache.org%3E"
            },
            {
              "name": "[hive-issues] 20210216 [jira] [Assigned] (HIVE-24787) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/r5a68258e5ab12532dc179edae3d6e87037fa3b50ab9d63a90c432507%40%3Cissues.hive.apache.org%3E"
            },
            {
              "name": "[hive-issues] 20210218 [jira] [Updated] (HIVE-24787) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/ra051e07a0eea4943fa104247e69596f094951f51512d42c924e86c75%40%3Cissues.hive.apache.org%3E"
            },
            {
              "name": "[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E"
            },
            {
              "name": "[flink-issues] 20210510 [GitHub] [flink] zentol opened a new pull request #15879: [FLINK-22407][build] Bump log4j to 2.24.1",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/r45916179811a32cbaa500f972de9098e6ee80ee81c7f134fce83e03a%40%3Cissues.flink.apache.org%3E"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
            },
            {
              "name": "[kafka-users] 20210617 vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/r2721aba31a8562639c4b937150897e24f78f747cdbda8641c0f659fe%40%3Cusers.kafka.apache.org%3E"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            },
            {
              "name": "DSA-5020",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2021/dsa-5020"
            },
            {
              "name": "[debian-lts-announce] 20211226 [SECURITY] [DLA 2852-1] apache-log4j2 security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00017.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@apache.org",
              "ID": "CVE-2020-9488",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Apache Log4j",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "log4j-core",
                                "version_value": "2.12.3"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "log4j-core",
                                "version_value": "2.13.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Apache"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. Fixed in Apache Log4j 2.12.3 and 2.13.1"
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Improper Validation of Certificate with Host Mismatch"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[zookeeper-issues] 20200504 [jira] [Created] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/r8c001b9a95c0bbec06f4457721edd94935a55932e64b82cc5582b846@%3Cissues.zookeeper.apache.org%3E"
                },
                {
                  "name": "[zookeeper-dev] 20200504 [jira] [Created] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/r2f209d271349bafd91537a558a279c08ebcff8fa3e547357d58833e6@%3Cdev.zookeeper.apache.org%3E"
                },
                {
                  "name": "[zookeeper-notifications] 20200504 Build failed in Jenkins: zookeeper-master-maven-owasp #489",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/r7641ee788e1eb1be4bb206a7d15f8a64ec6ef23e5ec6132d5a567695@%3Cnotifications.zookeeper.apache.org%3E"
                },
                {
                  "name": "[zookeeper-issues] 20200504 [jira] [Assigned] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/rd8e87c4d69df335d0ba7d815b63be8bd8a6352f429765c52eb07ddac@%3Cissues.zookeeper.apache.org%3E"
                },
                {
                  "name": "[zookeeper-issues] 20200504 [jira] [Commented] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/r4285398e5585a0456d3d9db021a4fce6e6fcf3ec027dfa13a450ec98@%3Cissues.zookeeper.apache.org%3E"
                },
                {
                  "name": "[zookeeper-dev] 20200504 log4j SmtpAppender related CVE",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/r0df3d7a5acb98c57e64ab9266aa21eeee1d9b399addb96f9cf1cbe05@%3Cdev.zookeeper.apache.org%3E"
                },
                {
                  "name": "[zookeeper-notifications] 20200504 [GitHub] [zookeeper] symat opened a new pull request #1346: ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/r7e739f2961753af95e2a3a637828fb88bfca68e5d6b0221d483a9ee5@%3Cnotifications.zookeeper.apache.org%3E"
                },
                {
                  "name": "[zookeeper-issues] 20200504 [jira] [Updated] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/r9a79175c393d14d760a0ae3731b4a873230a16ef321aa9ca48a810cd@%3Cissues.zookeeper.apache.org%3E"
                },
                {
                  "name": "[zookeeper-commits] 20200504 [zookeeper] branch master updated: ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/rbc45eb0f53fd6242af3e666c2189464f848a851d408289840cecc6e3@%3Ccommits.zookeeper.apache.org%3E"
                },
                {
                  "name": "[zookeeper-commits] 20200504 [zookeeper] branch branch-3.5 updated: ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/rec34b1cccf907898e7cb36051ffac3ccf1ea89d0b261a2a3b3fb267f@%3Ccommits.zookeeper.apache.org%3E"
                },
                {
                  "name": "[zookeeper-commits] 20200504 [zookeeper] branch branch-3.6 updated: ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/r48efc7cb5aeb4e1f67aaa06fb4b5479a5635d12f07d0b93fc2d08809@%3Ccommits.zookeeper.apache.org%3E"
                },
                {
                  "name": "[zookeeper-issues] 20200504 [jira] [Resolved] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/rd55f65c6822ff235eda435d31488cfbb9aa7055cdf47481ebee777cc@%3Cissues.zookeeper.apache.org%3E"
                },
                {
                  "name": "[zookeeper-notifications] 20200504 [GitHub] [zookeeper] symat commented on pull request #1346: ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/rc6b81c013618d1de1b5d6b8c1088aaf87b4bacc10c2371f15a566701@%3Cnotifications.zookeeper.apache.org%3E"
                },
                {
                  "name": "[kafka-dev] 20200514 [jira] [Created] (KAFKA-9996) upgrade zookeeper to 3.5.8 to address security vulnerabilities",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/r7e5c10534ed06bf805473ac85e8412fe3908a8fa4cabf5027bf11220@%3Cdev.kafka.apache.org%3E"
                },
                {
                  "name": "[kafka-jira] 20200514 [jira] [Created] (KAFKA-9996) upgrade zookeeper to 3.5.8 to address security vulnerabilities",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/r8e96c340004b7898cad3204ea51280ef6e4b553a684e1452bf1b18b1@%3Cjira.kafka.apache.org%3E"
                },
                {
                  "name": "[kafka-dev] 20200514 [jira] [Created] (KAFKA-9997) upgrade log4j lib to address CVE-2020-9488",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/rf1c2a81a08034c688b8f15cf58a4cfab322d00002ca46d20133bee20@%3Cdev.kafka.apache.org%3E"
                },
                {
                  "name": "[kafka-jira] 20200514 [jira] [Created] (KAFKA-9997) upgrade log4j lib to address CVE-2020-9488",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/r0a2699f724156a558afd1abb6c044fb9132caa66dce861b82699722a@%3Cjira.kafka.apache.org%3E"
                },
                {
                  "name": "[kafka-jira] 20200515 [jira] [Commented] (KAFKA-9997) upgrade log4j lib to address CVE-2020-9488",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/r48bcd06049c1779ef709564544c3d8a32ae6ee5c3b7281a606ac4463@%3Cjira.kafka.apache.org%3E"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
                },
                {
                  "name": "https://issues.apache.org/jira/browse/LOG4J2-2819",
                  "refsource": "CONFIRM",
                  "url": "https://issues.apache.org/jira/browse/LOG4J2-2819"
                },
                {
                  "name": "https://security.netapp.com/advisory/ntap-20200504-0003/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20200504-0003/"
                },
                {
                  "name": "[db-torque-dev] 20200715 Build failed in Jenkins: Torque4-trunk #685",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/r393943de452406f0f6f4b3def9f8d3c071f96323c1f6ed1a098f7fe4@%3Ctorque-dev.db.apache.org%3E"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
                },
                {
                  "name": "[hive-issues] 20201207 [jira] [Work started] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/r1fc73f0e16ec2fa249d3ad39a5194afb9cc5afb4c023dc0bab5a5881@%3Cissues.hive.apache.org%3E"
                },
                {
                  "name": "[hive-issues] 20201207 [jira] [Assigned] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/ra632b329b2ae2324fabbad5da204c4ec2e171ff60348ec4ba698fd40@%3Cissues.hive.apache.org%3E"
                },
                {
                  "name": "[hive-issues] 20201207 [jira] [Updated] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/r4ed1f49616a8603832d378cb9d13e7a8b9b27972bb46d946ccd8491f@%3Cissues.hive.apache.org%3E"
                },
                {
                  "name": "[hive-dev] 20201207 [jira] [Created] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/r4db540cafc5d7232c62e076051ef661d37d345015b2e59b3f81a932f@%3Cdev.hive.apache.org%3E"
                },
                {
                  "name": "[hive-issues] 20201208 [jira] [Work logged] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/r9776e71e3c67c5d13a91c1eba0dc025b48b802eb7561cc6956d6961c@%3Cissues.hive.apache.org%3E"
                },
                {
                  "name": "[hive-issues] 20201208 [jira] [Updated] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/r65578f3761a89bc164e8964acd5d913b9f8fd997967b195a89a97ca3@%3Cissues.hive.apache.org%3E"
                },
                {
                  "name": "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26@%3Ccommits.pulsar.apache.org%3E"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpujan2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
                },
                {
                  "name": "https://lists.apache.org/thread.html/re024d86dffa72ad800f2848d0c77ed93f0b78ee808350b477a6ed987@%3Cgitbox.hive.apache.org%3E",
                  "refsource": "MISC",
                  "url": "https://lists.apache.org/thread.html/re024d86dffa72ad800f2848d0c77ed93f0b78ee808350b477a6ed987@%3Cgitbox.hive.apache.org%3E"
                },
                {
                  "name": "https://lists.apache.org/thread.html/rbc7642b9800249553f13457e46b813bea1aec99d2bc9106510e00ff3@%3Ctorque-dev.db.apache.org%3E",
                  "refsource": "MISC",
                  "url": "https://lists.apache.org/thread.html/rbc7642b9800249553f13457e46b813bea1aec99d2bc9106510e00ff3@%3Ctorque-dev.db.apache.org%3E"
                },
                {
                  "name": "[hive-issues] 20210125 [jira] [Work logged] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/r3d1d00441c55144a4013adda74b051ae7864128ebcfb6ee9721a2eb3@%3Cissues.hive.apache.org%3E"
                },
                {
                  "name": "[db-torque-dev] 20210127 Re: Items for our (delayed) quarterly report to the board?",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/rc2dbc4633a6eea1fcbce6831876cfa17b73759a98c65326d1896cb1a@%3Ctorque-dev.db.apache.org%3E"
                },
                {
                  "name": "[db-torque-dev] 20210128 Antwort: Re: Items for our (delayed) quarterly report to the board?",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/rd5d58088812cf8e677d99b07f73c654014c524c94e7fedbdee047604@%3Ctorque-dev.db.apache.org%3E"
                },
                {
                  "name": "[hive-issues] 20210209 [jira] [Resolved] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/r33864a0fc171c1c4bf680645ebb6d4f8057899ab294a43e1e4fe9d04@%3Cissues.hive.apache.org%3E"
                },
                {
                  "name": "[hive-dev] 20210216 [jira] [Created] (HIVE-24787) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/r4d5dc9f3520071338d9ebc26f9f158a43ae28a91923d176b550a807b@%3Cdev.hive.apache.org%3E"
                },
                {
                  "name": "[hive-issues] 20210216 [jira] [Resolved] (HIVE-24787) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/r22a56beb76dd8cf18e24fda9072f1e05990f49d6439662d3782a392f@%3Cissues.hive.apache.org%3E"
                },
                {
                  "name": "[hive-issues] 20210216 [jira] [Assigned] (HIVE-24787) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/r5a68258e5ab12532dc179edae3d6e87037fa3b50ab9d63a90c432507@%3Cissues.hive.apache.org%3E"
                },
                {
                  "name": "[hive-issues] 20210218 [jira] [Updated] (HIVE-24787) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/ra051e07a0eea4943fa104247e69596f094951f51512d42c924e86c75@%3Cissues.hive.apache.org%3E"
                },
                {
                  "name": "[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E"
                },
                {
                  "name": "[flink-issues] 20210510 [GitHub] [flink] zentol opened a new pull request #15879: [FLINK-22407][build] Bump log4j to 2.24.1",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/r45916179811a32cbaa500f972de9098e6ee80ee81c7f134fce83e03a@%3Cissues.flink.apache.org%3E"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
                },
                {
                  "name": "[kafka-users] 20210617 vulnerabilities",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/r2721aba31a8562639c4b937150897e24f78f747cdbda8641c0f659fe@%3Cusers.kafka.apache.org%3E"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
                },
                {
                  "name": "DSA-5020",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2021/dsa-5020"
                },
                {
                  "name": "[debian-lts-announce] 20211226 [SECURITY] [DLA 2852-1] apache-log4j2 security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00017.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "assignerShortName": "apache",
        "cveId": "CVE-2020-9488",
        "datePublished": "2020-04-27T15:36:10.000Z",
        "dateReserved": "2020-03-01T00:00:00.000Z",
        "dateUpdated": "2026-05-29T16:07:52.931Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2020-2942 (GCVE-0-2020-2942)

    Vulnerability from nvd – Published: 2020-04-15 13:29 – Updated: 2024-09-27 18:47
    VLAI
    Summary
    Vulnerability in the Oracle Financial Services Price Creation and Discovery product of Oracle Financial Services Applications (component: User Interface). The supported version that is affected is 8.0.7. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Price Creation and Discovery. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Price Creation and Discovery accessible data as well as unauthorized read access to a subset of Oracle Financial Services Price Creation and Discovery accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N).
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Price Creation and Discovery. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Price Creation and Discovery accessible data as well as unauthorized read access to a subset of Oracle Financial Services Price Creation and Discovery accessible data.
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T07:24:00.343Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-2942",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-27T18:00:28.066916Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-27T18:47:53.472Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Financial Services Price Creation and Discovery",
              "vendor": "Oracle Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "8.0.7"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Vulnerability in the Oracle Financial Services Price Creation and Discovery product of Oracle Financial Services Applications (component: User Interface). The supported version that is affected is 8.0.7. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Price Creation and Discovery. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Price Creation and Discovery accessible data as well as unauthorized read access to a subset of Oracle Financial Services Price Creation and Discovery accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N)."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Price Creation and Discovery.  Successful attacks of this vulnerability can result in  unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Price Creation and Discovery accessible data as well as  unauthorized read access to a subset of Oracle Financial Services Price Creation and Discovery accessible data.",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-04-15T13:29:53.000Z",
            "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
            "shortName": "oracle"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert_us@oracle.com",
              "ID": "CVE-2020-2942",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Financial Services Price Creation and Discovery",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "8.0.7"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Oracle Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Vulnerability in the Oracle Financial Services Price Creation and Discovery product of Oracle Financial Services Applications (component: User Interface). The supported version that is affected is 8.0.7. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Price Creation and Discovery. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Price Creation and Discovery accessible data as well as unauthorized read access to a subset of Oracle Financial Services Price Creation and Discovery accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N)."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": "7.1",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Price Creation and Discovery.  Successful attacks of this vulnerability can result in  unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Price Creation and Discovery accessible data as well as  unauthorized read access to a subset of Oracle Financial Services Price Creation and Discovery accessible data."
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "assignerShortName": "oracle",
        "cveId": "CVE-2020-2942",
        "datePublished": "2020-04-15T13:29:53.000Z",
        "dateReserved": "2019-12-10T00:00:00.000Z",
        "dateUpdated": "2024-09-27T18:47:53.472Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-11113 (GCVE-0-2020-11113)

    Vulnerability from nvd – Published: 2020-03-31 04:37 – Updated: 2025-08-27 20:32
    VLAI
    Summary
    FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    Impacted products
    Vendor Product Version
    fasterxml jackson-databind Affected: 0 , < 2.9.10.4 (custom)
        cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*
    Create a notification for this product.
    debian debian_linux Affected: 8.0
        cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
    Create a notification for this product.
    netapp steelstore_cloud_integrated_storage Affected: *
        cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle agile_plm Affected: 9.3.6
        cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle autovue_for_agile_product_lifecycle_management Affected: 21.0.2
        cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle banking_digital_experience Affected: 18.1 , ≤ 18.3 (custom)
    Affected: 19.1 , ≤ 19.2 (custom)
    Affected: 20.1
    Affected: 2.4.0 , ≤ 2.9.0 (custom)
        cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_calendar_server Affected: 8.0.0.4.0 , ≤ 8.0.0.5.0 (custom)
        cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_diameter_signaling_router Affected: 8.0.0 , ≤ 8.2.2 (custom)
        cpe:2.3:a:oracle:communications_diameter_signaling_router:-:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_element_manager Affected: 8.2.0 , ≤ 8.2.2 (custom)
        cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_evolved_communications_application_server Affected: 7.1
        cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_instant_messaging_server Affected: 10.0.1.4.0
        cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_network_charging_and_control Affected: 6.0.1
        cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_network_charging_and_control Affected: 12.0.0 , ≤ 12.0.3 (custom)
        cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_session_route_manager Affected: 8.2.0 , ≤ 8.2.2 (custom)
        cpe:2.3:a:oracle:communications_session_route_manager:-:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle enterprise_manager_base_platform Affected: 13.3.0.0 , ≤ 13.4.0.0 (custom)
        cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle financial_services_analytical_applications_infrastructure Affected: 8.0.6 , ≤ 8.1.0 (custom)
        cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle financial_services_institutional_performance_analytics Affected: 8.0.6
    Affected: 8.0.7
    Affected: 8.1.0
        cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle financial_services_price_creation_and_discovery Affected: 8.0.6 , ≤ 8.0.7 (custom)
        cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle financial_services_retail_customer_analytics Affected: 8.0.6
        cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle global_lifecycle_management_opatch Affected: 0 , ≤ 12.2.0.1.20 (custom)
        cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle insurance_policy_administration_j2ee Affected: 11.0.2.25 , < 11.1.0.15 (custom)
        cpe:2.3:a:oracle:insurance_policy_administration_j2ee:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle jd_edwards_enterpriseone_orchestrator Affected: 0 , ≤ 9.2.4.2 (custom)
        cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:-:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle primavera_unifier Affected: 16.1
    Affected: 16.2
    Affected: 17.7 , ≤ 17.12 (custom)
    Affected: 18.8
    Affected: 19.12
        cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle retail_merchandising_system Affected: 15.0
        cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle retail_sales_audit Affected: 14.1
        cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle retail_service_backbone Affected: 14.1
    Affected: 15.0
    Affected: 16.0
        cpe:2.3:a:oracle:retail_service_backbone:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle retail_xstore_point_of_service Affected: 15.0 , ≤ 19.0 (custom)
        cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle weblogic_server Affected: 12.2.1.3.0 , ≤ 12.2.1.4.0 (custom)
        cpe:2.3:a:oracle:weblogic_server:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jackson-databind",
                "vendor": "fasterxml",
                "versions": [
                  {
                    "lessThan": "2.9.10.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "debian_linux",
                "vendor": "debian",
                "versions": [
                  {
                    "status": "affected",
                    "version": "8.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "steelstore_cloud_integrated_storage",
                "vendor": "netapp",
                "versions": [
                  {
                    "status": "affected",
                    "version": "*"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "agile_plm",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "9.3.6"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "autovue_for_agile_product_lifecycle_management",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "21.0.2"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "banking_digital_experience",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "18.3",
                    "status": "affected",
                    "version": "18.1",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "19.2",
                    "status": "affected",
                    "version": "19.1",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "20.1"
                  },
                  {
                    "lessThanOrEqual": "2.9.0",
                    "status": "affected",
                    "version": "2.4.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "banking_digital_experience",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "18.3",
                    "status": "affected",
                    "version": "18.1",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "19.2",
                    "status": "affected",
                    "version": "19.1",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "20.1"
                  },
                  {
                    "lessThanOrEqual": "2.9.0",
                    "status": "affected",
                    "version": "2.4.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "banking_digital_experience",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "18.3",
                    "status": "affected",
                    "version": "18.1",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "19.2",
                    "status": "affected",
                    "version": "19.1",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "20.1"
                  },
                  {
                    "lessThanOrEqual": "2.9.0",
                    "status": "affected",
                    "version": "2.4.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "banking_digital_experience",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "18.3",
                    "status": "affected",
                    "version": "18.1",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "19.2",
                    "status": "affected",
                    "version": "19.1",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "20.1"
                  },
                  {
                    "lessThanOrEqual": "2.9.0",
                    "status": "affected",
                    "version": "2.4.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_calendar_server",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.0.0.5.0",
                    "status": "affected",
                    "version": "8.0.0.4.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_diameter_signaling_router:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_diameter_signaling_router",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.2.2",
                    "status": "affected",
                    "version": "8.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_element_manager",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.2.2",
                    "status": "affected",
                    "version": "8.2.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_evolved_communications_application_server",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "7.1"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_instant_messaging_server",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "10.0.1.4.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_network_charging_and_control",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "6.0.1"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_network_charging_and_control",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "12.0.3",
                    "status": "affected",
                    "version": "12.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_session_route_manager:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_session_route_manager",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.2.2",
                    "status": "affected",
                    "version": "8.2.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "enterprise_manager_base_platform",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "13.4.0.0",
                    "status": "affected",
                    "version": "13.3.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "financial_services_analytical_applications_infrastructure",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.1.0",
                    "status": "affected",
                    "version": "8.0.6",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "financial_services_institutional_performance_analytics",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "8.0.6"
                  },
                  {
                    "status": "affected",
                    "version": "8.0.7"
                  },
                  {
                    "status": "affected",
                    "version": "8.1.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "financial_services_institutional_performance_analytics",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "8.0.6"
                  },
                  {
                    "status": "affected",
                    "version": "8.0.7"
                  },
                  {
                    "status": "affected",
                    "version": "8.1.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "financial_services_institutional_performance_analytics",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "8.0.6"
                  },
                  {
                    "status": "affected",
                    "version": "8.0.7"
                  },
                  {
                    "status": "affected",
                    "version": "8.1.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "financial_services_price_creation_and_discovery",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.0.7",
                    "status": "affected",
                    "version": "8.0.6",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "financial_services_retail_customer_analytics",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "8.0.6"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "global_lifecycle_management_opatch",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "12.2.0.1.20",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "insurance_policy_administration_j2ee",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThan": "11.1.0.15",
                    "status": "affected",
                    "version": "11.0.2.25",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jd_edwards_enterpriseone_orchestrator",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "9.2.4.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "primavera_unifier",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "16.1"
                  },
                  {
                    "status": "affected",
                    "version": "16.2"
                  },
                  {
                    "lessThanOrEqual": "17.12",
                    "status": "affected",
                    "version": "17.7",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "18.8"
                  },
                  {
                    "status": "affected",
                    "version": "19.12"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "primavera_unifier",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "16.1"
                  },
                  {
                    "status": "affected",
                    "version": "16.2"
                  },
                  {
                    "lessThanOrEqual": "17.12",
                    "status": "affected",
                    "version": "17.7",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "18.8"
                  },
                  {
                    "status": "affected",
                    "version": "19.12"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "primavera_unifier",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "16.1"
                  },
                  {
                    "status": "affected",
                    "version": "16.2"
                  },
                  {
                    "lessThanOrEqual": "17.12",
                    "status": "affected",
                    "version": "17.7",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "18.8"
                  },
                  {
                    "status": "affected",
                    "version": "19.12"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "primavera_unifier",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "16.1"
                  },
                  {
                    "status": "affected",
                    "version": "16.2"
                  },
                  {
                    "lessThanOrEqual": "17.12",
                    "status": "affected",
                    "version": "17.7",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "18.8"
                  },
                  {
                    "status": "affected",
                    "version": "19.12"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "primavera_unifier",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "16.1"
                  },
                  {
                    "status": "affected",
                    "version": "16.2"
                  },
                  {
                    "lessThanOrEqual": "17.12",
                    "status": "affected",
                    "version": "17.7",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "18.8"
                  },
                  {
                    "status": "affected",
                    "version": "19.12"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "retail_merchandising_system",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "15.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "retail_sales_audit",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "14.1"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:retail_service_backbone:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "retail_service_backbone",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "14.1"
                  },
                  {
                    "status": "affected",
                    "version": "15.0"
                  },
                  {
                    "status": "affected",
                    "version": "16.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:retail_service_backbone:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "retail_service_backbone",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "14.1"
                  },
                  {
                    "status": "affected",
                    "version": "15.0"
                  },
                  {
                    "status": "affected",
                    "version": "16.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:retail_service_backbone:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "retail_service_backbone",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "14.1"
                  },
                  {
                    "status": "affected",
                    "version": "15.0"
                  },
                  {
                    "status": "affected",
                    "version": "16.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "retail_xstore_point_of_service",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "19.0",
                    "status": "affected",
                    "version": "15.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:weblogic_server:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "weblogic_server",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "12.2.1.4.0",
                    "status": "affected",
                    "version": "12.2.1.3.0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-11113",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-25T04:00:43.551763Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-502",
                    "description": "CWE-502 Deserialization of Untrusted Data",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-08-27T20:32:51.363Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T11:21:14.618Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[debian-lts-announce] 20200417 [SECURITY] [DLA 2179-1] jackson-databind security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20200403-0002/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/FasterXML/jackson-databind/issues/2670"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa)."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-10-20T10:38:50.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "[debian-lts-announce] 20200417 [SECURITY] [DLA 2179-1] jackson-databind security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20200403-0002/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/FasterXML/jackson-databind/issues/2670"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2020-11113",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa)."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[debian-lts-announce] 20200417 [SECURITY] [DLA 2179-1] jackson-databind security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html"
                },
                {
                  "name": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
                  "refsource": "MISC",
                  "url": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
                },
                {
                  "name": "https://security.netapp.com/advisory/ntap-20200403-0002/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20200403-0002/"
                },
                {
                  "name": "https://github.com/FasterXML/jackson-databind/issues/2670",
                  "refsource": "MISC",
                  "url": "https://github.com/FasterXML/jackson-databind/issues/2670"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpujan2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2020-11113",
        "datePublished": "2020-03-31T04:37:27.000Z",
        "dateReserved": "2020-03-31T00:00:00.000Z",
        "dateUpdated": "2025-08-27T20:32:51.363Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-11112 (GCVE-0-2020-11112)

    Vulnerability from nvd – Published: 2020-03-31 04:37 – Updated: 2024-08-04 11:21
    VLAI
    Summary
    FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    Impacted products
    Vendor Product Version
    fasterxml jackson-databind Affected: 0 , < 2.9.10.4 (custom)
        cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*
    Create a notification for this product.
    debian debian_linux Affected: 8.0
        cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
    Create a notification for this product.
    netapp steelstore_cloud_integrated_storage Affected: *
        cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle agile_plm Affected: 9.3.6
        cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle autovue_for_agile_product_lifecycle_management Affected: 21.0.2
        cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle banking_digital_experience Affected: 18.1 , ≤ 18.3 (custom)
    Affected: 19.1 , ≤ 19.2 (custom)
    Affected: 20.1
    Affected: 2.4.0 , ≤ 2.9.0 (custom)
        cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_calendar_server Affected: 8.0.0.4.0 , ≤ 8.0.0.5.0 (custom)
        cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_diameter_signaling_router Affected: 8.0.0 , ≤ 8.2.2 (custom)
        cpe:2.3:a:oracle:communications_diameter_signaling_router:-:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_element_manager Affected: 8.2.0 , ≤ 8.2.2 (custom)
        cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_evolved_communications_application_server Affected: 7.1
        cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_instant_messaging_server Affected: 10.0.1.4.0
        cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_network_charging_and_control Affected: 6.0.1
        cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_network_charging_and_control Affected: 12.0.0 , ≤ 12.0.3 (custom)
        cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_session_route_manager Affected: 8.2.0 , ≤ 8.2.2 (custom)
        cpe:2.3:a:oracle:communications_session_route_manager:-:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle enterprise_manager_base_platform Affected: 13.3.0.0 , ≤ 13.4.0.0 (custom)
        cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle financial_services_analytical_applications_infrastructure Affected: 8.0.6 , ≤ 8.1.0 (custom)
        cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle financial_services_institutional_performance_analytics Affected: 8.0.6
    Affected: 8.0.7
    Affected: 8.1.0
        cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle financial_services_price_creation_and_discovery Affected: 8.0.6 , ≤ 8.0.7 (custom)
        cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle financial_services_retail_customer_analytics Affected: 8.0.6
        cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle global_lifecycle_management_opatch Affected: 0 , ≤ 12.2.0.1.20 (custom)
        cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle insurance_policy_administration_j2ee Affected: 11.0.2.25 , < 11.1.0.15 (custom)
        cpe:2.3:a:oracle:insurance_policy_administration_j2ee:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle jd_edwards_enterpriseone_orchestrator Affected: 0 , ≤ 9.2.4.2 (custom)
        cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:-:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle primavera_unifier Affected: 16.1
    Affected: 16.2
    Affected: 17.7 , ≤ 17.12 (custom)
    Affected: 18.8
    Affected: 19.12
        cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle retail_merchandising_system Affected: 15.0
        cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle retail_sales_audit Affected: 14.1
        cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle retail_service_backbone Affected: 14.1
    Affected: 15.0
    Affected: 16.0
        cpe:2.3:a:oracle:retail_service_backbone:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle retail_xstore_point_of_service Affected: 15.0 , ≤ 19.0 (custom)
        cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle weblogic_server Affected: 12.2.1.3.0 , ≤ 12.2.1.4.0 (custom)
        cpe:2.3:a:oracle:weblogic_server:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jackson-databind",
                "vendor": "fasterxml",
                "versions": [
                  {
                    "lessThan": "2.9.10.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "debian_linux",
                "vendor": "debian",
                "versions": [
                  {
                    "status": "affected",
                    "version": "8.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "steelstore_cloud_integrated_storage",
                "vendor": "netapp",
                "versions": [
                  {
                    "status": "affected",
                    "version": "*"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "agile_plm",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "9.3.6"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "autovue_for_agile_product_lifecycle_management",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "21.0.2"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "banking_digital_experience",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "18.3",
                    "status": "affected",
                    "version": "18.1",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "19.2",
                    "status": "affected",
                    "version": "19.1",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "20.1"
                  },
                  {
                    "lessThanOrEqual": "2.9.0",
                    "status": "affected",
                    "version": "2.4.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_calendar_server",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.0.0.5.0",
                    "status": "affected",
                    "version": "8.0.0.4.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_diameter_signaling_router:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_diameter_signaling_router",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.2.2",
                    "status": "affected",
                    "version": "8.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_element_manager",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.2.2",
                    "status": "affected",
                    "version": "8.2.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_evolved_communications_application_server",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "7.1"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_instant_messaging_server",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "10.0.1.4.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_network_charging_and_control",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "6.0.1"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_network_charging_and_control",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "12.0.3",
                    "status": "affected",
                    "version": "12.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_session_route_manager:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_session_route_manager",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.2.2",
                    "status": "affected",
                    "version": "8.2.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "enterprise_manager_base_platform",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "13.4.0.0",
                    "status": "affected",
                    "version": "13.3.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "financial_services_analytical_applications_infrastructure",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.1.0",
                    "status": "affected",
                    "version": "8.0.6",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "financial_services_institutional_performance_analytics",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "8.0.6"
                  },
                  {
                    "status": "affected",
                    "version": "8.0.7"
                  },
                  {
                    "status": "affected",
                    "version": "8.1.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "financial_services_price_creation_and_discovery",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.0.7",
                    "status": "affected",
                    "version": "8.0.6",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "financial_services_retail_customer_analytics",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "8.0.6"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "global_lifecycle_management_opatch",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "12.2.0.1.20",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "insurance_policy_administration_j2ee",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThan": "11.1.0.15",
                    "status": "affected",
                    "version": "11.0.2.25",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jd_edwards_enterpriseone_orchestrator",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "9.2.4.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "primavera_unifier",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "16.1"
                  },
                  {
                    "status": "affected",
                    "version": "16.2"
                  },
                  {
                    "lessThanOrEqual": "17.12",
                    "status": "affected",
                    "version": "17.7",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "18.8"
                  },
                  {
                    "status": "affected",
                    "version": "19.12"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "retail_merchandising_system",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "15.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "retail_sales_audit",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "14.1"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:retail_service_backbone:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "retail_service_backbone",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "14.1"
                  },
                  {
                    "status": "affected",
                    "version": "15.0"
                  },
                  {
                    "status": "affected",
                    "version": "16.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "retail_xstore_point_of_service",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "19.0",
                    "status": "affected",
                    "version": "15.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:weblogic_server:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "weblogic_server",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "12.2.1.4.0",
                    "status": "affected",
                    "version": "12.2.1.3.0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-11112",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-25T04:00:42.504958Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-502",
                    "description": "CWE-502 Deserialization of Untrusted Data",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:12:17.235Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T11:21:14.621Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[debian-lts-announce] 20200417 [SECURITY] [DLA 2179-1] jackson-databind security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20200403-0002/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/FasterXML/jackson-databind/issues/2666"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy)."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-10-20T10:38:49.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "[debian-lts-announce] 20200417 [SECURITY] [DLA 2179-1] jackson-databind security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20200403-0002/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/FasterXML/jackson-databind/issues/2666"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2020-11112",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy)."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[debian-lts-announce] 20200417 [SECURITY] [DLA 2179-1] jackson-databind security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html"
                },
                {
                  "name": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
                  "refsource": "MISC",
                  "url": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
                },
                {
                  "name": "https://security.netapp.com/advisory/ntap-20200403-0002/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20200403-0002/"
                },
                {
                  "name": "https://github.com/FasterXML/jackson-databind/issues/2666",
                  "refsource": "MISC",
                  "url": "https://github.com/FasterXML/jackson-databind/issues/2666"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpujan2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2020-11112",
        "datePublished": "2020-03-31T04:37:41.000Z",
        "dateReserved": "2020-03-31T00:00:00.000Z",
        "dateUpdated": "2024-08-04T11:21:14.621Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-10969 (GCVE-0-2020-10969)

    Vulnerability from nvd – Published: 2020-03-26 12:43 – Updated: 2024-08-04 11:21
    VLAI
    Summary
    FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    Impacted products
    Vendor Product Version
    debian debian_linux Affected: 8.0
        cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
    Create a notification for this product.
    netapp steelstore_cloud_integrated_storage Affected: *
        cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle agile_plm Affected: 9.3.6
        cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle autovue_for_agile_product_lifecycle_management Affected: 21.0.2
        cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle banking_digital_experience Affected: 18.1 , ≤ 18.3 (custom)
    Affected: 19.1 , ≤ 19.2 (custom)
    Affected: 20.1
    Affected: 2.4.0 , ≤ 2.9.0 (custom)
        cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_calendar_server Affected: 8.0.0.4.0 , ≤ 8.0.0.5.0 (custom)
        cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_diameter_signaling_router Affected: 8.0.0 , ≤ 8.2.2 (custom)
        cpe:2.3:a:oracle:communications_diameter_signaling_router:-:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_element_manager Affected: 8.2.0 , ≤ 8.2.2 (custom)
        cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_evolved_communications_application_server Affected: 7.1
        cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_instant_messaging_server Affected: 10.0.1.4.0
        cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_network_charging_and_control Affected: 6.0.1
        cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_network_charging_and_control Affected: 12.0.0 , ≤ 12.0.3 (custom)
        cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_session_route_manager Affected: 8.2.0 , ≤ 8.2.2 (custom)
        cpe:2.3:a:oracle:communications_session_route_manager:-:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle enterprise_manager_base_platform Affected: 13.3.0.0 , ≤ 13.4.0.0 (custom)
        cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle financial_services_analytical_applications_infrastructure Affected: 8.0.6 , ≤ 8.1.0 (custom)
        cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle financial_services_institutional_performance_analytics Affected: 8.0.6
    Affected: 8.0.7
    Affected: 8.1.0
        cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle financial_services_price_creation_and_discovery Affected: 8.0.6 , ≤ 8.0.7 (custom)
        cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle financial_services_retail_customer_analytics Affected: 8.0.6
        cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle global_lifecycle_management_opatch Affected: 0 , ≤ 12.2.0.1.20 (custom)
        cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle insurance_policy_administration_j2ee Affected: 11.0.2.25 , < 11.1.0.15 (custom)
        cpe:2.3:a:oracle:insurance_policy_administration_j2ee:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle jd_edwards_enterpriseone_orchestrator Affected: 0 , ≤ 9.2.4.2 (custom)
        cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:-:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle primavera_unifier Affected: 16.1
    Affected: 16.2
    Affected: 17.7 , ≤ 17.12 (custom)
    Affected: 18.8
    Affected: 19.12
        cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle retail_merchandising_system Affected: 15.0
        cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle retail_sales_audit Affected: 14.1
        cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle retail_service_backbone Affected: 14.1
    Affected: 15.0
    Affected: 16.0
        cpe:2.3:a:oracle:retail_service_backbone:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle retail_xstore_point_of_service Affected: 15.0 , ≤ 19.0 (custom)
        cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle weblogic_server Affected: 12.2.1.3.0 , ≤ 12.2.1.4.0 (custom)
        cpe:2.3:a:oracle:weblogic_server:*:*:*:*:*:*:*:*
    Create a notification for this product.
    fasterxml jackson-databind Affected: 2.0.0 , < 2.9.10.4 (custom)
        cpe:2.3:a:fasterxml:jackson-databind:2.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "debian_linux",
                "vendor": "debian",
                "versions": [
                  {
                    "status": "affected",
                    "version": "8.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "steelstore_cloud_integrated_storage",
                "vendor": "netapp",
                "versions": [
                  {
                    "status": "affected",
                    "version": "*"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "agile_plm",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "9.3.6"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "autovue_for_agile_product_lifecycle_management",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "21.0.2"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "banking_digital_experience",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "18.3",
                    "status": "affected",
                    "version": "18.1",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "19.2",
                    "status": "affected",
                    "version": "19.1",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "20.1"
                  },
                  {
                    "lessThanOrEqual": "2.9.0",
                    "status": "affected",
                    "version": "2.4.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_calendar_server",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.0.0.5.0",
                    "status": "affected",
                    "version": "8.0.0.4.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_diameter_signaling_router:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_diameter_signaling_router",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.2.2",
                    "status": "affected",
                    "version": "8.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_element_manager",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.2.2",
                    "status": "affected",
                    "version": "8.2.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_evolved_communications_application_server",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "7.1"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_instant_messaging_server",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "10.0.1.4.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_network_charging_and_control",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "6.0.1"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_network_charging_and_control",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "12.0.3",
                    "status": "affected",
                    "version": "12.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_session_route_manager:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_session_route_manager",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.2.2",
                    "status": "affected",
                    "version": "8.2.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "enterprise_manager_base_platform",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "13.4.0.0",
                    "status": "affected",
                    "version": "13.3.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "financial_services_analytical_applications_infrastructure",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.1.0",
                    "status": "affected",
                    "version": "8.0.6",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "financial_services_institutional_performance_analytics",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "8.0.6"
                  },
                  {
                    "status": "affected",
                    "version": "8.0.7"
                  },
                  {
                    "status": "affected",
                    "version": "8.1.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "financial_services_price_creation_and_discovery",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.0.7",
                    "status": "affected",
                    "version": "8.0.6",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "financial_services_retail_customer_analytics",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "8.0.6"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "global_lifecycle_management_opatch",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "12.2.0.1.20",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "insurance_policy_administration_j2ee",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThan": "11.1.0.15",
                    "status": "affected",
                    "version": "11.0.2.25",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jd_edwards_enterpriseone_orchestrator",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "9.2.4.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "primavera_unifier",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "16.1"
                  },
                  {
                    "status": "affected",
                    "version": "16.2"
                  },
                  {
                    "lessThanOrEqual": "17.12",
                    "status": "affected",
                    "version": "17.7",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "18.8"
                  },
                  {
                    "status": "affected",
                    "version": "19.12"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "retail_merchandising_system",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "15.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "retail_sales_audit",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "14.1"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:retail_service_backbone:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "retail_service_backbone",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "14.1"
                  },
                  {
                    "status": "affected",
                    "version": "15.0"
                  },
                  {
                    "status": "affected",
                    "version": "16.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "retail_xstore_point_of_service",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "19.0",
                    "status": "affected",
                    "version": "15.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:weblogic_server:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "weblogic_server",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "12.2.1.4.0",
                    "status": "affected",
                    "version": "12.2.1.3.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:fasterxml:jackson-databind:2.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jackson-databind",
                "vendor": "fasterxml",
                "versions": [
                  {
                    "lessThan": "2.9.10.4",
                    "status": "affected",
                    "version": "2.0.0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-10969",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-25T04:00:45.779442Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-502",
                    "description": "CWE-502 Deserialization of Untrusted Data",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T19:58:54.159Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T11:21:13.816Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[debian-lts-announce] 20200417 [SECURITY] [DLA 2179-1] jackson-databind security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20200403-0002/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/FasterXML/jackson-databind/issues/2642"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-10-20T10:38:44.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "[debian-lts-announce] 20200417 [SECURITY] [DLA 2179-1] jackson-databind security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20200403-0002/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/FasterXML/jackson-databind/issues/2642"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2020-10969",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[debian-lts-announce] 20200417 [SECURITY] [DLA 2179-1] jackson-databind security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html"
                },
                {
                  "name": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
                  "refsource": "MISC",
                  "url": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
                },
                {
                  "name": "https://security.netapp.com/advisory/ntap-20200403-0002/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20200403-0002/"
                },
                {
                  "name": "https://github.com/FasterXML/jackson-databind/issues/2642",
                  "refsource": "MISC",
                  "url": "https://github.com/FasterXML/jackson-databind/issues/2642"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpujan2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2020-10969",
        "datePublished": "2020-03-26T12:43:34.000Z",
        "dateReserved": "2020-03-26T00:00:00.000Z",
        "dateUpdated": "2024-08-04T11:21:13.816Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-10968 (GCVE-0-2020-10968)

    Vulnerability from nvd – Published: 2020-03-26 12:43 – Updated: 2024-08-04 11:21
    VLAI
    Summary
    FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    Impacted products
    Vendor Product Version
    debian debian_linux Affected: 8.0
        cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
    Create a notification for this product.
    netapp steelstore_cloud_integrated_storage Affected: *
        cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle agile_plm Affected: 9.3.6
        cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle autovue_for_agile_product_lifecycle_management Affected: 21.0.2
        cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle banking_digital_experience Affected: 18.1 , ≤ 18.3 (custom)
    Affected: 19.1 , ≤ 19.2 (custom)
    Affected: 20.1
    Affected: 2.4.0 , ≤ 2.9.0 (custom)
        cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_calendar_server Affected: 8.0.0.4.0 , ≤ 8.0.0.5.0 (custom)
        cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_diameter_signaling_router Affected: 8.0.0 , ≤ 8.2.2 (custom)
        cpe:2.3:a:oracle:communications_diameter_signaling_router:-:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_element_manager Affected: 8.2.0 , ≤ 8.2.2 (custom)
        cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_evolved_communications_application_server Affected: 7.1
        cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_instant_messaging_server Affected: 10.0.1.4.0
        cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_network_charging_and_control Affected: 6.0.1
        cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_network_charging_and_control Affected: 12.0.0 , ≤ 12.0.3 (custom)
        cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_session_route_manager Affected: 8.2.0 , ≤ 8.2.2 (custom)
        cpe:2.3:a:oracle:communications_session_route_manager:-:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle enterprise_manager_base_platform Affected: 13.3.0.0 , ≤ 13.4.0.0 (custom)
        cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle financial_services_analytical_applications_infrastructure Affected: 8.0.6 , ≤ 8.1.0 (custom)
        cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle financial_services_institutional_performance_analytics Affected: 8.0.6
    Affected: 8.0.7
    Affected: 8.1.0
        cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle financial_services_price_creation_and_discovery Affected: 8.0.6 , ≤ 8.0.7 (custom)
        cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle financial_services_retail_customer_analytics Affected: 8.0.6
        cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle global_lifecycle_management_opatch Affected: 0 , ≤ 12.2.0.1.20 (custom)
        cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle insurance_policy_administration_j2ee Affected: 11.0.2.25 , < 11.1.0.15 (custom)
        cpe:2.3:a:oracle:insurance_policy_administration_j2ee:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle jd_edwards_enterpriseone_orchestrator Affected: 0 , ≤ 9.2.4.2 (custom)
        cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:-:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle primavera_unifier Affected: 16.1
    Affected: 16.2
    Affected: 17.7 , ≤ 17.12 (custom)
    Affected: 18.8
    Affected: 19.12
        cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle retail_merchandising_system Affected: 15.0
        cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle retail_sales_audit Affected: 14.1
        cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle retail_service_backbone Affected: 14.1
    Affected: 15.0
    Affected: 16.0
        cpe:2.3:a:oracle:retail_service_backbone:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle retail_xstore_point_of_service Affected: 15.0 , ≤ 19.0 (custom)
        cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle weblogic_server Affected: 12.2.1.3.0 , ≤ 12.2.1.4.0 (custom)
        cpe:2.3:a:oracle:weblogic_server:*:*:*:*:*:*:*:*
    Create a notification for this product.
    fasterxml jackson-databind Affected: 2.0.0 , < 2.9.10.4 (custom)
        cpe:2.3:a:fasterxml:jackson-databind:2.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "debian_linux",
                "vendor": "debian",
                "versions": [
                  {
                    "status": "affected",
                    "version": "8.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "steelstore_cloud_integrated_storage",
                "vendor": "netapp",
                "versions": [
                  {
                    "status": "affected",
                    "version": "*"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "agile_plm",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "9.3.6"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "autovue_for_agile_product_lifecycle_management",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "21.0.2"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "banking_digital_experience",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "18.3",
                    "status": "affected",
                    "version": "18.1",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "19.2",
                    "status": "affected",
                    "version": "19.1",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "20.1"
                  },
                  {
                    "lessThanOrEqual": "2.9.0",
                    "status": "affected",
                    "version": "2.4.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_calendar_server",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.0.0.5.0",
                    "status": "affected",
                    "version": "8.0.0.4.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_diameter_signaling_router:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_diameter_signaling_router",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.2.2",
                    "status": "affected",
                    "version": "8.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_element_manager",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.2.2",
                    "status": "affected",
                    "version": "8.2.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_evolved_communications_application_server",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "7.1"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_instant_messaging_server",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "10.0.1.4.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_network_charging_and_control",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "6.0.1"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_network_charging_and_control",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "12.0.3",
                    "status": "affected",
                    "version": "12.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_session_route_manager:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_session_route_manager",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.2.2",
                    "status": "affected",
                    "version": "8.2.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "enterprise_manager_base_platform",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "13.4.0.0",
                    "status": "affected",
                    "version": "13.3.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "financial_services_analytical_applications_infrastructure",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.1.0",
                    "status": "affected",
                    "version": "8.0.6",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "financial_services_institutional_performance_analytics",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "8.0.6"
                  },
                  {
                    "status": "affected",
                    "version": "8.0.7"
                  },
                  {
                    "status": "affected",
                    "version": "8.1.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "financial_services_price_creation_and_discovery",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.0.7",
                    "status": "affected",
                    "version": "8.0.6",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "financial_services_retail_customer_analytics",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "8.0.6"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "global_lifecycle_management_opatch",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "12.2.0.1.20",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "insurance_policy_administration_j2ee",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThan": "11.1.0.15",
                    "status": "affected",
                    "version": "11.0.2.25",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jd_edwards_enterpriseone_orchestrator",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "9.2.4.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "primavera_unifier",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "16.1"
                  },
                  {
                    "status": "affected",
                    "version": "16.2"
                  },
                  {
                    "lessThanOrEqual": "17.12",
                    "status": "affected",
                    "version": "17.7",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "18.8"
                  },
                  {
                    "status": "affected",
                    "version": "19.12"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "retail_merchandising_system",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "15.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "retail_sales_audit",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "14.1"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:retail_service_backbone:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "retail_service_backbone",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "14.1"
                  },
                  {
                    "status": "affected",
                    "version": "15.0"
                  },
                  {
                    "status": "affected",
                    "version": "16.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "retail_xstore_point_of_service",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "19.0",
                    "status": "affected",
                    "version": "15.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:weblogic_server:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "weblogic_server",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "12.2.1.4.0",
                    "status": "affected",
                    "version": "12.2.1.3.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:fasterxml:jackson-databind:2.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jackson-databind",
                "vendor": "fasterxml",
                "versions": [
                  {
                    "lessThan": "2.9.10.4",
                    "status": "affected",
                    "version": "2.0.0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-10968",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-25T04:00:46.867668Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-502",
                    "description": "CWE-502 Deserialization of Untrusted Data",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T19:57:31.283Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T11:21:14.276Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[debian-lts-announce] 20200417 [SECURITY] [DLA 2179-1] jackson-databind security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20200403-0002/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/FasterXML/jackson-databind/issues/2662"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy)."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-10-20T10:38:43.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "[debian-lts-announce] 20200417 [SECURITY] [DLA 2179-1] jackson-databind security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20200403-0002/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/FasterXML/jackson-databind/issues/2662"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2020-10968",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy)."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[debian-lts-announce] 20200417 [SECURITY] [DLA 2179-1] jackson-databind security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html"
                },
                {
                  "name": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
                  "refsource": "MISC",
                  "url": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
                },
                {
                  "name": "https://security.netapp.com/advisory/ntap-20200403-0002/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20200403-0002/"
                },
                {
                  "name": "https://github.com/FasterXML/jackson-databind/issues/2662",
                  "refsource": "MISC",
                  "url": "https://github.com/FasterXML/jackson-databind/issues/2662"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpujan2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2020-10968",
        "datePublished": "2020-03-26T12:43:45.000Z",
        "dateReserved": "2020-03-26T00:00:00.000Z",
        "dateUpdated": "2024-08-04T11:21:14.276Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-10673 (GCVE-0-2020-10673)

    Vulnerability from nvd – Published: 2020-03-18 21:17 – Updated: 2025-08-27 20:32
    VLAI
    Summary
    FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    Impacted products
    Vendor Product Version
    debian debian_linux Affected: 8.0
        cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
    Create a notification for this product.
    netapp steelstore_cloud_integrated_storage Affected: *
        cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle agile_plm Affected: 9.3.6
        cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle autovue_for_agile_product_lifecycle_management Affected: 21.0.2
        cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle banking_digital_experience Affected: 18.1 , ≤ 18.3 (custom)
    Affected: 19.1 , ≤ 19.2 (custom)
    Affected: 20.1
    Affected: 2.4.0 , ≤ 2.9.0 (custom)
        cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_calendar_server Affected: 8.0.0.4.0 , ≤ 8.0.0.5.0 (custom)
        cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_diameter_signaling_router Affected: 8.0.0 , ≤ 8.2.2 (custom)
        cpe:2.3:a:oracle:communications_diameter_signaling_router:-:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_element_manager Affected: 8.2.0 , ≤ 8.2.2 (custom)
        cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_evolved_communications_application_server Affected: 7.1
        cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_instant_messaging_server Affected: 10.0.1.4.0
        cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_network_charging_and_control Affected: 6.0.1
        cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_network_charging_and_control Affected: 12.0.0 , ≤ 12.0.3 (custom)
        cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_session_route_manager Affected: 8.2.0 , ≤ 8.2.2 (custom)
        cpe:2.3:a:oracle:communications_session_route_manager:-:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle enterprise_manager_base_platform Affected: 13.3.0.0 , ≤ 13.4.0.0 (custom)
        cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle financial_services_analytical_applications_infrastructure Affected: 8.0.6 , ≤ 8.1.0 (custom)
        cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle financial_services_institutional_performance_analytics Affected: 8.0.6
    Affected: 8.0.7
    Affected: 8.1.0
        cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle financial_services_price_creation_and_discovery Affected: 8.0.6 , ≤ 8.0.7 (custom)
        cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle financial_services_retail_customer_analytics Affected: 8.0.6
        cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle global_lifecycle_management_opatch Affected: 0 , ≤ 12.2.0.1.20 (custom)
        cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle insurance_policy_administration_j2ee Affected: 11.0.2.25 , < 11.1.0.15 (custom)
        cpe:2.3:a:oracle:insurance_policy_administration_j2ee:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle jd_edwards_enterpriseone_orchestrator Affected: 0 , ≤ 9.2.4.2 (custom)
        cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:-:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle primavera_unifier Affected: 16.1
    Affected: 16.2
    Affected: 17.7 , ≤ 17.12 (custom)
    Affected: 18.8
    Affected: 19.12
        cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle retail_merchandising_system Affected: 15.0
        cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle retail_sales_audit Affected: 14.1
        cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle retail_service_backbone Affected: 14.1
    Affected: 15.0
    Affected: 16.0
        cpe:2.3:a:oracle:retail_service_backbone:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle retail_xstore_point_of_service Affected: 15.0 , ≤ 19.0 (custom)
        cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle weblogic_server Affected: 12.2.1.3.0 , ≤ 12.2.1.4.0 (custom)
        cpe:2.3:a:oracle:weblogic_server:*:*:*:*:*:*:*:*
    Create a notification for this product.
    fasterxml jackson-databind Affected: 2.0.0 , < 2.9.10.4 (custom)
        cpe:2.3:a:fasterxml:jackson-databind:2.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "debian_linux",
                "vendor": "debian",
                "versions": [
                  {
                    "status": "affected",
                    "version": "8.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "steelstore_cloud_integrated_storage",
                "vendor": "netapp",
                "versions": [
                  {
                    "status": "affected",
                    "version": "*"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "agile_plm",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "9.3.6"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "autovue_for_agile_product_lifecycle_management",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "21.0.2"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "banking_digital_experience",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "18.3",
                    "status": "affected",
                    "version": "18.1",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "19.2",
                    "status": "affected",
                    "version": "19.1",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "20.1"
                  },
                  {
                    "lessThanOrEqual": "2.9.0",
                    "status": "affected",
                    "version": "2.4.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "banking_digital_experience",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "18.3",
                    "status": "affected",
                    "version": "18.1",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "19.2",
                    "status": "affected",
                    "version": "19.1",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "20.1"
                  },
                  {
                    "lessThanOrEqual": "2.9.0",
                    "status": "affected",
                    "version": "2.4.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "banking_digital_experience",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "18.3",
                    "status": "affected",
                    "version": "18.1",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "19.2",
                    "status": "affected",
                    "version": "19.1",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "20.1"
                  },
                  {
                    "lessThanOrEqual": "2.9.0",
                    "status": "affected",
                    "version": "2.4.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "banking_digital_experience",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "18.3",
                    "status": "affected",
                    "version": "18.1",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "19.2",
                    "status": "affected",
                    "version": "19.1",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "20.1"
                  },
                  {
                    "lessThanOrEqual": "2.9.0",
                    "status": "affected",
                    "version": "2.4.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_calendar_server",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.0.0.5.0",
                    "status": "affected",
                    "version": "8.0.0.4.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_diameter_signaling_router:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_diameter_signaling_router",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.2.2",
                    "status": "affected",
                    "version": "8.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_element_manager",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.2.2",
                    "status": "affected",
                    "version": "8.2.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_evolved_communications_application_server",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "7.1"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_instant_messaging_server",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "10.0.1.4.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_network_charging_and_control",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "6.0.1"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_network_charging_and_control",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "12.0.3",
                    "status": "affected",
                    "version": "12.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_session_route_manager:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_session_route_manager",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.2.2",
                    "status": "affected",
                    "version": "8.2.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "enterprise_manager_base_platform",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "13.4.0.0",
                    "status": "affected",
                    "version": "13.3.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "financial_services_analytical_applications_infrastructure",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.1.0",
                    "status": "affected",
                    "version": "8.0.6",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "financial_services_institutional_performance_analytics",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "8.0.6"
                  },
                  {
                    "status": "affected",
                    "version": "8.0.7"
                  },
                  {
                    "status": "affected",
                    "version": "8.1.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "financial_services_institutional_performance_analytics",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "8.0.6"
                  },
                  {
                    "status": "affected",
                    "version": "8.0.7"
                  },
                  {
                    "status": "affected",
                    "version": "8.1.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "financial_services_institutional_performance_analytics",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "8.0.6"
                  },
                  {
                    "status": "affected",
                    "version": "8.0.7"
                  },
                  {
                    "status": "affected",
                    "version": "8.1.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "financial_services_price_creation_and_discovery",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.0.7",
                    "status": "affected",
                    "version": "8.0.6",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "financial_services_retail_customer_analytics",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "8.0.6"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "global_lifecycle_management_opatch",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "12.2.0.1.20",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "insurance_policy_administration_j2ee",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThan": "11.1.0.15",
                    "status": "affected",
                    "version": "11.0.2.25",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jd_edwards_enterpriseone_orchestrator",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "9.2.4.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "primavera_unifier",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "16.1"
                  },
                  {
                    "status": "affected",
                    "version": "16.2"
                  },
                  {
                    "lessThanOrEqual": "17.12",
                    "status": "affected",
                    "version": "17.7",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "18.8"
                  },
                  {
                    "status": "affected",
                    "version": "19.12"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "primavera_unifier",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "16.1"
                  },
                  {
                    "status": "affected",
                    "version": "16.2"
                  },
                  {
                    "lessThanOrEqual": "17.12",
                    "status": "affected",
                    "version": "17.7",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "18.8"
                  },
                  {
                    "status": "affected",
                    "version": "19.12"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "primavera_unifier",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "16.1"
                  },
                  {
                    "status": "affected",
                    "version": "16.2"
                  },
                  {
                    "lessThanOrEqual": "17.12",
                    "status": "affected",
                    "version": "17.7",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "18.8"
                  },
                  {
                    "status": "affected",
                    "version": "19.12"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "primavera_unifier",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "16.1"
                  },
                  {
                    "status": "affected",
                    "version": "16.2"
                  },
                  {
                    "lessThanOrEqual": "17.12",
                    "status": "affected",
                    "version": "17.7",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "18.8"
                  },
                  {
                    "status": "affected",
                    "version": "19.12"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "primavera_unifier",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "16.1"
                  },
                  {
                    "status": "affected",
                    "version": "16.2"
                  },
                  {
                    "lessThanOrEqual": "17.12",
                    "status": "affected",
                    "version": "17.7",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "18.8"
                  },
                  {
                    "status": "affected",
                    "version": "19.12"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "retail_merchandising_system",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "15.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "retail_sales_audit",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "14.1"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:retail_service_backbone:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "retail_service_backbone",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "14.1"
                  },
                  {
                    "status": "affected",
                    "version": "15.0"
                  },
                  {
                    "status": "affected",
                    "version": "16.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:retail_service_backbone:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "retail_service_backbone",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "14.1"
                  },
                  {
                    "status": "affected",
                    "version": "15.0"
                  },
                  {
                    "status": "affected",
                    "version": "16.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:retail_service_backbone:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "retail_service_backbone",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "14.1"
                  },
                  {
                    "status": "affected",
                    "version": "15.0"
                  },
                  {
                    "status": "affected",
                    "version": "16.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "retail_xstore_point_of_service",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "19.0",
                    "status": "affected",
                    "version": "15.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:weblogic_server:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "weblogic_server",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "12.2.1.4.0",
                    "status": "affected",
                    "version": "12.2.1.3.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:fasterxml:jackson-databind:2.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jackson-databind",
                "vendor": "fasterxml",
                "versions": [
                  {
                    "lessThan": "2.9.10.4",
                    "status": "affected",
                    "version": "2.0.0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-10673",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-25T04:00:47.873963Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-502",
                    "description": "CWE-502 Deserialization of Untrusted Data",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-08-27T20:32:51.171Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T11:06:10.672Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[debian-lts-announce] 20200322 [SECURITY] [DLA 2153-1] jackson-databind security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00027.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20200403-0002/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/FasterXML/jackson-databind/issues/2660"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus)."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-10-20T10:38:39.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "[debian-lts-announce] 20200322 [SECURITY] [DLA 2153-1] jackson-databind security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00027.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20200403-0002/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/FasterXML/jackson-databind/issues/2660"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2020-10673",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus)."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[debian-lts-announce] 20200322 [SECURITY] [DLA 2153-1] jackson-databind security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00027.html"
                },
                {
                  "name": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
                  "refsource": "MISC",
                  "url": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
                },
                {
                  "name": "https://security.netapp.com/advisory/ntap-20200403-0002/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20200403-0002/"
                },
                {
                  "name": "https://github.com/FasterXML/jackson-databind/issues/2660",
                  "refsource": "MISC",
                  "url": "https://github.com/FasterXML/jackson-databind/issues/2660"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpujan2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2020-10673",
        "datePublished": "2020-03-18T21:17:26.000Z",
        "dateReserved": "2020-03-18T00:00:00.000Z",
        "dateUpdated": "2025-08-27T20:32:51.171Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-10672 (GCVE-0-2020-10672)

    Vulnerability from nvd – Published: 2020-03-18 21:17 – Updated: 2024-08-04 11:06
    VLAI
    Summary
    FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    Impacted products
    Vendor Product Version
    debian debian_linux Affected: 8.0
        cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
    Create a notification for this product.
    netapp steelstore_cloud_integrated_storage Affected: *
        cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle agile_plm Affected: 9.3.6
        cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle autovue_for_agile_product_lifecycle_management Affected: 21.0.2
        cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle banking_digital_experience Affected: 18.1 , ≤ 18.3 (custom)
    Affected: 19.1 , ≤ 19.2 (custom)
    Affected: 20.1
    Affected: 2.4.0 , ≤ 2.9.0 (custom)
        cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_calendar_server Affected: 8.0.0.4.0 , ≤ 8.0.0.5.0 (custom)
        cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_diameter_signaling_router Affected: 8.0.0 , ≤ 8.2.2 (custom)
        cpe:2.3:a:oracle:communications_diameter_signaling_router:-:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_element_manager Affected: 8.2.0 , ≤ 8.2.2 (custom)
        cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_evolved_communications_application_server Affected: 7.1
        cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_instant_messaging_server Affected: 10.0.1.4.0
        cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_network_charging_and_control Affected: 6.0.1
        cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_network_charging_and_control Affected: 12.0.0 , ≤ 12.0.3 (custom)
        cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_session_route_manager Affected: 8.2.0 , ≤ 8.2.2 (custom)
        cpe:2.3:a:oracle:communications_session_route_manager:-:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle enterprise_manager_base_platform Affected: 13.3.0.0 , ≤ 13.4.0.0 (custom)
        cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle financial_services_analytical_applications_infrastructure Affected: 8.0.6 , ≤ 8.1.0 (custom)
        cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle financial_services_institutional_performance_analytics Affected: 8.0.6
    Affected: 8.0.7
    Affected: 8.1.0
        cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle financial_services_price_creation_and_discovery Affected: 8.0.6 , ≤ 8.0.7 (custom)
        cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle financial_services_retail_customer_analytics Affected: 8.0.6
        cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle global_lifecycle_management_opatch Affected: 0 , ≤ 12.2.0.1.20 (custom)
        cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle insurance_policy_administration_j2ee Affected: 11.0.2.25 , < 11.1.0.15 (custom)
        cpe:2.3:a:oracle:insurance_policy_administration_j2ee:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle jd_edwards_enterpriseone_orchestrator Affected: 0 , ≤ 9.2.4.2 (custom)
        cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:-:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle primavera_unifier Affected: 16.1
    Affected: 16.2
    Affected: 17.7 , ≤ 17.12 (custom)
    Affected: 18.8
    Affected: 19.12
        cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle retail_merchandising_system Affected: 15.0
        cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle retail_sales_audit Affected: 14.1
        cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle retail_service_backbone Affected: 14.1
    Affected: 15.0
    Affected: 16.0
        cpe:2.3:a:oracle:retail_service_backbone:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle retail_xstore_point_of_service Affected: 15.0 , ≤ 19.0 (custom)
        cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle weblogic_server Affected: 12.2.1.3.0 , ≤ 12.2.1.4.0 (custom)
        cpe:2.3:a:oracle:weblogic_server:*:*:*:*:*:*:*:*
    Create a notification for this product.
    fasterxml jackson-databind Affected: 2.0.0 , < 2.9.10.4 (custom)
        cpe:2.3:a:fasterxml:jackson-databind:2.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "debian_linux",
                "vendor": "debian",
                "versions": [
                  {
                    "status": "affected",
                    "version": "8.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "steelstore_cloud_integrated_storage",
                "vendor": "netapp",
                "versions": [
                  {
                    "status": "affected",
                    "version": "*"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "agile_plm",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "9.3.6"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "autovue_for_agile_product_lifecycle_management",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "21.0.2"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "banking_digital_experience",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "18.3",
                    "status": "affected",
                    "version": "18.1",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "19.2",
                    "status": "affected",
                    "version": "19.1",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "20.1"
                  },
                  {
                    "lessThanOrEqual": "2.9.0",
                    "status": "affected",
                    "version": "2.4.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_calendar_server",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.0.0.5.0",
                    "status": "affected",
                    "version": "8.0.0.4.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_diameter_signaling_router:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_diameter_signaling_router",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.2.2",
                    "status": "affected",
                    "version": "8.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_element_manager",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.2.2",
                    "status": "affected",
                    "version": "8.2.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_evolved_communications_application_server",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "7.1"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_instant_messaging_server",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "10.0.1.4.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_network_charging_and_control",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "6.0.1"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_network_charging_and_control",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "12.0.3",
                    "status": "affected",
                    "version": "12.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_session_route_manager:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_session_route_manager",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.2.2",
                    "status": "affected",
                    "version": "8.2.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "enterprise_manager_base_platform",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "13.4.0.0",
                    "status": "affected",
                    "version": "13.3.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "financial_services_analytical_applications_infrastructure",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.1.0",
                    "status": "affected",
                    "version": "8.0.6",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "financial_services_institutional_performance_analytics",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "8.0.6"
                  },
                  {
                    "status": "affected",
                    "version": "8.0.7"
                  },
                  {
                    "status": "affected",
                    "version": "8.1.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "financial_services_price_creation_and_discovery",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.0.7",
                    "status": "affected",
                    "version": "8.0.6",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "financial_services_retail_customer_analytics",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "8.0.6"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "global_lifecycle_management_opatch",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "12.2.0.1.20",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "insurance_policy_administration_j2ee",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThan": "11.1.0.15",
                    "status": "affected",
                    "version": "11.0.2.25",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jd_edwards_enterpriseone_orchestrator",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "9.2.4.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "primavera_unifier",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "16.1"
                  },
                  {
                    "status": "affected",
                    "version": "16.2"
                  },
                  {
                    "lessThanOrEqual": "17.12",
                    "status": "affected",
                    "version": "17.7",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "18.8"
                  },
                  {
                    "status": "affected",
                    "version": "19.12"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "retail_merchandising_system",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "15.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "retail_sales_audit",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "14.1"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:retail_service_backbone:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "retail_service_backbone",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "14.1"
                  },
                  {
                    "status": "affected",
                    "version": "15.0"
                  },
                  {
                    "status": "affected",
                    "version": "16.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "retail_xstore_point_of_service",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "19.0",
                    "status": "affected",
                    "version": "15.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:weblogic_server:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "weblogic_server",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "12.2.1.4.0",
                    "status": "affected",
                    "version": "12.2.1.3.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:fasterxml:jackson-databind:2.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jackson-databind",
                "vendor": "fasterxml",
                "versions": [
                  {
                    "lessThan": "2.9.10.4",
                    "status": "affected",
                    "version": "2.0.0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-10672",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-25T04:00:48.872316Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-502",
                    "description": "CWE-502 Deserialization of Untrusted Data",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T19:56:32.131Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T11:06:11.143Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[debian-lts-announce] 20200322 [SECURITY] [DLA 2153-1] jackson-databind security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00027.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/FasterXML/jackson-databind/issues/2659"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20200403-0002/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms)."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-10-20T10:38:38.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "[debian-lts-announce] 20200322 [SECURITY] [DLA 2153-1] jackson-databind security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00027.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/FasterXML/jackson-databind/issues/2659"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20200403-0002/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2020-10672",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms)."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[debian-lts-announce] 20200322 [SECURITY] [DLA 2153-1] jackson-databind security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00027.html"
                },
                {
                  "name": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
                  "refsource": "MISC",
                  "url": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
                },
                {
                  "name": "https://github.com/FasterXML/jackson-databind/issues/2659",
                  "refsource": "MISC",
                  "url": "https://github.com/FasterXML/jackson-databind/issues/2659"
                },
                {
                  "name": "https://security.netapp.com/advisory/ntap-20200403-0002/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20200403-0002/"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpujan2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2020-10672",
        "datePublished": "2020-03-18T21:17:43.000Z",
        "dateReserved": "2020-03-18T00:00:00.000Z",
        "dateUpdated": "2024-08-04T11:06:11.143Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-9546 (GCVE-0-2020-9546)

    Vulnerability from nvd – Published: 2020-03-02 03:59 – Updated: 2024-08-04 10:34
    VLAI
    Summary
    FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T10:34:39.829Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[debian-lts-announce] 20200305 [SECURITY] [DLA 2135-1] jackson-databind security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00008.html"
              },
              {
                "name": "[zookeeper-issues] 20200307 [jira] [Created] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/rb6fecb5e96a6d61e175ff49f33f2713798dd05cf03067c169d195596%40%3Cissues.zookeeper.apache.org%3E"
              },
              {
                "name": "[zookeeper-dev] 20200307 [jira] [Created] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r9464a40d25c3ba1a55622db72f113eb494a889656962d098c70c5bb1%40%3Cdev.zookeeper.apache.org%3E"
              },
              {
                "name": "[zookeeper-issues] 20200307 [jira] [Updated] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/rdd49ab9565bec436a896bc00c4b9fc9dce1598e106c318524fbdfec6%40%3Cissues.zookeeper.apache.org%3E"
              },
              {
                "name": "[zookeeper-issues] 20200308 [jira] [Commented] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r35d30db00440ef63b791c4b7f7acb036e14d4a23afa2a249cb66c0fd%40%3Cissues.zookeeper.apache.org%3E"
              },
              {
                "name": "[zookeeper-issues] 20200319 [jira] [Commented] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r98c9b6e4c9e17792e2cd1ec3e4aa20b61a791939046d3f10888176bb%40%3Cissues.zookeeper.apache.org%3E"
              },
              {
                "name": "[zookeeper-issues] 20200319 [jira] [Updated] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/rd5a4457be4623038c3989294429bc063eec433a2e55995d81591e2ca%40%3Cissues.zookeeper.apache.org%3E"
              },
              {
                "name": "[zookeeper-issues] 20200430 [jira] [Resolved] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/rdd4df698d5d8e635144d2994922bf0842e933809eae259521f3b5097%40%3Cissues.zookeeper.apache.org%3E"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/FasterXML/jackson-databind/issues/2631"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r893a0104e50c1c2559eb9a5812add28ae8c3e5f43712947a9847ec18%40%3Cnotifications.zookeeper.apache.org%3E"
              },
              {
                "name": "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20200904-0006/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config)."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-10-20T10:40:28.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "[debian-lts-announce] 20200305 [SECURITY] [DLA 2135-1] jackson-databind security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00008.html"
            },
            {
              "name": "[zookeeper-issues] 20200307 [jira] [Created] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/rb6fecb5e96a6d61e175ff49f33f2713798dd05cf03067c169d195596%40%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-dev] 20200307 [jira] [Created] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/r9464a40d25c3ba1a55622db72f113eb494a889656962d098c70c5bb1%40%3Cdev.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-issues] 20200307 [jira] [Updated] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/rdd49ab9565bec436a896bc00c4b9fc9dce1598e106c318524fbdfec6%40%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-issues] 20200308 [jira] [Commented] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/r35d30db00440ef63b791c4b7f7acb036e14d4a23afa2a249cb66c0fd%40%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-issues] 20200319 [jira] [Commented] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/r98c9b6e4c9e17792e2cd1ec3e4aa20b61a791939046d3f10888176bb%40%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-issues] 20200319 [jira] [Updated] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/rd5a4457be4623038c3989294429bc063eec433a2e55995d81591e2ca%40%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-issues] 20200430 [jira] [Resolved] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/rdd4df698d5d8e635144d2994922bf0842e933809eae259521f3b5097%40%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/FasterXML/jackson-databind/issues/2631"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.apache.org/thread.html/r893a0104e50c1c2559eb9a5812add28ae8c3e5f43712947a9847ec18%40%3Cnotifications.zookeeper.apache.org%3E"
            },
            {
              "name": "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20200904-0006/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2020-9546",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config)."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[debian-lts-announce] 20200305 [SECURITY] [DLA 2135-1] jackson-databind security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00008.html"
                },
                {
                  "name": "[zookeeper-issues] 20200307 [jira] [Created] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/rb6fecb5e96a6d61e175ff49f33f2713798dd05cf03067c169d195596@%3Cissues.zookeeper.apache.org%3E"
                },
                {
                  "name": "[zookeeper-dev] 20200307 [jira] [Created] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/r9464a40d25c3ba1a55622db72f113eb494a889656962d098c70c5bb1@%3Cdev.zookeeper.apache.org%3E"
                },
                {
                  "name": "[zookeeper-issues] 20200307 [jira] [Updated] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/rdd49ab9565bec436a896bc00c4b9fc9dce1598e106c318524fbdfec6@%3Cissues.zookeeper.apache.org%3E"
                },
                {
                  "name": "[zookeeper-issues] 20200308 [jira] [Commented] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/r35d30db00440ef63b791c4b7f7acb036e14d4a23afa2a249cb66c0fd@%3Cissues.zookeeper.apache.org%3E"
                },
                {
                  "name": "[zookeeper-issues] 20200319 [jira] [Commented] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/r98c9b6e4c9e17792e2cd1ec3e4aa20b61a791939046d3f10888176bb@%3Cissues.zookeeper.apache.org%3E"
                },
                {
                  "name": "[zookeeper-issues] 20200319 [jira] [Updated] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/rd5a4457be4623038c3989294429bc063eec433a2e55995d81591e2ca@%3Cissues.zookeeper.apache.org%3E"
                },
                {
                  "name": "[zookeeper-issues] 20200430 [jira] [Resolved] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/rdd4df698d5d8e635144d2994922bf0842e933809eae259521f3b5097@%3Cissues.zookeeper.apache.org%3E"
                },
                {
                  "name": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
                  "refsource": "MISC",
                  "url": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
                },
                {
                  "name": "https://github.com/FasterXML/jackson-databind/issues/2631",
                  "refsource": "MISC",
                  "url": "https://github.com/FasterXML/jackson-databind/issues/2631"
                },
                {
                  "name": "https://lists.apache.org/thread.html/r893a0104e50c1c2559eb9a5812add28ae8c3e5f43712947a9847ec18@%3Cnotifications.zookeeper.apache.org%3E",
                  "refsource": "MISC",
                  "url": "https://lists.apache.org/thread.html/r893a0104e50c1c2559eb9a5812add28ae8c3e5f43712947a9847ec18@%3Cnotifications.zookeeper.apache.org%3E"
                },
                {
                  "name": "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
                },
                {
                  "name": "https://security.netapp.com/advisory/ntap-20200904-0006/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20200904-0006/"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpujan2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2020-9546",
        "datePublished": "2020-03-02T03:59:18.000Z",
        "dateReserved": "2020-03-02T00:00:00.000Z",
        "dateUpdated": "2024-08-04T10:34:39.829Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-11358 (GCVE-0-2019-11358)

    Vulnerability from nvd – Published: 2019-04-19 00:00 – Updated: 2024-11-15 15:11
    VLAI
    Summary
    jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://www.drupal.org/sa-core-2019-006
    https://www.synology.com/security/advisory/Synolo…
    https://www.debian.org/security/2019/dsa-4434 vendor-advisory
    https://seclists.org/bugtraq/2019/Apr/32 mailing-list
    http://www.securityfocus.com/bid/108023 vdb-entry
    https://lists.apache.org/thread.html/08720ef215ee… mailing-list
    https://lists.apache.org/thread.html/b736d0784cf0… mailing-list
    https://lists.apache.org/thread.html/88fb0362fd40… mailing-list
    https://lists.apache.org/thread.html/5928aa293e39… mailing-list
    https://lists.apache.org/thread.html/6097cdbd6f0a… mailing-list
    https://lists.debian.org/debian-lts-announce/2019… mailing-list
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://seclists.org/bugtraq/2019/May/18 mailing-list
    http://packetstormsecurity.com/files/152787/dotCM…
    http://seclists.org/fulldisclosure/2019/May/11 mailing-list
    http://seclists.org/fulldisclosure/2019/May/10 mailing-list
    http://seclists.org/fulldisclosure/2019/May/13 mailing-list
    https://lists.debian.org/debian-lts-announce/2019… mailing-list
    http://www.openwall.com/lists/oss-security/2019/06/03/2 mailing-list
    http://packetstormsecurity.com/files/153237/Retir…
    https://access.redhat.com/errata/RHSA-2019:1456 vendor-advisory
    https://www.debian.org/security/2019/dsa-4460 vendor-advisory
    https://seclists.org/bugtraq/2019/Jun/12 mailing-list
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisory
    https://access.redhat.com/errata/RHBA-2019:1570 vendor-advisory
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisory
    https://lists.apache.org/thread.html/ba79cf165874… mailing-list
    https://access.redhat.com/errata/RHSA-2019:2587 vendor-advisory
    https://security.netapp.com/advisory/ntap-2019091…
    https://access.redhat.com/errata/RHSA-2019:3023 vendor-advisory
    https://access.redhat.com/errata/RHSA-2019:3024 vendor-advisory
    https://lists.apache.org/thread.html/b0656d359c7d… mailing-list
    https://lists.apache.org/thread.html/519eb0fd4564… mailing-list
    https://lists.apache.org/thread.html/f9bc3e55f4e2… mailing-list
    https://lists.apache.org/thread.html/bcce5a9c532b… mailing-list
    https://www.tenable.com/security/tns-2019-08
    https://lists.apache.org/thread.html/rca37935d661… mailing-list
    https://lists.debian.org/debian-lts-announce/2020… mailing-list
    http://packetstormsecurity.com/files/156743/Octob…
    https://www.tenable.com/security/tns-2020-02
    https://lists.apache.org/thread.html/r38f0d1aa3c9… mailing-list
    https://lists.apache.org/thread.html/r7aac081cbdd… mailing-list
    https://lists.apache.org/thread.html/rac25da84ecd… mailing-list
    https://lists.apache.org/thread.html/r2041a75d3fc… mailing-list
    https://lists.apache.org/thread.html/r7e8ebccb7c0… mailing-list
    https://lists.apache.org/thread.html/r41b5bfe009c… mailing-list
    https://lists.apache.org/thread.html/r2baacab6e0a… mailing-list
    https://www.oracle.com/security-alerts/cpuapr2020.html
    https://lists.apache.org/thread.html/r7d64895cc4d… mailing-list
    https://www.oracle.com/security-alerts/cpujul2020.html
    https://www.oracle.com/technetwork/security-advis…
    https://www.oracle.com/technetwork/security-advis…
    https://www.oracle.com/security-alerts/cpujan2020.html
    https://backdropcms.org/security/backdrop-sa-core…
    https://blog.jquery.com/2019/04/10/jquery-3-4-0-r…
    https://snyk.io/vuln/SNYK-JS-JQUERY-174006
    https://github.com/jquery/jquery/pull/4333
    https://github.com/jquery/jquery/commit/753d591ae…
    https://www.privacy-wise.com/mitigating-cve-2019-…
    https://www.oracle.com/security-alerts/cpuoct2020.html
    https://kb.pulsesecure.net/articles/Pulse_Securit…
    https://www.oracle.com/security-alerts/cpujan2021.html
    https://www.oracle.com/security-alerts/cpuApr2021.html
    https://www.oracle.com//security-alerts/cpujul2021.html
    https://www.oracle.com/security-alerts/cpuoct2021.html
    https://www.oracle.com/security-alerts/cpujan2022.html
    https://supportportal.juniper.net/s/article/2021-…
    https://lists.debian.org/debian-lts-announce/2023… mailing-list
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T22:48:09.199Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.drupal.org/sa-core-2019-006"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.synology.com/security/advisory/Synology_SA_19_19"
              },
              {
                "name": "DSA-4434",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2019/dsa-4434"
              },
              {
                "name": "20190421 [SECURITY] [DSA 4434-1] drupal7 security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://seclists.org/bugtraq/2019/Apr/32"
              },
              {
                "name": "108023",
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/108023"
              },
              {
                "name": "[airflow-commits] 20190428 [GitHub] [airflow] feng-tao commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc%40%3Ccommits.airflow.apache.org%3E"
              },
              {
                "name": "[airflow-commits] 20190428 [GitHub] [airflow] feng-tao opened a new pull request #5197: [AIRFLOW-XXX] Fix CVE-2019-11358",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205%40%3Ccommits.airflow.apache.org%3E"
              },
              {
                "name": "[airflow-commits] 20190428 [GitHub] [airflow] codecov-io commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7%40%3Ccommits.airflow.apache.org%3E"
              },
              {
                "name": "[airflow-commits] 20190428 [GitHub] [airflow] XD-DENG merged pull request #5197: [AIRFLOW-XXX] Fix CVE-2019-11358",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844%40%3Ccommits.airflow.apache.org%3E"
              },
              {
                "name": "[airflow-commits] 20190428 [GitHub] [airflow] XD-DENG commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f%40%3Ccommits.airflow.apache.org%3E"
              },
              {
                "name": "[debian-lts-announce] 20190506 [SECURITY] [DLA 1777-1] jquery security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html"
              },
              {
                "name": "FEDORA-2019-eba8e44ee6",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/"
              },
              {
                "name": "FEDORA-2019-1a3edd7e8a",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/"
              },
              {
                "name": "FEDORA-2019-7eaf0bbe7c",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/"
              },
              {
                "name": "FEDORA-2019-2a0ce0c58c",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/"
              },
              {
                "name": "FEDORA-2019-a06dffab1c",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/"
              },
              {
                "name": "FEDORA-2019-f563e66380",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/"
              },
              {
                "name": "20190509 dotCMS v5.1.1 Vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://seclists.org/bugtraq/2019/May/18"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html"
              },
              {
                "name": "20190510 dotCMS v5.1.1 HTML Injection \u0026 XSS Vulnerability",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2019/May/11"
              },
              {
                "name": "20190510 dotCMS v5.1.1 Vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2019/May/10"
              },
              {
                "name": "20190510 Re: dotCMS v5.1.1 HTML Injection \u0026 XSS Vulnerability",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2019/May/13"
              },
              {
                "name": "[debian-lts-announce] 20190520 [SECURITY] [DLA 1797-1] drupal7 security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html"
              },
              {
                "name": "[oss-security] 20190603 Django: CVE-2019-12308 AdminURLFieldWidget XSS (plus patched bundled jQuery for CVE-2019-11358)",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2019/06/03/2"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html"
              },
              {
                "name": "RHSA-2019:1456",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:1456"
              },
              {
                "name": "DSA-4460",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2019/dsa-4460"
              },
              {
                "name": "20190612 [SECURITY] [DSA 4460-1] mediawiki security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://seclists.org/bugtraq/2019/Jun/12"
              },
              {
                "name": "openSUSE-SU-2019:1839",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html"
              },
              {
                "name": "RHBA-2019:1570",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHBA-2019:1570"
              },
              {
                "name": "openSUSE-SU-2019:1872",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html"
              },
              {
                "name": "[roller-commits] 20190820 [jira] [Created] (ROL-2150) Fix Js security vulnerabilities detected using retire js",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3Ccommits.roller.apache.org%3E"
              },
              {
                "name": "RHSA-2019:2587",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:2587"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20190919-0001/"
              },
              {
                "name": "RHSA-2019:3023",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:3023"
              },
              {
                "name": "RHSA-2019:3024",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:3024"
              },
              {
                "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"
              },
              {
                "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"
              },
              {
                "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"
              },
              {
                "name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.tenable.com/security/tns-2019-08"
              },
              {
                "name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E"
              },
              {
                "name": "[debian-lts-announce] 20200224 [SECURITY] [DLA 2118-1] otrs2 security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.tenable.com/security/tns-2020-02"
              },
              {
                "name": "[syncope-dev] 20200423 Jquery version on 2.1.x/2.0.x",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766%40%3Cdev.syncope.apache.org%3E"
              },
              {
                "name": "[flink-dev] 20200513 [jira] [Created] (FLINK-17675) Resolve CVE-2019-11358 from jquery",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355%40%3Cdev.flink.apache.org%3E"
              },
              {
                "name": "[flink-issues] 20200513 [jira] [Created] (FLINK-17675) Resolve CVE-2019-11358 from jquery",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d%40%3Cissues.flink.apache.org%3E"
              },
              {
                "name": "[flink-issues] 20200518 [jira] [Commented] (FLINK-17675) Resolve CVE-2019-11358 from jquery",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9%40%3Cissues.flink.apache.org%3E"
              },
              {
                "name": "[flink-issues] 20200518 [jira] [Updated] (FLINK-17675) Resolve CVE-2019-11358 from jquery",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73%40%3Cissues.flink.apache.org%3E"
              },
              {
                "name": "[flink-issues] 20200518 [jira] [Assigned] (FLINK-17675) Resolve CVE-2019-11358 from jquery",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08%40%3Cissues.flink.apache.org%3E"
              },
              {
                "name": "[flink-issues] 20200520 [jira] [Closed] (FLINK-17675) Resolve CVE-2019-11358 from jquery",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa%40%3Cissues.flink.apache.org%3E"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
              },
              {
                "name": "[storm-dev] 20200708 [GitHub] [storm] Crim opened a new pull request #3305: [STORM-3553] Upgrade jQuery from 1.11.1 to 3.5.1",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734%40%3Cdev.storm.apache.org%3E"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://backdropcms.org/security/backdrop-sa-core-2019-009"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://snyk.io/vuln/SNYK-JS-JQUERY-174006"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/jquery/jquery/pull/4333"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved-in-Junos-OS-21-2R1"
              },
              {
                "name": "[debian-lts-announce] 20230831 [SECURITY] [DLA 3551-1] otrs2 security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2019-11358",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-02-20T15:03:16.892088Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-15T15:11:23.024Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-31T02:06:52.187Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://www.drupal.org/sa-core-2019-006"
            },
            {
              "url": "https://www.synology.com/security/advisory/Synology_SA_19_19"
            },
            {
              "name": "DSA-4434",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.debian.org/security/2019/dsa-4434"
            },
            {
              "name": "20190421 [SECURITY] [DSA 4434-1] drupal7 security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://seclists.org/bugtraq/2019/Apr/32"
            },
            {
              "name": "108023",
              "tags": [
                "vdb-entry"
              ],
              "url": "http://www.securityfocus.com/bid/108023"
            },
            {
              "name": "[airflow-commits] 20190428 [GitHub] [airflow] feng-tao commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc%40%3Ccommits.airflow.apache.org%3E"
            },
            {
              "name": "[airflow-commits] 20190428 [GitHub] [airflow] feng-tao opened a new pull request #5197: [AIRFLOW-XXX] Fix CVE-2019-11358",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205%40%3Ccommits.airflow.apache.org%3E"
            },
            {
              "name": "[airflow-commits] 20190428 [GitHub] [airflow] codecov-io commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7%40%3Ccommits.airflow.apache.org%3E"
            },
            {
              "name": "[airflow-commits] 20190428 [GitHub] [airflow] XD-DENG merged pull request #5197: [AIRFLOW-XXX] Fix CVE-2019-11358",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844%40%3Ccommits.airflow.apache.org%3E"
            },
            {
              "name": "[airflow-commits] 20190428 [GitHub] [airflow] XD-DENG commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f%40%3Ccommits.airflow.apache.org%3E"
            },
            {
              "name": "[debian-lts-announce] 20190506 [SECURITY] [DLA 1777-1] jquery security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html"
            },
            {
              "name": "FEDORA-2019-eba8e44ee6",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/"
            },
            {
              "name": "FEDORA-2019-1a3edd7e8a",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/"
            },
            {
              "name": "FEDORA-2019-7eaf0bbe7c",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/"
            },
            {
              "name": "FEDORA-2019-2a0ce0c58c",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/"
            },
            {
              "name": "FEDORA-2019-a06dffab1c",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/"
            },
            {
              "name": "FEDORA-2019-f563e66380",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/"
            },
            {
              "name": "20190509 dotCMS v5.1.1 Vulnerabilities",
              "tags": [
                "mailing-list"
              ],
              "url": "https://seclists.org/bugtraq/2019/May/18"
            },
            {
              "url": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html"
            },
            {
              "name": "20190510 dotCMS v5.1.1 HTML Injection \u0026 XSS Vulnerability",
              "tags": [
                "mailing-list"
              ],
              "url": "http://seclists.org/fulldisclosure/2019/May/11"
            },
            {
              "name": "20190510 dotCMS v5.1.1 Vulnerabilities",
              "tags": [
                "mailing-list"
              ],
              "url": "http://seclists.org/fulldisclosure/2019/May/10"
            },
            {
              "name": "20190510 Re: dotCMS v5.1.1 HTML Injection \u0026 XSS Vulnerability",
              "tags": [
                "mailing-list"
              ],
              "url": "http://seclists.org/fulldisclosure/2019/May/13"
            },
            {
              "name": "[debian-lts-announce] 20190520 [SECURITY] [DLA 1797-1] drupal7 security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html"
            },
            {
              "name": "[oss-security] 20190603 Django: CVE-2019-12308 AdminURLFieldWidget XSS (plus patched bundled jQuery for CVE-2019-11358)",
              "tags": [
                "mailing-list"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2019/06/03/2"
            },
            {
              "url": "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html"
            },
            {
              "name": "RHSA-2019:1456",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:1456"
            },
            {
              "name": "DSA-4460",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.debian.org/security/2019/dsa-4460"
            },
            {
              "name": "20190612 [SECURITY] [DSA 4460-1] mediawiki security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://seclists.org/bugtraq/2019/Jun/12"
            },
            {
              "name": "openSUSE-SU-2019:1839",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html"
            },
            {
              "name": "RHBA-2019:1570",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://access.redhat.com/errata/RHBA-2019:1570"
            },
            {
              "name": "openSUSE-SU-2019:1872",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html"
            },
            {
              "name": "[roller-commits] 20190820 [jira] [Created] (ROL-2150) Fix Js security vulnerabilities detected using retire js",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3Ccommits.roller.apache.org%3E"
            },
            {
              "name": "RHSA-2019:2587",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:2587"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20190919-0001/"
            },
            {
              "name": "RHSA-2019:3023",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:3023"
            },
            {
              "name": "RHSA-2019:3024",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:3024"
            },
            {
              "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"
            },
            {
              "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"
            },
            {
              "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"
            },
            {
              "name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E"
            },
            {
              "url": "https://www.tenable.com/security/tns-2019-08"
            },
            {
              "name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E"
            },
            {
              "name": "[debian-lts-announce] 20200224 [SECURITY] [DLA 2118-1] otrs2 security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html"
            },
            {
              "url": "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html"
            },
            {
              "url": "https://www.tenable.com/security/tns-2020-02"
            },
            {
              "name": "[syncope-dev] 20200423 Jquery version on 2.1.x/2.0.x",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766%40%3Cdev.syncope.apache.org%3E"
            },
            {
              "name": "[flink-dev] 20200513 [jira] [Created] (FLINK-17675) Resolve CVE-2019-11358 from jquery",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355%40%3Cdev.flink.apache.org%3E"
            },
            {
              "name": "[flink-issues] 20200513 [jira] [Created] (FLINK-17675) Resolve CVE-2019-11358 from jquery",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d%40%3Cissues.flink.apache.org%3E"
            },
            {
              "name": "[flink-issues] 20200518 [jira] [Commented] (FLINK-17675) Resolve CVE-2019-11358 from jquery",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9%40%3Cissues.flink.apache.org%3E"
            },
            {
              "name": "[flink-issues] 20200518 [jira] [Updated] (FLINK-17675) Resolve CVE-2019-11358 from jquery",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73%40%3Cissues.flink.apache.org%3E"
            },
            {
              "name": "[flink-issues] 20200518 [jira] [Assigned] (FLINK-17675) Resolve CVE-2019-11358 from jquery",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08%40%3Cissues.flink.apache.org%3E"
            },
            {
              "name": "[flink-issues] 20200520 [jira] [Closed] (FLINK-17675) Resolve CVE-2019-11358 from jquery",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa%40%3Cissues.flink.apache.org%3E"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
            },
            {
              "name": "[storm-dev] 20200708 [GitHub] [storm] Crim opened a new pull request #3305: [STORM-3553] Upgrade jQuery from 1.11.1 to 3.5.1",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734%40%3Cdev.storm.apache.org%3E"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
            },
            {
              "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
            },
            {
              "url": "https://backdropcms.org/security/backdrop-sa-core-2019-009"
            },
            {
              "url": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/"
            },
            {
              "url": "https://snyk.io/vuln/SNYK-JS-JQUERY-174006"
            },
            {
              "url": "https://github.com/jquery/jquery/pull/4333"
            },
            {
              "url": "https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b"
            },
            {
              "url": "https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
            },
            {
              "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
            },
            {
              "url": "https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved-in-Junos-OS-21-2R1"
            },
            {
              "name": "[debian-lts-announce] 20230831 [SECURITY] [DLA 3551-1] otrs2 security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2019-11358",
        "datePublished": "2019-04-19T00:00:00.000Z",
        "dateReserved": "2019-04-19T00:00:00.000Z",
        "dateUpdated": "2024-11-15T15:11:23.024Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-2722 (GCVE-0-2018-2722)

    Vulnerability from nvd – Published: 2018-01-18 02:00 – Updated: 2024-10-03 20:26
    VLAI
    Summary
    Vulnerability in the Oracle Financial Services Price Creation and Discovery component of Oracle Financial Services Applications (subcomponent: User Interface). The supported version that is affected is 8.0.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Price Creation and Discovery. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Price Creation and Discovery, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Price Creation and Discovery accessible data as well as unauthorized read access to a subset of Oracle Financial Services Price Creation and Discovery accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Price Creation and Discovery. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Price Creation and Discovery, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Price Creation and Discovery accessible data as well as unauthorized read access to a subset of Oracle Financial Services Price Creation and Discovery accessible data.
    Assigner
    References
    URL Tags
    http://www.oracle.com/technetwork/security-adviso… x_refsource_CONFIRM
    http://www.securitytracker.com/id/1040214 vdb-entryx_refsource_SECTRACK
    http://www.securityfocus.com/bid/102673 vdb-entryx_refsource_BID
    Date Public
    2018-01-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T04:29:44.423Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
              },
              {
                "name": "1040214",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1040214"
              },
              {
                "name": "102673",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/102673"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2018-2722",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-03T19:24:54.517182Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-03T20:26:21.834Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Financial Services Price Creation and Discovery",
              "vendor": "Oracle Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "8.0.5"
                }
              ]
            }
          ],
          "datePublic": "2018-01-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Vulnerability in the Oracle Financial Services Price Creation and Discovery component of Oracle Financial Services Applications (subcomponent: User Interface). The supported version that is affected is 8.0.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Price Creation and Discovery. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Price Creation and Discovery, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Price Creation and Discovery accessible data as well as unauthorized read access to a subset of Oracle Financial Services Price Creation and Discovery accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Price Creation and Discovery.  Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Price Creation and Discovery, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Financial Services Price Creation and Discovery accessible data as well as  unauthorized read access to a subset of Oracle Financial Services Price Creation and Discovery accessible data.",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-01-18T10:57:01.000Z",
            "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
            "shortName": "oracle"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
            },
            {
              "name": "1040214",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1040214"
            },
            {
              "name": "102673",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/102673"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert_us@oracle.com",
              "ID": "CVE-2018-2722",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Financial Services Price Creation and Discovery",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "8.0.5"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Oracle Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Vulnerability in the Oracle Financial Services Price Creation and Discovery component of Oracle Financial Services Applications (subcomponent: User Interface). The supported version that is affected is 8.0.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Price Creation and Discovery. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Price Creation and Discovery, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Price Creation and Discovery accessible data as well as unauthorized read access to a subset of Oracle Financial Services Price Creation and Discovery accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Price Creation and Discovery.  Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Price Creation and Discovery, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Financial Services Price Creation and Discovery accessible data as well as  unauthorized read access to a subset of Oracle Financial Services Price Creation and Discovery accessible data."
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
                },
                {
                  "name": "1040214",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1040214"
                },
                {
                  "name": "102673",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/102673"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "assignerShortName": "oracle",
        "cveId": "CVE-2018-2722",
        "datePublished": "2018-01-18T02:00:00.000Z",
        "dateReserved": "2017-12-15T00:00:00.000Z",
        "dateUpdated": "2024-10-03T20:26:21.834Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-2721 (GCVE-0-2018-2721)

    Vulnerability from nvd – Published: 2018-01-18 02:00 – Updated: 2024-10-03 20:26
    VLAI
    Summary
    Vulnerability in the Oracle Financial Services Price Creation and Discovery component of Oracle Financial Services Applications (subcomponent: User Interface). The supported version that is affected is 8.0.5. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Price Creation and Discovery. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Price Creation and Discovery accessible data as well as unauthorized access to critical data or complete access to all Oracle Financial Services Price Creation and Discovery accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Price Creation and Discovery. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Price Creation and Discovery accessible data as well as unauthorized access to critical data or complete access to all Oracle Financial Services Price Creation and Discovery accessible data.
    Assigner
    References
    URL Tags
    http://www.oracle.com/technetwork/security-adviso… x_refsource_CONFIRM
    http://www.securitytracker.com/id/1040214 vdb-entryx_refsource_SECTRACK
    http://www.securityfocus.com/bid/102668 vdb-entryx_refsource_BID
    Date Public
    2018-01-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T04:29:44.362Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
              },
              {
                "name": "1040214",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1040214"
              },
              {
                "name": "102668",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/102668"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2018-2721",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-03T19:20:21.589430Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-03T20:26:28.313Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Financial Services Price Creation and Discovery",
              "vendor": "Oracle Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "8.0.5"
                }
              ]
            }
          ],
          "datePublic": "2018-01-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Vulnerability in the Oracle Financial Services Price Creation and Discovery component of Oracle Financial Services Applications (subcomponent: User Interface). The supported version that is affected is 8.0.5. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Price Creation and Discovery. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Price Creation and Discovery accessible data as well as unauthorized access to critical data or complete access to all Oracle Financial Services Price Creation and Discovery accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Price Creation and Discovery.  Successful attacks of this vulnerability can result in  unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Price Creation and Discovery accessible data as well as  unauthorized access to critical data or complete access to all Oracle Financial Services Price Creation and Discovery accessible data.",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-01-18T10:57:01.000Z",
            "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
            "shortName": "oracle"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
            },
            {
              "name": "1040214",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1040214"
            },
            {
              "name": "102668",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/102668"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert_us@oracle.com",
              "ID": "CVE-2018-2721",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Financial Services Price Creation and Discovery",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "8.0.5"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Oracle Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Vulnerability in the Oracle Financial Services Price Creation and Discovery component of Oracle Financial Services Applications (subcomponent: User Interface). The supported version that is affected is 8.0.5. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Price Creation and Discovery. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Price Creation and Discovery accessible data as well as unauthorized access to critical data or complete access to all Oracle Financial Services Price Creation and Discovery accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Price Creation and Discovery.  Successful attacks of this vulnerability can result in  unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Price Creation and Discovery accessible data as well as  unauthorized access to critical data or complete access to all Oracle Financial Services Price Creation and Discovery accessible data."
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
                },
                {
                  "name": "1040214",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1040214"
                },
                {
                  "name": "102668",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/102668"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "assignerShortName": "oracle",
        "cveId": "CVE-2018-2721",
        "datePublished": "2018-01-18T02:00:00.000Z",
        "dateReserved": "2017-12-15T00:00:00.000Z",
        "dateUpdated": "2024-10-03T20:26:28.313Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-11022 (GCVE-0-2020-11022)

    Vulnerability from cvelistv5 – Published: 2020-04-29 00:00 – Updated: 2026-04-13 13:53
    VLAI
    Title
    jQuery has a potential XSS vulnerability
    Summary
    In jQuery starting with 1.12.0 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    URL Tags
    https://github.com/jquery/jquery/security/advisor… x_refsource_CONFIRM
    https://github.com/maximebf/php-debugbar/issues/447 x_refsource_MISC
    https://github.com/jquery/jquery/commit/1d61fd940… x_refsource_MISC
    https://github.com/maximebf/php-debugbar/commit/8… x_refsource_MISC
    https://lists.fedoraproject.org/archives/list/pac… x_refsource_MISC
    https://lists.opensuse.org/opensuse-security-anno… x_refsource_MISC
    https://lists.opensuse.org/opensuse-security-anno… x_refsource_MISC
    https://lists.opensuse.org/opensuse-security-anno… x_refsource_MISC
    https://packetstormsecurity.com/files/162159/jQue… x_refsource_MISC
    https://security.gentoo.org/glsa/202007-03 x_refsource_MISC
    https://www.debian.org/security/2020/dsa-4693 x_refsource_MISC
    https://www.drupal.org/sa-core-2020-002 x_refsource_MISC
    https://www.oracle.com/security-alerts/cpuApr2021.html x_refsource_MISC
    https://www.oracle.com/security-alerts/cpuapr2022.html x_refsource_MISC
    https://www.oracle.com/security-alerts/cpujan2021.html x_refsource_MISC
    https://www.oracle.com/security-alerts/cpujan2022.html x_refsource_MISC
    https://www.oracle.com/security-alerts/cpujul2020.html x_refsource_MISC
    https://www.oracle.com/security-alerts/cpujul2021.html x_refsource_MISC
    https://www.oracle.com/security-alerts/cpujul2022.html x_refsource_MISC
    https://www.oracle.com/security-alerts/cpuoct2020.html x_refsource_MISC
    https://www.oracle.com/security-alerts/cpuoct2021.html x_refsource_MISC
    https://www.tenable.com/security/tns-2020-10 x_refsource_MISC
    https://www.tenable.com/security/tns-2020-11 x_refsource_MISC
    https://www.tenable.com/security/tns-2021-02 x_refsource_MISC
    https://www.tenable.com/security/tns-2021-10 x_refsource_MISC
    https://blog.jquery.com/2020/04/10/jquery-3-5-0-r… x_refsource_MISC
    https://github.com/jquery/jquery/releases/tag/3.5.0 x_refsource_MISC
    https://github.com/rubysec/ruby-advisory-db/blob/… x_refsource_MISC
    https://jquery.com/upgrade-guide/3.5 x_refsource_MISC
    https://lists.apache.org/thread.html/r0483ba00727… x_refsource_MISC
    https://lists.apache.org/thread.html/r49ce4243b47… x_refsource_MISC
    https://lists.apache.org/thread.html/r54565a8f025… x_refsource_MISC
    https://lists.apache.org/thread.html/r564585d97bc… x_refsource_MISC
    https://lists.apache.org/thread.html/r706cfbc0984… x_refsource_MISC
    https://lists.apache.org/thread.html/r8f70b0f65d6… x_refsource_MISC
    https://lists.apache.org/thread.html/rbb448222ba6… x_refsource_MISC
    https://lists.apache.org/thread.html/rdf44341677c… x_refsource_MISC
    https://lists.apache.org/thread.html/re4ae96fa5c1… x_refsource_MISC
    https://lists.apache.org/thread.html/rede9cfaa756… x_refsource_MISC
    https://lists.apache.org/thread.html/ree3bd8ddb23… x_refsource_MISC
    https://lists.debian.org/debian-lts-announce/2021… x_refsource_MISC
    https://lists.debian.org/debian-lts-announce/2023… x_refsource_MISC
    https://lists.fedoraproject.org/archives/list/pac… x_refsource_MISC
    https://lists.fedoraproject.org/archives/list/pac… x_refsource_MISC
    https://lists.fedoraproject.org/archives/list/pac… x_refsource_MISC
    https://lists.fedoraproject.org/archives/list/pac… x_refsource_MISC
    http://security.netapp.com/advisory/ntap-20200511-0006 x_refsource_MISC
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://jquery.com/upgrade-guide/3.5/ x_transferred
    https://blog.jquery.com/2020/04/10/jquery-3-5-0-r… x_transferred
    https://security.netapp.com/advisory/ntap-2020051… x_transferred
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_transferred
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_transferred
    https://lists.apache.org/thread.html/rdf44341677c… mailing-listx_transferred
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://lists.apache.org/thread.html/r706cfbc0984… mailing-listx_transferred
    https://lists.apache.org/thread.html/rbb448222ba6… mailing-listx_transferred
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_transferred
    https://lists.apache.org/thread.html/r49ce4243b47… mailing-listx_transferred
    https://lists.apache.org/thread.html/r8f70b0f65d6… mailing-listx_transferred
    https://lists.apache.org/thread.html/r564585d97bc… mailing-listx_transferred
    https://lists.apache.org/thread.html/ree3bd8ddb23… mailing-listx_transferred
    https://lists.apache.org/thread.html/rede9cfaa756… mailing-listx_transferred
    https://lists.apache.org/thread.html/r54565a8f025… mailing-listx_transferred
    https://lists.apache.org/thread.html/re4ae96fa5c1… mailing-listx_transferred
    http://packetstormsecurity.com/files/162159/jQuer… x_transferred
    https://www.oracle.com//security-alerts/cpujul2021.html x_transferred
    https://lists.apache.org/thread.html/r0483ba00727… mailing-listx_transferred
    Impacted products
    Vendor Product Version
    jquery jQuery Affected: >= 1.12.0, < 3.5.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T11:21:14.453Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "DSA-4693",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2020/dsa-4693"
              },
              {
                "name": "FEDORA-2020-11be4b36d4",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/"
              },
              {
                "name": "FEDORA-2020-36d2db5f51",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jquery.com/upgrade-guide/3.5/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20200511-0006/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.drupal.org/sa-core-2020-002"
              },
              {
                "name": "openSUSE-SU-2020:1060",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html"
              },
              {
                "name": "GLSA-202007-03",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202007-03"
              },
              {
                "name": "openSUSE-SU-2020:1106",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html"
              },
              {
                "name": "[airflow-commits] 20200820 [GitHub] [airflow] breser opened a new issue #10429: jquery dependency needs to be updated to 3.5.0 or newer",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133%40%3Ccommits.airflow.apache.org%3E"
              },
              {
                "name": "FEDORA-2020-fbb94073a1",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/"
              },
              {
                "name": "FEDORA-2020-0b32a59b54",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/"
              },
              {
                "name": "FEDORA-2020-fe94df8c34",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
              },
              {
                "name": "[flink-issues] 20201105 [jira] [Created] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d%40%3Cissues.flink.apache.org%3E"
              },
              {
                "name": "[flink-dev] 20201105 [jira] [Created] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67%40%3Cdev.flink.apache.org%3E"
              },
              {
                "name": "openSUSE-SU-2020:1888",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html"
              },
              {
                "name": "[flink-issues] 20201129 [jira] [Commented] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48%40%3Cissues.flink.apache.org%3E"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.tenable.com/security/tns-2020-11"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.tenable.com/security/tns-2020-10"
              },
              {
                "name": "[flink-issues] 20210209 [jira] [Commented] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c%40%3Cissues.flink.apache.org%3E"
              },
              {
                "name": "[flink-issues] 20210209 [jira] [Comment Edited] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760%40%3Cissues.flink.apache.org%3E"
              },
              {
                "name": "[debian-lts-announce] 20210326 [SECURITY] [DLA 2608-1] jquery security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html"
              },
              {
                "name": "[flink-issues] 20210422 [jira] [Updated] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2%40%3Cissues.flink.apache.org%3E"
              },
              {
                "name": "[flink-issues] 20210422 [jira] [Commented] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4%40%3Cissues.flink.apache.org%3E"
              },
              {
                "name": "[flink-issues] 20210429 [jira] [Commented] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae%40%3Cissues.flink.apache.org%3E"
              },
              {
                "name": "[flink-issues] 20210429 [jira] [Updated] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108%40%3Cissues.flink.apache.org%3E"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.tenable.com/security/tns-2021-10"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.tenable.com/security/tns-2021-02"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
              },
              {
                "name": "[flink-issues] 20211031 [jira] [Updated] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36%40%3Cissues.flink.apache.org%3E"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
              },
              {
                "name": "[debian-lts-announce] 20230831 [SECURITY] [DLA 3551-1] otrs2 security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "jQuery",
              "vendor": "jquery",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 1.12.0, \u003c 3.5.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In jQuery starting with 1.12.0 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery\u0027s DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-13T13:53:08.239Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2"
            },
            {
              "name": "https://github.com/maximebf/php-debugbar/issues/447",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/maximebf/php-debugbar/issues/447"
            },
            {
              "name": "https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77"
            },
            {
              "name": "https://github.com/maximebf/php-debugbar/commit/847216e60544258c881f2733d699bbcfeefac0fc",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/maximebf/php-debugbar/commit/847216e60544258c881f2733d699bbcfeefac0fc"
            },
            {
              "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W"
            },
            {
              "name": "https://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html"
            },
            {
              "name": "https://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html"
            },
            {
              "name": "https://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html"
            },
            {
              "name": "https://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html"
            },
            {
              "name": "https://security.gentoo.org/glsa/202007-03",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://security.gentoo.org/glsa/202007-03"
            },
            {
              "name": "https://www.debian.org/security/2020/dsa-4693",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.debian.org/security/2020/dsa-4693"
            },
            {
              "name": "https://www.drupal.org/sa-core-2020-002",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.drupal.org/sa-core-2020-002"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2021.html",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2022.html",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2021.html",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujul2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2022.html",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            },
            {
              "name": "https://www.tenable.com/security/tns-2020-10",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.tenable.com/security/tns-2020-10"
            },
            {
              "name": "https://www.tenable.com/security/tns-2020-11",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.tenable.com/security/tns-2020-11"
            },
            {
              "name": "https://www.tenable.com/security/tns-2021-02",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.tenable.com/security/tns-2021-02"
            },
            {
              "name": "https://www.tenable.com/security/tns-2021-10",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.tenable.com/security/tns-2021-10"
            },
            {
              "name": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released"
            },
            {
              "name": "https://github.com/jquery/jquery/releases/tag/3.5.0",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/jquery/jquery/releases/tag/3.5.0"
            },
            {
              "name": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/jquery-rails/CVE-2020-11022.yml",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/jquery-rails/CVE-2020-11022.yml"
            },
            {
              "name": "https://jquery.com/upgrade-guide/3.5",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jquery.com/upgrade-guide/3.5"
            },
            {
              "name": "https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36@%3Cissues.flink.apache.org%3E",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36@%3Cissues.flink.apache.org%3E"
            },
            {
              "name": "https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48@%3Cissues.flink.apache.org%3E",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48@%3Cissues.flink.apache.org%3E"
            },
            {
              "name": "https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae@%3Cissues.flink.apache.org%3E",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae@%3Cissues.flink.apache.org%3E"
            },
            {
              "name": "https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760@%3Cissues.flink.apache.org%3E",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760@%3Cissues.flink.apache.org%3E"
            },
            {
              "name": "https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d@%3Cissues.flink.apache.org%3E",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d@%3Cissues.flink.apache.org%3E"
            },
            {
              "name": "https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c@%3Cissues.flink.apache.org%3E",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c@%3Cissues.flink.apache.org%3E"
            },
            {
              "name": "https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67@%3Cdev.flink.apache.org%3E",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67@%3Cdev.flink.apache.org%3E"
            },
            {
              "name": "https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133@%3Ccommits.airflow.apache.org%3E",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133@%3Ccommits.airflow.apache.org%3E"
            },
            {
              "name": "https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108@%3Cissues.flink.apache.org%3E",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108@%3Cissues.flink.apache.org%3E"
            },
            {
              "name": "https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4@%3Cissues.flink.apache.org%3E",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4@%3Cissues.flink.apache.org%3E"
            },
            {
              "name": "https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2@%3Cissues.flink.apache.org%3E",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2@%3Cissues.flink.apache.org%3E"
            },
            {
              "name": "https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html"
            },
            {
              "name": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
            },
            {
              "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY"
            },
            {
              "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K"
            },
            {
              "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4"
            },
            {
              "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B"
            },
            {
              "name": "http://security.netapp.com/advisory/ntap-20200511-0006",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://security.netapp.com/advisory/ntap-20200511-0006"
            }
          ],
          "source": {
            "advisory": "GHSA-gxr4-xjj5-5px2",
            "discovery": "UNKNOWN"
          },
          "title": "jQuery has a potential XSS vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2020-11022",
        "datePublished": "2020-04-29T00:00:00.000Z",
        "dateReserved": "2020-03-30T00:00:00.000Z",
        "dateUpdated": "2026-04-13T13:53:08.239Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2020-9488 (GCVE-0-2020-9488)

    Vulnerability from cvelistv5 – Published: 2020-04-27 15:36 – Updated: 2026-05-29 16:07
    VLAI
    Summary
    Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. Fixed in Apache Log4j 2.12.3 and 2.13.1
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Improper Validation of Certificate with Host Mismatch
    • CWE-295 - Improper Certificate Validation
    Assigner
    References
    URL Tags
    https://lists.apache.org/thread.html/r8c001b9a95c… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/r2f209d27134… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/r7641ee788e1… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/rd8e87c4d69d… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/r4285398e558… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/r0df3d7a5acb… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/r7e739f29617… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/r9a79175c393… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/rbc45eb0f53f… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/rec34b1cccf9… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/r48efc7cb5ae… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/rd55f65c6822… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/rc6b81c01361… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/r7e5c10534ed… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/r8e96c340004… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/rf1c2a81a080… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/r0a2699f7241… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/r48bcd06049c… mailing-listx_refsource_MLIST
    https://www.oracle.com/security-alerts/cpujul2020.html x_refsource_MISC
    https://issues.apache.org/jira/browse/LOG4J2-2819 x_refsource_CONFIRM
    https://security.netapp.com/advisory/ntap-2020050… x_refsource_CONFIRM
    https://lists.apache.org/thread.html/r393943de452… mailing-listx_refsource_MLIST
    https://www.oracle.com/security-alerts/cpuoct2020.html x_refsource_MISC
    https://lists.apache.org/thread.html/r1fc73f0e16e… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/ra632b329b2a… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/r4ed1f49616a… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/r4db540cafc5… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/r9776e71e3c6… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/r65578f3761a… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/rd0e44e8ef71… mailing-listx_refsource_MLIST
    https://www.oracle.com/security-alerts/cpujan2021.html x_refsource_MISC
    https://lists.apache.org/thread.html/re024d86dffa… x_refsource_MISC
    https://lists.apache.org/thread.html/rbc7642b9800… x_refsource_MISC
    https://lists.apache.org/thread.html/r3d1d00441c5… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/rc2dbc4633a6… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/rd5d58088812… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/r33864a0fc17… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/r4d5dc9f3520… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/r22a56beb76d… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/r5a68258e5ab… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/ra051e07a0ee… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/rf9fa47ab664… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/r45916179811… mailing-listx_refsource_MLIST
    https://www.oracle.com/security-alerts/cpuApr2021.html x_refsource_MISC
    https://lists.apache.org/thread.html/r2721aba31a8… mailing-listx_refsource_MLIST
    https://www.oracle.com/security-alerts/cpuoct2021.html x_refsource_MISC
    https://www.debian.org/security/2021/dsa-5020 vendor-advisoryx_refsource_DEBIAN
    https://lists.debian.org/debian-lts-announce/2021… mailing-listx_refsource_MLIST
    https://www.oracle.com/security-alerts/cpuapr2022.html x_refsource_MISC
    Impacted products
    Vendor Product Version
    Apache Apache Log4j Affected: log4j-core 2.13.0
    Affected: log4j-core , < 2.12.3 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T10:26:16.370Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[zookeeper-issues] 20200504 [jira] [Created] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r8c001b9a95c0bbec06f4457721edd94935a55932e64b82cc5582b846%40%3Cissues.zookeeper.apache.org%3E"
              },
              {
                "name": "[zookeeper-dev] 20200504 [jira] [Created] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r2f209d271349bafd91537a558a279c08ebcff8fa3e547357d58833e6%40%3Cdev.zookeeper.apache.org%3E"
              },
              {
                "name": "[zookeeper-notifications] 20200504 Build failed in Jenkins: zookeeper-master-maven-owasp #489",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r7641ee788e1eb1be4bb206a7d15f8a64ec6ef23e5ec6132d5a567695%40%3Cnotifications.zookeeper.apache.org%3E"
              },
              {
                "name": "[zookeeper-issues] 20200504 [jira] [Assigned] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/rd8e87c4d69df335d0ba7d815b63be8bd8a6352f429765c52eb07ddac%40%3Cissues.zookeeper.apache.org%3E"
              },
              {
                "name": "[zookeeper-issues] 20200504 [jira] [Commented] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r4285398e5585a0456d3d9db021a4fce6e6fcf3ec027dfa13a450ec98%40%3Cissues.zookeeper.apache.org%3E"
              },
              {
                "name": "[zookeeper-dev] 20200504 log4j SmtpAppender related CVE",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r0df3d7a5acb98c57e64ab9266aa21eeee1d9b399addb96f9cf1cbe05%40%3Cdev.zookeeper.apache.org%3E"
              },
              {
                "name": "[zookeeper-notifications] 20200504 [GitHub] [zookeeper] symat opened a new pull request #1346: ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r7e739f2961753af95e2a3a637828fb88bfca68e5d6b0221d483a9ee5%40%3Cnotifications.zookeeper.apache.org%3E"
              },
              {
                "name": "[zookeeper-issues] 20200504 [jira] [Updated] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r9a79175c393d14d760a0ae3731b4a873230a16ef321aa9ca48a810cd%40%3Cissues.zookeeper.apache.org%3E"
              },
              {
                "name": "[zookeeper-commits] 20200504 [zookeeper] branch master updated: ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/rbc45eb0f53fd6242af3e666c2189464f848a851d408289840cecc6e3%40%3Ccommits.zookeeper.apache.org%3E"
              },
              {
                "name": "[zookeeper-commits] 20200504 [zookeeper] branch branch-3.5 updated: ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/rec34b1cccf907898e7cb36051ffac3ccf1ea89d0b261a2a3b3fb267f%40%3Ccommits.zookeeper.apache.org%3E"
              },
              {
                "name": "[zookeeper-commits] 20200504 [zookeeper] branch branch-3.6 updated: ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r48efc7cb5aeb4e1f67aaa06fb4b5479a5635d12f07d0b93fc2d08809%40%3Ccommits.zookeeper.apache.org%3E"
              },
              {
                "name": "[zookeeper-issues] 20200504 [jira] [Resolved] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/rd55f65c6822ff235eda435d31488cfbb9aa7055cdf47481ebee777cc%40%3Cissues.zookeeper.apache.org%3E"
              },
              {
                "name": "[zookeeper-notifications] 20200504 [GitHub] [zookeeper] symat commented on pull request #1346: ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/rc6b81c013618d1de1b5d6b8c1088aaf87b4bacc10c2371f15a566701%40%3Cnotifications.zookeeper.apache.org%3E"
              },
              {
                "name": "[kafka-dev] 20200514 [jira] [Created] (KAFKA-9996) upgrade zookeeper to 3.5.8 to address security vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r7e5c10534ed06bf805473ac85e8412fe3908a8fa4cabf5027bf11220%40%3Cdev.kafka.apache.org%3E"
              },
              {
                "name": "[kafka-jira] 20200514 [jira] [Created] (KAFKA-9996) upgrade zookeeper to 3.5.8 to address security vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r8e96c340004b7898cad3204ea51280ef6e4b553a684e1452bf1b18b1%40%3Cjira.kafka.apache.org%3E"
              },
              {
                "name": "[kafka-dev] 20200514 [jira] [Created] (KAFKA-9997) upgrade log4j lib to address CVE-2020-9488",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/rf1c2a81a08034c688b8f15cf58a4cfab322d00002ca46d20133bee20%40%3Cdev.kafka.apache.org%3E"
              },
              {
                "name": "[kafka-jira] 20200514 [jira] [Created] (KAFKA-9997) upgrade log4j lib to address CVE-2020-9488",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r0a2699f724156a558afd1abb6c044fb9132caa66dce861b82699722a%40%3Cjira.kafka.apache.org%3E"
              },
              {
                "name": "[kafka-jira] 20200515 [jira] [Commented] (KAFKA-9997) upgrade log4j lib to address CVE-2020-9488",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r48bcd06049c1779ef709564544c3d8a32ae6ee5c3b7281a606ac4463%40%3Cjira.kafka.apache.org%3E"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://issues.apache.org/jira/browse/LOG4J2-2819"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20200504-0003/"
              },
              {
                "name": "[db-torque-dev] 20200715 Build failed in Jenkins: Torque4-trunk #685",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r393943de452406f0f6f4b3def9f8d3c071f96323c1f6ed1a098f7fe4%40%3Ctorque-dev.db.apache.org%3E"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
              },
              {
                "name": "[hive-issues] 20201207 [jira] [Work started] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r1fc73f0e16ec2fa249d3ad39a5194afb9cc5afb4c023dc0bab5a5881%40%3Cissues.hive.apache.org%3E"
              },
              {
                "name": "[hive-issues] 20201207 [jira] [Assigned] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/ra632b329b2ae2324fabbad5da204c4ec2e171ff60348ec4ba698fd40%40%3Cissues.hive.apache.org%3E"
              },
              {
                "name": "[hive-issues] 20201207 [jira] [Updated] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r4ed1f49616a8603832d378cb9d13e7a8b9b27972bb46d946ccd8491f%40%3Cissues.hive.apache.org%3E"
              },
              {
                "name": "[hive-dev] 20201207 [jira] [Created] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r4db540cafc5d7232c62e076051ef661d37d345015b2e59b3f81a932f%40%3Cdev.hive.apache.org%3E"
              },
              {
                "name": "[hive-issues] 20201208 [jira] [Work logged] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r9776e71e3c67c5d13a91c1eba0dc025b48b802eb7561cc6956d6961c%40%3Cissues.hive.apache.org%3E"
              },
              {
                "name": "[hive-issues] 20201208 [jira] [Updated] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r65578f3761a89bc164e8964acd5d913b9f8fd997967b195a89a97ca3%40%3Cissues.hive.apache.org%3E"
              },
              {
                "name": "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/re024d86dffa72ad800f2848d0c77ed93f0b78ee808350b477a6ed987%40%3Cgitbox.hive.apache.org%3E"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/rbc7642b9800249553f13457e46b813bea1aec99d2bc9106510e00ff3%40%3Ctorque-dev.db.apache.org%3E"
              },
              {
                "name": "[hive-issues] 20210125 [jira] [Work logged] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r3d1d00441c55144a4013adda74b051ae7864128ebcfb6ee9721a2eb3%40%3Cissues.hive.apache.org%3E"
              },
              {
                "name": "[db-torque-dev] 20210127 Re: Items for our (delayed) quarterly report to the board?",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/rc2dbc4633a6eea1fcbce6831876cfa17b73759a98c65326d1896cb1a%40%3Ctorque-dev.db.apache.org%3E"
              },
              {
                "name": "[db-torque-dev] 20210128 Antwort: Re: Items for our (delayed) quarterly report to the board?",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/rd5d58088812cf8e677d99b07f73c654014c524c94e7fedbdee047604%40%3Ctorque-dev.db.apache.org%3E"
              },
              {
                "name": "[hive-issues] 20210209 [jira] [Resolved] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r33864a0fc171c1c4bf680645ebb6d4f8057899ab294a43e1e4fe9d04%40%3Cissues.hive.apache.org%3E"
              },
              {
                "name": "[hive-dev] 20210216 [jira] [Created] (HIVE-24787) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r4d5dc9f3520071338d9ebc26f9f158a43ae28a91923d176b550a807b%40%3Cdev.hive.apache.org%3E"
              },
              {
                "name": "[hive-issues] 20210216 [jira] [Resolved] (HIVE-24787) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r22a56beb76dd8cf18e24fda9072f1e05990f49d6439662d3782a392f%40%3Cissues.hive.apache.org%3E"
              },
              {
                "name": "[hive-issues] 20210216 [jira] [Assigned] (HIVE-24787) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r5a68258e5ab12532dc179edae3d6e87037fa3b50ab9d63a90c432507%40%3Cissues.hive.apache.org%3E"
              },
              {
                "name": "[hive-issues] 20210218 [jira] [Updated] (HIVE-24787) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/ra051e07a0eea4943fa104247e69596f094951f51512d42c924e86c75%40%3Cissues.hive.apache.org%3E"
              },
              {
                "name": "[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E"
              },
              {
                "name": "[flink-issues] 20210510 [GitHub] [flink] zentol opened a new pull request #15879: [FLINK-22407][build] Bump log4j to 2.24.1",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r45916179811a32cbaa500f972de9098e6ee80ee81c7f134fce83e03a%40%3Cissues.flink.apache.org%3E"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
              },
              {
                "name": "[kafka-users] 20210617 vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r2721aba31a8562639c4b937150897e24f78f747cdbda8641c0f659fe%40%3Cusers.kafka.apache.org%3E"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
              },
              {
                "name": "DSA-5020",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2021/dsa-5020"
              },
              {
                "name": "[debian-lts-announce] 20211226 [SECURITY] [DLA 2852-1] apache-log4j2 security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00017.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 3.7,
                  "baseSeverity": "LOW",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-9488",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-29T16:07:49.364275Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-295",
                    "description": "CWE-295 Improper Certificate Validation",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-29T16:07:52.931Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Apache Log4j",
              "vendor": "Apache",
              "versions": [
                {
                  "status": "affected",
                  "version": "log4j-core 2.13.0"
                },
                {
                  "lessThan": "2.12.3",
                  "status": "affected",
                  "version": "log4j-core",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. Fixed in Apache Log4j 2.12.3 and 2.13.1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Improper Validation of Certificate with Host Mismatch",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-19T23:23:40.000Z",
            "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
            "shortName": "apache"
          },
          "references": [
            {
              "name": "[zookeeper-issues] 20200504 [jira] [Created] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/r8c001b9a95c0bbec06f4457721edd94935a55932e64b82cc5582b846%40%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-dev] 20200504 [jira] [Created] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/r2f209d271349bafd91537a558a279c08ebcff8fa3e547357d58833e6%40%3Cdev.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-notifications] 20200504 Build failed in Jenkins: zookeeper-master-maven-owasp #489",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/r7641ee788e1eb1be4bb206a7d15f8a64ec6ef23e5ec6132d5a567695%40%3Cnotifications.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-issues] 20200504 [jira] [Assigned] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/rd8e87c4d69df335d0ba7d815b63be8bd8a6352f429765c52eb07ddac%40%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-issues] 20200504 [jira] [Commented] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/r4285398e5585a0456d3d9db021a4fce6e6fcf3ec027dfa13a450ec98%40%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-dev] 20200504 log4j SmtpAppender related CVE",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/r0df3d7a5acb98c57e64ab9266aa21eeee1d9b399addb96f9cf1cbe05%40%3Cdev.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-notifications] 20200504 [GitHub] [zookeeper] symat opened a new pull request #1346: ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/r7e739f2961753af95e2a3a637828fb88bfca68e5d6b0221d483a9ee5%40%3Cnotifications.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-issues] 20200504 [jira] [Updated] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/r9a79175c393d14d760a0ae3731b4a873230a16ef321aa9ca48a810cd%40%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-commits] 20200504 [zookeeper] branch master updated: ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/rbc45eb0f53fd6242af3e666c2189464f848a851d408289840cecc6e3%40%3Ccommits.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-commits] 20200504 [zookeeper] branch branch-3.5 updated: ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/rec34b1cccf907898e7cb36051ffac3ccf1ea89d0b261a2a3b3fb267f%40%3Ccommits.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-commits] 20200504 [zookeeper] branch branch-3.6 updated: ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/r48efc7cb5aeb4e1f67aaa06fb4b5479a5635d12f07d0b93fc2d08809%40%3Ccommits.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-issues] 20200504 [jira] [Resolved] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/rd55f65c6822ff235eda435d31488cfbb9aa7055cdf47481ebee777cc%40%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-notifications] 20200504 [GitHub] [zookeeper] symat commented on pull request #1346: ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/rc6b81c013618d1de1b5d6b8c1088aaf87b4bacc10c2371f15a566701%40%3Cnotifications.zookeeper.apache.org%3E"
            },
            {
              "name": "[kafka-dev] 20200514 [jira] [Created] (KAFKA-9996) upgrade zookeeper to 3.5.8 to address security vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/r7e5c10534ed06bf805473ac85e8412fe3908a8fa4cabf5027bf11220%40%3Cdev.kafka.apache.org%3E"
            },
            {
              "name": "[kafka-jira] 20200514 [jira] [Created] (KAFKA-9996) upgrade zookeeper to 3.5.8 to address security vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/r8e96c340004b7898cad3204ea51280ef6e4b553a684e1452bf1b18b1%40%3Cjira.kafka.apache.org%3E"
            },
            {
              "name": "[kafka-dev] 20200514 [jira] [Created] (KAFKA-9997) upgrade log4j lib to address CVE-2020-9488",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/rf1c2a81a08034c688b8f15cf58a4cfab322d00002ca46d20133bee20%40%3Cdev.kafka.apache.org%3E"
            },
            {
              "name": "[kafka-jira] 20200514 [jira] [Created] (KAFKA-9997) upgrade log4j lib to address CVE-2020-9488",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/r0a2699f724156a558afd1abb6c044fb9132caa66dce861b82699722a%40%3Cjira.kafka.apache.org%3E"
            },
            {
              "name": "[kafka-jira] 20200515 [jira] [Commented] (KAFKA-9997) upgrade log4j lib to address CVE-2020-9488",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/r48bcd06049c1779ef709564544c3d8a32ae6ee5c3b7281a606ac4463%40%3Cjira.kafka.apache.org%3E"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://issues.apache.org/jira/browse/LOG4J2-2819"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20200504-0003/"
            },
            {
              "name": "[db-torque-dev] 20200715 Build failed in Jenkins: Torque4-trunk #685",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/r393943de452406f0f6f4b3def9f8d3c071f96323c1f6ed1a098f7fe4%40%3Ctorque-dev.db.apache.org%3E"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "name": "[hive-issues] 20201207 [jira] [Work started] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/r1fc73f0e16ec2fa249d3ad39a5194afb9cc5afb4c023dc0bab5a5881%40%3Cissues.hive.apache.org%3E"
            },
            {
              "name": "[hive-issues] 20201207 [jira] [Assigned] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/ra632b329b2ae2324fabbad5da204c4ec2e171ff60348ec4ba698fd40%40%3Cissues.hive.apache.org%3E"
            },
            {
              "name": "[hive-issues] 20201207 [jira] [Updated] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/r4ed1f49616a8603832d378cb9d13e7a8b9b27972bb46d946ccd8491f%40%3Cissues.hive.apache.org%3E"
            },
            {
              "name": "[hive-dev] 20201207 [jira] [Created] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/r4db540cafc5d7232c62e076051ef661d37d345015b2e59b3f81a932f%40%3Cdev.hive.apache.org%3E"
            },
            {
              "name": "[hive-issues] 20201208 [jira] [Work logged] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/r9776e71e3c67c5d13a91c1eba0dc025b48b802eb7561cc6956d6961c%40%3Cissues.hive.apache.org%3E"
            },
            {
              "name": "[hive-issues] 20201208 [jira] [Updated] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/r65578f3761a89bc164e8964acd5d913b9f8fd997967b195a89a97ca3%40%3Cissues.hive.apache.org%3E"
            },
            {
              "name": "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.apache.org/thread.html/re024d86dffa72ad800f2848d0c77ed93f0b78ee808350b477a6ed987%40%3Cgitbox.hive.apache.org%3E"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.apache.org/thread.html/rbc7642b9800249553f13457e46b813bea1aec99d2bc9106510e00ff3%40%3Ctorque-dev.db.apache.org%3E"
            },
            {
              "name": "[hive-issues] 20210125 [jira] [Work logged] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/r3d1d00441c55144a4013adda74b051ae7864128ebcfb6ee9721a2eb3%40%3Cissues.hive.apache.org%3E"
            },
            {
              "name": "[db-torque-dev] 20210127 Re: Items for our (delayed) quarterly report to the board?",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/rc2dbc4633a6eea1fcbce6831876cfa17b73759a98c65326d1896cb1a%40%3Ctorque-dev.db.apache.org%3E"
            },
            {
              "name": "[db-torque-dev] 20210128 Antwort: Re: Items for our (delayed) quarterly report to the board?",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/rd5d58088812cf8e677d99b07f73c654014c524c94e7fedbdee047604%40%3Ctorque-dev.db.apache.org%3E"
            },
            {
              "name": "[hive-issues] 20210209 [jira] [Resolved] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/r33864a0fc171c1c4bf680645ebb6d4f8057899ab294a43e1e4fe9d04%40%3Cissues.hive.apache.org%3E"
            },
            {
              "name": "[hive-dev] 20210216 [jira] [Created] (HIVE-24787) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/r4d5dc9f3520071338d9ebc26f9f158a43ae28a91923d176b550a807b%40%3Cdev.hive.apache.org%3E"
            },
            {
              "name": "[hive-issues] 20210216 [jira] [Resolved] (HIVE-24787) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/r22a56beb76dd8cf18e24fda9072f1e05990f49d6439662d3782a392f%40%3Cissues.hive.apache.org%3E"
            },
            {
              "name": "[hive-issues] 20210216 [jira] [Assigned] (HIVE-24787) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/r5a68258e5ab12532dc179edae3d6e87037fa3b50ab9d63a90c432507%40%3Cissues.hive.apache.org%3E"
            },
            {
              "name": "[hive-issues] 20210218 [jira] [Updated] (HIVE-24787) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/ra051e07a0eea4943fa104247e69596f094951f51512d42c924e86c75%40%3Cissues.hive.apache.org%3E"
            },
            {
              "name": "[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E"
            },
            {
              "name": "[flink-issues] 20210510 [GitHub] [flink] zentol opened a new pull request #15879: [FLINK-22407][build] Bump log4j to 2.24.1",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/r45916179811a32cbaa500f972de9098e6ee80ee81c7f134fce83e03a%40%3Cissues.flink.apache.org%3E"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
            },
            {
              "name": "[kafka-users] 20210617 vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/r2721aba31a8562639c4b937150897e24f78f747cdbda8641c0f659fe%40%3Cusers.kafka.apache.org%3E"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            },
            {
              "name": "DSA-5020",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2021/dsa-5020"
            },
            {
              "name": "[debian-lts-announce] 20211226 [SECURITY] [DLA 2852-1] apache-log4j2 security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00017.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@apache.org",
              "ID": "CVE-2020-9488",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Apache Log4j",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "log4j-core",
                                "version_value": "2.12.3"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "log4j-core",
                                "version_value": "2.13.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Apache"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. Fixed in Apache Log4j 2.12.3 and 2.13.1"
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Improper Validation of Certificate with Host Mismatch"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[zookeeper-issues] 20200504 [jira] [Created] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/r8c001b9a95c0bbec06f4457721edd94935a55932e64b82cc5582b846@%3Cissues.zookeeper.apache.org%3E"
                },
                {
                  "name": "[zookeeper-dev] 20200504 [jira] [Created] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/r2f209d271349bafd91537a558a279c08ebcff8fa3e547357d58833e6@%3Cdev.zookeeper.apache.org%3E"
                },
                {
                  "name": "[zookeeper-notifications] 20200504 Build failed in Jenkins: zookeeper-master-maven-owasp #489",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/r7641ee788e1eb1be4bb206a7d15f8a64ec6ef23e5ec6132d5a567695@%3Cnotifications.zookeeper.apache.org%3E"
                },
                {
                  "name": "[zookeeper-issues] 20200504 [jira] [Assigned] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/rd8e87c4d69df335d0ba7d815b63be8bd8a6352f429765c52eb07ddac@%3Cissues.zookeeper.apache.org%3E"
                },
                {
                  "name": "[zookeeper-issues] 20200504 [jira] [Commented] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/r4285398e5585a0456d3d9db021a4fce6e6fcf3ec027dfa13a450ec98@%3Cissues.zookeeper.apache.org%3E"
                },
                {
                  "name": "[zookeeper-dev] 20200504 log4j SmtpAppender related CVE",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/r0df3d7a5acb98c57e64ab9266aa21eeee1d9b399addb96f9cf1cbe05@%3Cdev.zookeeper.apache.org%3E"
                },
                {
                  "name": "[zookeeper-notifications] 20200504 [GitHub] [zookeeper] symat opened a new pull request #1346: ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/r7e739f2961753af95e2a3a637828fb88bfca68e5d6b0221d483a9ee5@%3Cnotifications.zookeeper.apache.org%3E"
                },
                {
                  "name": "[zookeeper-issues] 20200504 [jira] [Updated] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/r9a79175c393d14d760a0ae3731b4a873230a16ef321aa9ca48a810cd@%3Cissues.zookeeper.apache.org%3E"
                },
                {
                  "name": "[zookeeper-commits] 20200504 [zookeeper] branch master updated: ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/rbc45eb0f53fd6242af3e666c2189464f848a851d408289840cecc6e3@%3Ccommits.zookeeper.apache.org%3E"
                },
                {
                  "name": "[zookeeper-commits] 20200504 [zookeeper] branch branch-3.5 updated: ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/rec34b1cccf907898e7cb36051ffac3ccf1ea89d0b261a2a3b3fb267f@%3Ccommits.zookeeper.apache.org%3E"
                },
                {
                  "name": "[zookeeper-commits] 20200504 [zookeeper] branch branch-3.6 updated: ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/r48efc7cb5aeb4e1f67aaa06fb4b5479a5635d12f07d0b93fc2d08809@%3Ccommits.zookeeper.apache.org%3E"
                },
                {
                  "name": "[zookeeper-issues] 20200504 [jira] [Resolved] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/rd55f65c6822ff235eda435d31488cfbb9aa7055cdf47481ebee777cc@%3Cissues.zookeeper.apache.org%3E"
                },
                {
                  "name": "[zookeeper-notifications] 20200504 [GitHub] [zookeeper] symat commented on pull request #1346: ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/rc6b81c013618d1de1b5d6b8c1088aaf87b4bacc10c2371f15a566701@%3Cnotifications.zookeeper.apache.org%3E"
                },
                {
                  "name": "[kafka-dev] 20200514 [jira] [Created] (KAFKA-9996) upgrade zookeeper to 3.5.8 to address security vulnerabilities",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/r7e5c10534ed06bf805473ac85e8412fe3908a8fa4cabf5027bf11220@%3Cdev.kafka.apache.org%3E"
                },
                {
                  "name": "[kafka-jira] 20200514 [jira] [Created] (KAFKA-9996) upgrade zookeeper to 3.5.8 to address security vulnerabilities",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/r8e96c340004b7898cad3204ea51280ef6e4b553a684e1452bf1b18b1@%3Cjira.kafka.apache.org%3E"
                },
                {
                  "name": "[kafka-dev] 20200514 [jira] [Created] (KAFKA-9997) upgrade log4j lib to address CVE-2020-9488",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/rf1c2a81a08034c688b8f15cf58a4cfab322d00002ca46d20133bee20@%3Cdev.kafka.apache.org%3E"
                },
                {
                  "name": "[kafka-jira] 20200514 [jira] [Created] (KAFKA-9997) upgrade log4j lib to address CVE-2020-9488",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/r0a2699f724156a558afd1abb6c044fb9132caa66dce861b82699722a@%3Cjira.kafka.apache.org%3E"
                },
                {
                  "name": "[kafka-jira] 20200515 [jira] [Commented] (KAFKA-9997) upgrade log4j lib to address CVE-2020-9488",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/r48bcd06049c1779ef709564544c3d8a32ae6ee5c3b7281a606ac4463@%3Cjira.kafka.apache.org%3E"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
                },
                {
                  "name": "https://issues.apache.org/jira/browse/LOG4J2-2819",
                  "refsource": "CONFIRM",
                  "url": "https://issues.apache.org/jira/browse/LOG4J2-2819"
                },
                {
                  "name": "https://security.netapp.com/advisory/ntap-20200504-0003/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20200504-0003/"
                },
                {
                  "name": "[db-torque-dev] 20200715 Build failed in Jenkins: Torque4-trunk #685",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/r393943de452406f0f6f4b3def9f8d3c071f96323c1f6ed1a098f7fe4@%3Ctorque-dev.db.apache.org%3E"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
                },
                {
                  "name": "[hive-issues] 20201207 [jira] [Work started] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/r1fc73f0e16ec2fa249d3ad39a5194afb9cc5afb4c023dc0bab5a5881@%3Cissues.hive.apache.org%3E"
                },
                {
                  "name": "[hive-issues] 20201207 [jira] [Assigned] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/ra632b329b2ae2324fabbad5da204c4ec2e171ff60348ec4ba698fd40@%3Cissues.hive.apache.org%3E"
                },
                {
                  "name": "[hive-issues] 20201207 [jira] [Updated] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/r4ed1f49616a8603832d378cb9d13e7a8b9b27972bb46d946ccd8491f@%3Cissues.hive.apache.org%3E"
                },
                {
                  "name": "[hive-dev] 20201207 [jira] [Created] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/r4db540cafc5d7232c62e076051ef661d37d345015b2e59b3f81a932f@%3Cdev.hive.apache.org%3E"
                },
                {
                  "name": "[hive-issues] 20201208 [jira] [Work logged] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/r9776e71e3c67c5d13a91c1eba0dc025b48b802eb7561cc6956d6961c@%3Cissues.hive.apache.org%3E"
                },
                {
                  "name": "[hive-issues] 20201208 [jira] [Updated] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/r65578f3761a89bc164e8964acd5d913b9f8fd997967b195a89a97ca3@%3Cissues.hive.apache.org%3E"
                },
                {
                  "name": "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26@%3Ccommits.pulsar.apache.org%3E"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpujan2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
                },
                {
                  "name": "https://lists.apache.org/thread.html/re024d86dffa72ad800f2848d0c77ed93f0b78ee808350b477a6ed987@%3Cgitbox.hive.apache.org%3E",
                  "refsource": "MISC",
                  "url": "https://lists.apache.org/thread.html/re024d86dffa72ad800f2848d0c77ed93f0b78ee808350b477a6ed987@%3Cgitbox.hive.apache.org%3E"
                },
                {
                  "name": "https://lists.apache.org/thread.html/rbc7642b9800249553f13457e46b813bea1aec99d2bc9106510e00ff3@%3Ctorque-dev.db.apache.org%3E",
                  "refsource": "MISC",
                  "url": "https://lists.apache.org/thread.html/rbc7642b9800249553f13457e46b813bea1aec99d2bc9106510e00ff3@%3Ctorque-dev.db.apache.org%3E"
                },
                {
                  "name": "[hive-issues] 20210125 [jira] [Work logged] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/r3d1d00441c55144a4013adda74b051ae7864128ebcfb6ee9721a2eb3@%3Cissues.hive.apache.org%3E"
                },
                {
                  "name": "[db-torque-dev] 20210127 Re: Items for our (delayed) quarterly report to the board?",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/rc2dbc4633a6eea1fcbce6831876cfa17b73759a98c65326d1896cb1a@%3Ctorque-dev.db.apache.org%3E"
                },
                {
                  "name": "[db-torque-dev] 20210128 Antwort: Re: Items for our (delayed) quarterly report to the board?",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/rd5d58088812cf8e677d99b07f73c654014c524c94e7fedbdee047604@%3Ctorque-dev.db.apache.org%3E"
                },
                {
                  "name": "[hive-issues] 20210209 [jira] [Resolved] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/r33864a0fc171c1c4bf680645ebb6d4f8057899ab294a43e1e4fe9d04@%3Cissues.hive.apache.org%3E"
                },
                {
                  "name": "[hive-dev] 20210216 [jira] [Created] (HIVE-24787) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/r4d5dc9f3520071338d9ebc26f9f158a43ae28a91923d176b550a807b@%3Cdev.hive.apache.org%3E"
                },
                {
                  "name": "[hive-issues] 20210216 [jira] [Resolved] (HIVE-24787) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/r22a56beb76dd8cf18e24fda9072f1e05990f49d6439662d3782a392f@%3Cissues.hive.apache.org%3E"
                },
                {
                  "name": "[hive-issues] 20210216 [jira] [Assigned] (HIVE-24787) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/r5a68258e5ab12532dc179edae3d6e87037fa3b50ab9d63a90c432507@%3Cissues.hive.apache.org%3E"
                },
                {
                  "name": "[hive-issues] 20210218 [jira] [Updated] (HIVE-24787) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/ra051e07a0eea4943fa104247e69596f094951f51512d42c924e86c75@%3Cissues.hive.apache.org%3E"
                },
                {
                  "name": "[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E"
                },
                {
                  "name": "[flink-issues] 20210510 [GitHub] [flink] zentol opened a new pull request #15879: [FLINK-22407][build] Bump log4j to 2.24.1",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/r45916179811a32cbaa500f972de9098e6ee80ee81c7f134fce83e03a@%3Cissues.flink.apache.org%3E"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
                },
                {
                  "name": "[kafka-users] 20210617 vulnerabilities",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/r2721aba31a8562639c4b937150897e24f78f747cdbda8641c0f659fe@%3Cusers.kafka.apache.org%3E"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
                },
                {
                  "name": "DSA-5020",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2021/dsa-5020"
                },
                {
                  "name": "[debian-lts-announce] 20211226 [SECURITY] [DLA 2852-1] apache-log4j2 security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00017.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "assignerShortName": "apache",
        "cveId": "CVE-2020-9488",
        "datePublished": "2020-04-27T15:36:10.000Z",
        "dateReserved": "2020-03-01T00:00:00.000Z",
        "dateUpdated": "2026-05-29T16:07:52.931Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2020-2942 (GCVE-0-2020-2942)

    Vulnerability from cvelistv5 – Published: 2020-04-15 13:29 – Updated: 2024-09-27 18:47
    VLAI
    Summary
    Vulnerability in the Oracle Financial Services Price Creation and Discovery product of Oracle Financial Services Applications (component: User Interface). The supported version that is affected is 8.0.7. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Price Creation and Discovery. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Price Creation and Discovery accessible data as well as unauthorized read access to a subset of Oracle Financial Services Price Creation and Discovery accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N).
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Price Creation and Discovery. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Price Creation and Discovery accessible data as well as unauthorized read access to a subset of Oracle Financial Services Price Creation and Discovery accessible data.
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T07:24:00.343Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-2942",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-27T18:00:28.066916Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-27T18:47:53.472Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Financial Services Price Creation and Discovery",
              "vendor": "Oracle Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "8.0.7"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Vulnerability in the Oracle Financial Services Price Creation and Discovery product of Oracle Financial Services Applications (component: User Interface). The supported version that is affected is 8.0.7. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Price Creation and Discovery. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Price Creation and Discovery accessible data as well as unauthorized read access to a subset of Oracle Financial Services Price Creation and Discovery accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N)."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Price Creation and Discovery.  Successful attacks of this vulnerability can result in  unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Price Creation and Discovery accessible data as well as  unauthorized read access to a subset of Oracle Financial Services Price Creation and Discovery accessible data.",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-04-15T13:29:53.000Z",
            "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
            "shortName": "oracle"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert_us@oracle.com",
              "ID": "CVE-2020-2942",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Financial Services Price Creation and Discovery",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "8.0.7"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Oracle Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Vulnerability in the Oracle Financial Services Price Creation and Discovery product of Oracle Financial Services Applications (component: User Interface). The supported version that is affected is 8.0.7. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Price Creation and Discovery. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Price Creation and Discovery accessible data as well as unauthorized read access to a subset of Oracle Financial Services Price Creation and Discovery accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N)."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": "7.1",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Price Creation and Discovery.  Successful attacks of this vulnerability can result in  unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Price Creation and Discovery accessible data as well as  unauthorized read access to a subset of Oracle Financial Services Price Creation and Discovery accessible data."
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "assignerShortName": "oracle",
        "cveId": "CVE-2020-2942",
        "datePublished": "2020-04-15T13:29:53.000Z",
        "dateReserved": "2019-12-10T00:00:00.000Z",
        "dateUpdated": "2024-09-27T18:47:53.472Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-11112 (GCVE-0-2020-11112)

    Vulnerability from cvelistv5 – Published: 2020-03-31 04:37 – Updated: 2024-08-04 11:21
    VLAI
    Summary
    FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    Impacted products
    Vendor Product Version
    fasterxml jackson-databind Affected: 0 , < 2.9.10.4 (custom)
        cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*
    Create a notification for this product.
    debian debian_linux Affected: 8.0
        cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
    Create a notification for this product.
    netapp steelstore_cloud_integrated_storage Affected: *
        cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle agile_plm Affected: 9.3.6
        cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle autovue_for_agile_product_lifecycle_management Affected: 21.0.2
        cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle banking_digital_experience Affected: 18.1 , ≤ 18.3 (custom)
    Affected: 19.1 , ≤ 19.2 (custom)
    Affected: 20.1
    Affected: 2.4.0 , ≤ 2.9.0 (custom)
        cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_calendar_server Affected: 8.0.0.4.0 , ≤ 8.0.0.5.0 (custom)
        cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_diameter_signaling_router Affected: 8.0.0 , ≤ 8.2.2 (custom)
        cpe:2.3:a:oracle:communications_diameter_signaling_router:-:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_element_manager Affected: 8.2.0 , ≤ 8.2.2 (custom)
        cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_evolved_communications_application_server Affected: 7.1
        cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_instant_messaging_server Affected: 10.0.1.4.0
        cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_network_charging_and_control Affected: 6.0.1
        cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_network_charging_and_control Affected: 12.0.0 , ≤ 12.0.3 (custom)
        cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_session_route_manager Affected: 8.2.0 , ≤ 8.2.2 (custom)
        cpe:2.3:a:oracle:communications_session_route_manager:-:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle enterprise_manager_base_platform Affected: 13.3.0.0 , ≤ 13.4.0.0 (custom)
        cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle financial_services_analytical_applications_infrastructure Affected: 8.0.6 , ≤ 8.1.0 (custom)
        cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle financial_services_institutional_performance_analytics Affected: 8.0.6
    Affected: 8.0.7
    Affected: 8.1.0
        cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle financial_services_price_creation_and_discovery Affected: 8.0.6 , ≤ 8.0.7 (custom)
        cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle financial_services_retail_customer_analytics Affected: 8.0.6
        cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle global_lifecycle_management_opatch Affected: 0 , ≤ 12.2.0.1.20 (custom)
        cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle insurance_policy_administration_j2ee Affected: 11.0.2.25 , < 11.1.0.15 (custom)
        cpe:2.3:a:oracle:insurance_policy_administration_j2ee:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle jd_edwards_enterpriseone_orchestrator Affected: 0 , ≤ 9.2.4.2 (custom)
        cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:-:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle primavera_unifier Affected: 16.1
    Affected: 16.2
    Affected: 17.7 , ≤ 17.12 (custom)
    Affected: 18.8
    Affected: 19.12
        cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle retail_merchandising_system Affected: 15.0
        cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle retail_sales_audit Affected: 14.1
        cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle retail_service_backbone Affected: 14.1
    Affected: 15.0
    Affected: 16.0
        cpe:2.3:a:oracle:retail_service_backbone:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle retail_xstore_point_of_service Affected: 15.0 , ≤ 19.0 (custom)
        cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle weblogic_server Affected: 12.2.1.3.0 , ≤ 12.2.1.4.0 (custom)
        cpe:2.3:a:oracle:weblogic_server:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jackson-databind",
                "vendor": "fasterxml",
                "versions": [
                  {
                    "lessThan": "2.9.10.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "debian_linux",
                "vendor": "debian",
                "versions": [
                  {
                    "status": "affected",
                    "version": "8.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "steelstore_cloud_integrated_storage",
                "vendor": "netapp",
                "versions": [
                  {
                    "status": "affected",
                    "version": "*"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "agile_plm",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "9.3.6"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "autovue_for_agile_product_lifecycle_management",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "21.0.2"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "banking_digital_experience",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "18.3",
                    "status": "affected",
                    "version": "18.1",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "19.2",
                    "status": "affected",
                    "version": "19.1",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "20.1"
                  },
                  {
                    "lessThanOrEqual": "2.9.0",
                    "status": "affected",
                    "version": "2.4.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_calendar_server",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.0.0.5.0",
                    "status": "affected",
                    "version": "8.0.0.4.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_diameter_signaling_router:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_diameter_signaling_router",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.2.2",
                    "status": "affected",
                    "version": "8.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_element_manager",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.2.2",
                    "status": "affected",
                    "version": "8.2.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_evolved_communications_application_server",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "7.1"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_instant_messaging_server",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "10.0.1.4.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_network_charging_and_control",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "6.0.1"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_network_charging_and_control",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "12.0.3",
                    "status": "affected",
                    "version": "12.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_session_route_manager:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_session_route_manager",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.2.2",
                    "status": "affected",
                    "version": "8.2.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "enterprise_manager_base_platform",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "13.4.0.0",
                    "status": "affected",
                    "version": "13.3.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "financial_services_analytical_applications_infrastructure",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.1.0",
                    "status": "affected",
                    "version": "8.0.6",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "financial_services_institutional_performance_analytics",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "8.0.6"
                  },
                  {
                    "status": "affected",
                    "version": "8.0.7"
                  },
                  {
                    "status": "affected",
                    "version": "8.1.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "financial_services_price_creation_and_discovery",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.0.7",
                    "status": "affected",
                    "version": "8.0.6",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "financial_services_retail_customer_analytics",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "8.0.6"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "global_lifecycle_management_opatch",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "12.2.0.1.20",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "insurance_policy_administration_j2ee",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThan": "11.1.0.15",
                    "status": "affected",
                    "version": "11.0.2.25",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jd_edwards_enterpriseone_orchestrator",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "9.2.4.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "primavera_unifier",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "16.1"
                  },
                  {
                    "status": "affected",
                    "version": "16.2"
                  },
                  {
                    "lessThanOrEqual": "17.12",
                    "status": "affected",
                    "version": "17.7",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "18.8"
                  },
                  {
                    "status": "affected",
                    "version": "19.12"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "retail_merchandising_system",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "15.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "retail_sales_audit",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "14.1"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:retail_service_backbone:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "retail_service_backbone",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "14.1"
                  },
                  {
                    "status": "affected",
                    "version": "15.0"
                  },
                  {
                    "status": "affected",
                    "version": "16.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "retail_xstore_point_of_service",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "19.0",
                    "status": "affected",
                    "version": "15.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:weblogic_server:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "weblogic_server",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "12.2.1.4.0",
                    "status": "affected",
                    "version": "12.2.1.3.0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-11112",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-25T04:00:42.504958Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-502",
                    "description": "CWE-502 Deserialization of Untrusted Data",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:12:17.235Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T11:21:14.621Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[debian-lts-announce] 20200417 [SECURITY] [DLA 2179-1] jackson-databind security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20200403-0002/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/FasterXML/jackson-databind/issues/2666"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy)."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-10-20T10:38:49.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "[debian-lts-announce] 20200417 [SECURITY] [DLA 2179-1] jackson-databind security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20200403-0002/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/FasterXML/jackson-databind/issues/2666"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2020-11112",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy)."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[debian-lts-announce] 20200417 [SECURITY] [DLA 2179-1] jackson-databind security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html"
                },
                {
                  "name": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
                  "refsource": "MISC",
                  "url": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
                },
                {
                  "name": "https://security.netapp.com/advisory/ntap-20200403-0002/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20200403-0002/"
                },
                {
                  "name": "https://github.com/FasterXML/jackson-databind/issues/2666",
                  "refsource": "MISC",
                  "url": "https://github.com/FasterXML/jackson-databind/issues/2666"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpujan2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2020-11112",
        "datePublished": "2020-03-31T04:37:41.000Z",
        "dateReserved": "2020-03-31T00:00:00.000Z",
        "dateUpdated": "2024-08-04T11:21:14.621Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-11113 (GCVE-0-2020-11113)

    Vulnerability from cvelistv5 – Published: 2020-03-31 04:37 – Updated: 2025-08-27 20:32
    VLAI
    Summary
    FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    Impacted products
    Vendor Product Version
    fasterxml jackson-databind Affected: 0 , < 2.9.10.4 (custom)
        cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*
    Create a notification for this product.
    debian debian_linux Affected: 8.0
        cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
    Create a notification for this product.
    netapp steelstore_cloud_integrated_storage Affected: *
        cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle agile_plm Affected: 9.3.6
        cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle autovue_for_agile_product_lifecycle_management Affected: 21.0.2
        cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle banking_digital_experience Affected: 18.1 , ≤ 18.3 (custom)
    Affected: 19.1 , ≤ 19.2 (custom)
    Affected: 20.1
    Affected: 2.4.0 , ≤ 2.9.0 (custom)
        cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_calendar_server Affected: 8.0.0.4.0 , ≤ 8.0.0.5.0 (custom)
        cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_diameter_signaling_router Affected: 8.0.0 , ≤ 8.2.2 (custom)
        cpe:2.3:a:oracle:communications_diameter_signaling_router:-:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_element_manager Affected: 8.2.0 , ≤ 8.2.2 (custom)
        cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_evolved_communications_application_server Affected: 7.1
        cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_instant_messaging_server Affected: 10.0.1.4.0
        cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_network_charging_and_control Affected: 6.0.1
        cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_network_charging_and_control Affected: 12.0.0 , ≤ 12.0.3 (custom)
        cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_session_route_manager Affected: 8.2.0 , ≤ 8.2.2 (custom)
        cpe:2.3:a:oracle:communications_session_route_manager:-:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle enterprise_manager_base_platform Affected: 13.3.0.0 , ≤ 13.4.0.0 (custom)
        cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle financial_services_analytical_applications_infrastructure Affected: 8.0.6 , ≤ 8.1.0 (custom)
        cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle financial_services_institutional_performance_analytics Affected: 8.0.6
    Affected: 8.0.7
    Affected: 8.1.0
        cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle financial_services_price_creation_and_discovery Affected: 8.0.6 , ≤ 8.0.7 (custom)
        cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle financial_services_retail_customer_analytics Affected: 8.0.6
        cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle global_lifecycle_management_opatch Affected: 0 , ≤ 12.2.0.1.20 (custom)
        cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle insurance_policy_administration_j2ee Affected: 11.0.2.25 , < 11.1.0.15 (custom)
        cpe:2.3:a:oracle:insurance_policy_administration_j2ee:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle jd_edwards_enterpriseone_orchestrator Affected: 0 , ≤ 9.2.4.2 (custom)
        cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:-:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle primavera_unifier Affected: 16.1
    Affected: 16.2
    Affected: 17.7 , ≤ 17.12 (custom)
    Affected: 18.8
    Affected: 19.12
        cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle retail_merchandising_system Affected: 15.0
        cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle retail_sales_audit Affected: 14.1
        cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle retail_service_backbone Affected: 14.1
    Affected: 15.0
    Affected: 16.0
        cpe:2.3:a:oracle:retail_service_backbone:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle retail_xstore_point_of_service Affected: 15.0 , ≤ 19.0 (custom)
        cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle weblogic_server Affected: 12.2.1.3.0 , ≤ 12.2.1.4.0 (custom)
        cpe:2.3:a:oracle:weblogic_server:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jackson-databind",
                "vendor": "fasterxml",
                "versions": [
                  {
                    "lessThan": "2.9.10.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "debian_linux",
                "vendor": "debian",
                "versions": [
                  {
                    "status": "affected",
                    "version": "8.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "steelstore_cloud_integrated_storage",
                "vendor": "netapp",
                "versions": [
                  {
                    "status": "affected",
                    "version": "*"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "agile_plm",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "9.3.6"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "autovue_for_agile_product_lifecycle_management",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "21.0.2"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "banking_digital_experience",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "18.3",
                    "status": "affected",
                    "version": "18.1",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "19.2",
                    "status": "affected",
                    "version": "19.1",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "20.1"
                  },
                  {
                    "lessThanOrEqual": "2.9.0",
                    "status": "affected",
                    "version": "2.4.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "banking_digital_experience",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "18.3",
                    "status": "affected",
                    "version": "18.1",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "19.2",
                    "status": "affected",
                    "version": "19.1",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "20.1"
                  },
                  {
                    "lessThanOrEqual": "2.9.0",
                    "status": "affected",
                    "version": "2.4.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "banking_digital_experience",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "18.3",
                    "status": "affected",
                    "version": "18.1",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "19.2",
                    "status": "affected",
                    "version": "19.1",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "20.1"
                  },
                  {
                    "lessThanOrEqual": "2.9.0",
                    "status": "affected",
                    "version": "2.4.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "banking_digital_experience",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "18.3",
                    "status": "affected",
                    "version": "18.1",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "19.2",
                    "status": "affected",
                    "version": "19.1",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "20.1"
                  },
                  {
                    "lessThanOrEqual": "2.9.0",
                    "status": "affected",
                    "version": "2.4.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_calendar_server",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.0.0.5.0",
                    "status": "affected",
                    "version": "8.0.0.4.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_diameter_signaling_router:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_diameter_signaling_router",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.2.2",
                    "status": "affected",
                    "version": "8.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_element_manager",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.2.2",
                    "status": "affected",
                    "version": "8.2.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_evolved_communications_application_server",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "7.1"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_instant_messaging_server",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "10.0.1.4.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_network_charging_and_control",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "6.0.1"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_network_charging_and_control",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "12.0.3",
                    "status": "affected",
                    "version": "12.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_session_route_manager:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_session_route_manager",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.2.2",
                    "status": "affected",
                    "version": "8.2.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "enterprise_manager_base_platform",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "13.4.0.0",
                    "status": "affected",
                    "version": "13.3.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "financial_services_analytical_applications_infrastructure",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.1.0",
                    "status": "affected",
                    "version": "8.0.6",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "financial_services_institutional_performance_analytics",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "8.0.6"
                  },
                  {
                    "status": "affected",
                    "version": "8.0.7"
                  },
                  {
                    "status": "affected",
                    "version": "8.1.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "financial_services_institutional_performance_analytics",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "8.0.6"
                  },
                  {
                    "status": "affected",
                    "version": "8.0.7"
                  },
                  {
                    "status": "affected",
                    "version": "8.1.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "financial_services_institutional_performance_analytics",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "8.0.6"
                  },
                  {
                    "status": "affected",
                    "version": "8.0.7"
                  },
                  {
                    "status": "affected",
                    "version": "8.1.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "financial_services_price_creation_and_discovery",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.0.7",
                    "status": "affected",
                    "version": "8.0.6",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "financial_services_retail_customer_analytics",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "8.0.6"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "global_lifecycle_management_opatch",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "12.2.0.1.20",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "insurance_policy_administration_j2ee",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThan": "11.1.0.15",
                    "status": "affected",
                    "version": "11.0.2.25",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jd_edwards_enterpriseone_orchestrator",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "9.2.4.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "primavera_unifier",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "16.1"
                  },
                  {
                    "status": "affected",
                    "version": "16.2"
                  },
                  {
                    "lessThanOrEqual": "17.12",
                    "status": "affected",
                    "version": "17.7",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "18.8"
                  },
                  {
                    "status": "affected",
                    "version": "19.12"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "primavera_unifier",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "16.1"
                  },
                  {
                    "status": "affected",
                    "version": "16.2"
                  },
                  {
                    "lessThanOrEqual": "17.12",
                    "status": "affected",
                    "version": "17.7",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "18.8"
                  },
                  {
                    "status": "affected",
                    "version": "19.12"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "primavera_unifier",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "16.1"
                  },
                  {
                    "status": "affected",
                    "version": "16.2"
                  },
                  {
                    "lessThanOrEqual": "17.12",
                    "status": "affected",
                    "version": "17.7",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "18.8"
                  },
                  {
                    "status": "affected",
                    "version": "19.12"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "primavera_unifier",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "16.1"
                  },
                  {
                    "status": "affected",
                    "version": "16.2"
                  },
                  {
                    "lessThanOrEqual": "17.12",
                    "status": "affected",
                    "version": "17.7",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "18.8"
                  },
                  {
                    "status": "affected",
                    "version": "19.12"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "primavera_unifier",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "16.1"
                  },
                  {
                    "status": "affected",
                    "version": "16.2"
                  },
                  {
                    "lessThanOrEqual": "17.12",
                    "status": "affected",
                    "version": "17.7",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "18.8"
                  },
                  {
                    "status": "affected",
                    "version": "19.12"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "retail_merchandising_system",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "15.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "retail_sales_audit",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "14.1"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:retail_service_backbone:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "retail_service_backbone",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "14.1"
                  },
                  {
                    "status": "affected",
                    "version": "15.0"
                  },
                  {
                    "status": "affected",
                    "version": "16.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:retail_service_backbone:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "retail_service_backbone",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "14.1"
                  },
                  {
                    "status": "affected",
                    "version": "15.0"
                  },
                  {
                    "status": "affected",
                    "version": "16.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:retail_service_backbone:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "retail_service_backbone",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "14.1"
                  },
                  {
                    "status": "affected",
                    "version": "15.0"
                  },
                  {
                    "status": "affected",
                    "version": "16.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "retail_xstore_point_of_service",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "19.0",
                    "status": "affected",
                    "version": "15.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:weblogic_server:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "weblogic_server",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "12.2.1.4.0",
                    "status": "affected",
                    "version": "12.2.1.3.0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-11113",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-25T04:00:43.551763Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-502",
                    "description": "CWE-502 Deserialization of Untrusted Data",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-08-27T20:32:51.363Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T11:21:14.618Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[debian-lts-announce] 20200417 [SECURITY] [DLA 2179-1] jackson-databind security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20200403-0002/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/FasterXML/jackson-databind/issues/2670"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa)."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-10-20T10:38:50.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "[debian-lts-announce] 20200417 [SECURITY] [DLA 2179-1] jackson-databind security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20200403-0002/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/FasterXML/jackson-databind/issues/2670"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2020-11113",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa)."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[debian-lts-announce] 20200417 [SECURITY] [DLA 2179-1] jackson-databind security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html"
                },
                {
                  "name": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
                  "refsource": "MISC",
                  "url": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
                },
                {
                  "name": "https://security.netapp.com/advisory/ntap-20200403-0002/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20200403-0002/"
                },
                {
                  "name": "https://github.com/FasterXML/jackson-databind/issues/2670",
                  "refsource": "MISC",
                  "url": "https://github.com/FasterXML/jackson-databind/issues/2670"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpujan2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2020-11113",
        "datePublished": "2020-03-31T04:37:27.000Z",
        "dateReserved": "2020-03-31T00:00:00.000Z",
        "dateUpdated": "2025-08-27T20:32:51.363Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-10968 (GCVE-0-2020-10968)

    Vulnerability from cvelistv5 – Published: 2020-03-26 12:43 – Updated: 2024-08-04 11:21
    VLAI
    Summary
    FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    Impacted products
    Vendor Product Version
    debian debian_linux Affected: 8.0
        cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
    Create a notification for this product.
    netapp steelstore_cloud_integrated_storage Affected: *
        cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle agile_plm Affected: 9.3.6
        cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle autovue_for_agile_product_lifecycle_management Affected: 21.0.2
        cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle banking_digital_experience Affected: 18.1 , ≤ 18.3 (custom)
    Affected: 19.1 , ≤ 19.2 (custom)
    Affected: 20.1
    Affected: 2.4.0 , ≤ 2.9.0 (custom)
        cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_calendar_server Affected: 8.0.0.4.0 , ≤ 8.0.0.5.0 (custom)
        cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_diameter_signaling_router Affected: 8.0.0 , ≤ 8.2.2 (custom)
        cpe:2.3:a:oracle:communications_diameter_signaling_router:-:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_element_manager Affected: 8.2.0 , ≤ 8.2.2 (custom)
        cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_evolved_communications_application_server Affected: 7.1
        cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_instant_messaging_server Affected: 10.0.1.4.0
        cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_network_charging_and_control Affected: 6.0.1
        cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_network_charging_and_control Affected: 12.0.0 , ≤ 12.0.3 (custom)
        cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_session_route_manager Affected: 8.2.0 , ≤ 8.2.2 (custom)
        cpe:2.3:a:oracle:communications_session_route_manager:-:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle enterprise_manager_base_platform Affected: 13.3.0.0 , ≤ 13.4.0.0 (custom)
        cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle financial_services_analytical_applications_infrastructure Affected: 8.0.6 , ≤ 8.1.0 (custom)
        cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle financial_services_institutional_performance_analytics Affected: 8.0.6
    Affected: 8.0.7
    Affected: 8.1.0
        cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle financial_services_price_creation_and_discovery Affected: 8.0.6 , ≤ 8.0.7 (custom)
        cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle financial_services_retail_customer_analytics Affected: 8.0.6
        cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle global_lifecycle_management_opatch Affected: 0 , ≤ 12.2.0.1.20 (custom)
        cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle insurance_policy_administration_j2ee Affected: 11.0.2.25 , < 11.1.0.15 (custom)
        cpe:2.3:a:oracle:insurance_policy_administration_j2ee:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle jd_edwards_enterpriseone_orchestrator Affected: 0 , ≤ 9.2.4.2 (custom)
        cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:-:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle primavera_unifier Affected: 16.1
    Affected: 16.2
    Affected: 17.7 , ≤ 17.12 (custom)
    Affected: 18.8
    Affected: 19.12
        cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle retail_merchandising_system Affected: 15.0
        cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle retail_sales_audit Affected: 14.1
        cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle retail_service_backbone Affected: 14.1
    Affected: 15.0
    Affected: 16.0
        cpe:2.3:a:oracle:retail_service_backbone:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle retail_xstore_point_of_service Affected: 15.0 , ≤ 19.0 (custom)
        cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle weblogic_server Affected: 12.2.1.3.0 , ≤ 12.2.1.4.0 (custom)
        cpe:2.3:a:oracle:weblogic_server:*:*:*:*:*:*:*:*
    Create a notification for this product.
    fasterxml jackson-databind Affected: 2.0.0 , < 2.9.10.4 (custom)
        cpe:2.3:a:fasterxml:jackson-databind:2.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "debian_linux",
                "vendor": "debian",
                "versions": [
                  {
                    "status": "affected",
                    "version": "8.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "steelstore_cloud_integrated_storage",
                "vendor": "netapp",
                "versions": [
                  {
                    "status": "affected",
                    "version": "*"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "agile_plm",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "9.3.6"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "autovue_for_agile_product_lifecycle_management",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "21.0.2"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "banking_digital_experience",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "18.3",
                    "status": "affected",
                    "version": "18.1",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "19.2",
                    "status": "affected",
                    "version": "19.1",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "20.1"
                  },
                  {
                    "lessThanOrEqual": "2.9.0",
                    "status": "affected",
                    "version": "2.4.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_calendar_server",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.0.0.5.0",
                    "status": "affected",
                    "version": "8.0.0.4.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_diameter_signaling_router:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_diameter_signaling_router",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.2.2",
                    "status": "affected",
                    "version": "8.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_element_manager",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.2.2",
                    "status": "affected",
                    "version": "8.2.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_evolved_communications_application_server",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "7.1"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_instant_messaging_server",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "10.0.1.4.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_network_charging_and_control",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "6.0.1"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_network_charging_and_control",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "12.0.3",
                    "status": "affected",
                    "version": "12.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_session_route_manager:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_session_route_manager",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.2.2",
                    "status": "affected",
                    "version": "8.2.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "enterprise_manager_base_platform",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "13.4.0.0",
                    "status": "affected",
                    "version": "13.3.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "financial_services_analytical_applications_infrastructure",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.1.0",
                    "status": "affected",
                    "version": "8.0.6",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "financial_services_institutional_performance_analytics",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "8.0.6"
                  },
                  {
                    "status": "affected",
                    "version": "8.0.7"
                  },
                  {
                    "status": "affected",
                    "version": "8.1.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "financial_services_price_creation_and_discovery",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.0.7",
                    "status": "affected",
                    "version": "8.0.6",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "financial_services_retail_customer_analytics",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "8.0.6"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "global_lifecycle_management_opatch",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "12.2.0.1.20",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "insurance_policy_administration_j2ee",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThan": "11.1.0.15",
                    "status": "affected",
                    "version": "11.0.2.25",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jd_edwards_enterpriseone_orchestrator",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "9.2.4.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "primavera_unifier",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "16.1"
                  },
                  {
                    "status": "affected",
                    "version": "16.2"
                  },
                  {
                    "lessThanOrEqual": "17.12",
                    "status": "affected",
                    "version": "17.7",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "18.8"
                  },
                  {
                    "status": "affected",
                    "version": "19.12"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "retail_merchandising_system",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "15.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "retail_sales_audit",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "14.1"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:retail_service_backbone:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "retail_service_backbone",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "14.1"
                  },
                  {
                    "status": "affected",
                    "version": "15.0"
                  },
                  {
                    "status": "affected",
                    "version": "16.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "retail_xstore_point_of_service",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "19.0",
                    "status": "affected",
                    "version": "15.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:weblogic_server:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "weblogic_server",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "12.2.1.4.0",
                    "status": "affected",
                    "version": "12.2.1.3.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:fasterxml:jackson-databind:2.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jackson-databind",
                "vendor": "fasterxml",
                "versions": [
                  {
                    "lessThan": "2.9.10.4",
                    "status": "affected",
                    "version": "2.0.0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-10968",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-25T04:00:46.867668Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-502",
                    "description": "CWE-502 Deserialization of Untrusted Data",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T19:57:31.283Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T11:21:14.276Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[debian-lts-announce] 20200417 [SECURITY] [DLA 2179-1] jackson-databind security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20200403-0002/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/FasterXML/jackson-databind/issues/2662"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy)."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-10-20T10:38:43.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "[debian-lts-announce] 20200417 [SECURITY] [DLA 2179-1] jackson-databind security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20200403-0002/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/FasterXML/jackson-databind/issues/2662"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2020-10968",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy)."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[debian-lts-announce] 20200417 [SECURITY] [DLA 2179-1] jackson-databind security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html"
                },
                {
                  "name": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
                  "refsource": "MISC",
                  "url": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
                },
                {
                  "name": "https://security.netapp.com/advisory/ntap-20200403-0002/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20200403-0002/"
                },
                {
                  "name": "https://github.com/FasterXML/jackson-databind/issues/2662",
                  "refsource": "MISC",
                  "url": "https://github.com/FasterXML/jackson-databind/issues/2662"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpujan2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2020-10968",
        "datePublished": "2020-03-26T12:43:45.000Z",
        "dateReserved": "2020-03-26T00:00:00.000Z",
        "dateUpdated": "2024-08-04T11:21:14.276Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-10969 (GCVE-0-2020-10969)

    Vulnerability from cvelistv5 – Published: 2020-03-26 12:43 – Updated: 2024-08-04 11:21
    VLAI
    Summary
    FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    Impacted products
    Vendor Product Version
    debian debian_linux Affected: 8.0
        cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
    Create a notification for this product.
    netapp steelstore_cloud_integrated_storage Affected: *
        cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle agile_plm Affected: 9.3.6
        cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle autovue_for_agile_product_lifecycle_management Affected: 21.0.2
        cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle banking_digital_experience Affected: 18.1 , ≤ 18.3 (custom)
    Affected: 19.1 , ≤ 19.2 (custom)
    Affected: 20.1
    Affected: 2.4.0 , ≤ 2.9.0 (custom)
        cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_calendar_server Affected: 8.0.0.4.0 , ≤ 8.0.0.5.0 (custom)
        cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_diameter_signaling_router Affected: 8.0.0 , ≤ 8.2.2 (custom)
        cpe:2.3:a:oracle:communications_diameter_signaling_router:-:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_element_manager Affected: 8.2.0 , ≤ 8.2.2 (custom)
        cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_evolved_communications_application_server Affected: 7.1
        cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_instant_messaging_server Affected: 10.0.1.4.0
        cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_network_charging_and_control Affected: 6.0.1
        cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_network_charging_and_control Affected: 12.0.0 , ≤ 12.0.3 (custom)
        cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_session_route_manager Affected: 8.2.0 , ≤ 8.2.2 (custom)
        cpe:2.3:a:oracle:communications_session_route_manager:-:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle enterprise_manager_base_platform Affected: 13.3.0.0 , ≤ 13.4.0.0 (custom)
        cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle financial_services_analytical_applications_infrastructure Affected: 8.0.6 , ≤ 8.1.0 (custom)
        cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle financial_services_institutional_performance_analytics Affected: 8.0.6
    Affected: 8.0.7
    Affected: 8.1.0
        cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle financial_services_price_creation_and_discovery Affected: 8.0.6 , ≤ 8.0.7 (custom)
        cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle financial_services_retail_customer_analytics Affected: 8.0.6
        cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle global_lifecycle_management_opatch Affected: 0 , ≤ 12.2.0.1.20 (custom)
        cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle insurance_policy_administration_j2ee Affected: 11.0.2.25 , < 11.1.0.15 (custom)
        cpe:2.3:a:oracle:insurance_policy_administration_j2ee:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle jd_edwards_enterpriseone_orchestrator Affected: 0 , ≤ 9.2.4.2 (custom)
        cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:-:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle primavera_unifier Affected: 16.1
    Affected: 16.2
    Affected: 17.7 , ≤ 17.12 (custom)
    Affected: 18.8
    Affected: 19.12
        cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle retail_merchandising_system Affected: 15.0
        cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle retail_sales_audit Affected: 14.1
        cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle retail_service_backbone Affected: 14.1
    Affected: 15.0
    Affected: 16.0
        cpe:2.3:a:oracle:retail_service_backbone:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle retail_xstore_point_of_service Affected: 15.0 , ≤ 19.0 (custom)
        cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle weblogic_server Affected: 12.2.1.3.0 , ≤ 12.2.1.4.0 (custom)
        cpe:2.3:a:oracle:weblogic_server:*:*:*:*:*:*:*:*
    Create a notification for this product.
    fasterxml jackson-databind Affected: 2.0.0 , < 2.9.10.4 (custom)
        cpe:2.3:a:fasterxml:jackson-databind:2.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "debian_linux",
                "vendor": "debian",
                "versions": [
                  {
                    "status": "affected",
                    "version": "8.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "steelstore_cloud_integrated_storage",
                "vendor": "netapp",
                "versions": [
                  {
                    "status": "affected",
                    "version": "*"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "agile_plm",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "9.3.6"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "autovue_for_agile_product_lifecycle_management",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "21.0.2"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "banking_digital_experience",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "18.3",
                    "status": "affected",
                    "version": "18.1",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "19.2",
                    "status": "affected",
                    "version": "19.1",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "20.1"
                  },
                  {
                    "lessThanOrEqual": "2.9.0",
                    "status": "affected",
                    "version": "2.4.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_calendar_server",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.0.0.5.0",
                    "status": "affected",
                    "version": "8.0.0.4.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_diameter_signaling_router:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_diameter_signaling_router",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.2.2",
                    "status": "affected",
                    "version": "8.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_element_manager",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.2.2",
                    "status": "affected",
                    "version": "8.2.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_evolved_communications_application_server",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "7.1"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_instant_messaging_server",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "10.0.1.4.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_network_charging_and_control",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "6.0.1"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_network_charging_and_control",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "12.0.3",
                    "status": "affected",
                    "version": "12.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_session_route_manager:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_session_route_manager",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.2.2",
                    "status": "affected",
                    "version": "8.2.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "enterprise_manager_base_platform",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "13.4.0.0",
                    "status": "affected",
                    "version": "13.3.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "financial_services_analytical_applications_infrastructure",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.1.0",
                    "status": "affected",
                    "version": "8.0.6",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "financial_services_institutional_performance_analytics",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "8.0.6"
                  },
                  {
                    "status": "affected",
                    "version": "8.0.7"
                  },
                  {
                    "status": "affected",
                    "version": "8.1.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "financial_services_price_creation_and_discovery",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.0.7",
                    "status": "affected",
                    "version": "8.0.6",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "financial_services_retail_customer_analytics",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "8.0.6"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "global_lifecycle_management_opatch",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "12.2.0.1.20",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "insurance_policy_administration_j2ee",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThan": "11.1.0.15",
                    "status": "affected",
                    "version": "11.0.2.25",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jd_edwards_enterpriseone_orchestrator",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "9.2.4.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "primavera_unifier",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "16.1"
                  },
                  {
                    "status": "affected",
                    "version": "16.2"
                  },
                  {
                    "lessThanOrEqual": "17.12",
                    "status": "affected",
                    "version": "17.7",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "18.8"
                  },
                  {
                    "status": "affected",
                    "version": "19.12"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "retail_merchandising_system",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "15.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "retail_sales_audit",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "14.1"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:retail_service_backbone:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "retail_service_backbone",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "14.1"
                  },
                  {
                    "status": "affected",
                    "version": "15.0"
                  },
                  {
                    "status": "affected",
                    "version": "16.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "retail_xstore_point_of_service",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "19.0",
                    "status": "affected",
                    "version": "15.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:weblogic_server:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "weblogic_server",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "12.2.1.4.0",
                    "status": "affected",
                    "version": "12.2.1.3.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:fasterxml:jackson-databind:2.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jackson-databind",
                "vendor": "fasterxml",
                "versions": [
                  {
                    "lessThan": "2.9.10.4",
                    "status": "affected",
                    "version": "2.0.0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-10969",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-25T04:00:45.779442Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-502",
                    "description": "CWE-502 Deserialization of Untrusted Data",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T19:58:54.159Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T11:21:13.816Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[debian-lts-announce] 20200417 [SECURITY] [DLA 2179-1] jackson-databind security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20200403-0002/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/FasterXML/jackson-databind/issues/2642"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-10-20T10:38:44.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "[debian-lts-announce] 20200417 [SECURITY] [DLA 2179-1] jackson-databind security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20200403-0002/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/FasterXML/jackson-databind/issues/2642"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2020-10969",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[debian-lts-announce] 20200417 [SECURITY] [DLA 2179-1] jackson-databind security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html"
                },
                {
                  "name": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
                  "refsource": "MISC",
                  "url": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
                },
                {
                  "name": "https://security.netapp.com/advisory/ntap-20200403-0002/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20200403-0002/"
                },
                {
                  "name": "https://github.com/FasterXML/jackson-databind/issues/2642",
                  "refsource": "MISC",
                  "url": "https://github.com/FasterXML/jackson-databind/issues/2642"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpujan2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2020-10969",
        "datePublished": "2020-03-26T12:43:34.000Z",
        "dateReserved": "2020-03-26T00:00:00.000Z",
        "dateUpdated": "2024-08-04T11:21:13.816Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-10672 (GCVE-0-2020-10672)

    Vulnerability from cvelistv5 – Published: 2020-03-18 21:17 – Updated: 2024-08-04 11:06
    VLAI
    Summary
    FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    Impacted products
    Vendor Product Version
    debian debian_linux Affected: 8.0
        cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
    Create a notification for this product.
    netapp steelstore_cloud_integrated_storage Affected: *
        cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle agile_plm Affected: 9.3.6
        cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle autovue_for_agile_product_lifecycle_management Affected: 21.0.2
        cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle banking_digital_experience Affected: 18.1 , ≤ 18.3 (custom)
    Affected: 19.1 , ≤ 19.2 (custom)
    Affected: 20.1
    Affected: 2.4.0 , ≤ 2.9.0 (custom)
        cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_calendar_server Affected: 8.0.0.4.0 , ≤ 8.0.0.5.0 (custom)
        cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_diameter_signaling_router Affected: 8.0.0 , ≤ 8.2.2 (custom)
        cpe:2.3:a:oracle:communications_diameter_signaling_router:-:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_element_manager Affected: 8.2.0 , ≤ 8.2.2 (custom)
        cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_evolved_communications_application_server Affected: 7.1
        cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_instant_messaging_server Affected: 10.0.1.4.0
        cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_network_charging_and_control Affected: 6.0.1
        cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_network_charging_and_control Affected: 12.0.0 , ≤ 12.0.3 (custom)
        cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_session_route_manager Affected: 8.2.0 , ≤ 8.2.2 (custom)
        cpe:2.3:a:oracle:communications_session_route_manager:-:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle enterprise_manager_base_platform Affected: 13.3.0.0 , ≤ 13.4.0.0 (custom)
        cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle financial_services_analytical_applications_infrastructure Affected: 8.0.6 , ≤ 8.1.0 (custom)
        cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle financial_services_institutional_performance_analytics Affected: 8.0.6
    Affected: 8.0.7
    Affected: 8.1.0
        cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle financial_services_price_creation_and_discovery Affected: 8.0.6 , ≤ 8.0.7 (custom)
        cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle financial_services_retail_customer_analytics Affected: 8.0.6
        cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle global_lifecycle_management_opatch Affected: 0 , ≤ 12.2.0.1.20 (custom)
        cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle insurance_policy_administration_j2ee Affected: 11.0.2.25 , < 11.1.0.15 (custom)
        cpe:2.3:a:oracle:insurance_policy_administration_j2ee:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle jd_edwards_enterpriseone_orchestrator Affected: 0 , ≤ 9.2.4.2 (custom)
        cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:-:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle primavera_unifier Affected: 16.1
    Affected: 16.2
    Affected: 17.7 , ≤ 17.12 (custom)
    Affected: 18.8
    Affected: 19.12
        cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle retail_merchandising_system Affected: 15.0
        cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle retail_sales_audit Affected: 14.1
        cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle retail_service_backbone Affected: 14.1
    Affected: 15.0
    Affected: 16.0
        cpe:2.3:a:oracle:retail_service_backbone:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle retail_xstore_point_of_service Affected: 15.0 , ≤ 19.0 (custom)
        cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle weblogic_server Affected: 12.2.1.3.0 , ≤ 12.2.1.4.0 (custom)
        cpe:2.3:a:oracle:weblogic_server:*:*:*:*:*:*:*:*
    Create a notification for this product.
    fasterxml jackson-databind Affected: 2.0.0 , < 2.9.10.4 (custom)
        cpe:2.3:a:fasterxml:jackson-databind:2.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "debian_linux",
                "vendor": "debian",
                "versions": [
                  {
                    "status": "affected",
                    "version": "8.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "steelstore_cloud_integrated_storage",
                "vendor": "netapp",
                "versions": [
                  {
                    "status": "affected",
                    "version": "*"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "agile_plm",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "9.3.6"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "autovue_for_agile_product_lifecycle_management",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "21.0.2"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "banking_digital_experience",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "18.3",
                    "status": "affected",
                    "version": "18.1",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "19.2",
                    "status": "affected",
                    "version": "19.1",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "20.1"
                  },
                  {
                    "lessThanOrEqual": "2.9.0",
                    "status": "affected",
                    "version": "2.4.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_calendar_server",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.0.0.5.0",
                    "status": "affected",
                    "version": "8.0.0.4.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_diameter_signaling_router:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_diameter_signaling_router",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.2.2",
                    "status": "affected",
                    "version": "8.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_element_manager",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.2.2",
                    "status": "affected",
                    "version": "8.2.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_evolved_communications_application_server",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "7.1"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_instant_messaging_server",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "10.0.1.4.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_network_charging_and_control",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "6.0.1"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_network_charging_and_control",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "12.0.3",
                    "status": "affected",
                    "version": "12.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_session_route_manager:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_session_route_manager",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.2.2",
                    "status": "affected",
                    "version": "8.2.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "enterprise_manager_base_platform",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "13.4.0.0",
                    "status": "affected",
                    "version": "13.3.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "financial_services_analytical_applications_infrastructure",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.1.0",
                    "status": "affected",
                    "version": "8.0.6",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "financial_services_institutional_performance_analytics",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "8.0.6"
                  },
                  {
                    "status": "affected",
                    "version": "8.0.7"
                  },
                  {
                    "status": "affected",
                    "version": "8.1.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "financial_services_price_creation_and_discovery",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.0.7",
                    "status": "affected",
                    "version": "8.0.6",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "financial_services_retail_customer_analytics",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "8.0.6"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "global_lifecycle_management_opatch",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "12.2.0.1.20",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "insurance_policy_administration_j2ee",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThan": "11.1.0.15",
                    "status": "affected",
                    "version": "11.0.2.25",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jd_edwards_enterpriseone_orchestrator",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "9.2.4.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "primavera_unifier",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "16.1"
                  },
                  {
                    "status": "affected",
                    "version": "16.2"
                  },
                  {
                    "lessThanOrEqual": "17.12",
                    "status": "affected",
                    "version": "17.7",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "18.8"
                  },
                  {
                    "status": "affected",
                    "version": "19.12"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "retail_merchandising_system",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "15.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "retail_sales_audit",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "14.1"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:retail_service_backbone:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "retail_service_backbone",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "14.1"
                  },
                  {
                    "status": "affected",
                    "version": "15.0"
                  },
                  {
                    "status": "affected",
                    "version": "16.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "retail_xstore_point_of_service",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "19.0",
                    "status": "affected",
                    "version": "15.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:weblogic_server:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "weblogic_server",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "12.2.1.4.0",
                    "status": "affected",
                    "version": "12.2.1.3.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:fasterxml:jackson-databind:2.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jackson-databind",
                "vendor": "fasterxml",
                "versions": [
                  {
                    "lessThan": "2.9.10.4",
                    "status": "affected",
                    "version": "2.0.0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-10672",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-25T04:00:48.872316Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-502",
                    "description": "CWE-502 Deserialization of Untrusted Data",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T19:56:32.131Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T11:06:11.143Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[debian-lts-announce] 20200322 [SECURITY] [DLA 2153-1] jackson-databind security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00027.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/FasterXML/jackson-databind/issues/2659"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20200403-0002/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms)."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-10-20T10:38:38.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "[debian-lts-announce] 20200322 [SECURITY] [DLA 2153-1] jackson-databind security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00027.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/FasterXML/jackson-databind/issues/2659"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20200403-0002/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2020-10672",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms)."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[debian-lts-announce] 20200322 [SECURITY] [DLA 2153-1] jackson-databind security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00027.html"
                },
                {
                  "name": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
                  "refsource": "MISC",
                  "url": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
                },
                {
                  "name": "https://github.com/FasterXML/jackson-databind/issues/2659",
                  "refsource": "MISC",
                  "url": "https://github.com/FasterXML/jackson-databind/issues/2659"
                },
                {
                  "name": "https://security.netapp.com/advisory/ntap-20200403-0002/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20200403-0002/"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpujan2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2020-10672",
        "datePublished": "2020-03-18T21:17:43.000Z",
        "dateReserved": "2020-03-18T00:00:00.000Z",
        "dateUpdated": "2024-08-04T11:06:11.143Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-10673 (GCVE-0-2020-10673)

    Vulnerability from cvelistv5 – Published: 2020-03-18 21:17 – Updated: 2025-08-27 20:32
    VLAI
    Summary
    FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    Impacted products
    Vendor Product Version
    debian debian_linux Affected: 8.0
        cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
    Create a notification for this product.
    netapp steelstore_cloud_integrated_storage Affected: *
        cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle agile_plm Affected: 9.3.6
        cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle autovue_for_agile_product_lifecycle_management Affected: 21.0.2
        cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle banking_digital_experience Affected: 18.1 , ≤ 18.3 (custom)
    Affected: 19.1 , ≤ 19.2 (custom)
    Affected: 20.1
    Affected: 2.4.0 , ≤ 2.9.0 (custom)
        cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_calendar_server Affected: 8.0.0.4.0 , ≤ 8.0.0.5.0 (custom)
        cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_diameter_signaling_router Affected: 8.0.0 , ≤ 8.2.2 (custom)
        cpe:2.3:a:oracle:communications_diameter_signaling_router:-:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_element_manager Affected: 8.2.0 , ≤ 8.2.2 (custom)
        cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_evolved_communications_application_server Affected: 7.1
        cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_instant_messaging_server Affected: 10.0.1.4.0
        cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_network_charging_and_control Affected: 6.0.1
        cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_network_charging_and_control Affected: 12.0.0 , ≤ 12.0.3 (custom)
        cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_session_route_manager Affected: 8.2.0 , ≤ 8.2.2 (custom)
        cpe:2.3:a:oracle:communications_session_route_manager:-:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle enterprise_manager_base_platform Affected: 13.3.0.0 , ≤ 13.4.0.0 (custom)
        cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle financial_services_analytical_applications_infrastructure Affected: 8.0.6 , ≤ 8.1.0 (custom)
        cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle financial_services_institutional_performance_analytics Affected: 8.0.6
    Affected: 8.0.7
    Affected: 8.1.0
        cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle financial_services_price_creation_and_discovery Affected: 8.0.6 , ≤ 8.0.7 (custom)
        cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle financial_services_retail_customer_analytics Affected: 8.0.6
        cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle global_lifecycle_management_opatch Affected: 0 , ≤ 12.2.0.1.20 (custom)
        cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle insurance_policy_administration_j2ee Affected: 11.0.2.25 , < 11.1.0.15 (custom)
        cpe:2.3:a:oracle:insurance_policy_administration_j2ee:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle jd_edwards_enterpriseone_orchestrator Affected: 0 , ≤ 9.2.4.2 (custom)
        cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:-:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle primavera_unifier Affected: 16.1
    Affected: 16.2
    Affected: 17.7 , ≤ 17.12 (custom)
    Affected: 18.8
    Affected: 19.12
        cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle retail_merchandising_system Affected: 15.0
        cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle retail_sales_audit Affected: 14.1
        cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle retail_service_backbone Affected: 14.1
    Affected: 15.0
    Affected: 16.0
        cpe:2.3:a:oracle:retail_service_backbone:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle retail_xstore_point_of_service Affected: 15.0 , ≤ 19.0 (custom)
        cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle weblogic_server Affected: 12.2.1.3.0 , ≤ 12.2.1.4.0 (custom)
        cpe:2.3:a:oracle:weblogic_server:*:*:*:*:*:*:*:*
    Create a notification for this product.
    fasterxml jackson-databind Affected: 2.0.0 , < 2.9.10.4 (custom)
        cpe:2.3:a:fasterxml:jackson-databind:2.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "debian_linux",
                "vendor": "debian",
                "versions": [
                  {
                    "status": "affected",
                    "version": "8.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "steelstore_cloud_integrated_storage",
                "vendor": "netapp",
                "versions": [
                  {
                    "status": "affected",
                    "version": "*"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "agile_plm",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "9.3.6"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "autovue_for_agile_product_lifecycle_management",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "21.0.2"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "banking_digital_experience",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "18.3",
                    "status": "affected",
                    "version": "18.1",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "19.2",
                    "status": "affected",
                    "version": "19.1",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "20.1"
                  },
                  {
                    "lessThanOrEqual": "2.9.0",
                    "status": "affected",
                    "version": "2.4.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "banking_digital_experience",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "18.3",
                    "status": "affected",
                    "version": "18.1",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "19.2",
                    "status": "affected",
                    "version": "19.1",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "20.1"
                  },
                  {
                    "lessThanOrEqual": "2.9.0",
                    "status": "affected",
                    "version": "2.4.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "banking_digital_experience",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "18.3",
                    "status": "affected",
                    "version": "18.1",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "19.2",
                    "status": "affected",
                    "version": "19.1",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "20.1"
                  },
                  {
                    "lessThanOrEqual": "2.9.0",
                    "status": "affected",
                    "version": "2.4.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "banking_digital_experience",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "18.3",
                    "status": "affected",
                    "version": "18.1",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "19.2",
                    "status": "affected",
                    "version": "19.1",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "20.1"
                  },
                  {
                    "lessThanOrEqual": "2.9.0",
                    "status": "affected",
                    "version": "2.4.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_calendar_server",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.0.0.5.0",
                    "status": "affected",
                    "version": "8.0.0.4.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_diameter_signaling_router:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_diameter_signaling_router",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.2.2",
                    "status": "affected",
                    "version": "8.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_element_manager",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.2.2",
                    "status": "affected",
                    "version": "8.2.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_evolved_communications_application_server",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "7.1"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_instant_messaging_server",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "10.0.1.4.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_network_charging_and_control",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "6.0.1"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_network_charging_and_control",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "12.0.3",
                    "status": "affected",
                    "version": "12.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_session_route_manager:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_session_route_manager",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.2.2",
                    "status": "affected",
                    "version": "8.2.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "enterprise_manager_base_platform",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "13.4.0.0",
                    "status": "affected",
                    "version": "13.3.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "financial_services_analytical_applications_infrastructure",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.1.0",
                    "status": "affected",
                    "version": "8.0.6",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "financial_services_institutional_performance_analytics",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "8.0.6"
                  },
                  {
                    "status": "affected",
                    "version": "8.0.7"
                  },
                  {
                    "status": "affected",
                    "version": "8.1.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "financial_services_institutional_performance_analytics",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "8.0.6"
                  },
                  {
                    "status": "affected",
                    "version": "8.0.7"
                  },
                  {
                    "status": "affected",
                    "version": "8.1.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "financial_services_institutional_performance_analytics",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "8.0.6"
                  },
                  {
                    "status": "affected",
                    "version": "8.0.7"
                  },
                  {
                    "status": "affected",
                    "version": "8.1.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "financial_services_price_creation_and_discovery",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.0.7",
                    "status": "affected",
                    "version": "8.0.6",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "financial_services_retail_customer_analytics",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "8.0.6"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "global_lifecycle_management_opatch",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "12.2.0.1.20",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "insurance_policy_administration_j2ee",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThan": "11.1.0.15",
                    "status": "affected",
                    "version": "11.0.2.25",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jd_edwards_enterpriseone_orchestrator",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "9.2.4.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "primavera_unifier",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "16.1"
                  },
                  {
                    "status": "affected",
                    "version": "16.2"
                  },
                  {
                    "lessThanOrEqual": "17.12",
                    "status": "affected",
                    "version": "17.7",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "18.8"
                  },
                  {
                    "status": "affected",
                    "version": "19.12"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "primavera_unifier",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "16.1"
                  },
                  {
                    "status": "affected",
                    "version": "16.2"
                  },
                  {
                    "lessThanOrEqual": "17.12",
                    "status": "affected",
                    "version": "17.7",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "18.8"
                  },
                  {
                    "status": "affected",
                    "version": "19.12"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "primavera_unifier",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "16.1"
                  },
                  {
                    "status": "affected",
                    "version": "16.2"
                  },
                  {
                    "lessThanOrEqual": "17.12",
                    "status": "affected",
                    "version": "17.7",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "18.8"
                  },
                  {
                    "status": "affected",
                    "version": "19.12"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "primavera_unifier",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "16.1"
                  },
                  {
                    "status": "affected",
                    "version": "16.2"
                  },
                  {
                    "lessThanOrEqual": "17.12",
                    "status": "affected",
                    "version": "17.7",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "18.8"
                  },
                  {
                    "status": "affected",
                    "version": "19.12"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "primavera_unifier",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "16.1"
                  },
                  {
                    "status": "affected",
                    "version": "16.2"
                  },
                  {
                    "lessThanOrEqual": "17.12",
                    "status": "affected",
                    "version": "17.7",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "18.8"
                  },
                  {
                    "status": "affected",
                    "version": "19.12"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "retail_merchandising_system",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "15.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "retail_sales_audit",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "14.1"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:retail_service_backbone:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "retail_service_backbone",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "14.1"
                  },
                  {
                    "status": "affected",
                    "version": "15.0"
                  },
                  {
                    "status": "affected",
                    "version": "16.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:retail_service_backbone:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "retail_service_backbone",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "14.1"
                  },
                  {
                    "status": "affected",
                    "version": "15.0"
                  },
                  {
                    "status": "affected",
                    "version": "16.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:retail_service_backbone:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "retail_service_backbone",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "14.1"
                  },
                  {
                    "status": "affected",
                    "version": "15.0"
                  },
                  {
                    "status": "affected",
                    "version": "16.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "retail_xstore_point_of_service",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "19.0",
                    "status": "affected",
                    "version": "15.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:weblogic_server:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "weblogic_server",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "12.2.1.4.0",
                    "status": "affected",
                    "version": "12.2.1.3.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:fasterxml:jackson-databind:2.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jackson-databind",
                "vendor": "fasterxml",
                "versions": [
                  {
                    "lessThan": "2.9.10.4",
                    "status": "affected",
                    "version": "2.0.0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-10673",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-25T04:00:47.873963Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-502",
                    "description": "CWE-502 Deserialization of Untrusted Data",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-08-27T20:32:51.171Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T11:06:10.672Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[debian-lts-announce] 20200322 [SECURITY] [DLA 2153-1] jackson-databind security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00027.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20200403-0002/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/FasterXML/jackson-databind/issues/2660"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus)."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-10-20T10:38:39.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "[debian-lts-announce] 20200322 [SECURITY] [DLA 2153-1] jackson-databind security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00027.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20200403-0002/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/FasterXML/jackson-databind/issues/2660"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2020-10673",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus)."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[debian-lts-announce] 20200322 [SECURITY] [DLA 2153-1] jackson-databind security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00027.html"
                },
                {
                  "name": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
                  "refsource": "MISC",
                  "url": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
                },
                {
                  "name": "https://security.netapp.com/advisory/ntap-20200403-0002/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20200403-0002/"
                },
                {
                  "name": "https://github.com/FasterXML/jackson-databind/issues/2660",
                  "refsource": "MISC",
                  "url": "https://github.com/FasterXML/jackson-databind/issues/2660"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpujan2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2020-10673",
        "datePublished": "2020-03-18T21:17:26.000Z",
        "dateReserved": "2020-03-18T00:00:00.000Z",
        "dateUpdated": "2025-08-27T20:32:51.171Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-9546 (GCVE-0-2020-9546)

    Vulnerability from cvelistv5 – Published: 2020-03-02 03:59 – Updated: 2024-08-04 10:34
    VLAI
    Summary
    FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T10:34:39.829Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[debian-lts-announce] 20200305 [SECURITY] [DLA 2135-1] jackson-databind security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00008.html"
              },
              {
                "name": "[zookeeper-issues] 20200307 [jira] [Created] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/rb6fecb5e96a6d61e175ff49f33f2713798dd05cf03067c169d195596%40%3Cissues.zookeeper.apache.org%3E"
              },
              {
                "name": "[zookeeper-dev] 20200307 [jira] [Created] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r9464a40d25c3ba1a55622db72f113eb494a889656962d098c70c5bb1%40%3Cdev.zookeeper.apache.org%3E"
              },
              {
                "name": "[zookeeper-issues] 20200307 [jira] [Updated] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/rdd49ab9565bec436a896bc00c4b9fc9dce1598e106c318524fbdfec6%40%3Cissues.zookeeper.apache.org%3E"
              },
              {
                "name": "[zookeeper-issues] 20200308 [jira] [Commented] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r35d30db00440ef63b791c4b7f7acb036e14d4a23afa2a249cb66c0fd%40%3Cissues.zookeeper.apache.org%3E"
              },
              {
                "name": "[zookeeper-issues] 20200319 [jira] [Commented] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r98c9b6e4c9e17792e2cd1ec3e4aa20b61a791939046d3f10888176bb%40%3Cissues.zookeeper.apache.org%3E"
              },
              {
                "name": "[zookeeper-issues] 20200319 [jira] [Updated] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/rd5a4457be4623038c3989294429bc063eec433a2e55995d81591e2ca%40%3Cissues.zookeeper.apache.org%3E"
              },
              {
                "name": "[zookeeper-issues] 20200430 [jira] [Resolved] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/rdd4df698d5d8e635144d2994922bf0842e933809eae259521f3b5097%40%3Cissues.zookeeper.apache.org%3E"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/FasterXML/jackson-databind/issues/2631"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r893a0104e50c1c2559eb9a5812add28ae8c3e5f43712947a9847ec18%40%3Cnotifications.zookeeper.apache.org%3E"
              },
              {
                "name": "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20200904-0006/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config)."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-10-20T10:40:28.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "[debian-lts-announce] 20200305 [SECURITY] [DLA 2135-1] jackson-databind security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00008.html"
            },
            {
              "name": "[zookeeper-issues] 20200307 [jira] [Created] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/rb6fecb5e96a6d61e175ff49f33f2713798dd05cf03067c169d195596%40%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-dev] 20200307 [jira] [Created] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/r9464a40d25c3ba1a55622db72f113eb494a889656962d098c70c5bb1%40%3Cdev.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-issues] 20200307 [jira] [Updated] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/rdd49ab9565bec436a896bc00c4b9fc9dce1598e106c318524fbdfec6%40%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-issues] 20200308 [jira] [Commented] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/r35d30db00440ef63b791c4b7f7acb036e14d4a23afa2a249cb66c0fd%40%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-issues] 20200319 [jira] [Commented] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/r98c9b6e4c9e17792e2cd1ec3e4aa20b61a791939046d3f10888176bb%40%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-issues] 20200319 [jira] [Updated] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/rd5a4457be4623038c3989294429bc063eec433a2e55995d81591e2ca%40%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-issues] 20200430 [jira] [Resolved] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/rdd4df698d5d8e635144d2994922bf0842e933809eae259521f3b5097%40%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/FasterXML/jackson-databind/issues/2631"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.apache.org/thread.html/r893a0104e50c1c2559eb9a5812add28ae8c3e5f43712947a9847ec18%40%3Cnotifications.zookeeper.apache.org%3E"
            },
            {
              "name": "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20200904-0006/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2020-9546",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config)."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[debian-lts-announce] 20200305 [SECURITY] [DLA 2135-1] jackson-databind security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00008.html"
                },
                {
                  "name": "[zookeeper-issues] 20200307 [jira] [Created] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/rb6fecb5e96a6d61e175ff49f33f2713798dd05cf03067c169d195596@%3Cissues.zookeeper.apache.org%3E"
                },
                {
                  "name": "[zookeeper-dev] 20200307 [jira] [Created] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/r9464a40d25c3ba1a55622db72f113eb494a889656962d098c70c5bb1@%3Cdev.zookeeper.apache.org%3E"
                },
                {
                  "name": "[zookeeper-issues] 20200307 [jira] [Updated] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/rdd49ab9565bec436a896bc00c4b9fc9dce1598e106c318524fbdfec6@%3Cissues.zookeeper.apache.org%3E"
                },
                {
                  "name": "[zookeeper-issues] 20200308 [jira] [Commented] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/r35d30db00440ef63b791c4b7f7acb036e14d4a23afa2a249cb66c0fd@%3Cissues.zookeeper.apache.org%3E"
                },
                {
                  "name": "[zookeeper-issues] 20200319 [jira] [Commented] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/r98c9b6e4c9e17792e2cd1ec3e4aa20b61a791939046d3f10888176bb@%3Cissues.zookeeper.apache.org%3E"
                },
                {
                  "name": "[zookeeper-issues] 20200319 [jira] [Updated] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/rd5a4457be4623038c3989294429bc063eec433a2e55995d81591e2ca@%3Cissues.zookeeper.apache.org%3E"
                },
                {
                  "name": "[zookeeper-issues] 20200430 [jira] [Resolved] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/rdd4df698d5d8e635144d2994922bf0842e933809eae259521f3b5097@%3Cissues.zookeeper.apache.org%3E"
                },
                {
                  "name": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
                  "refsource": "MISC",
                  "url": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
                },
                {
                  "name": "https://github.com/FasterXML/jackson-databind/issues/2631",
                  "refsource": "MISC",
                  "url": "https://github.com/FasterXML/jackson-databind/issues/2631"
                },
                {
                  "name": "https://lists.apache.org/thread.html/r893a0104e50c1c2559eb9a5812add28ae8c3e5f43712947a9847ec18@%3Cnotifications.zookeeper.apache.org%3E",
                  "refsource": "MISC",
                  "url": "https://lists.apache.org/thread.html/r893a0104e50c1c2559eb9a5812add28ae8c3e5f43712947a9847ec18@%3Cnotifications.zookeeper.apache.org%3E"
                },
                {
                  "name": "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
                },
                {
                  "name": "https://security.netapp.com/advisory/ntap-20200904-0006/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20200904-0006/"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpujan2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2020-9546",
        "datePublished": "2020-03-02T03:59:18.000Z",
        "dateReserved": "2020-03-02T00:00:00.000Z",
        "dateUpdated": "2024-08-04T10:34:39.829Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-11358 (GCVE-0-2019-11358)

    Vulnerability from cvelistv5 – Published: 2019-04-19 00:00 – Updated: 2024-11-15 15:11
    VLAI
    Summary
    jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://www.drupal.org/sa-core-2019-006
    https://www.synology.com/security/advisory/Synolo…
    https://www.debian.org/security/2019/dsa-4434 vendor-advisory
    https://seclists.org/bugtraq/2019/Apr/32 mailing-list
    http://www.securityfocus.com/bid/108023 vdb-entry
    https://lists.apache.org/thread.html/08720ef215ee… mailing-list
    https://lists.apache.org/thread.html/b736d0784cf0… mailing-list
    https://lists.apache.org/thread.html/88fb0362fd40… mailing-list
    https://lists.apache.org/thread.html/5928aa293e39… mailing-list
    https://lists.apache.org/thread.html/6097cdbd6f0a… mailing-list
    https://lists.debian.org/debian-lts-announce/2019… mailing-list
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://seclists.org/bugtraq/2019/May/18 mailing-list
    http://packetstormsecurity.com/files/152787/dotCM…
    http://seclists.org/fulldisclosure/2019/May/11 mailing-list
    http://seclists.org/fulldisclosure/2019/May/10 mailing-list
    http://seclists.org/fulldisclosure/2019/May/13 mailing-list
    https://lists.debian.org/debian-lts-announce/2019… mailing-list
    http://www.openwall.com/lists/oss-security/2019/06/03/2 mailing-list
    http://packetstormsecurity.com/files/153237/Retir…
    https://access.redhat.com/errata/RHSA-2019:1456 vendor-advisory
    https://www.debian.org/security/2019/dsa-4460 vendor-advisory
    https://seclists.org/bugtraq/2019/Jun/12 mailing-list
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisory
    https://access.redhat.com/errata/RHBA-2019:1570 vendor-advisory
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisory
    https://lists.apache.org/thread.html/ba79cf165874… mailing-list
    https://access.redhat.com/errata/RHSA-2019:2587 vendor-advisory
    https://security.netapp.com/advisory/ntap-2019091…
    https://access.redhat.com/errata/RHSA-2019:3023 vendor-advisory
    https://access.redhat.com/errata/RHSA-2019:3024 vendor-advisory
    https://lists.apache.org/thread.html/b0656d359c7d… mailing-list
    https://lists.apache.org/thread.html/519eb0fd4564… mailing-list
    https://lists.apache.org/thread.html/f9bc3e55f4e2… mailing-list
    https://lists.apache.org/thread.html/bcce5a9c532b… mailing-list
    https://www.tenable.com/security/tns-2019-08
    https://lists.apache.org/thread.html/rca37935d661… mailing-list
    https://lists.debian.org/debian-lts-announce/2020… mailing-list
    http://packetstormsecurity.com/files/156743/Octob…
    https://www.tenable.com/security/tns-2020-02
    https://lists.apache.org/thread.html/r38f0d1aa3c9… mailing-list
    https://lists.apache.org/thread.html/r7aac081cbdd… mailing-list
    https://lists.apache.org/thread.html/rac25da84ecd… mailing-list
    https://lists.apache.org/thread.html/r2041a75d3fc… mailing-list
    https://lists.apache.org/thread.html/r7e8ebccb7c0… mailing-list
    https://lists.apache.org/thread.html/r41b5bfe009c… mailing-list
    https://lists.apache.org/thread.html/r2baacab6e0a… mailing-list
    https://www.oracle.com/security-alerts/cpuapr2020.html
    https://lists.apache.org/thread.html/r7d64895cc4d… mailing-list
    https://www.oracle.com/security-alerts/cpujul2020.html
    https://www.oracle.com/technetwork/security-advis…
    https://www.oracle.com/technetwork/security-advis…
    https://www.oracle.com/security-alerts/cpujan2020.html
    https://backdropcms.org/security/backdrop-sa-core…
    https://blog.jquery.com/2019/04/10/jquery-3-4-0-r…
    https://snyk.io/vuln/SNYK-JS-JQUERY-174006
    https://github.com/jquery/jquery/pull/4333
    https://github.com/jquery/jquery/commit/753d591ae…
    https://www.privacy-wise.com/mitigating-cve-2019-…
    https://www.oracle.com/security-alerts/cpuoct2020.html
    https://kb.pulsesecure.net/articles/Pulse_Securit…
    https://www.oracle.com/security-alerts/cpujan2021.html
    https://www.oracle.com/security-alerts/cpuApr2021.html
    https://www.oracle.com//security-alerts/cpujul2021.html
    https://www.oracle.com/security-alerts/cpuoct2021.html
    https://www.oracle.com/security-alerts/cpujan2022.html
    https://supportportal.juniper.net/s/article/2021-…
    https://lists.debian.org/debian-lts-announce/2023… mailing-list
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T22:48:09.199Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.drupal.org/sa-core-2019-006"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.synology.com/security/advisory/Synology_SA_19_19"
              },
              {
                "name": "DSA-4434",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2019/dsa-4434"
              },
              {
                "name": "20190421 [SECURITY] [DSA 4434-1] drupal7 security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://seclists.org/bugtraq/2019/Apr/32"
              },
              {
                "name": "108023",
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/108023"
              },
              {
                "name": "[airflow-commits] 20190428 [GitHub] [airflow] feng-tao commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc%40%3Ccommits.airflow.apache.org%3E"
              },
              {
                "name": "[airflow-commits] 20190428 [GitHub] [airflow] feng-tao opened a new pull request #5197: [AIRFLOW-XXX] Fix CVE-2019-11358",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205%40%3Ccommits.airflow.apache.org%3E"
              },
              {
                "name": "[airflow-commits] 20190428 [GitHub] [airflow] codecov-io commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7%40%3Ccommits.airflow.apache.org%3E"
              },
              {
                "name": "[airflow-commits] 20190428 [GitHub] [airflow] XD-DENG merged pull request #5197: [AIRFLOW-XXX] Fix CVE-2019-11358",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844%40%3Ccommits.airflow.apache.org%3E"
              },
              {
                "name": "[airflow-commits] 20190428 [GitHub] [airflow] XD-DENG commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f%40%3Ccommits.airflow.apache.org%3E"
              },
              {
                "name": "[debian-lts-announce] 20190506 [SECURITY] [DLA 1777-1] jquery security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html"
              },
              {
                "name": "FEDORA-2019-eba8e44ee6",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/"
              },
              {
                "name": "FEDORA-2019-1a3edd7e8a",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/"
              },
              {
                "name": "FEDORA-2019-7eaf0bbe7c",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/"
              },
              {
                "name": "FEDORA-2019-2a0ce0c58c",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/"
              },
              {
                "name": "FEDORA-2019-a06dffab1c",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/"
              },
              {
                "name": "FEDORA-2019-f563e66380",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/"
              },
              {
                "name": "20190509 dotCMS v5.1.1 Vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://seclists.org/bugtraq/2019/May/18"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html"
              },
              {
                "name": "20190510 dotCMS v5.1.1 HTML Injection \u0026 XSS Vulnerability",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2019/May/11"
              },
              {
                "name": "20190510 dotCMS v5.1.1 Vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2019/May/10"
              },
              {
                "name": "20190510 Re: dotCMS v5.1.1 HTML Injection \u0026 XSS Vulnerability",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2019/May/13"
              },
              {
                "name": "[debian-lts-announce] 20190520 [SECURITY] [DLA 1797-1] drupal7 security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html"
              },
              {
                "name": "[oss-security] 20190603 Django: CVE-2019-12308 AdminURLFieldWidget XSS (plus patched bundled jQuery for CVE-2019-11358)",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2019/06/03/2"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html"
              },
              {
                "name": "RHSA-2019:1456",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:1456"
              },
              {
                "name": "DSA-4460",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2019/dsa-4460"
              },
              {
                "name": "20190612 [SECURITY] [DSA 4460-1] mediawiki security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://seclists.org/bugtraq/2019/Jun/12"
              },
              {
                "name": "openSUSE-SU-2019:1839",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html"
              },
              {
                "name": "RHBA-2019:1570",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHBA-2019:1570"
              },
              {
                "name": "openSUSE-SU-2019:1872",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html"
              },
              {
                "name": "[roller-commits] 20190820 [jira] [Created] (ROL-2150) Fix Js security vulnerabilities detected using retire js",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3Ccommits.roller.apache.org%3E"
              },
              {
                "name": "RHSA-2019:2587",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:2587"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20190919-0001/"
              },
              {
                "name": "RHSA-2019:3023",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:3023"
              },
              {
                "name": "RHSA-2019:3024",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:3024"
              },
              {
                "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"
              },
              {
                "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"
              },
              {
                "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"
              },
              {
                "name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.tenable.com/security/tns-2019-08"
              },
              {
                "name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E"
              },
              {
                "name": "[debian-lts-announce] 20200224 [SECURITY] [DLA 2118-1] otrs2 security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.tenable.com/security/tns-2020-02"
              },
              {
                "name": "[syncope-dev] 20200423 Jquery version on 2.1.x/2.0.x",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766%40%3Cdev.syncope.apache.org%3E"
              },
              {
                "name": "[flink-dev] 20200513 [jira] [Created] (FLINK-17675) Resolve CVE-2019-11358 from jquery",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355%40%3Cdev.flink.apache.org%3E"
              },
              {
                "name": "[flink-issues] 20200513 [jira] [Created] (FLINK-17675) Resolve CVE-2019-11358 from jquery",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d%40%3Cissues.flink.apache.org%3E"
              },
              {
                "name": "[flink-issues] 20200518 [jira] [Commented] (FLINK-17675) Resolve CVE-2019-11358 from jquery",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9%40%3Cissues.flink.apache.org%3E"
              },
              {
                "name": "[flink-issues] 20200518 [jira] [Updated] (FLINK-17675) Resolve CVE-2019-11358 from jquery",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73%40%3Cissues.flink.apache.org%3E"
              },
              {
                "name": "[flink-issues] 20200518 [jira] [Assigned] (FLINK-17675) Resolve CVE-2019-11358 from jquery",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08%40%3Cissues.flink.apache.org%3E"
              },
              {
                "name": "[flink-issues] 20200520 [jira] [Closed] (FLINK-17675) Resolve CVE-2019-11358 from jquery",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa%40%3Cissues.flink.apache.org%3E"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
              },
              {
                "name": "[storm-dev] 20200708 [GitHub] [storm] Crim opened a new pull request #3305: [STORM-3553] Upgrade jQuery from 1.11.1 to 3.5.1",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734%40%3Cdev.storm.apache.org%3E"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://backdropcms.org/security/backdrop-sa-core-2019-009"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://snyk.io/vuln/SNYK-JS-JQUERY-174006"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/jquery/jquery/pull/4333"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved-in-Junos-OS-21-2R1"
              },
              {
                "name": "[debian-lts-announce] 20230831 [SECURITY] [DLA 3551-1] otrs2 security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2019-11358",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-02-20T15:03:16.892088Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-15T15:11:23.024Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-31T02:06:52.187Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://www.drupal.org/sa-core-2019-006"
            },
            {
              "url": "https://www.synology.com/security/advisory/Synology_SA_19_19"
            },
            {
              "name": "DSA-4434",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.debian.org/security/2019/dsa-4434"
            },
            {
              "name": "20190421 [SECURITY] [DSA 4434-1] drupal7 security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://seclists.org/bugtraq/2019/Apr/32"
            },
            {
              "name": "108023",
              "tags": [
                "vdb-entry"
              ],
              "url": "http://www.securityfocus.com/bid/108023"
            },
            {
              "name": "[airflow-commits] 20190428 [GitHub] [airflow] feng-tao commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc%40%3Ccommits.airflow.apache.org%3E"
            },
            {
              "name": "[airflow-commits] 20190428 [GitHub] [airflow] feng-tao opened a new pull request #5197: [AIRFLOW-XXX] Fix CVE-2019-11358",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205%40%3Ccommits.airflow.apache.org%3E"
            },
            {
              "name": "[airflow-commits] 20190428 [GitHub] [airflow] codecov-io commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7%40%3Ccommits.airflow.apache.org%3E"
            },
            {
              "name": "[airflow-commits] 20190428 [GitHub] [airflow] XD-DENG merged pull request #5197: [AIRFLOW-XXX] Fix CVE-2019-11358",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844%40%3Ccommits.airflow.apache.org%3E"
            },
            {
              "name": "[airflow-commits] 20190428 [GitHub] [airflow] XD-DENG commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f%40%3Ccommits.airflow.apache.org%3E"
            },
            {
              "name": "[debian-lts-announce] 20190506 [SECURITY] [DLA 1777-1] jquery security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html"
            },
            {
              "name": "FEDORA-2019-eba8e44ee6",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/"
            },
            {
              "name": "FEDORA-2019-1a3edd7e8a",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/"
            },
            {
              "name": "FEDORA-2019-7eaf0bbe7c",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/"
            },
            {
              "name": "FEDORA-2019-2a0ce0c58c",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/"
            },
            {
              "name": "FEDORA-2019-a06dffab1c",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/"
            },
            {
              "name": "FEDORA-2019-f563e66380",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/"
            },
            {
              "name": "20190509 dotCMS v5.1.1 Vulnerabilities",
              "tags": [
                "mailing-list"
              ],
              "url": "https://seclists.org/bugtraq/2019/May/18"
            },
            {
              "url": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html"
            },
            {
              "name": "20190510 dotCMS v5.1.1 HTML Injection \u0026 XSS Vulnerability",
              "tags": [
                "mailing-list"
              ],
              "url": "http://seclists.org/fulldisclosure/2019/May/11"
            },
            {
              "name": "20190510 dotCMS v5.1.1 Vulnerabilities",
              "tags": [
                "mailing-list"
              ],
              "url": "http://seclists.org/fulldisclosure/2019/May/10"
            },
            {
              "name": "20190510 Re: dotCMS v5.1.1 HTML Injection \u0026 XSS Vulnerability",
              "tags": [
                "mailing-list"
              ],
              "url": "http://seclists.org/fulldisclosure/2019/May/13"
            },
            {
              "name": "[debian-lts-announce] 20190520 [SECURITY] [DLA 1797-1] drupal7 security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html"
            },
            {
              "name": "[oss-security] 20190603 Django: CVE-2019-12308 AdminURLFieldWidget XSS (plus patched bundled jQuery for CVE-2019-11358)",
              "tags": [
                "mailing-list"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2019/06/03/2"
            },
            {
              "url": "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html"
            },
            {
              "name": "RHSA-2019:1456",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:1456"
            },
            {
              "name": "DSA-4460",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.debian.org/security/2019/dsa-4460"
            },
            {
              "name": "20190612 [SECURITY] [DSA 4460-1] mediawiki security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://seclists.org/bugtraq/2019/Jun/12"
            },
            {
              "name": "openSUSE-SU-2019:1839",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html"
            },
            {
              "name": "RHBA-2019:1570",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://access.redhat.com/errata/RHBA-2019:1570"
            },
            {
              "name": "openSUSE-SU-2019:1872",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html"
            },
            {
              "name": "[roller-commits] 20190820 [jira] [Created] (ROL-2150) Fix Js security vulnerabilities detected using retire js",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3Ccommits.roller.apache.org%3E"
            },
            {
              "name": "RHSA-2019:2587",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:2587"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20190919-0001/"
            },
            {
              "name": "RHSA-2019:3023",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:3023"
            },
            {
              "name": "RHSA-2019:3024",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:3024"
            },
            {
              "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"
            },
            {
              "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"
            },
            {
              "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"
            },
            {
              "name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E"
            },
            {
              "url": "https://www.tenable.com/security/tns-2019-08"
            },
            {
              "name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E"
            },
            {
              "name": "[debian-lts-announce] 20200224 [SECURITY] [DLA 2118-1] otrs2 security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html"
            },
            {
              "url": "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html"
            },
            {
              "url": "https://www.tenable.com/security/tns-2020-02"
            },
            {
              "name": "[syncope-dev] 20200423 Jquery version on 2.1.x/2.0.x",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766%40%3Cdev.syncope.apache.org%3E"
            },
            {
              "name": "[flink-dev] 20200513 [jira] [Created] (FLINK-17675) Resolve CVE-2019-11358 from jquery",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355%40%3Cdev.flink.apache.org%3E"
            },
            {
              "name": "[flink-issues] 20200513 [jira] [Created] (FLINK-17675) Resolve CVE-2019-11358 from jquery",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d%40%3Cissues.flink.apache.org%3E"
            },
            {
              "name": "[flink-issues] 20200518 [jira] [Commented] (FLINK-17675) Resolve CVE-2019-11358 from jquery",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9%40%3Cissues.flink.apache.org%3E"
            },
            {
              "name": "[flink-issues] 20200518 [jira] [Updated] (FLINK-17675) Resolve CVE-2019-11358 from jquery",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73%40%3Cissues.flink.apache.org%3E"
            },
            {
              "name": "[flink-issues] 20200518 [jira] [Assigned] (FLINK-17675) Resolve CVE-2019-11358 from jquery",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08%40%3Cissues.flink.apache.org%3E"
            },
            {
              "name": "[flink-issues] 20200520 [jira] [Closed] (FLINK-17675) Resolve CVE-2019-11358 from jquery",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa%40%3Cissues.flink.apache.org%3E"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
            },
            {
              "name": "[storm-dev] 20200708 [GitHub] [storm] Crim opened a new pull request #3305: [STORM-3553] Upgrade jQuery from 1.11.1 to 3.5.1",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734%40%3Cdev.storm.apache.org%3E"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
            },
            {
              "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
            },
            {
              "url": "https://backdropcms.org/security/backdrop-sa-core-2019-009"
            },
            {
              "url": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/"
            },
            {
              "url": "https://snyk.io/vuln/SNYK-JS-JQUERY-174006"
            },
            {
              "url": "https://github.com/jquery/jquery/pull/4333"
            },
            {
              "url": "https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b"
            },
            {
              "url": "https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
            },
            {
              "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
            },
            {
              "url": "https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved-in-Junos-OS-21-2R1"
            },
            {
              "name": "[debian-lts-announce] 20230831 [SECURITY] [DLA 3551-1] otrs2 security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2019-11358",
        "datePublished": "2019-04-19T00:00:00.000Z",
        "dateReserved": "2019-04-19T00:00:00.000Z",
        "dateUpdated": "2024-11-15T15:11:23.024Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-2721 (GCVE-0-2018-2721)

    Vulnerability from cvelistv5 – Published: 2018-01-18 02:00 – Updated: 2024-10-03 20:26
    VLAI
    Summary
    Vulnerability in the Oracle Financial Services Price Creation and Discovery component of Oracle Financial Services Applications (subcomponent: User Interface). The supported version that is affected is 8.0.5. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Price Creation and Discovery. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Price Creation and Discovery accessible data as well as unauthorized access to critical data or complete access to all Oracle Financial Services Price Creation and Discovery accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Price Creation and Discovery. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Price Creation and Discovery accessible data as well as unauthorized access to critical data or complete access to all Oracle Financial Services Price Creation and Discovery accessible data.
    Assigner
    References
    URL Tags
    http://www.oracle.com/technetwork/security-adviso… x_refsource_CONFIRM
    http://www.securitytracker.com/id/1040214 vdb-entryx_refsource_SECTRACK
    http://www.securityfocus.com/bid/102668 vdb-entryx_refsource_BID
    Date Public
    2018-01-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T04:29:44.362Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
              },
              {
                "name": "1040214",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1040214"
              },
              {
                "name": "102668",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/102668"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2018-2721",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-03T19:20:21.589430Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-03T20:26:28.313Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Financial Services Price Creation and Discovery",
              "vendor": "Oracle Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "8.0.5"
                }
              ]
            }
          ],
          "datePublic": "2018-01-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Vulnerability in the Oracle Financial Services Price Creation and Discovery component of Oracle Financial Services Applications (subcomponent: User Interface). The supported version that is affected is 8.0.5. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Price Creation and Discovery. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Price Creation and Discovery accessible data as well as unauthorized access to critical data or complete access to all Oracle Financial Services Price Creation and Discovery accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Price Creation and Discovery.  Successful attacks of this vulnerability can result in  unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Price Creation and Discovery accessible data as well as  unauthorized access to critical data or complete access to all Oracle Financial Services Price Creation and Discovery accessible data.",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-01-18T10:57:01.000Z",
            "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
            "shortName": "oracle"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
            },
            {
              "name": "1040214",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1040214"
            },
            {
              "name": "102668",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/102668"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert_us@oracle.com",
              "ID": "CVE-2018-2721",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Financial Services Price Creation and Discovery",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "8.0.5"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Oracle Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Vulnerability in the Oracle Financial Services Price Creation and Discovery component of Oracle Financial Services Applications (subcomponent: User Interface). The supported version that is affected is 8.0.5. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Price Creation and Discovery. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Price Creation and Discovery accessible data as well as unauthorized access to critical data or complete access to all Oracle Financial Services Price Creation and Discovery accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Price Creation and Discovery.  Successful attacks of this vulnerability can result in  unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Price Creation and Discovery accessible data as well as  unauthorized access to critical data or complete access to all Oracle Financial Services Price Creation and Discovery accessible data."
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
                },
                {
                  "name": "1040214",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1040214"
                },
                {
                  "name": "102668",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/102668"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "assignerShortName": "oracle",
        "cveId": "CVE-2018-2721",
        "datePublished": "2018-01-18T02:00:00.000Z",
        "dateReserved": "2017-12-15T00:00:00.000Z",
        "dateUpdated": "2024-10-03T20:26:28.313Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-2722 (GCVE-0-2018-2722)

    Vulnerability from cvelistv5 – Published: 2018-01-18 02:00 – Updated: 2024-10-03 20:26
    VLAI
    Summary
    Vulnerability in the Oracle Financial Services Price Creation and Discovery component of Oracle Financial Services Applications (subcomponent: User Interface). The supported version that is affected is 8.0.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Price Creation and Discovery. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Price Creation and Discovery, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Price Creation and Discovery accessible data as well as unauthorized read access to a subset of Oracle Financial Services Price Creation and Discovery accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Price Creation and Discovery. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Price Creation and Discovery, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Price Creation and Discovery accessible data as well as unauthorized read access to a subset of Oracle Financial Services Price Creation and Discovery accessible data.
    Assigner
    References
    URL Tags
    http://www.oracle.com/technetwork/security-adviso… x_refsource_CONFIRM
    http://www.securitytracker.com/id/1040214 vdb-entryx_refsource_SECTRACK
    http://www.securityfocus.com/bid/102673 vdb-entryx_refsource_BID
    Date Public
    2018-01-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T04:29:44.423Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
              },
              {
                "name": "1040214",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1040214"
              },
              {
                "name": "102673",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/102673"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2018-2722",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-03T19:24:54.517182Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-03T20:26:21.834Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Financial Services Price Creation and Discovery",
              "vendor": "Oracle Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "8.0.5"
                }
              ]
            }
          ],
          "datePublic": "2018-01-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Vulnerability in the Oracle Financial Services Price Creation and Discovery component of Oracle Financial Services Applications (subcomponent: User Interface). The supported version that is affected is 8.0.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Price Creation and Discovery. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Price Creation and Discovery, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Price Creation and Discovery accessible data as well as unauthorized read access to a subset of Oracle Financial Services Price Creation and Discovery accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Price Creation and Discovery.  Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Price Creation and Discovery, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Financial Services Price Creation and Discovery accessible data as well as  unauthorized read access to a subset of Oracle Financial Services Price Creation and Discovery accessible data.",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-01-18T10:57:01.000Z",
            "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
            "shortName": "oracle"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
            },
            {
              "name": "1040214",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1040214"
            },
            {
              "name": "102673",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/102673"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert_us@oracle.com",
              "ID": "CVE-2018-2722",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Financial Services Price Creation and Discovery",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "8.0.5"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Oracle Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Vulnerability in the Oracle Financial Services Price Creation and Discovery component of Oracle Financial Services Applications (subcomponent: User Interface). The supported version that is affected is 8.0.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Price Creation and Discovery. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Price Creation and Discovery, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Price Creation and Discovery accessible data as well as unauthorized read access to a subset of Oracle Financial Services Price Creation and Discovery accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Price Creation and Discovery.  Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Price Creation and Discovery, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Financial Services Price Creation and Discovery accessible data as well as  unauthorized read access to a subset of Oracle Financial Services Price Creation and Discovery accessible data."
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
                },
                {
                  "name": "1040214",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1040214"
                },
                {
                  "name": "102673",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/102673"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "assignerShortName": "oracle",
        "cveId": "CVE-2018-2722",
        "datePublished": "2018-01-18T02:00:00.000Z",
        "dateReserved": "2017-12-15T00:00:00.000Z",
        "dateUpdated": "2024-10-03T20:26:21.834Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }