VAR-201903-0926
Vulnerability from variot - Updated: 2026-03-09 22:05An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Oracle JDBC jar in the classpath, and an attacker can provide an LDAP service to access, it is possible to make the service execute a malicious payload. FasterXML Jackson-databind is prone to a remote-code execution vulnerability. Successfully exploiting this issue allows attackers to execute arbitrary code in the context of the affected application. Failed exploits will result in denial-of-service conditions. jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6 are vulnerable. FasterXML Jackson is a data processing tool for Java developed by American FasterXML Company. jackson-databind is one of the components with data binding function. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: Red Hat JBoss Fuse/A-MQ 6.3 R13 security and bug fix update Advisory ID: RHSA-2019:2804-01 Product: Red Hat JBoss Fuse Advisory URL: https://access.redhat.com/errata/RHSA-2019:2804 Issue date: 2019-09-17 CVE Names: CVE-2018-10899 CVE-2018-11307 CVE-2018-12022 CVE-2018-12023 CVE-2018-14718 CVE-2018-14719 CVE-2018-19360 CVE-2018-19361 CVE-2018-19362 ==================================================================== 1. Summary:
An update is now available for Red Hat JBoss Fuse 6.3 and Red Hat JBoss A-MQ 6.3.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Description:
Red Hat Fuse provides a small-footprint, flexible, open source enterprise service bus and integration platform. Red Hat A-MQ is a standards compliant messaging system that is tailored for use in mission critical applications.
This patch is an update to Red Hat Fuse 6.3 and Red Hat A-MQ 6.3. It includes bug fixes, which are documented in the patch notes accompanying the package on the download page. See the download link given in the references section below.
Security fix(es):
-
jolokia: system-wide CSRF that could lead to Remote Code Execution (CVE-2018-10899)
-
jackson-databind: Potential information exfiltration with default typing, serialization gadget from MyBatis (CVE-2018-11307)
-
jackson-databind: improper polymorphic deserialization of types from Jodd-db library (CVE-2018-12022)
-
jackson-databind: improper polymorphic deserialization of types from Oracle JDBC driver (CVE-2018-12023)
-
jackson-databind: arbitrary code execution in slf4j-ext class (CVE-2018-14718)
-
jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes (CVE-2018-14719)
-
jackson-databind: improper polymorphic deserialization in axis2-transport-jms class (CVE-2018-19360)
-
jackson-databind: improper polymorphic deserialization in openjpa class (CVE-2018-19361)
-
jackson-databind: improper polymorphic deserialization in jboss-common-core class (CVE-2018-19362)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.
Installation instructions are located in the download section of the customer portal.
The References section of this erratum contains a download link (you must log in to download the update).
- Bugs fixed (https://bugzilla.redhat.com/):
1601037 - CVE-2018-10899 jolokia: system-wide CSRF that could lead to Remote Code Execution 1666415 - CVE-2018-14718 jackson-databind: arbitrary code execution in slf4j-ext class 1666418 - CVE-2018-14719 jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes 1666482 - CVE-2018-19360 jackson-databind: improper polymorphic deserialization in axis2-transport-jms class 1666484 - CVE-2018-19361 jackson-databind: improper polymorphic deserialization in openjpa class 1666489 - CVE-2018-19362 jackson-databind: improper polymorphic deserialization in jboss-common-core class 1671096 - CVE-2018-12023 jackson-databind: improper polymorphic deserialization of types from Oracle JDBC driver 1671097 - CVE-2018-12022 jackson-databind: improper polymorphic deserialization of types from Jodd-db library 1677341 - CVE-2018-11307 jackson-databind: Potential information exfiltration with default typing, serialization gadget from MyBatis
- References:
https://access.redhat.com/security/cve/CVE-2018-10899 https://access.redhat.com/security/cve/CVE-2018-11307 https://access.redhat.com/security/cve/CVE-2018-12022 https://access.redhat.com/security/cve/CVE-2018-12023 https://access.redhat.com/security/cve/CVE-2018-14718 https://access.redhat.com/security/cve/CVE-2018-14719 https://access.redhat.com/security/cve/CVE-2018-19360 https://access.redhat.com/security/cve/CVE-2018-19361 https://access.redhat.com/security/cve/CVE-2018-19362 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jboss.amq.broker&downloadType=securityPatches&version=6.3.0 https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches&product=jboss.fuse&version=6.3
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBXYDjn9zjgjWX9erEAQiEyA/9FoPL7D4XpgqlDJYhoBHHwRA39f+jewK4 TOH9IHOX4ALe1CNtxs/HwED6VuKrfiV5AmNP8xYq1FlU5ksmdEyBFCo5lEDfo9Se 9p8HYN6nUYAOecwTn9CL66HUZwg8TF/Rl1eSgXRLAxwjo3swgjFxHATvDUbn+ITu m2d2JmEi/QIsDEomQeAMlilwPPmYBc3FxHWN3/k6sEd1K24hjvdT/L0NZVZkKD7Y DrTMR9/16npS6EIrq869/wfaC+Pb/4Lm/fgbGRbFZfttzhuwhPnM6L0ky15QVJlw YO9AxeUYPe59oPZtdlVFkGtMZmERKWZ1etarfq4h2O2/Ip218y9yT62kNV6uWgEH cj+mCD70BU+KyTGsDyaw7UkgbRPI20Jwb+Xz2sa4WlHxzBzkbNcElPMD7l27/Ci+ llDk6sDkqKft+n9O+IFHYi+28AJxa+KL/Bx+YWwiwWCi2UnlpKVc+tMZ+Sl96pkE xojr7oIC8GMOcDi7pTF3tmMypiAuFVwhdj5A8NiDv/q8nlqN6UblIs4pIpUBkPFa icyvuQTlsAAPcJAmdWrgb1tapDoJVDHwhY65Mf1qhVVbzJmU4pvExZ2Ex/XRc8mB lRCynNpR6yx+kMjss+KUfoMVf0coR0OvivGBHHUOwB3nPSzySkv6LvkNZkRsl/QX xn8tdjt0lA4=3WoH -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce .
Updating instructions and release notes may be found at:
https://access.redhat.com/articles/3060411
- The purpose of this text-only errata is to inform you about the security issues fixed in this release. Description:
Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services. Refer to the Red Hat JBoss Enterprise Application Platform 7.2.1 Release Notes for information on the most significant bug fixes and enhancements included in this release.
The JBoss server process must be restarted for the update to take effect. JIRA issues fixed (https://issues.jboss.org/):
JBEAP-14861 - GSS Upgrade JBeret from 1.3.1.Final to 1.3.2.Final JBEAP-15392 - (7.2.z) Upgrade Apache CXF from 3.2.5 to 3.2.7 JBEAP-15477 - (7.2.z) Upgrade PicketLink bindings from 2.5.5.SP12-redhat-2 to 2.5.5.SP12-redhat-4 JBEAP-15478 - (7.2.z) Upgrade PicketLink from 2.5.5.SP12-redhat-2 to 2.5.5.SP12-redhat-4 JBEAP-15568 - GSS Upgrade ironjacamar from 1.4.11 Final to 1.4.15 Final JBEAP-15617 - (7.2.z) Upgrade WildFly Core from 6.0.11 to 6.0.12 JBEAP-15622 - GSS Upgrade jboss-el-api_spec from 1.0.12.Final to 1.0.13.Final JBEAP-15748 - GSS Upgrade jastow from 2.0.6.Final-redhat-00001 to 2.0.7.Final-redhat-00001 JBEAP-15805 - (7.2.z) Upgrade Hibernate ORM from 5.3.7 to 5.3.8 JBEAP-15851 - [ENG] (7.2.z) Upgrade Infinispan from 9.3.3.Final to 9.3.6.Final JBEAP-15869 - (7.2.z) Upgrade Undertow from 2.0.15 to 2.0.19 JBEAP-15876 - (7.2.z) Upgrade Artemis from 2.6.3.redhat-00014 to 2.6.3.redhat-00020 JBEAP-16025 - Upgrade yasson from 1.0.1 to 1.0.2 JBEAP-16037 - GSS Upgrade Narayana from 5.9.0.Final to 5.9.1.Final JBEAP-16086 - (7.2.z) Upgrade WildFly HTTP client from 1.0.12.Final to 1.0.13.Final JBEAP-16090 - GSS Upgrade jboss-ejb-client from 4.0.12 to 4.0.15 JBEAP-16091 - GSS Upgrade wildfly-transaction-client from 1.1.2.Final-redhat-1 to 1.1.3.Final-redhat-1 JBEAP-16122 - [Runtimes] (7.2.z) Upgrade istack from 3.0.5.redhat-1 to 3.0.7.redhat-00001 JBEAP-16123 - [Runtimes] (7.2.x) Upgrade commons-digester from 1.8 to 1.8.1.redhat-4 JBEAP-16125 - [Runtimes] (7.2.x) Upgrade org.jboss.genericjms from 2.0.1.Final-redhat-1 to 2.0.1.Final-redhat-00002 JBEAP-16137 - (7.2.z) (WFCORE) Upgrade FasterXML Jackson from 2.9.2 to 2.9.8 JBEAP-16146 - (7.2.z) Upgrade Elytron from 1.6.1.Final to 1.6.2.Final JBEAP-16147 - (7.2.z) Upgrade Elytron-Tool from 1.4.0 to 1.4.1.Final JBEAP-16259 - (7.2.z) Upgrade legacy EJB Client from 3.0.2.Final-redhat-1 to 3.0.3.Final-redhat-1 JBEAP-16276 - (7.2.z) Upgrade elytron-web from 1.2.3.Final to 1.2.4.Final JBEAP-16321 - (7.2.z) HHH-13099 HHH-13283 Upgrade ByteBuddy from 1.8.17 to 1.9.5 JBEAP-16347 - (7.2.z) Upgrade jboss-logmanager from 2.1.5.Final-redhat-00001 to 2.1.7.Final JBEAP-16356 - (7.2.z) Upgrade RESTEasy from 3.6.1.SP2 to 3.6.1.SP3 JBEAP-16367 - (7.2.z) Upgrade commons-lang3 from 3.6.0-redhat-1 to 3.8-redhat-00001 JBEAP-16368 - (7.2.z) Upgrade cxf-xjc from 3.2.2.redhat-00001 to 3.2.3.redhat-00002 JBEAP-16369 - (7.2.z) Upgrade httpasyncclient from 4.1.3.redhat-2 to 4.1.4.redhat-00001 JBEAP-16381 - (7.2.z) Upgrade jboss-remoting-jmx from 3.0.0.Final to 3.0.1.Final JBEAP-16418 - (7.2.z) Upgrade Hibernate ORM from 5.3.8 to 5.3.9 JBEAP-9657 - (7.2.z) Upgrade jboss-negotiation from 3.0.4 to 3.0.5.Final-redhat-00001
For the stable distribution (stretch), these problems have been fixed in version 2.8.6-1+deb9u5.
We recommend that you upgrade your jackson-databind packages.
For the detailed security status of jackson-databind please refer to its security tracker page at: https://security-tracker.debian.org/tracker/jackson-databind
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlzoWnMACgkQEMKTtsN8 TjYKuA//TDDdI43NQ1mLh+bu0jrQOHZf8QLv/68kHpHe0kMAc92kSkK/k8GojxxZ u2BmBM8sYp7XzRN1wGfuh04BDnA6t9NdWl5VG/jaL2npubV6GeKa3b1trEol0WRw WJmwDkrp946XchxJZJyEU9QICaMBU4seDjq2nhSEzJhBiS6dHxh1PkCqpA0xL1iH yN/ZmSWbgIeZIbFMUiV6SghbXpEEAQjBVzeo7tbWddzDMV7atQdErpfOLoeAiWY3 6ER/AQqulMVaC3odGglzU2OksDfeRN4TIAVKhv7t0Jb6hJkJU3a5TJOe/jvWuNna b3+psiLU1LHHwlWZuUAbiFx6HZkLj0kxHH1IR9Om42MJ++lCZA78JbxwgfW9JsOH xbo+334isNCM6P7sdyvxabqwCSWbUFb+6eUR6Hqe9HaTrhWZPln3VL/pwszT7HSA Ut6RRIUcHu0BdMZZv08dO015j5Gk/a314BAvUQyRejYmM6WNQwwOkNHGp5I66VhA S284hCKozpttwG3ogDjbzwvCcmzUr757cgn4ACC6nXjfVnxz/u/WeMEAJfoYFPW8 +MKh7SkB1wADYBjgDt/HAG2e1A5GOjrtNO92x0GQ62iIs53iRvct6WmEJr4eQ/7T n3frp2khA85wvPhz3oj07KMxrnF4yBtrR6TO+eVkZAMp/COnosA= =PkmH -----END PGP SIGNATURE----- . Description:
Red Hat JBoss Data Virtualization is a lean data integration solution that provides easy, real-time, and unified data access across disparate sources to multiple applications and users. JBoss Data Virtualization makes data spread across physically distinct systems - such as multiple databases, XML files, and even Hadoop systems - appear as a set of tables in a local database
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "retail merchandising system",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "15.0"
},
{
"_id": null,
"model": "jd edwards enterpriseone tools",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "9.2"
},
{
"_id": null,
"model": "jboss brms",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.4.10"
},
{
"_id": null,
"model": "jboss enterprise application platform",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.2.0"
},
{
"_id": null,
"model": "jackson-databind",
"scope": "lt",
"trust": 1.0,
"vendor": "fasterxml",
"version": "2.9.6"
},
{
"_id": null,
"model": "openshift container platform",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "3.11"
},
{
"_id": null,
"model": "single sign-on",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.3"
},
{
"_id": null,
"model": "decision manager",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.3.1"
},
{
"_id": null,
"model": "jackson-databind",
"scope": "gte",
"trust": 1.0,
"vendor": "fasterxml",
"version": "2.8.0"
},
{
"_id": null,
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "29"
},
{
"_id": null,
"model": "jackson-databind",
"scope": "lt",
"trust": 1.0,
"vendor": "fasterxml",
"version": "2.7.9.4"
},
{
"_id": null,
"model": "jackson-databind",
"scope": "lt",
"trust": 1.0,
"vendor": "fasterxml",
"version": "2.8.11.2"
},
{
"_id": null,
"model": "jackson-databind",
"scope": "gte",
"trust": 1.0,
"vendor": "fasterxml",
"version": "2.9.0"
},
{
"_id": null,
"model": "jackson-databind",
"scope": "gte",
"trust": 1.0,
"vendor": "fasterxml",
"version": "2.7.0"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"_id": null,
"model": "automation manager",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.3.1"
},
{
"_id": null,
"model": "utilities advanced spatial and operational analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.7.0.1"
},
{
"_id": null,
"model": "primavera unifier",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "18.8"
},
{
"_id": null,
"model": "primavera unifier",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "18.1"
},
{
"_id": null,
"model": "primavera unifier",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "17.12"
},
{
"_id": null,
"model": "primavera unifier",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "17.1"
},
{
"_id": null,
"model": "primavera unifier",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "16.2"
},
{
"_id": null,
"model": "primavera unifier",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "16.1"
},
{
"_id": null,
"model": "primavera unifier",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "15.2"
},
{
"_id": null,
"model": "primavera unifier",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "15.1"
},
{
"_id": null,
"model": "enterprise manager for virtualization",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.3.1"
},
{
"_id": null,
"model": "enterprise manager for virtualization",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2.3"
},
{
"_id": null,
"model": "enterprise manager for virtualization",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2.2"
},
{
"_id": null,
"model": "communications instant messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.0.1.2.0"
},
{
"_id": null,
"model": "banking platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.6.2"
},
{
"_id": null,
"model": "banking platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.6.1"
},
{
"_id": null,
"model": "banking platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.6"
},
{
"_id": null,
"model": "banking platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.5.0"
},
{
"_id": null,
"model": "jackson-databind",
"scope": "eq",
"trust": 0.3,
"vendor": "fasterxml",
"version": "2.9.5"
},
{
"_id": null,
"model": "jackson-databind",
"scope": "eq",
"trust": 0.3,
"vendor": "fasterxml",
"version": "2.9.4"
},
{
"_id": null,
"model": "jackson-databind",
"scope": "eq",
"trust": 0.3,
"vendor": "fasterxml",
"version": "2.9.2"
},
{
"_id": null,
"model": "jackson-databind",
"scope": "eq",
"trust": 0.3,
"vendor": "fasterxml",
"version": "2.9.1"
},
{
"_id": null,
"model": "jackson-databind",
"scope": "eq",
"trust": 0.3,
"vendor": "fasterxml",
"version": "2.9"
},
{
"_id": null,
"model": "jackson-databind",
"scope": "eq",
"trust": 0.3,
"vendor": "fasterxml",
"version": "2.8.11"
},
{
"_id": null,
"model": "jackson-databind",
"scope": "eq",
"trust": 0.3,
"vendor": "fasterxml",
"version": "2.8.11.1"
},
{
"_id": null,
"model": "jackson-databind",
"scope": "eq",
"trust": 0.3,
"vendor": "fasterxml",
"version": "2.7.9.3"
},
{
"_id": null,
"model": "jackson-databind",
"scope": "eq",
"trust": 0.3,
"vendor": "fasterxml",
"version": "2.7.9.1"
},
{
"_id": null,
"model": "jackson-databind",
"scope": "ne",
"trust": 0.3,
"vendor": "fasterxml",
"version": "2.9.6"
},
{
"_id": null,
"model": "jackson-databind",
"scope": "ne",
"trust": 0.3,
"vendor": "fasterxml",
"version": "2.8.11.2"
},
{
"_id": null,
"model": "jackson-databind",
"scope": "ne",
"trust": 0.3,
"vendor": "fasterxml",
"version": "2.7.9.4"
}
],
"sources": [
{
"db": "BID",
"id": "105659"
},
{
"db": "NVD",
"id": "CVE-2018-12023"
}
]
},
"credits": {
"_id": null,
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "154505"
},
{
"db": "PACKETSTORM",
"id": "154794"
},
{
"db": "PACKETSTORM",
"id": "155352"
},
{
"db": "PACKETSTORM",
"id": "153724"
},
{
"db": "PACKETSTORM",
"id": "152764"
},
{
"db": "PACKETSTORM",
"id": "154906"
},
{
"db": "PACKETSTORM",
"id": "152779"
}
],
"trust": 0.7
},
"cve": "CVE-2018-12023",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.9,
"id": "CVE-2018-12023",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.9,
"id": "VHN-121941",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:H/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.6,
"id": "CVE-2018-12023",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-12023",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201901-723",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-121941",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2018-12023",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-121941"
},
{
"db": "VULMON",
"id": "CVE-2018-12023"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-723"
},
{
"db": "NVD",
"id": "CVE-2018-12023"
}
]
},
"description": {
"_id": null,
"data": "An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Oracle JDBC jar in the classpath, and an attacker can provide an LDAP service to access, it is possible to make the service execute a malicious payload. FasterXML Jackson-databind is prone to a remote-code execution vulnerability. \nSuccessfully exploiting this issue allows attackers to execute arbitrary code in the context of the affected application. Failed exploits will result in denial-of-service conditions. \njackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6 are vulnerable. FasterXML Jackson is a data processing tool for Java developed by American FasterXML Company. jackson-databind is one of the components with data binding function. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: Red Hat JBoss Fuse/A-MQ 6.3 R13 security and bug fix update\nAdvisory ID: RHSA-2019:2804-01\nProduct: Red Hat JBoss Fuse\nAdvisory URL: https://access.redhat.com/errata/RHSA-2019:2804\nIssue date: 2019-09-17\nCVE Names: CVE-2018-10899 CVE-2018-11307 CVE-2018-12022\n CVE-2018-12023 CVE-2018-14718 CVE-2018-14719\n CVE-2018-19360 CVE-2018-19361 CVE-2018-19362\n====================================================================\n1. Summary:\n\nAn update is now available for Red Hat JBoss Fuse 6.3 and Red Hat JBoss\nA-MQ 6.3. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Description:\n\nRed Hat Fuse provides a small-footprint, flexible, open source enterprise\nservice bus and integration platform. Red Hat A-MQ is a standards compliant\nmessaging system that is tailored for use in mission critical applications. \n\nThis patch is an update to Red Hat Fuse 6.3 and Red Hat A-MQ 6.3. It\nincludes bug fixes, which are documented in the patch notes accompanying\nthe package on the download page. See the download link given in the\nreferences section below. \n\nSecurity fix(es):\n\n* jolokia: system-wide CSRF that could lead to Remote Code Execution\n(CVE-2018-10899)\n\n* jackson-databind: Potential information exfiltration with default typing,\nserialization gadget from MyBatis (CVE-2018-11307)\n\n* jackson-databind: improper polymorphic deserialization of types from\nJodd-db library (CVE-2018-12022)\n\n* jackson-databind: improper polymorphic deserialization of types from\nOracle JDBC driver (CVE-2018-12023)\n\n* jackson-databind: arbitrary code execution in slf4j-ext class\n(CVE-2018-14718)\n\n* jackson-databind: arbitrary code execution in blaze-ds-opt and\nblaze-ds-core classes (CVE-2018-14719)\n\n* jackson-databind: improper polymorphic deserialization in\naxis2-transport-jms class (CVE-2018-19360)\n\n* jackson-databind: improper polymorphic deserialization in openjpa class\n(CVE-2018-19361)\n\n* jackson-databind: improper polymorphic deserialization in\njboss-common-core class (CVE-2018-19362)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in\nthe References section. \n\n3. Solution:\n\nBefore applying the update, back up your existing installation, including\nall applications, configuration files, databases and database settings, and\nso on. \n\nInstallation instructions are located in the download section of the\ncustomer portal. \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). \n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1601037 - CVE-2018-10899 jolokia: system-wide CSRF that could lead to Remote Code Execution\n1666415 - CVE-2018-14718 jackson-databind: arbitrary code execution in slf4j-ext class\n1666418 - CVE-2018-14719 jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes\n1666482 - CVE-2018-19360 jackson-databind: improper polymorphic deserialization in axis2-transport-jms class\n1666484 - CVE-2018-19361 jackson-databind: improper polymorphic deserialization in openjpa class\n1666489 - CVE-2018-19362 jackson-databind: improper polymorphic deserialization in jboss-common-core class\n1671096 - CVE-2018-12023 jackson-databind: improper polymorphic deserialization of types from Oracle JDBC driver\n1671097 - CVE-2018-12022 jackson-databind: improper polymorphic deserialization of types from Jodd-db library\n1677341 - CVE-2018-11307 jackson-databind: Potential information exfiltration with default typing, serialization gadget from MyBatis\n\n5. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-10899\nhttps://access.redhat.com/security/cve/CVE-2018-11307\nhttps://access.redhat.com/security/cve/CVE-2018-12022\nhttps://access.redhat.com/security/cve/CVE-2018-12023\nhttps://access.redhat.com/security/cve/CVE-2018-14718\nhttps://access.redhat.com/security/cve/CVE-2018-14719\nhttps://access.redhat.com/security/cve/CVE-2018-19360\nhttps://access.redhat.com/security/cve/CVE-2018-19361\nhttps://access.redhat.com/security/cve/CVE-2018-19362\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jboss.amq.broker\u0026downloadType=securityPatches\u0026version=6.3.0\nhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches\u0026product=jboss.fuse\u0026version=6.3\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2019 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXYDjn9zjgjWX9erEAQiEyA/9FoPL7D4XpgqlDJYhoBHHwRA39f+jewK4\nTOH9IHOX4ALe1CNtxs/HwED6VuKrfiV5AmNP8xYq1FlU5ksmdEyBFCo5lEDfo9Se\n9p8HYN6nUYAOecwTn9CL66HUZwg8TF/Rl1eSgXRLAxwjo3swgjFxHATvDUbn+ITu\nm2d2JmEi/QIsDEomQeAMlilwPPmYBc3FxHWN3/k6sEd1K24hjvdT/L0NZVZkKD7Y\nDrTMR9/16npS6EIrq869/wfaC+Pb/4Lm/fgbGRbFZfttzhuwhPnM6L0ky15QVJlw\nYO9AxeUYPe59oPZtdlVFkGtMZmERKWZ1etarfq4h2O2/Ip218y9yT62kNV6uWgEH\ncj+mCD70BU+KyTGsDyaw7UkgbRPI20Jwb+Xz2sa4WlHxzBzkbNcElPMD7l27/Ci+\nllDk6sDkqKft+n9O+IFHYi+28AJxa+KL/Bx+YWwiwWCi2UnlpKVc+tMZ+Sl96pkE\nxojr7oIC8GMOcDi7pTF3tmMypiAuFVwhdj5A8NiDv/q8nlqN6UblIs4pIpUBkPFa\nicyvuQTlsAAPcJAmdWrgb1tapDoJVDHwhY65Mf1qhVVbzJmU4pvExZ2Ex/XRc8mB\nlRCynNpR6yx+kMjss+KUfoMVf0coR0OvivGBHHUOwB3nPSzySkv6LvkNZkRsl/QX\nxn8tdjt0lA4=3WoH\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \n\nUpdating instructions and release notes may be found at:\n\nhttps://access.redhat.com/articles/3060411\n\n4. \nThe purpose of this text-only errata is to inform you about the security\nissues fixed in this release. Description:\n\nRed Hat Process Automation Manager is an open source business process\nmanagement suite that combines process management and decision service\nmanagement and enables business and IT users to create, manage, validate,\nand deploy process applications and decision services. Refer to the Red Hat JBoss\nEnterprise Application Platform 7.2.1 Release Notes for information on the\nmost significant bug fixes and enhancements included in this release. \n\nThe JBoss server process must be restarted for the update to take effect. JIRA issues fixed (https://issues.jboss.org/):\n\nJBEAP-14861 - [GSS](7.2.z) Upgrade JBeret from 1.3.1.Final to 1.3.2.Final\nJBEAP-15392 - (7.2.z) Upgrade Apache CXF from 3.2.5 to 3.2.7\nJBEAP-15477 - (7.2.z) Upgrade PicketLink bindings from 2.5.5.SP12-redhat-2 to 2.5.5.SP12-redhat-4\nJBEAP-15478 - (7.2.z) Upgrade PicketLink from 2.5.5.SP12-redhat-2 to 2.5.5.SP12-redhat-4\nJBEAP-15568 - [GSS](7.2.z) Upgrade ironjacamar from 1.4.11 Final to 1.4.15 Final\nJBEAP-15617 - (7.2.z) Upgrade WildFly Core from 6.0.11 to 6.0.12\nJBEAP-15622 - [GSS](7.2.z) Upgrade jboss-el-api_spec from 1.0.12.Final to 1.0.13.Final\nJBEAP-15748 - [GSS](7.2.z) Upgrade jastow from 2.0.6.Final-redhat-00001 to 2.0.7.Final-redhat-00001\nJBEAP-15805 - (7.2.z) Upgrade Hibernate ORM from 5.3.7 to 5.3.8\nJBEAP-15851 - [ENG] (7.2.z) Upgrade Infinispan from 9.3.3.Final to 9.3.6.Final\nJBEAP-15869 - (7.2.z) Upgrade Undertow from 2.0.15 to 2.0.19\nJBEAP-15876 - (7.2.z) Upgrade Artemis from 2.6.3.redhat-00014 to 2.6.3.redhat-00020\nJBEAP-16025 - Upgrade yasson from 1.0.1 to 1.0.2\nJBEAP-16037 - [GSS](7.2.z) Upgrade Narayana from 5.9.0.Final to 5.9.1.Final\nJBEAP-16086 - (7.2.z) Upgrade WildFly HTTP client from 1.0.12.Final to 1.0.13.Final\nJBEAP-16090 - [GSS](7.2.z) Upgrade jboss-ejb-client from 4.0.12 to 4.0.15\nJBEAP-16091 - [GSS](7.2.z) Upgrade wildfly-transaction-client from 1.1.2.Final-redhat-1 to 1.1.3.Final-redhat-1\nJBEAP-16122 - [Runtimes] (7.2.z) Upgrade istack from 3.0.5.redhat-1 to 3.0.7.redhat-00001\nJBEAP-16123 - [Runtimes] (7.2.x) Upgrade commons-digester from 1.8 to 1.8.1.redhat-4\nJBEAP-16125 - [Runtimes] (7.2.x) Upgrade org.jboss.genericjms from 2.0.1.Final-redhat-1 to 2.0.1.Final-redhat-00002\nJBEAP-16137 - (7.2.z) (WFCORE) Upgrade FasterXML Jackson from 2.9.2 to 2.9.8\nJBEAP-16146 - (7.2.z) Upgrade Elytron from 1.6.1.Final to 1.6.2.Final\nJBEAP-16147 - (7.2.z) Upgrade Elytron-Tool from 1.4.0 to 1.4.1.Final\nJBEAP-16259 - (7.2.z) Upgrade legacy EJB Client from 3.0.2.Final-redhat-1 to 3.0.3.Final-redhat-1\nJBEAP-16276 - (7.2.z) Upgrade elytron-web from 1.2.3.Final to 1.2.4.Final\nJBEAP-16321 - (7.2.z) HHH-13099 HHH-13283 Upgrade ByteBuddy from 1.8.17 to 1.9.5\nJBEAP-16347 - (7.2.z) Upgrade jboss-logmanager from 2.1.5.Final-redhat-00001 to 2.1.7.Final\nJBEAP-16356 - (7.2.z) Upgrade RESTEasy from 3.6.1.SP2 to 3.6.1.SP3\nJBEAP-16367 - (7.2.z) Upgrade commons-lang3 from 3.6.0-redhat-1 to 3.8-redhat-00001\nJBEAP-16368 - (7.2.z) Upgrade cxf-xjc from 3.2.2.redhat-00001 to 3.2.3.redhat-00002\nJBEAP-16369 - (7.2.z) Upgrade httpasyncclient from 4.1.3.redhat-2 to 4.1.4.redhat-00001\nJBEAP-16381 - (7.2.z) Upgrade jboss-remoting-jmx from 3.0.0.Final to 3.0.1.Final\nJBEAP-16418 - (7.2.z) Upgrade Hibernate ORM from 5.3.8 to 5.3.9\nJBEAP-9657 - (7.2.z) Upgrade jboss-negotiation from 3.0.4 to 3.0.5.Final-redhat-00001\n\n6. \n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 2.8.6-1+deb9u5. \n\nWe recommend that you upgrade your jackson-databind packages. \n\nFor the detailed security status of jackson-databind please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/jackson-databind\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlzoWnMACgkQEMKTtsN8\nTjYKuA//TDDdI43NQ1mLh+bu0jrQOHZf8QLv/68kHpHe0kMAc92kSkK/k8GojxxZ\nu2BmBM8sYp7XzRN1wGfuh04BDnA6t9NdWl5VG/jaL2npubV6GeKa3b1trEol0WRw\nWJmwDkrp946XchxJZJyEU9QICaMBU4seDjq2nhSEzJhBiS6dHxh1PkCqpA0xL1iH\nyN/ZmSWbgIeZIbFMUiV6SghbXpEEAQjBVzeo7tbWddzDMV7atQdErpfOLoeAiWY3\n6ER/AQqulMVaC3odGglzU2OksDfeRN4TIAVKhv7t0Jb6hJkJU3a5TJOe/jvWuNna\nb3+psiLU1LHHwlWZuUAbiFx6HZkLj0kxHH1IR9Om42MJ++lCZA78JbxwgfW9JsOH\nxbo+334isNCM6P7sdyvxabqwCSWbUFb+6eUR6Hqe9HaTrhWZPln3VL/pwszT7HSA\nUt6RRIUcHu0BdMZZv08dO015j5Gk/a314BAvUQyRejYmM6WNQwwOkNHGp5I66VhA\nS284hCKozpttwG3ogDjbzwvCcmzUr757cgn4ACC6nXjfVnxz/u/WeMEAJfoYFPW8\n+MKh7SkB1wADYBjgDt/HAG2e1A5GOjrtNO92x0GQ62iIs53iRvct6WmEJr4eQ/7T\nn3frp2khA85wvPhz3oj07KMxrnF4yBtrR6TO+eVkZAMp/COnosA=\n=PkmH\n-----END PGP SIGNATURE-----\n. Description:\n\nRed Hat JBoss Data Virtualization is a lean data integration solution that\nprovides easy, real-time, and unified data access across disparate sources\nto multiple applications and users. JBoss Data Virtualization makes data\nspread across physically distinct systems - such as multiple databases, XML\nfiles, and even Hadoop systems - appear as a set of tables in a local\ndatabase",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-12023"
},
{
"db": "BID",
"id": "105659"
},
{
"db": "VULHUB",
"id": "VHN-121941"
},
{
"db": "VULMON",
"id": "CVE-2018-12023"
},
{
"db": "PACKETSTORM",
"id": "154505"
},
{
"db": "PACKETSTORM",
"id": "154794"
},
{
"db": "PACKETSTORM",
"id": "155352"
},
{
"db": "PACKETSTORM",
"id": "153724"
},
{
"db": "PACKETSTORM",
"id": "152764"
},
{
"db": "PACKETSTORM",
"id": "153090"
},
{
"db": "PACKETSTORM",
"id": "154906"
},
{
"db": "PACKETSTORM",
"id": "152779"
}
],
"trust": 2.07
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2018-12023",
"trust": 2.9
},
{
"db": "BID",
"id": "105659",
"trust": 2.1
},
{
"db": "CNNVD",
"id": "CNNVD-201901-723",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "155352",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2019.1350",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4332",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.4254",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.0674",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4532",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "152558",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "152620",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "155516",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-121941",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2018-12023",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "154505",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "154794",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "153724",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "152764",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "153090",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "154906",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "152779",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-121941"
},
{
"db": "VULMON",
"id": "CVE-2018-12023"
},
{
"db": "BID",
"id": "105659"
},
{
"db": "PACKETSTORM",
"id": "154505"
},
{
"db": "PACKETSTORM",
"id": "154794"
},
{
"db": "PACKETSTORM",
"id": "155352"
},
{
"db": "PACKETSTORM",
"id": "153724"
},
{
"db": "PACKETSTORM",
"id": "152764"
},
{
"db": "PACKETSTORM",
"id": "153090"
},
{
"db": "PACKETSTORM",
"id": "154906"
},
{
"db": "PACKETSTORM",
"id": "152779"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-723"
},
{
"db": "NVD",
"id": "CVE-2018-12023"
}
]
},
"id": "VAR-201903-0926",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-121941"
}
],
"trust": 0.01
},
"last_update_date": "2026-03-09T22:05:55.135000Z",
"patch": {
"_id": null,
"data": [
{
"title": "FasterXML Jackson-databind Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=88845"
},
{
"title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.1 on RHEL 7 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20191108 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.1 on RHEL 6 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20191107 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss BPM Suite 6.4.12 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20191797 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.1 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20191106 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat FIS 2.0 on Fuse 6.3.0 R13 security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20193002 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat Single Sign-On 7.3.1 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20191140 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss BRMS 6.4.12 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20191782 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Fuse/A-MQ 6.3 R13 security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20192804 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat Process Automation Manager 7.4.0 Security Update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20191823 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat Decision Manager 7.4.0 Security Update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20191822 - Security Advisory"
},
{
"title": "Red Hat: Important: rh-maven35-jackson-databind security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20190782 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat OpenShift Application Runtimes Thorntail 2.4.0 security \u0026 bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20190877 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat Data Grid 7.3.2 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20194037 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Data Virtualization 6.4.8 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20193140 - Security Advisory"
},
{
"title": "Red Hat: Important: OpenShift Container Platform 4.1.18 logging-elasticsearch5 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20192858 - Security Advisory"
},
{
"title": "Debian Security Advisories: DSA-4452-1 jackson-databind -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=a4042e15eece2d982640f9a553bd3505"
},
{
"title": "Red Hat: Important: OpenShift Container Platform logging-elasticsearch5-container security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20193149 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat Fuse 7.5.0 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20193892 - Security Advisory"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - January 2019",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=f655264a6935505d167bbf45f409a57b"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - October 2018",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=81c63752a6f26433af2128b2e8c02385"
},
{
"title": "IBM: Security Bulletin: Multiple Vulnerabilities in IBM Guardium Data Encryption (GDE)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=3dea47d76eee003a50f853f241578c37"
},
{
"title": "IBM: Security Bulletin: z/Transaction Processing Facility is affected by multiple vulnerabilities in the jackson-databind, jackson-dataformat-xml, jackson-core, slf4j-ext, and cxf-core packages",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=f974282a27702bae4111bf7716ee6cf6"
},
{
"title": "IBM: Security Bulletin: Multiple vulnerabilities in Data-Binding for Jackson shipped with IBM Operations Analytics \u2013 Log Analysis",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=1db4c8cb14383c63d0c04205c943ef8a"
},
{
"title": "cybsec",
"trust": 0.1,
"url": "https://github.com/ilmari666/cybsec "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-12023"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-723"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-502",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-121941"
},
{
"db": "NVD",
"id": "CVE-2018-12023"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 3.0,
"url": "http://www.securityfocus.com/bid/105659"
},
{
"trust": 2.5,
"url": "https://access.redhat.com/errata/rhsa-2019:3892"
},
{
"trust": 2.4,
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"trust": 2.4,
"url": "https://access.redhat.com/errata/rhsa-2019:0782"
},
{
"trust": 2.4,
"url": "https://access.redhat.com/errata/rhsa-2019:4037"
},
{
"trust": 2.1,
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"trust": 2.1,
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"trust": 2.1,
"url": "https://github.com/fasterxml/jackson-databind/issues/2058"
},
{
"trust": 2.1,
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"trust": 2.1,
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"trust": 1.9,
"url": "https://access.redhat.com/errata/rhsa-2019:1106"
},
{
"trust": 1.9,
"url": "https://access.redhat.com/errata/rhsa-2019:1140"
},
{
"trust": 1.9,
"url": "https://access.redhat.com/errata/rhsa-2019:1823"
},
{
"trust": 1.9,
"url": "https://access.redhat.com/errata/rhsa-2019:2804"
},
{
"trust": 1.9,
"url": "https://access.redhat.com/errata/rhsa-2019:3002"
},
{
"trust": 1.9,
"url": "https://access.redhat.com/errata/rhsa-2019:3140"
},
{
"trust": 1.8,
"url": "https://seclists.org/bugtraq/2019/may/68"
},
{
"trust": 1.8,
"url": "https://security.netapp.com/advisory/ntap-20190530-0003/"
},
{
"trust": 1.8,
"url": "https://www.debian.org/security/2019/dsa-4452"
},
{
"trust": 1.8,
"url": "https://github.com/fasterxml/jackson-databind/commit/28badf7ef60ac3e7ef151cd8e8ec010b8479226a"
},
{
"trust": 1.8,
"url": "https://www.blackhat.com/docs/us-16/materials/us-16-munoz-a-journey-from-jndi-ldap-manipulation-to-rce.pdf"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhba-2019:0959"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2019:0877"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2019:1107"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2019:1108"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2019:1782"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2019:1797"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2019:1822"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2019:2858"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2019:3149"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-12023"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/7fcf88aff0d1deaa5c3c7be8d58c05ad7ad5da94b59065d8e7c50c5d%40%3cissues.lucene.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3cdev.drill.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3cdev.drill.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3cissues.drill.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/zedlduybstdy4gwdbuxgjns2rfytfvrc/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-12022"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-11307"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/zedlduybstdy4gwdbuxgjns2rfytfvrc/"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3cdev.drill.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3cdev.drill.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3cissues.drill.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/7fcf88aff0d1deaa5c3c7be8d58c05ad7ad5da94b59065d8e7c50c5d@%3cissues.lucene.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.7,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2018-12023"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2018-12022"
},
{
"trust": 0.7,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2018-11307"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14718"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-19361"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14719"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-19360"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-19362"
},
{
"trust": 0.6,
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00005.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/152558/red-hat-security-advisory-2019-0782-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/152620/red-hat-security-advisory-2019-0877-01.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-guardium-data-encryption-gde-3/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-fasterxml-jackson-databind-affect-apache-solr-shipped-with-ibm-operations-analytics-log-analysis/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/76470"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/79390"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4532/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.4254/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4332/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/155516/red-hat-security-advisory-2019-4037-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/155352/red-hat-security-advisory-2019-3892-01.html"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/jackson-databind-code-execution-via-oracle-jdbc-driver-deserialization-28553"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-release-for-ibm-security-identity-governance-and-intelligence-in-response-to-security-vulnerabilities-3/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-third-party-vulnerable-library-jackson-databind-affects-ibm-engineering-lifecycle-optimization-publishing/"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2018-19360"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2018-14718"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2018-14719"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2018-19362"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2018-19361"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14720"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14721"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2018-14720"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2018-14721"
},
{
"trust": 0.3,
"url": "https://github.com/fasterxml/jackson-databind"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-10173"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10173"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0201"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-0201"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14642"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-14642"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-3894"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3894"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-3805"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3805"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/502.html"
},
{
"trust": 0.1,
"url": "https://tools.cisco.com/security/center/viewalert.x?alertid=60029"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/ilmari666/cybsec"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=securitypatches\u0026product=jboss.fuse\u0026version=6.3"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-10899"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-10899"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=jboss.amq.broker\u0026downloadtype=securitypatches\u0026version=6.3.0"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/3060411"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-11796"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-0204"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9514"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-15095"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-8034"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9515"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-9512"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-1000850"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-9514"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=jboss.fuse\u0026version=7.5.0"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1000850"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-9515"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-17485"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-8009"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-8034"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-9518"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.5/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-11775"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-11796"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1131"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-1131"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0204"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-16869"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-11775"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9512"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14860"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-17485"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-15095"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16869"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-8009"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14860"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9518"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_process_automation_manager/7.4/html/release_notes_for_red_hat_process_automation_manager_7.4/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=rhpam\u0026version=7.4.0"
},
{
"trust": 0.1,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/html-single/installation_guide/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=appplatform\u0026downloadtype=securitypatches\u0026version=7.2"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/jackson-databind"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12086"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-5397"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-8088"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-11798"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product\\xdata.services.platform\u0026downloadtype=securitypatches\u0026version=6.4"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-8088"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-5397"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_data_virtualization/6.4/html/release_notes/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-11798"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-1335"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1335"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-3868"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=securitypatches\u0026product=core.service.rhsso\u0026version=7.3"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.3/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3868"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-121941"
},
{
"db": "VULMON",
"id": "CVE-2018-12023"
},
{
"db": "BID",
"id": "105659"
},
{
"db": "PACKETSTORM",
"id": "154505"
},
{
"db": "PACKETSTORM",
"id": "154794"
},
{
"db": "PACKETSTORM",
"id": "155352"
},
{
"db": "PACKETSTORM",
"id": "153724"
},
{
"db": "PACKETSTORM",
"id": "152764"
},
{
"db": "PACKETSTORM",
"id": "153090"
},
{
"db": "PACKETSTORM",
"id": "154906"
},
{
"db": "PACKETSTORM",
"id": "152779"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-723"
},
{
"db": "NVD",
"id": "CVE-2018-12023"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "VULHUB",
"id": "VHN-121941",
"ident": null
},
{
"db": "VULMON",
"id": "CVE-2018-12023",
"ident": null
},
{
"db": "BID",
"id": "105659",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "154505",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "154794",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "155352",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "153724",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "152764",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "153090",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "154906",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "152779",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201901-723",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2018-12023",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2019-03-21T00:00:00",
"db": "VULHUB",
"id": "VHN-121941",
"ident": null
},
{
"date": "2019-03-21T00:00:00",
"db": "VULMON",
"id": "CVE-2018-12023",
"ident": null
},
{
"date": "2018-06-08T00:00:00",
"db": "BID",
"id": "105659",
"ident": null
},
{
"date": "2019-09-17T16:47:39",
"db": "PACKETSTORM",
"id": "154505",
"ident": null
},
{
"date": "2019-10-10T14:45:40",
"db": "PACKETSTORM",
"id": "154794",
"ident": null
},
{
"date": "2019-11-15T16:16:10",
"db": "PACKETSTORM",
"id": "155352",
"ident": null
},
{
"date": "2019-07-23T18:44:44",
"db": "PACKETSTORM",
"id": "153724",
"ident": null
},
{
"date": "2019-05-08T17:45:48",
"db": "PACKETSTORM",
"id": "152764",
"ident": null
},
{
"date": "2019-05-24T18:02:22",
"db": "PACKETSTORM",
"id": "153090",
"ident": null
},
{
"date": "2019-10-17T15:31:19",
"db": "PACKETSTORM",
"id": "154906",
"ident": null
},
{
"date": "2019-05-09T10:21:11",
"db": "PACKETSTORM",
"id": "152779",
"ident": null
},
{
"date": "2019-01-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201901-723",
"ident": null
},
{
"date": "2019-03-21T16:00:12.407000",
"db": "NVD",
"id": "CVE-2018-12023",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2020-10-20T00:00:00",
"db": "VULHUB",
"id": "VHN-121941",
"ident": null
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2018-12023",
"ident": null
},
{
"date": "2019-07-17T07:00:00",
"db": "BID",
"id": "105659",
"ident": null
},
{
"date": "2021-04-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201901-723",
"ident": null
},
{
"date": "2024-11-21T03:44:26.187000",
"db": "NVD",
"id": "CVE-2018-12023",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201901-723"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "FasterXML jackson-databind Code problem vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201901-723"
}
],
"trust": 0.6
},
"type": {
"_id": null,
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201901-723"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…