Search

Find a vulnerability

Search criteria

    88 vulnerabilities found for jd_edwards_enterpriseone_orchestrator by oracle

    CVE-2025-21552 (GCVE-0-2025-21552)

    Vulnerability from nvd – Published: 2025-01-21 20:53 – Updated: 2025-03-13 14:35
    VLAI
    Summary
    Vulnerability in the JD Edwards EnterpriseOne Orchestrator product of Oracle JD Edwards (component: E1 IOT Orchestrator Security). Supported versions that are affected are Prior to 9.2.9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Orchestrator. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all JD Edwards EnterpriseOne Orchestrator accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Orchestrator. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all JD Edwards EnterpriseOne Orchestrator accessible data.
    • CWE-1390 - Weak Authentication
    Assigner
    References
    Impacted products
    Vendor Product Version
    Oracle Corporation JD Edwards EnterpriseOne Orchestrator Affected: * , < 9.2.9.2 (custom)
        cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:prior_to_9.2.9.2:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-21552",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-22T15:02:49.859336Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-1390",
                    "description": "CWE-1390 Weak Authentication",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-13T14:35:17.023Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:prior_to_9.2.9.2:*:*:*:*:*:*:*"
              ],
              "product": "JD Edwards EnterpriseOne Orchestrator",
              "vendor": "Oracle Corporation",
              "versions": [
                {
                  "lessThan": "9.2.9.2",
                  "status": "affected",
                  "version": "*",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Vulnerability in the JD Edwards EnterpriseOne Orchestrator product of Oracle JD Edwards (component: E1 IOT Orchestrator Security).  Supported versions that are affected are Prior to 9.2.9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Orchestrator.  Successful attacks of this vulnerability can result in  unauthorized access to critical data or complete access to all JD Edwards EnterpriseOne Orchestrator accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Orchestrator.  Successful attacks of this vulnerability can result in  unauthorized access to critical data or complete access to all JD Edwards EnterpriseOne Orchestrator accessible data.",
                  "lang": "en-US"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-21T20:53:16.924Z",
            "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
            "shortName": "oracle"
          },
          "references": [
            {
              "name": "Oracle Advisory",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujan2025.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "assignerShortName": "oracle",
        "cveId": "CVE-2025-21552",
        "datePublished": "2025-01-21T20:53:16.924Z",
        "dateReserved": "2024-12-24T23:18:54.775Z",
        "dateUpdated": "2025-03-13T14:35:17.023Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-21168 (GCVE-0-2024-21168)

    Vulnerability from nvd – Published: 2024-07-16 22:40 – Updated: 2024-11-06 20:12
    VLAI
    Summary
    Vulnerability in the JD Edwards EnterpriseOne Orchestrator product of Oracle JD Edwards (component: E1 IOT Orchestrator Security). Supported versions that are affected are Prior to 9.2.8.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Orchestrator. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all JD Edwards EnterpriseOne Orchestrator accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Orchestrator. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all JD Edwards EnterpriseOne Orchestrator accessible data.
    • CWE-noinfo Not enough information
    Assigner
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-21168",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-17T13:48:15.964741Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "description": "CWE-noinfo Not enough information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-06T20:12:27.651Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T22:13:42.794Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "Oracle Advisory",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujul2024.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "JD Edwards EnterpriseOne Orchestrator",
              "vendor": "Oracle Corporation",
              "versions": [
                {
                  "lessThan": "9.2.8.3",
                  "status": "affected",
                  "version": "*",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Vulnerability in the JD Edwards EnterpriseOne Orchestrator product of Oracle JD Edwards (component: E1 IOT Orchestrator Security).  Supported versions that are affected are Prior to 9.2.8.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Orchestrator.  Successful attacks of this vulnerability can result in  unauthorized access to critical data or complete access to all JD Edwards EnterpriseOne Orchestrator accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Orchestrator.  Successful attacks of this vulnerability can result in  unauthorized access to critical data or complete access to all JD Edwards EnterpriseOne Orchestrator accessible data.",
                  "lang": "en-US"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-16T22:40:06.430Z",
            "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
            "shortName": "oracle"
          },
          "references": [
            {
              "name": "Oracle Advisory",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujul2024.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "assignerShortName": "oracle",
        "cveId": "CVE-2024-21168",
        "datePublished": "2024-07-16T22:40:06.430Z",
        "dateReserved": "2023-12-07T22:28:10.686Z",
        "dateUpdated": "2024-11-06T20:12:27.651Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-22050 (GCVE-0-2023-22050)

    Vulnerability from nvd – Published: 2023-07-18 20:18 – Updated: 2024-09-13 16:42
    VLAI
    Summary
    Vulnerability in the JD Edwards EnterpriseOne Orchestrator product of Oracle JD Edwards (component: E1 IOT Orchestrator Security). Supported versions that are affected are Prior to 9.2.7.4. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Orchestrator. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of JD Edwards EnterpriseOne Orchestrator accessible data as well as unauthorized read access to a subset of JD Edwards EnterpriseOne Orchestrator accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N).
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Orchestrator. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of JD Edwards EnterpriseOne Orchestrator accessible data as well as unauthorized read access to a subset of JD Edwards EnterpriseOne Orchestrator accessible data.
    Assigner
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T09:59:28.691Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "Oracle Advisory",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujul2023.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-22050",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-13T16:28:56.737394Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-13T16:42:03.032Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "JD Edwards EnterpriseOne Orchestrator",
              "vendor": "Oracle Corporation",
              "versions": [
                {
                  "lessThan": "9.2.7.4",
                  "status": "affected",
                  "version": "*",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Vulnerability in the JD Edwards EnterpriseOne Orchestrator product of Oracle JD Edwards (component: E1 IOT Orchestrator Security).  Supported versions that are affected are Prior to 9.2.7.4. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Orchestrator.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of JD Edwards EnterpriseOne Orchestrator accessible data as well as  unauthorized read access to a subset of JD Edwards EnterpriseOne Orchestrator accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Orchestrator.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of JD Edwards EnterpriseOne Orchestrator accessible data as well as  unauthorized read access to a subset of JD Edwards EnterpriseOne Orchestrator accessible data.",
                  "lang": "en-US"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-07-18T20:18:32.788Z",
            "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
            "shortName": "oracle"
          },
          "references": [
            {
              "name": "Oracle Advisory",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujul2023.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "assignerShortName": "oracle",
        "cveId": "CVE-2023-22050",
        "datePublished": "2023-07-18T20:18:32.788Z",
        "dateReserved": "2022-12-17T19:26:00.755Z",
        "dateUpdated": "2024-09-13T16:42:03.032Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-21532 (GCVE-0-2022-21532)

    Vulnerability from nvd – Published: 2022-07-19 21:07 – Updated: 2024-09-24 20:01
    VLAI
    Summary
    Vulnerability in the JD Edwards EnterpriseOne Orchestrator product of Oracle JD Edwards (component: E1 IOT Orchestrator). Supported versions that are affected are 9.2.6.3 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Orchestrator. Successful attacks of this vulnerability can result in unauthorized read access to a subset of JD Edwards EnterpriseOne Orchestrator accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Orchestrator. Successful attacks of this vulnerability can result in unauthorized read access to a subset of JD Edwards EnterpriseOne Orchestrator accessible data.
    Assigner
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T02:46:38.451Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-21532",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-24T14:07:19.391805Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-24T20:01:23.713Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "JD Edwards EnterpriseOne Orchestrator",
              "vendor": "Oracle Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.2.6.3 and prior"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Vulnerability in the JD Edwards EnterpriseOne Orchestrator product of Oracle JD Edwards (component: E1 IOT Orchestrator). Supported versions that are affected are 9.2.6.3 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Orchestrator. Successful attacks of this vulnerability can result in unauthorized read access to a subset of JD Edwards EnterpriseOne Orchestrator accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Orchestrator.  Successful attacks of this vulnerability can result in  unauthorized read access to a subset of JD Edwards EnterpriseOne Orchestrator accessible data.",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-07-19T21:07:18.000Z",
            "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
            "shortName": "oracle"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert_us@oracle.com",
              "ID": "CVE-2022-21532",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "JD Edwards EnterpriseOne Orchestrator",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "9.2.6.3 and prior"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Oracle Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Vulnerability in the JD Edwards EnterpriseOne Orchestrator product of Oracle JD Edwards (component: E1 IOT Orchestrator). Supported versions that are affected are 9.2.6.3 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Orchestrator. Successful attacks of this vulnerability can result in unauthorized read access to a subset of JD Edwards EnterpriseOne Orchestrator accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": "4.3",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Orchestrator.  Successful attacks of this vulnerability can result in  unauthorized read access to a subset of JD Edwards EnterpriseOne Orchestrator accessible data."
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.oracle.com/security-alerts/cpujul2022.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "assignerShortName": "oracle",
        "cveId": "CVE-2022-21532",
        "datePublished": "2022-07-19T21:07:18.000Z",
        "dateReserved": "2021-11-15T00:00:00.000Z",
        "dateUpdated": "2024-09-24T20:01:23.713Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-2052 (GCVE-0-2021-2052)

    Vulnerability from nvd – Published: 2021-01-20 14:50 – Updated: 2024-09-26 18:34
    VLAI
    Summary
    Vulnerability in the JD Edwards EnterpriseOne Orchestrator product of Oracle JD Edwards (component: E1 IOT Orchestrator Security). The supported version that is affected is Prior to 9.2.5.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Orchestrator. While the vulnerability is in JD Edwards EnterpriseOne Orchestrator, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of JD Edwards EnterpriseOne Orchestrator accessible data. CVSS 3.1 Base Score 5.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N).
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Orchestrator. While the vulnerability is in JD Edwards EnterpriseOne Orchestrator, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of JD Edwards EnterpriseOne Orchestrator accessible data.
    Assigner
    References
    Impacted products
    Vendor Product Version
    Oracle Corporation JD Edwards EnterpriseOne Orchestrator Affected: unspecified , < 9.2.5.1 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T16:32:02.755Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-2052",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-26T18:13:26.130883Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-26T18:34:04.659Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "JD Edwards EnterpriseOne Orchestrator",
              "vendor": "Oracle Corporation",
              "versions": [
                {
                  "lessThan": "9.2.5.1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Vulnerability in the JD Edwards EnterpriseOne Orchestrator product of Oracle JD Edwards (component: E1 IOT Orchestrator Security). The supported version that is affected is Prior to 9.2.5.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Orchestrator. While the vulnerability is in JD Edwards EnterpriseOne Orchestrator, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of JD Edwards EnterpriseOne Orchestrator accessible data. CVSS 3.1 Base Score 5.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N)."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Orchestrator.  While the vulnerability is in JD Edwards EnterpriseOne Orchestrator, attacks may significantly impact additional products.  Successful attacks of this vulnerability can result in  unauthorized read access to a subset of JD Edwards EnterpriseOne Orchestrator accessible data.",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-01-20T14:50:05.000Z",
            "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
            "shortName": "oracle"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert_us@oracle.com",
              "ID": "CVE-2021-2052",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "JD Edwards EnterpriseOne Orchestrator",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "9.2.5.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Oracle Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Vulnerability in the JD Edwards EnterpriseOne Orchestrator product of Oracle JD Edwards (component: E1 IOT Orchestrator Security). The supported version that is affected is Prior to 9.2.5.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Orchestrator. While the vulnerability is in JD Edwards EnterpriseOne Orchestrator, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of JD Edwards EnterpriseOne Orchestrator accessible data. CVSS 3.1 Base Score 5.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N)."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": "5.8",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Orchestrator.  While the vulnerability is in JD Edwards EnterpriseOne Orchestrator, attacks may significantly impact additional products.  Successful attacks of this vulnerability can result in  unauthorized read access to a subset of JD Edwards EnterpriseOne Orchestrator accessible data."
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.oracle.com/security-alerts/cpujan2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "assignerShortName": "oracle",
        "cveId": "CVE-2021-2052",
        "datePublished": "2021-01-20T14:50:05.000Z",
        "dateReserved": "2020-12-09T00:00:00.000Z",
        "dateUpdated": "2024-09-26T18:34:04.659Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-36183 (GCVE-0-2020-36183)

    Vulnerability from nvd – Published: 2021-01-06 22:30 – Updated: 2024-08-04 17:23
    VLAI
    Summary
    FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:23:09.407Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/FasterXML/jackson-databind/issues/3003"
              },
              {
                "name": "[debian-lts-announce] 20210424 [SECURITY] [DLA 2638-1] jackson-databind security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20210205-0005/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-07-25T16:21:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/FasterXML/jackson-databind/issues/3003"
            },
            {
              "name": "[debian-lts-announce] 20210424 [SECURITY] [DLA 2638-1] jackson-databind security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20210205-0005/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2020-36183",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
                  "refsource": "MISC",
                  "url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
                },
                {
                  "name": "https://github.com/FasterXML/jackson-databind/issues/3003",
                  "refsource": "MISC",
                  "url": "https://github.com/FasterXML/jackson-databind/issues/3003"
                },
                {
                  "name": "[debian-lts-announce] 20210424 [SECURITY] [DLA 2638-1] jackson-databind security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
                },
                {
                  "name": "https://security.netapp.com/advisory/ntap-20210205-0005/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20210205-0005/"
                },
                {
                  "name": "https://www.oracle.com//security-alerts/cpujul2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpujan2022.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpujul2022.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2020-36183",
        "datePublished": "2021-01-06T22:30:15.000Z",
        "dateReserved": "2021-01-06T00:00:00.000Z",
        "dateUpdated": "2024-08-04T17:23:09.407Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-36182 (GCVE-0-2020-36182)

    Vulnerability from nvd – Published: 2021-01-06 22:30 – Updated: 2024-08-04 17:23
    VLAI
    Summary
    FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    Impacted products
    Vendor Product Version
    fasterxml jackson-databind Affected: 0 , < 2.9.10.8 (custom)
        cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*
    Create a notification for this product.
    debian debian_linux Affected: 8.0
        cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
    Create a notification for this product.
    netapp steelstore_cloud_integrated_storage Affected: *
        cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle agile_plm Affected: 9.3.6
        cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle autovue_for_agile_product_lifecycle_management Affected: 21.0.2
        cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle banking_digital_experience Affected: 18.1 , ≤ 18.3 (custom)
    Affected: 19.1 , ≤ 19.2 (custom)
    Affected: 20.1
    Affected: 2.4.0 , ≤ 2.9.0 (custom)
        cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_calendar_server Affected: 8.0.0.4.0 , ≤ 8.0.0.5.0 (custom)
        cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_diameter_signaling_router Affected: 8.0.0 , ≤ 8.2.2 (custom)
        cpe:2.3:a:oracle:communications_diameter_signaling_router:-:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_element_manager Affected: 8.2.0 , ≤ 8.2.2 (custom)
        cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_evolved_communications_application_server Affected: 7.1
        cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_instant_messaging_server Affected: 10.0.1.4.0
        cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_network_charging_and_control Affected: 6.0.1
        cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_network_charging_and_control Affected: 12.0.0 , ≤ 12.0.3 (custom)
        cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_session_route_manager Affected: 8.2.0 , ≤ 8.2.2 (custom)
        cpe:2.3:a:oracle:communications_session_route_manager:-:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle enterprise_manager_base_platform Affected: 13.3.0.0 , ≤ 13.4.0.0 (custom)
        cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle financial_services_analytical_applications_infrastructure Affected: 8.0.6 , ≤ 8.1.0 (custom)
        cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle financial_services_institutional_performance_analytics Affected: 8.0.6
    Affected: 8.0.7
    Affected: 8.1.0
        cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle financial_services_price_creation_and_discovery Affected: 8.0.6 , ≤ 8.0.7 (custom)
        cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle financial_services_retail_customer_analytics Affected: 8.0.6
        cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle global_lifecycle_management_opatch Affected: 0 , ≤ 12.2.0.1.20 (custom)
        cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle insurance_policy_administration_j2ee Affected: 11.0.2.25 , < 11.1.0.15 (custom)
        cpe:2.3:a:oracle:insurance_policy_administration_j2ee:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle jd_edwards_enterpriseone_orchestrator Affected: 0 , ≤ 9.2.4.2 (custom)
        cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:-:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle primavera_unifier Affected: 16.1
    Affected: 16.2
    Affected: 17.7 , ≤ 17.12 (custom)
    Affected: 18.8
    Affected: 19.12
        cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle retail_merchandising_system Affected: 15.0
        cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle retail_sales_audit Affected: 14.1
        cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle retail_service_backbone Affected: 14.1
    Affected: 15.0
    Affected: 16.0
        cpe:2.3:a:oracle:retail_service_backbone:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle retail_xstore_point_of_service Affected: 15.0 , ≤ 19.0 (custom)
        cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle weblogic_server Affected: 12.2.1.3.0 , ≤ 12.2.1.4.0 (custom)
        cpe:2.3:a:oracle:weblogic_server:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jackson-databind",
                "vendor": "fasterxml",
                "versions": [
                  {
                    "lessThan": "2.9.10.8",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "debian_linux",
                "vendor": "debian",
                "versions": [
                  {
                    "status": "affected",
                    "version": "8.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "steelstore_cloud_integrated_storage",
                "vendor": "netapp",
                "versions": [
                  {
                    "status": "affected",
                    "version": "*"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "agile_plm",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "9.3.6"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "autovue_for_agile_product_lifecycle_management",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "21.0.2"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "banking_digital_experience",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "18.3",
                    "status": "affected",
                    "version": "18.1",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "19.2",
                    "status": "affected",
                    "version": "19.1",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "20.1"
                  },
                  {
                    "lessThanOrEqual": "2.9.0",
                    "status": "affected",
                    "version": "2.4.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_calendar_server",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.0.0.5.0",
                    "status": "affected",
                    "version": "8.0.0.4.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_diameter_signaling_router:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_diameter_signaling_router",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.2.2",
                    "status": "affected",
                    "version": "8.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_element_manager",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.2.2",
                    "status": "affected",
                    "version": "8.2.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_evolved_communications_application_server",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "7.1"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_instant_messaging_server",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "10.0.1.4.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_network_charging_and_control",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "6.0.1"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_network_charging_and_control",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "12.0.3",
                    "status": "affected",
                    "version": "12.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_session_route_manager:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_session_route_manager",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.2.2",
                    "status": "affected",
                    "version": "8.2.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "enterprise_manager_base_platform",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "13.4.0.0",
                    "status": "affected",
                    "version": "13.3.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "financial_services_analytical_applications_infrastructure",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.1.0",
                    "status": "affected",
                    "version": "8.0.6",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "financial_services_institutional_performance_analytics",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "8.0.6"
                  },
                  {
                    "status": "affected",
                    "version": "8.0.7"
                  },
                  {
                    "status": "affected",
                    "version": "8.1.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "financial_services_price_creation_and_discovery",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.0.7",
                    "status": "affected",
                    "version": "8.0.6",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "financial_services_retail_customer_analytics",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "8.0.6"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "global_lifecycle_management_opatch",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "12.2.0.1.20",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "insurance_policy_administration_j2ee",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThan": "11.1.0.15",
                    "status": "affected",
                    "version": "11.0.2.25",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jd_edwards_enterpriseone_orchestrator",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "9.2.4.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "primavera_unifier",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "16.1"
                  },
                  {
                    "status": "affected",
                    "version": "16.2"
                  },
                  {
                    "lessThanOrEqual": "17.12",
                    "status": "affected",
                    "version": "17.7",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "18.8"
                  },
                  {
                    "status": "affected",
                    "version": "19.12"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "retail_merchandising_system",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "15.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "retail_sales_audit",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "14.1"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:retail_service_backbone:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "retail_service_backbone",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "14.1"
                  },
                  {
                    "status": "affected",
                    "version": "15.0"
                  },
                  {
                    "status": "affected",
                    "version": "16.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "retail_xstore_point_of_service",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "19.0",
                    "status": "affected",
                    "version": "15.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:weblogic_server:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "weblogic_server",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "12.2.1.4.0",
                    "status": "affected",
                    "version": "12.2.1.3.0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-36182",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-25T04:00:52.974482Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-502",
                    "description": "CWE-502 Deserialization of Untrusted Data",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:12:28.014Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:23:09.677Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/FasterXML/jackson-databind/issues/3004"
              },
              {
                "name": "[debian-lts-announce] 20210424 [SECURITY] [DLA 2638-1] jackson-databind security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20210205-0005/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-07-25T16:20:53.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/FasterXML/jackson-databind/issues/3004"
            },
            {
              "name": "[debian-lts-announce] 20210424 [SECURITY] [DLA 2638-1] jackson-databind security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20210205-0005/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2020-36182",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
                  "refsource": "MISC",
                  "url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
                },
                {
                  "name": "https://github.com/FasterXML/jackson-databind/issues/3004",
                  "refsource": "MISC",
                  "url": "https://github.com/FasterXML/jackson-databind/issues/3004"
                },
                {
                  "name": "[debian-lts-announce] 20210424 [SECURITY] [DLA 2638-1] jackson-databind security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
                },
                {
                  "name": "https://security.netapp.com/advisory/ntap-20210205-0005/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20210205-0005/"
                },
                {
                  "name": "https://www.oracle.com//security-alerts/cpujul2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpujan2022.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpujul2022.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2020-36182",
        "datePublished": "2021-01-06T22:30:22.000Z",
        "dateReserved": "2021-01-06T00:00:00.000Z",
        "dateUpdated": "2024-08-04T17:23:09.677Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-36180 (GCVE-0-2020-36180)

    Vulnerability from nvd – Published: 2021-01-06 22:30 – Updated: 2024-08-04 17:23
    VLAI
    Summary
    FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    Impacted products
    Vendor Product Version
    fasterxml jackson-databind Affected: 0 , < 2.9.10.8 (custom)
        cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*
    Create a notification for this product.
    debian debian_linux Affected: 8.0
        cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
    Create a notification for this product.
    netapp steelstore_cloud_integrated_storage Affected: *
        cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle agile_plm Affected: 9.3.6
        cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle autovue_for_agile_product_lifecycle_management Affected: 21.0.2
        cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle banking_digital_experience Affected: 18.1 , ≤ 18.3 (custom)
    Affected: 19.1 , ≤ 19.2 (custom)
    Affected: 20.1
    Affected: 2.4.0 , ≤ 2.9.0 (custom)
        cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_calendar_server Affected: 8.0.0.4.0 , ≤ 8.0.0.5.0 (custom)
        cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_diameter_signaling_router Affected: 8.0.0 , ≤ 8.2.2 (custom)
        cpe:2.3:a:oracle:communications_diameter_signaling_router:-:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_element_manager Affected: 8.2.0 , ≤ 8.2.2 (custom)
        cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_evolved_communications_application_server Affected: 7.1
        cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_instant_messaging_server Affected: 10.0.1.4.0
        cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_network_charging_and_control Affected: 6.0.1
        cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_network_charging_and_control Affected: 12.0.0 , ≤ 12.0.3 (custom)
        cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_session_route_manager Affected: 8.2.0 , ≤ 8.2.2 (custom)
        cpe:2.3:a:oracle:communications_session_route_manager:-:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle enterprise_manager_base_platform Affected: 13.3.0.0 , ≤ 13.4.0.0 (custom)
        cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle financial_services_analytical_applications_infrastructure Affected: 8.0.6 , ≤ 8.1.0 (custom)
        cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle financial_services_institutional_performance_analytics Affected: 8.0.6
    Affected: 8.0.7
    Affected: 8.1.0
        cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle financial_services_price_creation_and_discovery Affected: 8.0.6 , ≤ 8.0.7 (custom)
        cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle financial_services_retail_customer_analytics Affected: 8.0.6
        cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle global_lifecycle_management_opatch Affected: 0 , ≤ 12.2.0.1.20 (custom)
        cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle insurance_policy_administration_j2ee Affected: 11.0.2.25 , < 11.1.0.15 (custom)
        cpe:2.3:a:oracle:insurance_policy_administration_j2ee:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle jd_edwards_enterpriseone_orchestrator Affected: 0 , ≤ 9.2.4.2 (custom)
        cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:-:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle primavera_unifier Affected: 16.1
    Affected: 16.2
    Affected: 17.7 , ≤ 17.12 (custom)
    Affected: 18.8
    Affected: 19.12
        cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle retail_merchandising_system Affected: 15.0
        cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle retail_sales_audit Affected: 14.1
        cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle retail_service_backbone Affected: 14.1
    Affected: 15.0
    Affected: 16.0
        cpe:2.3:a:oracle:retail_service_backbone:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle retail_xstore_point_of_service Affected: 15.0 , ≤ 19.0 (custom)
        cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle weblogic_server Affected: 12.2.1.3.0 , ≤ 12.2.1.4.0 (custom)
        cpe:2.3:a:oracle:weblogic_server:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jackson-databind",
                "vendor": "fasterxml",
                "versions": [
                  {
                    "lessThan": "2.9.10.8",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "debian_linux",
                "vendor": "debian",
                "versions": [
                  {
                    "status": "affected",
                    "version": "8.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "steelstore_cloud_integrated_storage",
                "vendor": "netapp",
                "versions": [
                  {
                    "status": "affected",
                    "version": "*"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "agile_plm",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "9.3.6"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "autovue_for_agile_product_lifecycle_management",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "21.0.2"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "banking_digital_experience",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "18.3",
                    "status": "affected",
                    "version": "18.1",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "19.2",
                    "status": "affected",
                    "version": "19.1",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "20.1"
                  },
                  {
                    "lessThanOrEqual": "2.9.0",
                    "status": "affected",
                    "version": "2.4.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_calendar_server",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.0.0.5.0",
                    "status": "affected",
                    "version": "8.0.0.4.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_diameter_signaling_router:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_diameter_signaling_router",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.2.2",
                    "status": "affected",
                    "version": "8.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_element_manager",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.2.2",
                    "status": "affected",
                    "version": "8.2.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_evolved_communications_application_server",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "7.1"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_instant_messaging_server",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "10.0.1.4.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_network_charging_and_control",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "6.0.1"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_network_charging_and_control",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "12.0.3",
                    "status": "affected",
                    "version": "12.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_session_route_manager:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_session_route_manager",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.2.2",
                    "status": "affected",
                    "version": "8.2.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "enterprise_manager_base_platform",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "13.4.0.0",
                    "status": "affected",
                    "version": "13.3.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "financial_services_analytical_applications_infrastructure",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.1.0",
                    "status": "affected",
                    "version": "8.0.6",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "financial_services_institutional_performance_analytics",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "8.0.6"
                  },
                  {
                    "status": "affected",
                    "version": "8.0.7"
                  },
                  {
                    "status": "affected",
                    "version": "8.1.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "financial_services_price_creation_and_discovery",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.0.7",
                    "status": "affected",
                    "version": "8.0.6",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "financial_services_retail_customer_analytics",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "8.0.6"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "global_lifecycle_management_opatch",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "12.2.0.1.20",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "insurance_policy_administration_j2ee",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThan": "11.1.0.15",
                    "status": "affected",
                    "version": "11.0.2.25",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jd_edwards_enterpriseone_orchestrator",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "9.2.4.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "primavera_unifier",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "16.1"
                  },
                  {
                    "status": "affected",
                    "version": "16.2"
                  },
                  {
                    "lessThanOrEqual": "17.12",
                    "status": "affected",
                    "version": "17.7",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "18.8"
                  },
                  {
                    "status": "affected",
                    "version": "19.12"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "retail_merchandising_system",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "15.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "retail_sales_audit",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "14.1"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:retail_service_backbone:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "retail_service_backbone",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "14.1"
                  },
                  {
                    "status": "affected",
                    "version": "15.0"
                  },
                  {
                    "status": "affected",
                    "version": "16.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "retail_xstore_point_of_service",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "19.0",
                    "status": "affected",
                    "version": "15.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:weblogic_server:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "weblogic_server",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "12.2.1.4.0",
                    "status": "affected",
                    "version": "12.2.1.3.0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-36180",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-25T04:00:49.885173Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-502",
                    "description": "CWE-502 Deserialization of Untrusted Data",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:12:24.082Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:23:09.529Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/FasterXML/jackson-databind/issues/3004"
              },
              {
                "name": "[debian-lts-announce] 20210424 [SECURITY] [DLA 2638-1] jackson-databind security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20210205-0005/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-07-25T16:20:30.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/FasterXML/jackson-databind/issues/3004"
            },
            {
              "name": "[debian-lts-announce] 20210424 [SECURITY] [DLA 2638-1] jackson-databind security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20210205-0005/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2020-36180",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
                  "refsource": "MISC",
                  "url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
                },
                {
                  "name": "https://github.com/FasterXML/jackson-databind/issues/3004",
                  "refsource": "MISC",
                  "url": "https://github.com/FasterXML/jackson-databind/issues/3004"
                },
                {
                  "name": "[debian-lts-announce] 20210424 [SECURITY] [DLA 2638-1] jackson-databind security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
                },
                {
                  "name": "https://security.netapp.com/advisory/ntap-20210205-0005/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20210205-0005/"
                },
                {
                  "name": "https://www.oracle.com//security-alerts/cpujul2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpujan2022.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpujul2022.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2020-36180",
        "datePublished": "2021-01-06T22:30:31.000Z",
        "dateReserved": "2021-01-06T00:00:00.000Z",
        "dateUpdated": "2024-08-04T17:23:09.529Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-36179 (GCVE-0-2020-36179)

    Vulnerability from nvd – Published: 2021-01-06 22:30 – Updated: 2024-08-04 17:23
    VLAI
    Summary
    FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    Impacted products
    Vendor Product Version
    fasterxml jackson-databind Affected: 0 , < 2.9.10.8 (custom)
        cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*
    Create a notification for this product.
    debian debian_linux Affected: 8.0
        cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
    Create a notification for this product.
    netapp steelstore_cloud_integrated_storage Affected: *
        cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle agile_plm Affected: 9.3.6
        cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle autovue_for_agile_product_lifecycle_management Affected: 21.0.2
        cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle banking_digital_experience Affected: 18.1 , ≤ 18.3 (custom)
    Affected: 19.1 , ≤ 19.2 (custom)
    Affected: 20.1
    Affected: 2.4.0 , ≤ 2.9.0 (custom)
        cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_calendar_server Affected: 8.0.0.4.0 , ≤ 8.0.0.5.0 (custom)
        cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_diameter_signaling_router Affected: 8.0.0 , ≤ 8.2.2 (custom)
        cpe:2.3:a:oracle:communications_diameter_signaling_router:-:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_element_manager Affected: 8.2.0 , ≤ 8.2.2 (custom)
        cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_evolved_communications_application_server Affected: 7.1
        cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_instant_messaging_server Affected: 10.0.1.4.0
        cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_network_charging_and_control Affected: 6.0.1
        cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_network_charging_and_control Affected: 12.0.0 , ≤ 12.0.3 (custom)
        cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_session_route_manager Affected: 8.2.0 , ≤ 8.2.2 (custom)
        cpe:2.3:a:oracle:communications_session_route_manager:-:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle enterprise_manager_base_platform Affected: 13.3.0.0 , ≤ 13.4.0.0 (custom)
        cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle financial_services_analytical_applications_infrastructure Affected: 8.0.6 , ≤ 8.1.0 (custom)
        cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle financial_services_institutional_performance_analytics Affected: 8.0.6
    Affected: 8.0.7
    Affected: 8.1.0
        cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle financial_services_price_creation_and_discovery Affected: 8.0.6 , ≤ 8.0.7 (custom)
        cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle financial_services_retail_customer_analytics Affected: 8.0.6
        cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle global_lifecycle_management_opatch Affected: 0 , ≤ 12.2.0.1.20 (custom)
        cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle insurance_policy_administration_j2ee Affected: 11.0.2.25 , < 11.1.0.15 (custom)
        cpe:2.3:a:oracle:insurance_policy_administration_j2ee:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle jd_edwards_enterpriseone_orchestrator Affected: 0 , ≤ 9.2.4.2 (custom)
        cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:-:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle primavera_unifier Affected: 16.1
    Affected: 16.2
    Affected: 17.7 , ≤ 17.12 (custom)
    Affected: 18.8
    Affected: 19.12
        cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle retail_merchandising_system Affected: 15.0
        cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle retail_sales_audit Affected: 14.1
        cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle retail_service_backbone Affected: 14.1
    Affected: 15.0
    Affected: 16.0
        cpe:2.3:a:oracle:retail_service_backbone:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle retail_xstore_point_of_service Affected: 15.0 , ≤ 19.0 (custom)
        cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle weblogic_server Affected: 12.2.1.3.0 , ≤ 12.2.1.4.0 (custom)
        cpe:2.3:a:oracle:weblogic_server:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jackson-databind",
                "vendor": "fasterxml",
                "versions": [
                  {
                    "lessThan": "2.9.10.8",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "debian_linux",
                "vendor": "debian",
                "versions": [
                  {
                    "status": "affected",
                    "version": "8.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "steelstore_cloud_integrated_storage",
                "vendor": "netapp",
                "versions": [
                  {
                    "status": "affected",
                    "version": "*"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "agile_plm",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "9.3.6"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "autovue_for_agile_product_lifecycle_management",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "21.0.2"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "banking_digital_experience",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "18.3",
                    "status": "affected",
                    "version": "18.1",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "19.2",
                    "status": "affected",
                    "version": "19.1",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "20.1"
                  },
                  {
                    "lessThanOrEqual": "2.9.0",
                    "status": "affected",
                    "version": "2.4.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_calendar_server",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.0.0.5.0",
                    "status": "affected",
                    "version": "8.0.0.4.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_diameter_signaling_router:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_diameter_signaling_router",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.2.2",
                    "status": "affected",
                    "version": "8.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_element_manager",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.2.2",
                    "status": "affected",
                    "version": "8.2.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_evolved_communications_application_server",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "7.1"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_instant_messaging_server",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "10.0.1.4.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_network_charging_and_control",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "6.0.1"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_network_charging_and_control",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "12.0.3",
                    "status": "affected",
                    "version": "12.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_session_route_manager:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_session_route_manager",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.2.2",
                    "status": "affected",
                    "version": "8.2.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "enterprise_manager_base_platform",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "13.4.0.0",
                    "status": "affected",
                    "version": "13.3.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "financial_services_analytical_applications_infrastructure",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.1.0",
                    "status": "affected",
                    "version": "8.0.6",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "financial_services_institutional_performance_analytics",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "8.0.6"
                  },
                  {
                    "status": "affected",
                    "version": "8.0.7"
                  },
                  {
                    "status": "affected",
                    "version": "8.1.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "financial_services_price_creation_and_discovery",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.0.7",
                    "status": "affected",
                    "version": "8.0.6",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "financial_services_retail_customer_analytics",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "8.0.6"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "global_lifecycle_management_opatch",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "12.2.0.1.20",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "insurance_policy_administration_j2ee",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThan": "11.1.0.15",
                    "status": "affected",
                    "version": "11.0.2.25",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jd_edwards_enterpriseone_orchestrator",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "9.2.4.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "primavera_unifier",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "16.1"
                  },
                  {
                    "status": "affected",
                    "version": "16.2"
                  },
                  {
                    "lessThanOrEqual": "17.12",
                    "status": "affected",
                    "version": "17.7",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "18.8"
                  },
                  {
                    "status": "affected",
                    "version": "19.12"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "retail_merchandising_system",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "15.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "retail_sales_audit",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "14.1"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:retail_service_backbone:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "retail_service_backbone",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "14.1"
                  },
                  {
                    "status": "affected",
                    "version": "15.0"
                  },
                  {
                    "status": "affected",
                    "version": "16.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "retail_xstore_point_of_service",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "19.0",
                    "status": "affected",
                    "version": "15.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:weblogic_server:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "weblogic_server",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "12.2.1.4.0",
                    "status": "affected",
                    "version": "12.2.1.3.0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-36179",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-25T04:00:53.989419Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-502",
                    "description": "CWE-502 Deserialization of Untrusted Data",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:12:24.525Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:23:09.285Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/FasterXML/jackson-databind/issues/3004"
              },
              {
                "name": "[spark-issues] 20210115 [jira] [Created] (SPARK-34124) Upgrade jackson version to fix CVE-2020-36179 in Spark 2.4",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/rc255f41d9a61d3dc79a51fb5c713de4ae10e71e3673feeb0b180b436%40%3Cissues.spark.apache.org%3E"
              },
              {
                "name": "[debian-lts-announce] 20210424 [SECURITY] [DLA 2638-1] jackson-databind security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20210205-0005/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-07-25T16:20:19.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/FasterXML/jackson-databind/issues/3004"
            },
            {
              "name": "[spark-issues] 20210115 [jira] [Created] (SPARK-34124) Upgrade jackson version to fix CVE-2020-36179 in Spark 2.4",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/rc255f41d9a61d3dc79a51fb5c713de4ae10e71e3673feeb0b180b436%40%3Cissues.spark.apache.org%3E"
            },
            {
              "name": "[debian-lts-announce] 20210424 [SECURITY] [DLA 2638-1] jackson-databind security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20210205-0005/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2020-36179",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
                  "refsource": "MISC",
                  "url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
                },
                {
                  "name": "https://github.com/FasterXML/jackson-databind/issues/3004",
                  "refsource": "MISC",
                  "url": "https://github.com/FasterXML/jackson-databind/issues/3004"
                },
                {
                  "name": "[spark-issues] 20210115 [jira] [Created] (SPARK-34124) Upgrade jackson version to fix CVE-2020-36179 in Spark 2.4",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/rc255f41d9a61d3dc79a51fb5c713de4ae10e71e3673feeb0b180b436@%3Cissues.spark.apache.org%3E"
                },
                {
                  "name": "[debian-lts-announce] 20210424 [SECURITY] [DLA 2638-1] jackson-databind security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
                },
                {
                  "name": "https://security.netapp.com/advisory/ntap-20210205-0005/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20210205-0005/"
                },
                {
                  "name": "https://www.oracle.com//security-alerts/cpujul2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpujan2022.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpujul2022.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2020-36179",
        "datePublished": "2021-01-06T22:30:38.000Z",
        "dateReserved": "2021-01-06T00:00:00.000Z",
        "dateUpdated": "2024-08-04T17:23:09.285Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-36189 (GCVE-0-2020-36189)

    Vulnerability from nvd – Published: 2021-01-06 22:29 – Updated: 2024-08-04 17:23
    VLAI
    Summary
    FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:23:09.508Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/FasterXML/jackson-databind/issues/2996"
              },
              {
                "name": "[debian-lts-announce] 20210424 [SECURITY] [DLA 2638-1] jackson-databind security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20210205-0005/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-07-25T16:22:16.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/FasterXML/jackson-databind/issues/2996"
            },
            {
              "name": "[debian-lts-announce] 20210424 [SECURITY] [DLA 2638-1] jackson-databind security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20210205-0005/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2020-36189",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
                  "refsource": "MISC",
                  "url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
                },
                {
                  "name": "https://github.com/FasterXML/jackson-databind/issues/2996",
                  "refsource": "MISC",
                  "url": "https://github.com/FasterXML/jackson-databind/issues/2996"
                },
                {
                  "name": "[debian-lts-announce] 20210424 [SECURITY] [DLA 2638-1] jackson-databind security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
                },
                {
                  "name": "https://security.netapp.com/advisory/ntap-20210205-0005/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20210205-0005/"
                },
                {
                  "name": "https://www.oracle.com//security-alerts/cpujul2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpujan2022.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpujul2022.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2020-36189",
        "datePublished": "2021-01-06T22:29:28.000Z",
        "dateReserved": "2021-01-06T00:00:00.000Z",
        "dateUpdated": "2024-08-04T17:23:09.508Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-36188 (GCVE-0-2020-36188)

    Vulnerability from nvd – Published: 2021-01-06 22:29 – Updated: 2024-08-04 17:23
    VLAI
    Summary
    FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:23:09.309Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/FasterXML/jackson-databind/issues/2996"
              },
              {
                "name": "[debian-lts-announce] 20210424 [SECURITY] [DLA 2638-1] jackson-databind security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20210205-0005/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-07-25T16:22:05.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/FasterXML/jackson-databind/issues/2996"
            },
            {
              "name": "[debian-lts-announce] 20210424 [SECURITY] [DLA 2638-1] jackson-databind security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20210205-0005/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2020-36188",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
                  "refsource": "MISC",
                  "url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
                },
                {
                  "name": "https://github.com/FasterXML/jackson-databind/issues/2996",
                  "refsource": "MISC",
                  "url": "https://github.com/FasterXML/jackson-databind/issues/2996"
                },
                {
                  "name": "[debian-lts-announce] 20210424 [SECURITY] [DLA 2638-1] jackson-databind security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
                },
                {
                  "name": "https://security.netapp.com/advisory/ntap-20210205-0005/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20210205-0005/"
                },
                {
                  "name": "https://www.oracle.com//security-alerts/cpujul2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpujan2022.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpujul2022.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2020-36188",
        "datePublished": "2021-01-06T22:29:36.000Z",
        "dateReserved": "2021-01-06T00:00:00.000Z",
        "dateUpdated": "2024-08-04T17:23:09.309Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-36187 (GCVE-0-2020-36187)

    Vulnerability from nvd – Published: 2021-01-06 22:29 – Updated: 2024-08-04 17:23
    VLAI
    Summary
    FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:23:09.266Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/FasterXML/jackson-databind/issues/2997"
              },
              {
                "name": "[debian-lts-announce] 20210424 [SECURITY] [DLA 2638-1] jackson-databind security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20210205-0005/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-07-25T16:21:52.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/FasterXML/jackson-databind/issues/2997"
            },
            {
              "name": "[debian-lts-announce] 20210424 [SECURITY] [DLA 2638-1] jackson-databind security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20210205-0005/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2020-36187",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
                  "refsource": "MISC",
                  "url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
                },
                {
                  "name": "https://github.com/FasterXML/jackson-databind/issues/2997",
                  "refsource": "MISC",
                  "url": "https://github.com/FasterXML/jackson-databind/issues/2997"
                },
                {
                  "name": "[debian-lts-announce] 20210424 [SECURITY] [DLA 2638-1] jackson-databind security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
                },
                {
                  "name": "https://security.netapp.com/advisory/ntap-20210205-0005/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20210205-0005/"
                },
                {
                  "name": "https://www.oracle.com//security-alerts/cpujul2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpujan2022.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpujul2022.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2020-36187",
        "datePublished": "2021-01-06T22:29:44.000Z",
        "dateReserved": "2021-01-06T00:00:00.000Z",
        "dateUpdated": "2024-08-04T17:23:09.266Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-36186 (GCVE-0-2020-36186)

    Vulnerability from nvd – Published: 2021-01-06 22:29 – Updated: 2024-08-04 17:23
    VLAI
    Summary
    FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:23:09.443Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/FasterXML/jackson-databind/issues/2997"
              },
              {
                "name": "[debian-lts-announce] 20210424 [SECURITY] [DLA 2638-1] jackson-databind security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20210205-0005/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-07-25T16:21:41.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/FasterXML/jackson-databind/issues/2997"
            },
            {
              "name": "[debian-lts-announce] 20210424 [SECURITY] [DLA 2638-1] jackson-databind security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20210205-0005/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2020-36186",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
                  "refsource": "MISC",
                  "url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
                },
                {
                  "name": "https://github.com/FasterXML/jackson-databind/issues/2997",
                  "refsource": "MISC",
                  "url": "https://github.com/FasterXML/jackson-databind/issues/2997"
                },
                {
                  "name": "[debian-lts-announce] 20210424 [SECURITY] [DLA 2638-1] jackson-databind security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
                },
                {
                  "name": "https://security.netapp.com/advisory/ntap-20210205-0005/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20210205-0005/"
                },
                {
                  "name": "https://www.oracle.com//security-alerts/cpujul2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpujan2022.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpujul2022.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2020-36186",
        "datePublished": "2021-01-06T22:29:51.000Z",
        "dateReserved": "2021-01-06T00:00:00.000Z",
        "dateUpdated": "2024-08-04T17:23:09.443Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-36185 (GCVE-0-2020-36185)

    Vulnerability from nvd – Published: 2021-01-06 22:29 – Updated: 2024-08-04 17:23
    VLAI
    Summary
    FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:23:09.472Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/FasterXML/jackson-databind/issues/2998"
              },
              {
                "name": "[debian-lts-announce] 20210424 [SECURITY] [DLA 2638-1] jackson-databind security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20210205-0005/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-07-25T16:21:28.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/FasterXML/jackson-databind/issues/2998"
            },
            {
              "name": "[debian-lts-announce] 20210424 [SECURITY] [DLA 2638-1] jackson-databind security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20210205-0005/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2020-36185",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
                  "refsource": "MISC",
                  "url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
                },
                {
                  "name": "https://github.com/FasterXML/jackson-databind/issues/2998",
                  "refsource": "MISC",
                  "url": "https://github.com/FasterXML/jackson-databind/issues/2998"
                },
                {
                  "name": "[debian-lts-announce] 20210424 [SECURITY] [DLA 2638-1] jackson-databind security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
                },
                {
                  "name": "https://security.netapp.com/advisory/ntap-20210205-0005/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20210205-0005/"
                },
                {
                  "name": "https://www.oracle.com//security-alerts/cpujul2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpujan2022.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpujul2022.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2020-36185",
        "datePublished": "2021-01-06T22:29:59.000Z",
        "dateReserved": "2021-01-06T00:00:00.000Z",
        "dateUpdated": "2024-08-04T17:23:09.472Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-36184 (GCVE-0-2020-36184)

    Vulnerability from nvd – Published: 2021-01-06 22:30 – Updated: 2024-08-04 17:23
    VLAI
    Summary
    FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    Impacted products
    Vendor Product Version
    fasterxml jackson-databind Affected: 0 , < 2.9.10.8 (custom)
        cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*
    Create a notification for this product.
    debian debian_linux Affected: 8.0
        cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
    Create a notification for this product.
    netapp steelstore_cloud_integrated_storage Affected: *
        cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle agile_plm Affected: 9.3.6
        cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle autovue_for_agile_product_lifecycle_management Affected: 21.0.2
        cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle banking_digital_experience Affected: 18.1 , ≤ 18.3 (custom)
    Affected: 19.1 , ≤ 19.2 (custom)
    Affected: 20.1
    Affected: 2.4.0 , ≤ 2.9.0 (custom)
        cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_calendar_server Affected: 8.0.0.4.0 , ≤ 8.0.0.5.0 (custom)
        cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_diameter_signaling_router Affected: 8.0.0 , ≤ 8.2.2 (custom)
        cpe:2.3:a:oracle:communications_diameter_signaling_router:-:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_element_manager Affected: 8.2.0 , ≤ 8.2.2 (custom)
        cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_evolved_communications_application_server Affected: 7.1
        cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_instant_messaging_server Affected: 10.0.1.4.0
        cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_network_charging_and_control Affected: 6.0.1
        cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_network_charging_and_control Affected: 12.0.0 , ≤ 12.0.3 (custom)
        cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_session_route_manager Affected: 8.2.0 , ≤ 8.2.2 (custom)
        cpe:2.3:a:oracle:communications_session_route_manager:-:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle enterprise_manager_base_platform Affected: 13.3.0.0 , ≤ 13.4.0.0 (custom)
        cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle financial_services_analytical_applications_infrastructure Affected: 8.0.6 , ≤ 8.1.0 (custom)
        cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle financial_services_institutional_performance_analytics Affected: 8.0.6
    Affected: 8.0.7
    Affected: 8.1.0
        cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle financial_services_price_creation_and_discovery Affected: 8.0.6 , ≤ 8.0.7 (custom)
        cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle financial_services_retail_customer_analytics Affected: 8.0.6
        cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle global_lifecycle_management_opatch Affected: 0 , ≤ 12.2.0.1.20 (custom)
        cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle insurance_policy_administration_j2ee Affected: 11.0.2.25 , < 11.1.0.15 (custom)
        cpe:2.3:a:oracle:insurance_policy_administration_j2ee:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle jd_edwards_enterpriseone_orchestrator Affected: 0 , ≤ 9.2.4.2 (custom)
        cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:-:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle primavera_unifier Affected: 16.1
    Affected: 16.2
    Affected: 17.7 , ≤ 17.12 (custom)
    Affected: 18.8
    Affected: 19.12
        cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle retail_merchandising_system Affected: 15.0
        cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle retail_sales_audit Affected: 14.1
        cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle retail_service_backbone Affected: 14.1
    Affected: 15.0
    Affected: 16.0
        cpe:2.3:a:oracle:retail_service_backbone:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle retail_xstore_point_of_service Affected: 15.0 , ≤ 19.0 (custom)
        cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle weblogic_server Affected: 12.2.1.3.0 , ≤ 12.2.1.4.0 (custom)
        cpe:2.3:a:oracle:weblogic_server:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jackson-databind",
                "vendor": "fasterxml",
                "versions": [
                  {
                    "lessThan": "2.9.10.8",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "debian_linux",
                "vendor": "debian",
                "versions": [
                  {
                    "status": "affected",
                    "version": "8.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "steelstore_cloud_integrated_storage",
                "vendor": "netapp",
                "versions": [
                  {
                    "status": "affected",
                    "version": "*"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "agile_plm",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "9.3.6"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "autovue_for_agile_product_lifecycle_management",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "21.0.2"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "banking_digital_experience",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "18.3",
                    "status": "affected",
                    "version": "18.1",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "19.2",
                    "status": "affected",
                    "version": "19.1",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "20.1"
                  },
                  {
                    "lessThanOrEqual": "2.9.0",
                    "status": "affected",
                    "version": "2.4.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_calendar_server",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.0.0.5.0",
                    "status": "affected",
                    "version": "8.0.0.4.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_diameter_signaling_router:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_diameter_signaling_router",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.2.2",
                    "status": "affected",
                    "version": "8.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_element_manager",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.2.2",
                    "status": "affected",
                    "version": "8.2.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_evolved_communications_application_server",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "7.1"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_instant_messaging_server",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "10.0.1.4.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_network_charging_and_control",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "6.0.1"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_network_charging_and_control",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "12.0.3",
                    "status": "affected",
                    "version": "12.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_session_route_manager:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_session_route_manager",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.2.2",
                    "status": "affected",
                    "version": "8.2.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "enterprise_manager_base_platform",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "13.4.0.0",
                    "status": "affected",
                    "version": "13.3.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "financial_services_analytical_applications_infrastructure",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.1.0",
                    "status": "affected",
                    "version": "8.0.6",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "financial_services_institutional_performance_analytics",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "8.0.6"
                  },
                  {
                    "status": "affected",
                    "version": "8.0.7"
                  },
                  {
                    "status": "affected",
                    "version": "8.1.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "financial_services_price_creation_and_discovery",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.0.7",
                    "status": "affected",
                    "version": "8.0.6",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "financial_services_retail_customer_analytics",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "8.0.6"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "global_lifecycle_management_opatch",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "12.2.0.1.20",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "insurance_policy_administration_j2ee",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThan": "11.1.0.15",
                    "status": "affected",
                    "version": "11.0.2.25",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jd_edwards_enterpriseone_orchestrator",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "9.2.4.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "primavera_unifier",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "16.1"
                  },
                  {
                    "status": "affected",
                    "version": "16.2"
                  },
                  {
                    "lessThanOrEqual": "17.12",
                    "status": "affected",
                    "version": "17.7",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "18.8"
                  },
                  {
                    "status": "affected",
                    "version": "19.12"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "retail_merchandising_system",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "15.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "retail_sales_audit",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "14.1"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:retail_service_backbone:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "retail_service_backbone",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "14.1"
                  },
                  {
                    "status": "affected",
                    "version": "15.0"
                  },
                  {
                    "status": "affected",
                    "version": "16.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "retail_xstore_point_of_service",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "19.0",
                    "status": "affected",
                    "version": "15.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:weblogic_server:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "weblogic_server",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "12.2.1.4.0",
                    "status": "affected",
                    "version": "12.2.1.3.0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-36184",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-25T04:00:50.943406Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-502",
                    "description": "CWE-502 Deserialization of Untrusted Data",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:12:27.571Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:23:09.423Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/FasterXML/jackson-databind/issues/2998"
              },
              {
                "name": "[debian-lts-announce] 20210424 [SECURITY] [DLA 2638-1] jackson-databind security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20210205-0005/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-07-25T16:21:15.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/FasterXML/jackson-databind/issues/2998"
            },
            {
              "name": "[debian-lts-announce] 20210424 [SECURITY] [DLA 2638-1] jackson-databind security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20210205-0005/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2020-36184",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
                  "refsource": "MISC",
                  "url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
                },
                {
                  "name": "https://github.com/FasterXML/jackson-databind/issues/2998",
                  "refsource": "MISC",
                  "url": "https://github.com/FasterXML/jackson-databind/issues/2998"
                },
                {
                  "name": "[debian-lts-announce] 20210424 [SECURITY] [DLA 2638-1] jackson-databind security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
                },
                {
                  "name": "https://security.netapp.com/advisory/ntap-20210205-0005/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20210205-0005/"
                },
                {
                  "name": "https://www.oracle.com//security-alerts/cpujul2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpujan2022.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpujul2022.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2020-36184",
        "datePublished": "2021-01-06T22:30:07.000Z",
        "dateReserved": "2021-01-06T00:00:00.000Z",
        "dateUpdated": "2024-08-04T17:23:09.423Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-36181 (GCVE-0-2020-36181)

    Vulnerability from nvd – Published: 2021-01-06 22:29 – Updated: 2024-08-04 17:23
    VLAI
    Summary
    FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    Impacted products
    Vendor Product Version
    debian debian_linux Affected: 8.0
        cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
    Create a notification for this product.
    netapp steelstore_cloud_integrated_storage Affected: *
        cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle agile_plm Affected: 9.3.6
        cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle autovue_for_agile_product_lifecycle_management Affected: 21.0.2
        cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle banking_digital_experience Affected: 18.1 , ≤ 18.3 (custom)
    Affected: 19.1 , ≤ 19.2 (custom)
    Affected: 20.1
    Affected: 2.4.0 , ≤ 2.9.0 (custom)
        cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_calendar_server Affected: 8.0.0.4.0 , ≤ 8.0.0.5.0 (custom)
        cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_diameter_signaling_router Affected: 8.0.0 , ≤ 8.2.2 (custom)
        cpe:2.3:a:oracle:communications_diameter_signaling_router:-:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_element_manager Affected: 8.2.0 , ≤ 8.2.2 (custom)
        cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_evolved_communications_application_server Affected: 7.1
        cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_instant_messaging_server Affected: 10.0.1.4.0
        cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_network_charging_and_control Affected: 6.0.1
        cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_network_charging_and_control Affected: 12.0.0 , ≤ 12.0.3 (custom)
        cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_session_route_manager Affected: 8.2.0 , ≤ 8.2.2 (custom)
        cpe:2.3:a:oracle:communications_session_route_manager:-:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle enterprise_manager_base_platform Affected: 13.3.0.0 , ≤ 13.4.0.0 (custom)
        cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle financial_services_analytical_applications_infrastructure Affected: 8.0.6 , ≤ 8.1.0 (custom)
        cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle financial_services_institutional_performance_analytics Affected: 8.0.6
    Affected: 8.0.7
    Affected: 8.1.0
        cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle financial_services_price_creation_and_discovery Affected: 8.0.6 , ≤ 8.0.7 (custom)
        cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle financial_services_retail_customer_analytics Affected: 8.0.6
        cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle global_lifecycle_management_opatch Affected: 0 , ≤ 12.2.0.1.20 (custom)
        cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle insurance_policy_administration_j2ee Affected: 11.0.2.25 , < 11.1.0.15 (custom)
        cpe:2.3:a:oracle:insurance_policy_administration_j2ee:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle jd_edwards_enterpriseone_orchestrator Affected: 0 , ≤ 9.2.4.2 (custom)
        cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:-:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle primavera_unifier Affected: 16.1
    Affected: 16.2
    Affected: 17.7 , ≤ 17.12 (custom)
    Affected: 18.8
    Affected: 19.12
        cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle retail_merchandising_system Affected: 15.0
        cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle retail_sales_audit Affected: 14.1
        cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle retail_service_backbone Affected: 14.1
    Affected: 15.0
    Affected: 16.0
        cpe:2.3:a:oracle:retail_service_backbone:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle retail_xstore_point_of_service Affected: 15.0 , ≤ 19.0 (custom)
        cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle weblogic_server Affected: 12.2.1.3.0 , ≤ 12.2.1.4.0 (custom)
        cpe:2.3:a:oracle:weblogic_server:*:*:*:*:*:*:*:*
    Create a notification for this product.
    fasterxml jackson-databind Affected: 2.0.0 , < 2.9.10.8 (custom)
        cpe:2.3:a:fasterxml:jackson-databind:2.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "debian_linux",
                "vendor": "debian",
                "versions": [
                  {
                    "status": "affected",
                    "version": "8.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "steelstore_cloud_integrated_storage",
                "vendor": "netapp",
                "versions": [
                  {
                    "status": "affected",
                    "version": "*"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "agile_plm",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "9.3.6"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "autovue_for_agile_product_lifecycle_management",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "21.0.2"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "banking_digital_experience",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "18.3",
                    "status": "affected",
                    "version": "18.1",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "19.2",
                    "status": "affected",
                    "version": "19.1",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "20.1"
                  },
                  {
                    "lessThanOrEqual": "2.9.0",
                    "status": "affected",
                    "version": "2.4.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_calendar_server",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.0.0.5.0",
                    "status": "affected",
                    "version": "8.0.0.4.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_diameter_signaling_router:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_diameter_signaling_router",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.2.2",
                    "status": "affected",
                    "version": "8.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_element_manager",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.2.2",
                    "status": "affected",
                    "version": "8.2.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_evolved_communications_application_server",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "7.1"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_instant_messaging_server",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "10.0.1.4.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_network_charging_and_control",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "6.0.1"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_network_charging_and_control",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "12.0.3",
                    "status": "affected",
                    "version": "12.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_session_route_manager:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_session_route_manager",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.2.2",
                    "status": "affected",
                    "version": "8.2.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "enterprise_manager_base_platform",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "13.4.0.0",
                    "status": "affected",
                    "version": "13.3.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "financial_services_analytical_applications_infrastructure",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.1.0",
                    "status": "affected",
                    "version": "8.0.6",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "financial_services_institutional_performance_analytics",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "8.0.6"
                  },
                  {
                    "status": "affected",
                    "version": "8.0.7"
                  },
                  {
                    "status": "affected",
                    "version": "8.1.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "financial_services_price_creation_and_discovery",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.0.7",
                    "status": "affected",
                    "version": "8.0.6",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "financial_services_retail_customer_analytics",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "8.0.6"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "global_lifecycle_management_opatch",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "12.2.0.1.20",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "insurance_policy_administration_j2ee",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThan": "11.1.0.15",
                    "status": "affected",
                    "version": "11.0.2.25",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jd_edwards_enterpriseone_orchestrator",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "9.2.4.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "primavera_unifier",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "16.1"
                  },
                  {
                    "status": "affected",
                    "version": "16.2"
                  },
                  {
                    "lessThanOrEqual": "17.12",
                    "status": "affected",
                    "version": "17.7",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "18.8"
                  },
                  {
                    "status": "affected",
                    "version": "19.12"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "retail_merchandising_system",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "15.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "retail_sales_audit",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "14.1"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:retail_service_backbone:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "retail_service_backbone",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "14.1"
                  },
                  {
                    "status": "affected",
                    "version": "15.0"
                  },
                  {
                    "status": "affected",
                    "version": "16.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "retail_xstore_point_of_service",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "19.0",
                    "status": "affected",
                    "version": "15.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:weblogic_server:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "weblogic_server",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "12.2.1.4.0",
                    "status": "affected",
                    "version": "12.2.1.3.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:fasterxml:jackson-databind:2.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jackson-databind",
                "vendor": "fasterxml",
                "versions": [
                  {
                    "lessThan": "2.9.10.8",
                    "status": "affected",
                    "version": "2.0.0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-36181",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-25T04:00:51.951666Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-502",
                    "description": "CWE-502 Deserialization of Untrusted Data",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T19:56:26.103Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:23:09.306Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/FasterXML/jackson-databind/issues/3004"
              },
              {
                "name": "[debian-lts-announce] 20210424 [SECURITY] [DLA 2638-1] jackson-databind security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20210205-0005/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-07-25T16:20:40.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/FasterXML/jackson-databind/issues/3004"
            },
            {
              "name": "[debian-lts-announce] 20210424 [SECURITY] [DLA 2638-1] jackson-databind security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20210205-0005/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2020-36181",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
                  "refsource": "MISC",
                  "url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
                },
                {
                  "name": "https://github.com/FasterXML/jackson-databind/issues/3004",
                  "refsource": "MISC",
                  "url": "https://github.com/FasterXML/jackson-databind/issues/3004"
                },
                {
                  "name": "[debian-lts-announce] 20210424 [SECURITY] [DLA 2638-1] jackson-databind security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
                },
                {
                  "name": "https://security.netapp.com/advisory/ntap-20210205-0005/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20210205-0005/"
                },
                {
                  "name": "https://www.oracle.com//security-alerts/cpujul2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpujan2022.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpujul2022.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2020-36181",
        "datePublished": "2021-01-06T22:29:19.000Z",
        "dateReserved": "2021-01-06T00:00:00.000Z",
        "dateUpdated": "2024-08-04T17:23:09.306Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-21552 (GCVE-0-2025-21552)

    Vulnerability from cvelistv5 – Published: 2025-01-21 20:53 – Updated: 2025-03-13 14:35
    VLAI
    Summary
    Vulnerability in the JD Edwards EnterpriseOne Orchestrator product of Oracle JD Edwards (component: E1 IOT Orchestrator Security). Supported versions that are affected are Prior to 9.2.9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Orchestrator. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all JD Edwards EnterpriseOne Orchestrator accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Orchestrator. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all JD Edwards EnterpriseOne Orchestrator accessible data.
    • CWE-1390 - Weak Authentication
    Assigner
    References
    Impacted products
    Vendor Product Version
    Oracle Corporation JD Edwards EnterpriseOne Orchestrator Affected: * , < 9.2.9.2 (custom)
        cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:prior_to_9.2.9.2:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-21552",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-22T15:02:49.859336Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-1390",
                    "description": "CWE-1390 Weak Authentication",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-13T14:35:17.023Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:prior_to_9.2.9.2:*:*:*:*:*:*:*"
              ],
              "product": "JD Edwards EnterpriseOne Orchestrator",
              "vendor": "Oracle Corporation",
              "versions": [
                {
                  "lessThan": "9.2.9.2",
                  "status": "affected",
                  "version": "*",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Vulnerability in the JD Edwards EnterpriseOne Orchestrator product of Oracle JD Edwards (component: E1 IOT Orchestrator Security).  Supported versions that are affected are Prior to 9.2.9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Orchestrator.  Successful attacks of this vulnerability can result in  unauthorized access to critical data or complete access to all JD Edwards EnterpriseOne Orchestrator accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Orchestrator.  Successful attacks of this vulnerability can result in  unauthorized access to critical data or complete access to all JD Edwards EnterpriseOne Orchestrator accessible data.",
                  "lang": "en-US"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-21T20:53:16.924Z",
            "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
            "shortName": "oracle"
          },
          "references": [
            {
              "name": "Oracle Advisory",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujan2025.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "assignerShortName": "oracle",
        "cveId": "CVE-2025-21552",
        "datePublished": "2025-01-21T20:53:16.924Z",
        "dateReserved": "2024-12-24T23:18:54.775Z",
        "dateUpdated": "2025-03-13T14:35:17.023Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-21168 (GCVE-0-2024-21168)

    Vulnerability from cvelistv5 – Published: 2024-07-16 22:40 – Updated: 2024-11-06 20:12
    VLAI
    Summary
    Vulnerability in the JD Edwards EnterpriseOne Orchestrator product of Oracle JD Edwards (component: E1 IOT Orchestrator Security). Supported versions that are affected are Prior to 9.2.8.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Orchestrator. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all JD Edwards EnterpriseOne Orchestrator accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Orchestrator. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all JD Edwards EnterpriseOne Orchestrator accessible data.
    • CWE-noinfo Not enough information
    Assigner
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-21168",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-17T13:48:15.964741Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "description": "CWE-noinfo Not enough information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-06T20:12:27.651Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T22:13:42.794Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "Oracle Advisory",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujul2024.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "JD Edwards EnterpriseOne Orchestrator",
              "vendor": "Oracle Corporation",
              "versions": [
                {
                  "lessThan": "9.2.8.3",
                  "status": "affected",
                  "version": "*",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Vulnerability in the JD Edwards EnterpriseOne Orchestrator product of Oracle JD Edwards (component: E1 IOT Orchestrator Security).  Supported versions that are affected are Prior to 9.2.8.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Orchestrator.  Successful attacks of this vulnerability can result in  unauthorized access to critical data or complete access to all JD Edwards EnterpriseOne Orchestrator accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Orchestrator.  Successful attacks of this vulnerability can result in  unauthorized access to critical data or complete access to all JD Edwards EnterpriseOne Orchestrator accessible data.",
                  "lang": "en-US"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-16T22:40:06.430Z",
            "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
            "shortName": "oracle"
          },
          "references": [
            {
              "name": "Oracle Advisory",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujul2024.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "assignerShortName": "oracle",
        "cveId": "CVE-2024-21168",
        "datePublished": "2024-07-16T22:40:06.430Z",
        "dateReserved": "2023-12-07T22:28:10.686Z",
        "dateUpdated": "2024-11-06T20:12:27.651Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-22050 (GCVE-0-2023-22050)

    Vulnerability from cvelistv5 – Published: 2023-07-18 20:18 – Updated: 2024-09-13 16:42
    VLAI
    Summary
    Vulnerability in the JD Edwards EnterpriseOne Orchestrator product of Oracle JD Edwards (component: E1 IOT Orchestrator Security). Supported versions that are affected are Prior to 9.2.7.4. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Orchestrator. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of JD Edwards EnterpriseOne Orchestrator accessible data as well as unauthorized read access to a subset of JD Edwards EnterpriseOne Orchestrator accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N).
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Orchestrator. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of JD Edwards EnterpriseOne Orchestrator accessible data as well as unauthorized read access to a subset of JD Edwards EnterpriseOne Orchestrator accessible data.
    Assigner
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T09:59:28.691Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "Oracle Advisory",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujul2023.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-22050",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-13T16:28:56.737394Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-13T16:42:03.032Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "JD Edwards EnterpriseOne Orchestrator",
              "vendor": "Oracle Corporation",
              "versions": [
                {
                  "lessThan": "9.2.7.4",
                  "status": "affected",
                  "version": "*",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Vulnerability in the JD Edwards EnterpriseOne Orchestrator product of Oracle JD Edwards (component: E1 IOT Orchestrator Security).  Supported versions that are affected are Prior to 9.2.7.4. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Orchestrator.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of JD Edwards EnterpriseOne Orchestrator accessible data as well as  unauthorized read access to a subset of JD Edwards EnterpriseOne Orchestrator accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Orchestrator.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of JD Edwards EnterpriseOne Orchestrator accessible data as well as  unauthorized read access to a subset of JD Edwards EnterpriseOne Orchestrator accessible data.",
                  "lang": "en-US"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-07-18T20:18:32.788Z",
            "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
            "shortName": "oracle"
          },
          "references": [
            {
              "name": "Oracle Advisory",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujul2023.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "assignerShortName": "oracle",
        "cveId": "CVE-2023-22050",
        "datePublished": "2023-07-18T20:18:32.788Z",
        "dateReserved": "2022-12-17T19:26:00.755Z",
        "dateUpdated": "2024-09-13T16:42:03.032Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-21532 (GCVE-0-2022-21532)

    Vulnerability from cvelistv5 – Published: 2022-07-19 21:07 – Updated: 2024-09-24 20:01
    VLAI
    Summary
    Vulnerability in the JD Edwards EnterpriseOne Orchestrator product of Oracle JD Edwards (component: E1 IOT Orchestrator). Supported versions that are affected are 9.2.6.3 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Orchestrator. Successful attacks of this vulnerability can result in unauthorized read access to a subset of JD Edwards EnterpriseOne Orchestrator accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Orchestrator. Successful attacks of this vulnerability can result in unauthorized read access to a subset of JD Edwards EnterpriseOne Orchestrator accessible data.
    Assigner
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T02:46:38.451Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-21532",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-24T14:07:19.391805Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-24T20:01:23.713Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "JD Edwards EnterpriseOne Orchestrator",
              "vendor": "Oracle Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.2.6.3 and prior"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Vulnerability in the JD Edwards EnterpriseOne Orchestrator product of Oracle JD Edwards (component: E1 IOT Orchestrator). Supported versions that are affected are 9.2.6.3 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Orchestrator. Successful attacks of this vulnerability can result in unauthorized read access to a subset of JD Edwards EnterpriseOne Orchestrator accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Orchestrator.  Successful attacks of this vulnerability can result in  unauthorized read access to a subset of JD Edwards EnterpriseOne Orchestrator accessible data.",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-07-19T21:07:18.000Z",
            "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
            "shortName": "oracle"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert_us@oracle.com",
              "ID": "CVE-2022-21532",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "JD Edwards EnterpriseOne Orchestrator",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "9.2.6.3 and prior"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Oracle Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Vulnerability in the JD Edwards EnterpriseOne Orchestrator product of Oracle JD Edwards (component: E1 IOT Orchestrator). Supported versions that are affected are 9.2.6.3 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Orchestrator. Successful attacks of this vulnerability can result in unauthorized read access to a subset of JD Edwards EnterpriseOne Orchestrator accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": "4.3",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Orchestrator.  Successful attacks of this vulnerability can result in  unauthorized read access to a subset of JD Edwards EnterpriseOne Orchestrator accessible data."
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.oracle.com/security-alerts/cpujul2022.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "assignerShortName": "oracle",
        "cveId": "CVE-2022-21532",
        "datePublished": "2022-07-19T21:07:18.000Z",
        "dateReserved": "2021-11-15T00:00:00.000Z",
        "dateUpdated": "2024-09-24T20:01:23.713Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-2052 (GCVE-0-2021-2052)

    Vulnerability from cvelistv5 – Published: 2021-01-20 14:50 – Updated: 2024-09-26 18:34
    VLAI
    Summary
    Vulnerability in the JD Edwards EnterpriseOne Orchestrator product of Oracle JD Edwards (component: E1 IOT Orchestrator Security). The supported version that is affected is Prior to 9.2.5.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Orchestrator. While the vulnerability is in JD Edwards EnterpriseOne Orchestrator, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of JD Edwards EnterpriseOne Orchestrator accessible data. CVSS 3.1 Base Score 5.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N).
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Orchestrator. While the vulnerability is in JD Edwards EnterpriseOne Orchestrator, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of JD Edwards EnterpriseOne Orchestrator accessible data.
    Assigner
    References
    Impacted products
    Vendor Product Version
    Oracle Corporation JD Edwards EnterpriseOne Orchestrator Affected: unspecified , < 9.2.5.1 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T16:32:02.755Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-2052",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-26T18:13:26.130883Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-26T18:34:04.659Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "JD Edwards EnterpriseOne Orchestrator",
              "vendor": "Oracle Corporation",
              "versions": [
                {
                  "lessThan": "9.2.5.1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Vulnerability in the JD Edwards EnterpriseOne Orchestrator product of Oracle JD Edwards (component: E1 IOT Orchestrator Security). The supported version that is affected is Prior to 9.2.5.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Orchestrator. While the vulnerability is in JD Edwards EnterpriseOne Orchestrator, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of JD Edwards EnterpriseOne Orchestrator accessible data. CVSS 3.1 Base Score 5.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N)."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Orchestrator.  While the vulnerability is in JD Edwards EnterpriseOne Orchestrator, attacks may significantly impact additional products.  Successful attacks of this vulnerability can result in  unauthorized read access to a subset of JD Edwards EnterpriseOne Orchestrator accessible data.",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-01-20T14:50:05.000Z",
            "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
            "shortName": "oracle"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert_us@oracle.com",
              "ID": "CVE-2021-2052",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "JD Edwards EnterpriseOne Orchestrator",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "9.2.5.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Oracle Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Vulnerability in the JD Edwards EnterpriseOne Orchestrator product of Oracle JD Edwards (component: E1 IOT Orchestrator Security). The supported version that is affected is Prior to 9.2.5.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Orchestrator. While the vulnerability is in JD Edwards EnterpriseOne Orchestrator, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of JD Edwards EnterpriseOne Orchestrator accessible data. CVSS 3.1 Base Score 5.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N)."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": "5.8",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Orchestrator.  While the vulnerability is in JD Edwards EnterpriseOne Orchestrator, attacks may significantly impact additional products.  Successful attacks of this vulnerability can result in  unauthorized read access to a subset of JD Edwards EnterpriseOne Orchestrator accessible data."
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.oracle.com/security-alerts/cpujan2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "assignerShortName": "oracle",
        "cveId": "CVE-2021-2052",
        "datePublished": "2021-01-20T14:50:05.000Z",
        "dateReserved": "2020-12-09T00:00:00.000Z",
        "dateUpdated": "2024-09-26T18:34:04.659Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-36179 (GCVE-0-2020-36179)

    Vulnerability from cvelistv5 – Published: 2021-01-06 22:30 – Updated: 2024-08-04 17:23
    VLAI
    Summary
    FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    Impacted products
    Vendor Product Version
    fasterxml jackson-databind Affected: 0 , < 2.9.10.8 (custom)
        cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*
    Create a notification for this product.
    debian debian_linux Affected: 8.0
        cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
    Create a notification for this product.
    netapp steelstore_cloud_integrated_storage Affected: *
        cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle agile_plm Affected: 9.3.6
        cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle autovue_for_agile_product_lifecycle_management Affected: 21.0.2
        cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle banking_digital_experience Affected: 18.1 , ≤ 18.3 (custom)
    Affected: 19.1 , ≤ 19.2 (custom)
    Affected: 20.1
    Affected: 2.4.0 , ≤ 2.9.0 (custom)
        cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_calendar_server Affected: 8.0.0.4.0 , ≤ 8.0.0.5.0 (custom)
        cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_diameter_signaling_router Affected: 8.0.0 , ≤ 8.2.2 (custom)
        cpe:2.3:a:oracle:communications_diameter_signaling_router:-:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_element_manager Affected: 8.2.0 , ≤ 8.2.2 (custom)
        cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_evolved_communications_application_server Affected: 7.1
        cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_instant_messaging_server Affected: 10.0.1.4.0
        cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_network_charging_and_control Affected: 6.0.1
        cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_network_charging_and_control Affected: 12.0.0 , ≤ 12.0.3 (custom)
        cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_session_route_manager Affected: 8.2.0 , ≤ 8.2.2 (custom)
        cpe:2.3:a:oracle:communications_session_route_manager:-:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle enterprise_manager_base_platform Affected: 13.3.0.0 , ≤ 13.4.0.0 (custom)
        cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle financial_services_analytical_applications_infrastructure Affected: 8.0.6 , ≤ 8.1.0 (custom)
        cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle financial_services_institutional_performance_analytics Affected: 8.0.6
    Affected: 8.0.7
    Affected: 8.1.0
        cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle financial_services_price_creation_and_discovery Affected: 8.0.6 , ≤ 8.0.7 (custom)
        cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle financial_services_retail_customer_analytics Affected: 8.0.6
        cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle global_lifecycle_management_opatch Affected: 0 , ≤ 12.2.0.1.20 (custom)
        cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle insurance_policy_administration_j2ee Affected: 11.0.2.25 , < 11.1.0.15 (custom)
        cpe:2.3:a:oracle:insurance_policy_administration_j2ee:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle jd_edwards_enterpriseone_orchestrator Affected: 0 , ≤ 9.2.4.2 (custom)
        cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:-:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle primavera_unifier Affected: 16.1
    Affected: 16.2
    Affected: 17.7 , ≤ 17.12 (custom)
    Affected: 18.8
    Affected: 19.12
        cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle retail_merchandising_system Affected: 15.0
        cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle retail_sales_audit Affected: 14.1
        cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle retail_service_backbone Affected: 14.1
    Affected: 15.0
    Affected: 16.0
        cpe:2.3:a:oracle:retail_service_backbone:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle retail_xstore_point_of_service Affected: 15.0 , ≤ 19.0 (custom)
        cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle weblogic_server Affected: 12.2.1.3.0 , ≤ 12.2.1.4.0 (custom)
        cpe:2.3:a:oracle:weblogic_server:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jackson-databind",
                "vendor": "fasterxml",
                "versions": [
                  {
                    "lessThan": "2.9.10.8",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "debian_linux",
                "vendor": "debian",
                "versions": [
                  {
                    "status": "affected",
                    "version": "8.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "steelstore_cloud_integrated_storage",
                "vendor": "netapp",
                "versions": [
                  {
                    "status": "affected",
                    "version": "*"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "agile_plm",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "9.3.6"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "autovue_for_agile_product_lifecycle_management",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "21.0.2"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "banking_digital_experience",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "18.3",
                    "status": "affected",
                    "version": "18.1",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "19.2",
                    "status": "affected",
                    "version": "19.1",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "20.1"
                  },
                  {
                    "lessThanOrEqual": "2.9.0",
                    "status": "affected",
                    "version": "2.4.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_calendar_server",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.0.0.5.0",
                    "status": "affected",
                    "version": "8.0.0.4.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_diameter_signaling_router:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_diameter_signaling_router",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.2.2",
                    "status": "affected",
                    "version": "8.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_element_manager",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.2.2",
                    "status": "affected",
                    "version": "8.2.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_evolved_communications_application_server",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "7.1"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_instant_messaging_server",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "10.0.1.4.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_network_charging_and_control",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "6.0.1"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_network_charging_and_control",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "12.0.3",
                    "status": "affected",
                    "version": "12.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_session_route_manager:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_session_route_manager",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.2.2",
                    "status": "affected",
                    "version": "8.2.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "enterprise_manager_base_platform",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "13.4.0.0",
                    "status": "affected",
                    "version": "13.3.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "financial_services_analytical_applications_infrastructure",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.1.0",
                    "status": "affected",
                    "version": "8.0.6",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "financial_services_institutional_performance_analytics",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "8.0.6"
                  },
                  {
                    "status": "affected",
                    "version": "8.0.7"
                  },
                  {
                    "status": "affected",
                    "version": "8.1.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "financial_services_price_creation_and_discovery",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.0.7",
                    "status": "affected",
                    "version": "8.0.6",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "financial_services_retail_customer_analytics",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "8.0.6"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "global_lifecycle_management_opatch",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "12.2.0.1.20",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "insurance_policy_administration_j2ee",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThan": "11.1.0.15",
                    "status": "affected",
                    "version": "11.0.2.25",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jd_edwards_enterpriseone_orchestrator",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "9.2.4.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "primavera_unifier",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "16.1"
                  },
                  {
                    "status": "affected",
                    "version": "16.2"
                  },
                  {
                    "lessThanOrEqual": "17.12",
                    "status": "affected",
                    "version": "17.7",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "18.8"
                  },
                  {
                    "status": "affected",
                    "version": "19.12"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "retail_merchandising_system",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "15.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "retail_sales_audit",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "14.1"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:retail_service_backbone:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "retail_service_backbone",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "14.1"
                  },
                  {
                    "status": "affected",
                    "version": "15.0"
                  },
                  {
                    "status": "affected",
                    "version": "16.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "retail_xstore_point_of_service",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "19.0",
                    "status": "affected",
                    "version": "15.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:weblogic_server:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "weblogic_server",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "12.2.1.4.0",
                    "status": "affected",
                    "version": "12.2.1.3.0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-36179",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-25T04:00:53.989419Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-502",
                    "description": "CWE-502 Deserialization of Untrusted Data",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:12:24.525Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:23:09.285Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/FasterXML/jackson-databind/issues/3004"
              },
              {
                "name": "[spark-issues] 20210115 [jira] [Created] (SPARK-34124) Upgrade jackson version to fix CVE-2020-36179 in Spark 2.4",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/rc255f41d9a61d3dc79a51fb5c713de4ae10e71e3673feeb0b180b436%40%3Cissues.spark.apache.org%3E"
              },
              {
                "name": "[debian-lts-announce] 20210424 [SECURITY] [DLA 2638-1] jackson-databind security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20210205-0005/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-07-25T16:20:19.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/FasterXML/jackson-databind/issues/3004"
            },
            {
              "name": "[spark-issues] 20210115 [jira] [Created] (SPARK-34124) Upgrade jackson version to fix CVE-2020-36179 in Spark 2.4",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/rc255f41d9a61d3dc79a51fb5c713de4ae10e71e3673feeb0b180b436%40%3Cissues.spark.apache.org%3E"
            },
            {
              "name": "[debian-lts-announce] 20210424 [SECURITY] [DLA 2638-1] jackson-databind security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20210205-0005/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2020-36179",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
                  "refsource": "MISC",
                  "url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
                },
                {
                  "name": "https://github.com/FasterXML/jackson-databind/issues/3004",
                  "refsource": "MISC",
                  "url": "https://github.com/FasterXML/jackson-databind/issues/3004"
                },
                {
                  "name": "[spark-issues] 20210115 [jira] [Created] (SPARK-34124) Upgrade jackson version to fix CVE-2020-36179 in Spark 2.4",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/rc255f41d9a61d3dc79a51fb5c713de4ae10e71e3673feeb0b180b436@%3Cissues.spark.apache.org%3E"
                },
                {
                  "name": "[debian-lts-announce] 20210424 [SECURITY] [DLA 2638-1] jackson-databind security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
                },
                {
                  "name": "https://security.netapp.com/advisory/ntap-20210205-0005/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20210205-0005/"
                },
                {
                  "name": "https://www.oracle.com//security-alerts/cpujul2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpujan2022.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpujul2022.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2020-36179",
        "datePublished": "2021-01-06T22:30:38.000Z",
        "dateReserved": "2021-01-06T00:00:00.000Z",
        "dateUpdated": "2024-08-04T17:23:09.285Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-36180 (GCVE-0-2020-36180)

    Vulnerability from cvelistv5 – Published: 2021-01-06 22:30 – Updated: 2024-08-04 17:23
    VLAI
    Summary
    FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    Impacted products
    Vendor Product Version
    fasterxml jackson-databind Affected: 0 , < 2.9.10.8 (custom)
        cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*
    Create a notification for this product.
    debian debian_linux Affected: 8.0
        cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
    Create a notification for this product.
    netapp steelstore_cloud_integrated_storage Affected: *
        cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle agile_plm Affected: 9.3.6
        cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle autovue_for_agile_product_lifecycle_management Affected: 21.0.2
        cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle banking_digital_experience Affected: 18.1 , ≤ 18.3 (custom)
    Affected: 19.1 , ≤ 19.2 (custom)
    Affected: 20.1
    Affected: 2.4.0 , ≤ 2.9.0 (custom)
        cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_calendar_server Affected: 8.0.0.4.0 , ≤ 8.0.0.5.0 (custom)
        cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_diameter_signaling_router Affected: 8.0.0 , ≤ 8.2.2 (custom)
        cpe:2.3:a:oracle:communications_diameter_signaling_router:-:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_element_manager Affected: 8.2.0 , ≤ 8.2.2 (custom)
        cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_evolved_communications_application_server Affected: 7.1
        cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_instant_messaging_server Affected: 10.0.1.4.0
        cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_network_charging_and_control Affected: 6.0.1
        cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_network_charging_and_control Affected: 12.0.0 , ≤ 12.0.3 (custom)
        cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_session_route_manager Affected: 8.2.0 , ≤ 8.2.2 (custom)
        cpe:2.3:a:oracle:communications_session_route_manager:-:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle enterprise_manager_base_platform Affected: 13.3.0.0 , ≤ 13.4.0.0 (custom)
        cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle financial_services_analytical_applications_infrastructure Affected: 8.0.6 , ≤ 8.1.0 (custom)
        cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle financial_services_institutional_performance_analytics Affected: 8.0.6
    Affected: 8.0.7
    Affected: 8.1.0
        cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle financial_services_price_creation_and_discovery Affected: 8.0.6 , ≤ 8.0.7 (custom)
        cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle financial_services_retail_customer_analytics Affected: 8.0.6
        cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle global_lifecycle_management_opatch Affected: 0 , ≤ 12.2.0.1.20 (custom)
        cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle insurance_policy_administration_j2ee Affected: 11.0.2.25 , < 11.1.0.15 (custom)
        cpe:2.3:a:oracle:insurance_policy_administration_j2ee:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle jd_edwards_enterpriseone_orchestrator Affected: 0 , ≤ 9.2.4.2 (custom)
        cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:-:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle primavera_unifier Affected: 16.1
    Affected: 16.2
    Affected: 17.7 , ≤ 17.12 (custom)
    Affected: 18.8
    Affected: 19.12
        cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle retail_merchandising_system Affected: 15.0
        cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle retail_sales_audit Affected: 14.1
        cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle retail_service_backbone Affected: 14.1
    Affected: 15.0
    Affected: 16.0
        cpe:2.3:a:oracle:retail_service_backbone:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle retail_xstore_point_of_service Affected: 15.0 , ≤ 19.0 (custom)
        cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle weblogic_server Affected: 12.2.1.3.0 , ≤ 12.2.1.4.0 (custom)
        cpe:2.3:a:oracle:weblogic_server:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jackson-databind",
                "vendor": "fasterxml",
                "versions": [
                  {
                    "lessThan": "2.9.10.8",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "debian_linux",
                "vendor": "debian",
                "versions": [
                  {
                    "status": "affected",
                    "version": "8.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "steelstore_cloud_integrated_storage",
                "vendor": "netapp",
                "versions": [
                  {
                    "status": "affected",
                    "version": "*"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "agile_plm",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "9.3.6"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "autovue_for_agile_product_lifecycle_management",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "21.0.2"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "banking_digital_experience",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "18.3",
                    "status": "affected",
                    "version": "18.1",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "19.2",
                    "status": "affected",
                    "version": "19.1",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "20.1"
                  },
                  {
                    "lessThanOrEqual": "2.9.0",
                    "status": "affected",
                    "version": "2.4.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_calendar_server",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.0.0.5.0",
                    "status": "affected",
                    "version": "8.0.0.4.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_diameter_signaling_router:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_diameter_signaling_router",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.2.2",
                    "status": "affected",
                    "version": "8.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_element_manager",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.2.2",
                    "status": "affected",
                    "version": "8.2.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_evolved_communications_application_server",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "7.1"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_instant_messaging_server",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "10.0.1.4.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_network_charging_and_control",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "6.0.1"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_network_charging_and_control",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "12.0.3",
                    "status": "affected",
                    "version": "12.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_session_route_manager:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_session_route_manager",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.2.2",
                    "status": "affected",
                    "version": "8.2.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "enterprise_manager_base_platform",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "13.4.0.0",
                    "status": "affected",
                    "version": "13.3.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "financial_services_analytical_applications_infrastructure",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.1.0",
                    "status": "affected",
                    "version": "8.0.6",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "financial_services_institutional_performance_analytics",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "8.0.6"
                  },
                  {
                    "status": "affected",
                    "version": "8.0.7"
                  },
                  {
                    "status": "affected",
                    "version": "8.1.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "financial_services_price_creation_and_discovery",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.0.7",
                    "status": "affected",
                    "version": "8.0.6",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "financial_services_retail_customer_analytics",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "8.0.6"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "global_lifecycle_management_opatch",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "12.2.0.1.20",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "insurance_policy_administration_j2ee",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThan": "11.1.0.15",
                    "status": "affected",
                    "version": "11.0.2.25",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jd_edwards_enterpriseone_orchestrator",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "9.2.4.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "primavera_unifier",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "16.1"
                  },
                  {
                    "status": "affected",
                    "version": "16.2"
                  },
                  {
                    "lessThanOrEqual": "17.12",
                    "status": "affected",
                    "version": "17.7",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "18.8"
                  },
                  {
                    "status": "affected",
                    "version": "19.12"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "retail_merchandising_system",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "15.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "retail_sales_audit",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "14.1"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:retail_service_backbone:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "retail_service_backbone",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "14.1"
                  },
                  {
                    "status": "affected",
                    "version": "15.0"
                  },
                  {
                    "status": "affected",
                    "version": "16.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "retail_xstore_point_of_service",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "19.0",
                    "status": "affected",
                    "version": "15.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:weblogic_server:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "weblogic_server",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "12.2.1.4.0",
                    "status": "affected",
                    "version": "12.2.1.3.0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-36180",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-25T04:00:49.885173Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-502",
                    "description": "CWE-502 Deserialization of Untrusted Data",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:12:24.082Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:23:09.529Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/FasterXML/jackson-databind/issues/3004"
              },
              {
                "name": "[debian-lts-announce] 20210424 [SECURITY] [DLA 2638-1] jackson-databind security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20210205-0005/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-07-25T16:20:30.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/FasterXML/jackson-databind/issues/3004"
            },
            {
              "name": "[debian-lts-announce] 20210424 [SECURITY] [DLA 2638-1] jackson-databind security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20210205-0005/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2020-36180",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
                  "refsource": "MISC",
                  "url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
                },
                {
                  "name": "https://github.com/FasterXML/jackson-databind/issues/3004",
                  "refsource": "MISC",
                  "url": "https://github.com/FasterXML/jackson-databind/issues/3004"
                },
                {
                  "name": "[debian-lts-announce] 20210424 [SECURITY] [DLA 2638-1] jackson-databind security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
                },
                {
                  "name": "https://security.netapp.com/advisory/ntap-20210205-0005/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20210205-0005/"
                },
                {
                  "name": "https://www.oracle.com//security-alerts/cpujul2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpujan2022.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpujul2022.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2020-36180",
        "datePublished": "2021-01-06T22:30:31.000Z",
        "dateReserved": "2021-01-06T00:00:00.000Z",
        "dateUpdated": "2024-08-04T17:23:09.529Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-36182 (GCVE-0-2020-36182)

    Vulnerability from cvelistv5 – Published: 2021-01-06 22:30 – Updated: 2024-08-04 17:23
    VLAI
    Summary
    FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    Impacted products
    Vendor Product Version
    fasterxml jackson-databind Affected: 0 , < 2.9.10.8 (custom)
        cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*
    Create a notification for this product.
    debian debian_linux Affected: 8.0
        cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
    Create a notification for this product.
    netapp steelstore_cloud_integrated_storage Affected: *
        cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle agile_plm Affected: 9.3.6
        cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle autovue_for_agile_product_lifecycle_management Affected: 21.0.2
        cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle banking_digital_experience Affected: 18.1 , ≤ 18.3 (custom)
    Affected: 19.1 , ≤ 19.2 (custom)
    Affected: 20.1
    Affected: 2.4.0 , ≤ 2.9.0 (custom)
        cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_calendar_server Affected: 8.0.0.4.0 , ≤ 8.0.0.5.0 (custom)
        cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_diameter_signaling_router Affected: 8.0.0 , ≤ 8.2.2 (custom)
        cpe:2.3:a:oracle:communications_diameter_signaling_router:-:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_element_manager Affected: 8.2.0 , ≤ 8.2.2 (custom)
        cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_evolved_communications_application_server Affected: 7.1
        cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_instant_messaging_server Affected: 10.0.1.4.0
        cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_network_charging_and_control Affected: 6.0.1
        cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_network_charging_and_control Affected: 12.0.0 , ≤ 12.0.3 (custom)
        cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_session_route_manager Affected: 8.2.0 , ≤ 8.2.2 (custom)
        cpe:2.3:a:oracle:communications_session_route_manager:-:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle enterprise_manager_base_platform Affected: 13.3.0.0 , ≤ 13.4.0.0 (custom)
        cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle financial_services_analytical_applications_infrastructure Affected: 8.0.6 , ≤ 8.1.0 (custom)
        cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle financial_services_institutional_performance_analytics Affected: 8.0.6
    Affected: 8.0.7
    Affected: 8.1.0
        cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle financial_services_price_creation_and_discovery Affected: 8.0.6 , ≤ 8.0.7 (custom)
        cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle financial_services_retail_customer_analytics Affected: 8.0.6
        cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle global_lifecycle_management_opatch Affected: 0 , ≤ 12.2.0.1.20 (custom)
        cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle insurance_policy_administration_j2ee Affected: 11.0.2.25 , < 11.1.0.15 (custom)
        cpe:2.3:a:oracle:insurance_policy_administration_j2ee:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle jd_edwards_enterpriseone_orchestrator Affected: 0 , ≤ 9.2.4.2 (custom)
        cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:-:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle primavera_unifier Affected: 16.1
    Affected: 16.2
    Affected: 17.7 , ≤ 17.12 (custom)
    Affected: 18.8
    Affected: 19.12
        cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle retail_merchandising_system Affected: 15.0
        cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle retail_sales_audit Affected: 14.1
        cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle retail_service_backbone Affected: 14.1
    Affected: 15.0
    Affected: 16.0
        cpe:2.3:a:oracle:retail_service_backbone:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle retail_xstore_point_of_service Affected: 15.0 , ≤ 19.0 (custom)
        cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle weblogic_server Affected: 12.2.1.3.0 , ≤ 12.2.1.4.0 (custom)
        cpe:2.3:a:oracle:weblogic_server:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jackson-databind",
                "vendor": "fasterxml",
                "versions": [
                  {
                    "lessThan": "2.9.10.8",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "debian_linux",
                "vendor": "debian",
                "versions": [
                  {
                    "status": "affected",
                    "version": "8.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "steelstore_cloud_integrated_storage",
                "vendor": "netapp",
                "versions": [
                  {
                    "status": "affected",
                    "version": "*"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "agile_plm",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "9.3.6"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "autovue_for_agile_product_lifecycle_management",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "21.0.2"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "banking_digital_experience",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "18.3",
                    "status": "affected",
                    "version": "18.1",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "19.2",
                    "status": "affected",
                    "version": "19.1",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "20.1"
                  },
                  {
                    "lessThanOrEqual": "2.9.0",
                    "status": "affected",
                    "version": "2.4.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_calendar_server",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.0.0.5.0",
                    "status": "affected",
                    "version": "8.0.0.4.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_diameter_signaling_router:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_diameter_signaling_router",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.2.2",
                    "status": "affected",
                    "version": "8.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_element_manager",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.2.2",
                    "status": "affected",
                    "version": "8.2.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_evolved_communications_application_server",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "7.1"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_instant_messaging_server",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "10.0.1.4.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_network_charging_and_control",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "6.0.1"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_network_charging_and_control",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "12.0.3",
                    "status": "affected",
                    "version": "12.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_session_route_manager:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_session_route_manager",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.2.2",
                    "status": "affected",
                    "version": "8.2.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "enterprise_manager_base_platform",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "13.4.0.0",
                    "status": "affected",
                    "version": "13.3.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "financial_services_analytical_applications_infrastructure",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.1.0",
                    "status": "affected",
                    "version": "8.0.6",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "financial_services_institutional_performance_analytics",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "8.0.6"
                  },
                  {
                    "status": "affected",
                    "version": "8.0.7"
                  },
                  {
                    "status": "affected",
                    "version": "8.1.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "financial_services_price_creation_and_discovery",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.0.7",
                    "status": "affected",
                    "version": "8.0.6",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "financial_services_retail_customer_analytics",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "8.0.6"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "global_lifecycle_management_opatch",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "12.2.0.1.20",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "insurance_policy_administration_j2ee",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThan": "11.1.0.15",
                    "status": "affected",
                    "version": "11.0.2.25",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jd_edwards_enterpriseone_orchestrator",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "9.2.4.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "primavera_unifier",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "16.1"
                  },
                  {
                    "status": "affected",
                    "version": "16.2"
                  },
                  {
                    "lessThanOrEqual": "17.12",
                    "status": "affected",
                    "version": "17.7",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "18.8"
                  },
                  {
                    "status": "affected",
                    "version": "19.12"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "retail_merchandising_system",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "15.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "retail_sales_audit",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "14.1"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:retail_service_backbone:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "retail_service_backbone",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "14.1"
                  },
                  {
                    "status": "affected",
                    "version": "15.0"
                  },
                  {
                    "status": "affected",
                    "version": "16.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "retail_xstore_point_of_service",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "19.0",
                    "status": "affected",
                    "version": "15.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:weblogic_server:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "weblogic_server",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "12.2.1.4.0",
                    "status": "affected",
                    "version": "12.2.1.3.0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-36182",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-25T04:00:52.974482Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-502",
                    "description": "CWE-502 Deserialization of Untrusted Data",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:12:28.014Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:23:09.677Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/FasterXML/jackson-databind/issues/3004"
              },
              {
                "name": "[debian-lts-announce] 20210424 [SECURITY] [DLA 2638-1] jackson-databind security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20210205-0005/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-07-25T16:20:53.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/FasterXML/jackson-databind/issues/3004"
            },
            {
              "name": "[debian-lts-announce] 20210424 [SECURITY] [DLA 2638-1] jackson-databind security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20210205-0005/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2020-36182",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
                  "refsource": "MISC",
                  "url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
                },
                {
                  "name": "https://github.com/FasterXML/jackson-databind/issues/3004",
                  "refsource": "MISC",
                  "url": "https://github.com/FasterXML/jackson-databind/issues/3004"
                },
                {
                  "name": "[debian-lts-announce] 20210424 [SECURITY] [DLA 2638-1] jackson-databind security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
                },
                {
                  "name": "https://security.netapp.com/advisory/ntap-20210205-0005/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20210205-0005/"
                },
                {
                  "name": "https://www.oracle.com//security-alerts/cpujul2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpujan2022.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpujul2022.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2020-36182",
        "datePublished": "2021-01-06T22:30:22.000Z",
        "dateReserved": "2021-01-06T00:00:00.000Z",
        "dateUpdated": "2024-08-04T17:23:09.677Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-36183 (GCVE-0-2020-36183)

    Vulnerability from cvelistv5 – Published: 2021-01-06 22:30 – Updated: 2024-08-04 17:23
    VLAI
    Summary
    FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:23:09.407Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/FasterXML/jackson-databind/issues/3003"
              },
              {
                "name": "[debian-lts-announce] 20210424 [SECURITY] [DLA 2638-1] jackson-databind security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20210205-0005/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-07-25T16:21:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/FasterXML/jackson-databind/issues/3003"
            },
            {
              "name": "[debian-lts-announce] 20210424 [SECURITY] [DLA 2638-1] jackson-databind security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20210205-0005/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2020-36183",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
                  "refsource": "MISC",
                  "url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
                },
                {
                  "name": "https://github.com/FasterXML/jackson-databind/issues/3003",
                  "refsource": "MISC",
                  "url": "https://github.com/FasterXML/jackson-databind/issues/3003"
                },
                {
                  "name": "[debian-lts-announce] 20210424 [SECURITY] [DLA 2638-1] jackson-databind security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
                },
                {
                  "name": "https://security.netapp.com/advisory/ntap-20210205-0005/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20210205-0005/"
                },
                {
                  "name": "https://www.oracle.com//security-alerts/cpujul2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpujan2022.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpujul2022.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2020-36183",
        "datePublished": "2021-01-06T22:30:15.000Z",
        "dateReserved": "2021-01-06T00:00:00.000Z",
        "dateUpdated": "2024-08-04T17:23:09.407Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-36184 (GCVE-0-2020-36184)

    Vulnerability from cvelistv5 – Published: 2021-01-06 22:30 – Updated: 2024-08-04 17:23
    VLAI
    Summary
    FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    Impacted products
    Vendor Product Version
    fasterxml jackson-databind Affected: 0 , < 2.9.10.8 (custom)
        cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*
    Create a notification for this product.
    debian debian_linux Affected: 8.0
        cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
    Create a notification for this product.
    netapp steelstore_cloud_integrated_storage Affected: *
        cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle agile_plm Affected: 9.3.6
        cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle autovue_for_agile_product_lifecycle_management Affected: 21.0.2
        cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle banking_digital_experience Affected: 18.1 , ≤ 18.3 (custom)
    Affected: 19.1 , ≤ 19.2 (custom)
    Affected: 20.1
    Affected: 2.4.0 , ≤ 2.9.0 (custom)
        cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_calendar_server Affected: 8.0.0.4.0 , ≤ 8.0.0.5.0 (custom)
        cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_diameter_signaling_router Affected: 8.0.0 , ≤ 8.2.2 (custom)
        cpe:2.3:a:oracle:communications_diameter_signaling_router:-:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_element_manager Affected: 8.2.0 , ≤ 8.2.2 (custom)
        cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_evolved_communications_application_server Affected: 7.1
        cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_instant_messaging_server Affected: 10.0.1.4.0
        cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_network_charging_and_control Affected: 6.0.1
        cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_network_charging_and_control Affected: 12.0.0 , ≤ 12.0.3 (custom)
        cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_session_route_manager Affected: 8.2.0 , ≤ 8.2.2 (custom)
        cpe:2.3:a:oracle:communications_session_route_manager:-:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle enterprise_manager_base_platform Affected: 13.3.0.0 , ≤ 13.4.0.0 (custom)
        cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle financial_services_analytical_applications_infrastructure Affected: 8.0.6 , ≤ 8.1.0 (custom)
        cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle financial_services_institutional_performance_analytics Affected: 8.0.6
    Affected: 8.0.7
    Affected: 8.1.0
        cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle financial_services_price_creation_and_discovery Affected: 8.0.6 , ≤ 8.0.7 (custom)
        cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle financial_services_retail_customer_analytics Affected: 8.0.6
        cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle global_lifecycle_management_opatch Affected: 0 , ≤ 12.2.0.1.20 (custom)
        cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle insurance_policy_administration_j2ee Affected: 11.0.2.25 , < 11.1.0.15 (custom)
        cpe:2.3:a:oracle:insurance_policy_administration_j2ee:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle jd_edwards_enterpriseone_orchestrator Affected: 0 , ≤ 9.2.4.2 (custom)
        cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:-:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle primavera_unifier Affected: 16.1
    Affected: 16.2
    Affected: 17.7 , ≤ 17.12 (custom)
    Affected: 18.8
    Affected: 19.12
        cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle retail_merchandising_system Affected: 15.0
        cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle retail_sales_audit Affected: 14.1
        cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle retail_service_backbone Affected: 14.1
    Affected: 15.0
    Affected: 16.0
        cpe:2.3:a:oracle:retail_service_backbone:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle retail_xstore_point_of_service Affected: 15.0 , ≤ 19.0 (custom)
        cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle weblogic_server Affected: 12.2.1.3.0 , ≤ 12.2.1.4.0 (custom)
        cpe:2.3:a:oracle:weblogic_server:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jackson-databind",
                "vendor": "fasterxml",
                "versions": [
                  {
                    "lessThan": "2.9.10.8",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "debian_linux",
                "vendor": "debian",
                "versions": [
                  {
                    "status": "affected",
                    "version": "8.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "steelstore_cloud_integrated_storage",
                "vendor": "netapp",
                "versions": [
                  {
                    "status": "affected",
                    "version": "*"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "agile_plm",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "9.3.6"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "autovue_for_agile_product_lifecycle_management",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "21.0.2"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "banking_digital_experience",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "18.3",
                    "status": "affected",
                    "version": "18.1",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "19.2",
                    "status": "affected",
                    "version": "19.1",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "20.1"
                  },
                  {
                    "lessThanOrEqual": "2.9.0",
                    "status": "affected",
                    "version": "2.4.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_calendar_server",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.0.0.5.0",
                    "status": "affected",
                    "version": "8.0.0.4.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_diameter_signaling_router:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_diameter_signaling_router",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.2.2",
                    "status": "affected",
                    "version": "8.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_element_manager",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.2.2",
                    "status": "affected",
                    "version": "8.2.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_evolved_communications_application_server",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "7.1"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_instant_messaging_server",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "10.0.1.4.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_network_charging_and_control",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "6.0.1"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_network_charging_and_control",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "12.0.3",
                    "status": "affected",
                    "version": "12.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_session_route_manager:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_session_route_manager",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.2.2",
                    "status": "affected",
                    "version": "8.2.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "enterprise_manager_base_platform",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "13.4.0.0",
                    "status": "affected",
                    "version": "13.3.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "financial_services_analytical_applications_infrastructure",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.1.0",
                    "status": "affected",
                    "version": "8.0.6",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "financial_services_institutional_performance_analytics",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "8.0.6"
                  },
                  {
                    "status": "affected",
                    "version": "8.0.7"
                  },
                  {
                    "status": "affected",
                    "version": "8.1.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "financial_services_price_creation_and_discovery",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.0.7",
                    "status": "affected",
                    "version": "8.0.6",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "financial_services_retail_customer_analytics",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "8.0.6"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "global_lifecycle_management_opatch",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "12.2.0.1.20",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "insurance_policy_administration_j2ee",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThan": "11.1.0.15",
                    "status": "affected",
                    "version": "11.0.2.25",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jd_edwards_enterpriseone_orchestrator",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "9.2.4.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "primavera_unifier",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "16.1"
                  },
                  {
                    "status": "affected",
                    "version": "16.2"
                  },
                  {
                    "lessThanOrEqual": "17.12",
                    "status": "affected",
                    "version": "17.7",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "18.8"
                  },
                  {
                    "status": "affected",
                    "version": "19.12"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "retail_merchandising_system",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "15.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "retail_sales_audit",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "14.1"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:retail_service_backbone:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "retail_service_backbone",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "14.1"
                  },
                  {
                    "status": "affected",
                    "version": "15.0"
                  },
                  {
                    "status": "affected",
                    "version": "16.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "retail_xstore_point_of_service",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "19.0",
                    "status": "affected",
                    "version": "15.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:weblogic_server:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "weblogic_server",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "12.2.1.4.0",
                    "status": "affected",
                    "version": "12.2.1.3.0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-36184",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-25T04:00:50.943406Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-502",
                    "description": "CWE-502 Deserialization of Untrusted Data",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:12:27.571Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:23:09.423Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/FasterXML/jackson-databind/issues/2998"
              },
              {
                "name": "[debian-lts-announce] 20210424 [SECURITY] [DLA 2638-1] jackson-databind security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20210205-0005/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-07-25T16:21:15.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/FasterXML/jackson-databind/issues/2998"
            },
            {
              "name": "[debian-lts-announce] 20210424 [SECURITY] [DLA 2638-1] jackson-databind security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20210205-0005/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2020-36184",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
                  "refsource": "MISC",
                  "url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
                },
                {
                  "name": "https://github.com/FasterXML/jackson-databind/issues/2998",
                  "refsource": "MISC",
                  "url": "https://github.com/FasterXML/jackson-databind/issues/2998"
                },
                {
                  "name": "[debian-lts-announce] 20210424 [SECURITY] [DLA 2638-1] jackson-databind security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
                },
                {
                  "name": "https://security.netapp.com/advisory/ntap-20210205-0005/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20210205-0005/"
                },
                {
                  "name": "https://www.oracle.com//security-alerts/cpujul2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpujan2022.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpujul2022.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2020-36184",
        "datePublished": "2021-01-06T22:30:07.000Z",
        "dateReserved": "2021-01-06T00:00:00.000Z",
        "dateUpdated": "2024-08-04T17:23:09.423Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-36185 (GCVE-0-2020-36185)

    Vulnerability from cvelistv5 – Published: 2021-01-06 22:29 – Updated: 2024-08-04 17:23
    VLAI
    Summary
    FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:23:09.472Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/FasterXML/jackson-databind/issues/2998"
              },
              {
                "name": "[debian-lts-announce] 20210424 [SECURITY] [DLA 2638-1] jackson-databind security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20210205-0005/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-07-25T16:21:28.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/FasterXML/jackson-databind/issues/2998"
            },
            {
              "name": "[debian-lts-announce] 20210424 [SECURITY] [DLA 2638-1] jackson-databind security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20210205-0005/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2020-36185",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
                  "refsource": "MISC",
                  "url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
                },
                {
                  "name": "https://github.com/FasterXML/jackson-databind/issues/2998",
                  "refsource": "MISC",
                  "url": "https://github.com/FasterXML/jackson-databind/issues/2998"
                },
                {
                  "name": "[debian-lts-announce] 20210424 [SECURITY] [DLA 2638-1] jackson-databind security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
                },
                {
                  "name": "https://security.netapp.com/advisory/ntap-20210205-0005/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20210205-0005/"
                },
                {
                  "name": "https://www.oracle.com//security-alerts/cpujul2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpujan2022.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpujul2022.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2020-36185",
        "datePublished": "2021-01-06T22:29:59.000Z",
        "dateReserved": "2021-01-06T00:00:00.000Z",
        "dateUpdated": "2024-08-04T17:23:09.472Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-36186 (GCVE-0-2020-36186)

    Vulnerability from cvelistv5 – Published: 2021-01-06 22:29 – Updated: 2024-08-04 17:23
    VLAI
    Summary
    FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:23:09.443Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/FasterXML/jackson-databind/issues/2997"
              },
              {
                "name": "[debian-lts-announce] 20210424 [SECURITY] [DLA 2638-1] jackson-databind security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20210205-0005/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-07-25T16:21:41.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/FasterXML/jackson-databind/issues/2997"
            },
            {
              "name": "[debian-lts-announce] 20210424 [SECURITY] [DLA 2638-1] jackson-databind security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20210205-0005/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2020-36186",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
                  "refsource": "MISC",
                  "url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
                },
                {
                  "name": "https://github.com/FasterXML/jackson-databind/issues/2997",
                  "refsource": "MISC",
                  "url": "https://github.com/FasterXML/jackson-databind/issues/2997"
                },
                {
                  "name": "[debian-lts-announce] 20210424 [SECURITY] [DLA 2638-1] jackson-databind security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
                },
                {
                  "name": "https://security.netapp.com/advisory/ntap-20210205-0005/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20210205-0005/"
                },
                {
                  "name": "https://www.oracle.com//security-alerts/cpujul2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpujan2022.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpujul2022.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2020-36186",
        "datePublished": "2021-01-06T22:29:51.000Z",
        "dateReserved": "2021-01-06T00:00:00.000Z",
        "dateUpdated": "2024-08-04T17:23:09.443Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-36187 (GCVE-0-2020-36187)

    Vulnerability from cvelistv5 – Published: 2021-01-06 22:29 – Updated: 2024-08-04 17:23
    VLAI
    Summary
    FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:23:09.266Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/FasterXML/jackson-databind/issues/2997"
              },
              {
                "name": "[debian-lts-announce] 20210424 [SECURITY] [DLA 2638-1] jackson-databind security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20210205-0005/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-07-25T16:21:52.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/FasterXML/jackson-databind/issues/2997"
            },
            {
              "name": "[debian-lts-announce] 20210424 [SECURITY] [DLA 2638-1] jackson-databind security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20210205-0005/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2020-36187",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
                  "refsource": "MISC",
                  "url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
                },
                {
                  "name": "https://github.com/FasterXML/jackson-databind/issues/2997",
                  "refsource": "MISC",
                  "url": "https://github.com/FasterXML/jackson-databind/issues/2997"
                },
                {
                  "name": "[debian-lts-announce] 20210424 [SECURITY] [DLA 2638-1] jackson-databind security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
                },
                {
                  "name": "https://security.netapp.com/advisory/ntap-20210205-0005/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20210205-0005/"
                },
                {
                  "name": "https://www.oracle.com//security-alerts/cpujul2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpujan2022.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpujul2022.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2020-36187",
        "datePublished": "2021-01-06T22:29:44.000Z",
        "dateReserved": "2021-01-06T00:00:00.000Z",
        "dateUpdated": "2024-08-04T17:23:09.266Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-36188 (GCVE-0-2020-36188)

    Vulnerability from cvelistv5 – Published: 2021-01-06 22:29 – Updated: 2024-08-04 17:23
    VLAI
    Summary
    FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:23:09.309Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/FasterXML/jackson-databind/issues/2996"
              },
              {
                "name": "[debian-lts-announce] 20210424 [SECURITY] [DLA 2638-1] jackson-databind security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20210205-0005/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-07-25T16:22:05.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/FasterXML/jackson-databind/issues/2996"
            },
            {
              "name": "[debian-lts-announce] 20210424 [SECURITY] [DLA 2638-1] jackson-databind security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20210205-0005/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2020-36188",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
                  "refsource": "MISC",
                  "url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
                },
                {
                  "name": "https://github.com/FasterXML/jackson-databind/issues/2996",
                  "refsource": "MISC",
                  "url": "https://github.com/FasterXML/jackson-databind/issues/2996"
                },
                {
                  "name": "[debian-lts-announce] 20210424 [SECURITY] [DLA 2638-1] jackson-databind security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
                },
                {
                  "name": "https://security.netapp.com/advisory/ntap-20210205-0005/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20210205-0005/"
                },
                {
                  "name": "https://www.oracle.com//security-alerts/cpujul2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpujan2022.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpujul2022.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2020-36188",
        "datePublished": "2021-01-06T22:29:36.000Z",
        "dateReserved": "2021-01-06T00:00:00.000Z",
        "dateUpdated": "2024-08-04T17:23:09.309Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }