VAR-201903-0926
Vulnerability from variot - Updated: 2025-12-22 22:40An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Oracle JDBC jar in the classpath, and an attacker can provide an LDAP service to access, it is possible to make the service execute a malicious payload. FasterXML jackson-databind Contains a vulnerability in the deserialization of unreliable data.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. FasterXML Jackson-databind is prone to a remote-code execution vulnerability. Successfully exploiting this issue allows attackers to execute arbitrary code in the context of the affected application. Failed exploits will result in denial-of-service conditions. jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6 are vulnerable. FasterXML Jackson is a data processing tool for Java developed by American FasterXML Company. jackson-databind is one of the components with data binding function. Red Hat A-MQ is a standards compliant messaging system that is tailored for use in mission critical applications. It includes bug fixes, which are documented in the patch notes accompanying the package on the download page. See the download link given in the references section below.
Installation instructions are located in the download section of the customer portal.
The References section of this erratum contains a download link (you must log in to download the update). Description:
Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services.
It is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: Red Hat JBoss Enterprise Application Platform 7.2.1 on RHEL 7 security update Advisory ID: RHSA-2019:1108-01 Product: Red Hat JBoss Enterprise Application Platform Advisory URL: https://access.redhat.com/errata/RHSA-2019:1108 Issue date: 2019-05-08 CVE Names: CVE-2018-11307 CVE-2018-12022 CVE-2018-12023 CVE-2018-14642 CVE-2018-14720 CVE-2018-14721 CVE-2019-3805 CVE-2019-3894 ==================================================================== 1. Summary:
An update is now available for Red Hat JBoss Enterprise Application Platform 7.2 for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat JBoss EAP 7.2 for RHEL 7 Server - noarch, x86_64
- Description:
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on JBoss Application Server 7.
This release of Red Hat JBoss Enterprise Application Platform 7.2.1 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.2.0, and includes bug fixes and enhancements. Refer to the Red Hat JBoss Enterprise Application Platform 7.2.1 Release Notes for information on the most significant bug fixes and enhancements included in this release.
Security Fix(es):
-
jackson-databind: Potential information exfiltration with default typing, serialization gadget from MyBatis (CVE-2018-11307)
-
jackson-databind: improper polymorphic deserialization of types from Jodd-db library (CVE-2018-12022)
-
jackson-databind: improper polymorphic deserialization of types from Oracle JDBC driver (CVE-2018-12023)
-
undertow: Infoleak in some circumstances where Undertow can serve data from a random buffer (CVE-2018-14642)
-
jackson-databind: exfiltration/XXE in some JDK classes (CVE-2018-14720)
-
jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class (CVE-2018-14721)
-
wildfly: Race condition on PID file allows for termination of arbitrary processes by local users (CVE-2019-3805)
-
wildfly: wrong SecurityIdentity for EE concurrency threads that are reused (CVE-2019-3894)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1628702 - CVE-2018-14642 undertow: Infoleak in some circumstances where Undertow can serve data from a random buffer 1660263 - CVE-2019-3805 wildfly: Race condition on PID file allows for termination of arbitrary processes by local users 1666423 - CVE-2018-14720 jackson-databind: exfiltration/XXE in some JDK classes 1666428 - CVE-2018-14721 jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class 1671096 - CVE-2018-12023 jackson-databind: improper polymorphic deserialization of types from Oracle JDBC driver 1671097 - CVE-2018-12022 jackson-databind: improper polymorphic deserialization of types from Jodd-db library 1677341 - CVE-2018-11307 jackson-databind: Potential information exfiltration with default typing, serialization gadget from MyBatis 1682108 - CVE-2019-3894 wildfly: wrong SecurityIdentity for EE concurrency threads that are reused
- JIRA issues fixed (https://issues.jboss.org/):
JBEAP-14861 - GSS Upgrade JBeret from 1.3.1.Final to 1.3.2.Final JBEAP-15392 - (7.2.z) Upgrade Apache CXF from 3.2.5 to 3.2.7 JBEAP-15477 - (7.2.z) Upgrade PicketLink bindings from 2.5.5.SP12-redhat-2 to 2.5.5.SP12-redhat-4 JBEAP-15478 - (7.2.z) Upgrade PicketLink from 2.5.5.SP12-redhat-2 to 2.5.5.SP12-redhat-4 JBEAP-15568 - GSS Upgrade ironjacamar from 1.4.11 Final to 1.4.15 Final JBEAP-15617 - (7.2.z) Upgrade WildFly Core from 6.0.11 to 6.0.12 JBEAP-15622 - GSS Upgrade jboss-el-api_spec from 1.0.12.Final to 1.0.13.Final JBEAP-15748 - GSS Upgrade jastow from 2.0.6.Final-redhat-00001 to 2.0.7.Final-redhat-00001 JBEAP-15805 - (7.2.z) Upgrade Hibernate ORM from 5.3.7 to 5.3.8 JBEAP-15851 - [ENG] (7.2.z) Upgrade Infinispan from 9.3.3.Final to 9.3.6.Final JBEAP-15869 - (7.2.z) Upgrade Undertow from 2.0.15 to 2.0.19 JBEAP-15876 - (7.2.z) Upgrade Artemis from 2.6.3.redhat-00014 to 2.6.3.redhat-00020 JBEAP-16025 - Upgrade yasson from 1.0.1 to 1.0.2 JBEAP-16037 - GSS Upgrade Narayana from 5.9.0.Final to 5.9.1.Final JBEAP-16086 - (7.2.z) Upgrade WildFly HTTP client from 1.0.12.Final to 1.0.13.Final JBEAP-16090 - GSS Upgrade jboss-ejb-client from 4.0.12 to 4.0.15 JBEAP-16091 - GSS Upgrade wildfly-transaction-client from 1.1.2.Final-redhat-1 to 1.1.3.Final-redhat-1 JBEAP-16112 - (7.2.z) Upgrade FasterXML Jackson from 2.9.5.redhat-2 to 2.9.8 JBEAP-16122 - [Runtimes] (7.2.z) Upgrade istack from 3.0.5.redhat-1 to 3.0.7.redhat-00001 JBEAP-16123 - [Runtimes] (7.2.x) Upgrade commons-digester from 1.8 to 1.8.1.redhat-4 JBEAP-16124 - [Runtimes] (7.2.x) Upgrade hornetq from 2.4.7.redhat-1 to 2.4.7.redhat-2 JBEAP-16125 - [Runtimes] (7.2.x) Upgrade org.jboss.genericjms from 2.0.1.Final-redhat-1 to 2.0.1.Final-redhat-00002 JBEAP-16137 - (7.2.z) (WFCORE) Upgrade FasterXML Jackson from 2.9.2 to 2.9.8 JBEAP-16146 - (7.2.z) Upgrade Elytron from 1.6.1.Final to 1.6.2.Final JBEAP-16147 - (7.2.z) Upgrade Elytron-Tool from 1.4.0 to 1.4.1.Final JBEAP-16234 - Tracker bug for the EAP 7.2.1 release for RHEL-7 JBEAP-16259 - (7.2.z) Upgrade legacy EJB Client from 3.0.2.Final-redhat-1 to 3.0.3.Final-redhat-1 JBEAP-16276 - (7.2.z) Upgrade elytron-web from 1.2.3.Final to 1.2.4.Final JBEAP-16321 - (7.2.z) HHH-13099 HHH-13283 Upgrade ByteBuddy from 1.8.17 to 1.9.5 JBEAP-16347 - (7.2.z) Upgrade jboss-logmanager from 2.1.5.Final-redhat-00001 to 2.1.7.Final JBEAP-16356 - (7.2.z) Upgrade RESTEasy from 3.6.1.SP2 to 3.6.1.SP3 JBEAP-16367 - (7.2.z) Upgrade commons-lang3 from 3.6.0-redhat-1 to 3.8-redhat-00001 JBEAP-16368 - (7.2.z) Upgrade cxf-xjc from 3.2.2.redhat-00001 to 3.2.3.redhat-00002 JBEAP-16369 - (7.2.z) Upgrade httpasyncclient from 4.1.3.redhat-2 to 4.1.4.redhat-00001 JBEAP-16381 - (7.2.z) Upgrade jboss-remoting-jmx from 3.0.0.Final to 3.0.1.Final JBEAP-16418 - (7.2.z) Upgrade Hibernate ORM from 5.3.8 to 5.3.9 JBEAP-9657 - (7.2.z) Upgrade jboss-negotiation from 3.0.4 to 3.0.5.Final-redhat-00001
- Package List:
Red Hat JBoss EAP 7.2 for RHEL 7 Server:
Source: eap7-activemq-artemis-2.6.3-5.redhat_00020.1.el7eap.src.rpm eap7-apache-commons-lang-3.8.0-1.redhat_00001.1.el7eap.src.rpm eap7-apache-cxf-3.2.7-1.redhat_00001.1.el7eap.src.rpm eap7-apache-cxf-xjc-utils-3.2.3-2.redhat_00002.1.el7eap.src.rpm eap7-artemis-native-2.6.3-15.redhat_00020.el7eap.src.rpm eap7-byte-buddy-1.9.5-1.redhat_00001.1.el7eap.src.rpm eap7-dom4j-2.1.1-2.redhat_00001.1.el7eap.src.rpm eap7-elytron-web-1.2.4-1.Final_redhat_00001.1.el7eap.src.rpm eap7-hibernate-5.3.9-2.Final_redhat_00002.1.el7eap.src.rpm eap7-httpcomponents-asyncclient-4.1.4-1.redhat_00001.1.el7eap.src.rpm eap7-infinispan-9.3.6-1.Final_redhat_00001.1.el7eap.src.rpm eap7-ironjacamar-1.4.15-1.Final_redhat_00001.1.el7eap.src.rpm eap7-jackson-annotations-2.9.8-2.redhat_00004.1.el7eap.src.rpm eap7-jackson-core-2.9.8-2.redhat_00004.1.el7eap.src.rpm eap7-jackson-databind-2.9.8-2.redhat_00004.1.el7eap.src.rpm eap7-jackson-jaxrs-providers-2.9.8-2.redhat_00004.1.el7eap.src.rpm eap7-jackson-modules-base-2.9.8-1.redhat_00004.1.el7eap.src.rpm eap7-jackson-modules-java8-2.9.8-1.redhat_00004.1.el7eap.src.rpm eap7-jberet-1.3.2-1.Final_redhat_00001.1.el7eap.src.rpm eap7-jboss-ejb-client-4.0.15-1.Final_redhat_00001.1.el7eap.src.rpm eap7-jboss-el-api_3.0_spec-1.0.13-2.Final_redhat_00001.1.el7eap.src.rpm eap7-jboss-genericjms-2.0.1-2.Final_redhat_00002.1.el7eap.src.rpm eap7-jboss-logmanager-2.1.7-3.Final_redhat_00001.1.el7eap.src.rpm eap7-jboss-remoting-jmx-3.0.1-1.Final_redhat_00001.1.el7eap.src.rpm eap7-jboss-security-negotiation-3.0.5-2.Final_redhat_00001.1.el7eap.src.rpm eap7-jboss-server-migration-1.3.0-7.Final_redhat_00004.1.el7eap.src.rpm eap7-narayana-5.9.1-1.Final_redhat_00001.1.el7eap.src.rpm eap7-picketlink-bindings-2.5.5-16.SP12_redhat_4.1.el7eap.src.rpm eap7-picketlink-federation-2.5.5-16.SP12_redhat_4.1.el7eap.src.rpm eap7-resteasy-3.6.1-4.SP3_redhat_00001.1.el7eap.src.rpm eap7-sun-istack-commons-3.0.7-2.redhat_00001.1.el7eap.src.rpm eap7-undertow-2.0.19-1.Final_redhat_00001.1.el7eap.src.rpm eap7-undertow-jastow-2.0.7-2.Final_redhat_00001.1.el7eap.src.rpm eap7-wildfly-7.2.1-6.GA_redhat_00004.1.el7eap.src.rpm eap7-wildfly-elytron-1.6.2-1.Final_redhat_00001.1.el7eap.src.rpm eap7-wildfly-elytron-tool-1.4.1-1.Final_redhat_00001.1.el7eap.src.rpm eap7-wildfly-http-client-1.0.13-1.Final_redhat_00001.1.el7eap.src.rpm eap7-wildfly-transaction-client-1.1.3-1.Final_redhat_00001.1.el7eap.src.rpm eap7-yasson-1.0.2-1.redhat_00001.1.el7eap.src.rpm
noarch: eap7-activemq-artemis-2.6.3-5.redhat_00020.1.el7eap.noarch.rpm eap7-activemq-artemis-cli-2.6.3-5.redhat_00020.1.el7eap.noarch.rpm eap7-activemq-artemis-commons-2.6.3-5.redhat_00020.1.el7eap.noarch.rpm eap7-activemq-artemis-core-client-2.6.3-5.redhat_00020.1.el7eap.noarch.rpm eap7-activemq-artemis-dto-2.6.3-5.redhat_00020.1.el7eap.noarch.rpm eap7-activemq-artemis-hornetq-protocol-2.6.3-5.redhat_00020.1.el7eap.noarch.rpm eap7-activemq-artemis-hqclient-protocol-2.6.3-5.redhat_00020.1.el7eap.noarch.rpm eap7-activemq-artemis-jdbc-store-2.6.3-5.redhat_00020.1.el7eap.noarch.rpm eap7-activemq-artemis-jms-client-2.6.3-5.redhat_00020.1.el7eap.noarch.rpm eap7-activemq-artemis-jms-server-2.6.3-5.redhat_00020.1.el7eap.noarch.rpm eap7-activemq-artemis-journal-2.6.3-5.redhat_00020.1.el7eap.noarch.rpm eap7-activemq-artemis-native-2.6.3-5.redhat_00020.1.el7eap.noarch.rpm eap7-activemq-artemis-ra-2.6.3-5.redhat_00020.1.el7eap.noarch.rpm eap7-activemq-artemis-selector-2.6.3-5.redhat_00020.1.el7eap.noarch.rpm eap7-activemq-artemis-server-2.6.3-5.redhat_00020.1.el7eap.noarch.rpm eap7-activemq-artemis-service-extensions-2.6.3-5.redhat_00020.1.el7eap.noarch.rpm eap7-activemq-artemis-tools-2.6.3-5.redhat_00020.1.el7eap.noarch.rpm eap7-apache-commons-lang-3.8.0-1.redhat_00001.1.el7eap.noarch.rpm eap7-apache-cxf-3.2.7-1.redhat_00001.1.el7eap.noarch.rpm eap7-apache-cxf-rt-3.2.7-1.redhat_00001.1.el7eap.noarch.rpm eap7-apache-cxf-services-3.2.7-1.redhat_00001.1.el7eap.noarch.rpm eap7-apache-cxf-tools-3.2.7-1.redhat_00001.1.el7eap.noarch.rpm eap7-apache-cxf-xjc-utils-3.2.3-2.redhat_00002.1.el7eap.noarch.rpm eap7-byte-buddy-1.9.5-1.redhat_00001.1.el7eap.noarch.rpm eap7-cxf-xjc-boolean-3.2.3-2.redhat_00002.1.el7eap.noarch.rpm eap7-cxf-xjc-bug986-3.2.3-2.redhat_00002.1.el7eap.noarch.rpm eap7-cxf-xjc-dv-3.2.3-2.redhat_00002.1.el7eap.noarch.rpm eap7-cxf-xjc-runtime-3.2.3-2.redhat_00002.1.el7eap.noarch.rpm eap7-cxf-xjc-ts-3.2.3-2.redhat_00002.1.el7eap.noarch.rpm eap7-dom4j-2.1.1-2.redhat_00001.1.el7eap.noarch.rpm eap7-hibernate-5.3.9-2.Final_redhat_00002.1.el7eap.noarch.rpm eap7-hibernate-core-5.3.9-2.Final_redhat_00002.1.el7eap.noarch.rpm eap7-hibernate-entitymanager-5.3.9-2.Final_redhat_00002.1.el7eap.noarch.rpm eap7-hibernate-envers-5.3.9-2.Final_redhat_00002.1.el7eap.noarch.rpm eap7-hibernate-java8-5.3.9-2.Final_redhat_00002.1.el7eap.noarch.rpm eap7-httpcomponents-asyncclient-4.1.4-1.redhat_00001.1.el7eap.noarch.rpm eap7-infinispan-9.3.6-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-infinispan-cachestore-jdbc-9.3.6-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-infinispan-cachestore-remote-9.3.6-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-infinispan-client-hotrod-9.3.6-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-infinispan-commons-9.3.6-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-infinispan-core-9.3.6-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-infinispan-hibernate-cache-commons-9.3.6-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-infinispan-hibernate-cache-spi-9.3.6-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-infinispan-hibernate-cache-v53-9.3.6-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-1.4.15-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-common-api-1.4.15-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-common-impl-1.4.15-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-common-spi-1.4.15-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-core-api-1.4.15-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-core-impl-1.4.15-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-deployers-common-1.4.15-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-jdbc-1.4.15-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-validator-1.4.15-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-istack-commons-runtime-3.0.7-2.redhat_00001.1.el7eap.noarch.rpm eap7-istack-commons-tools-3.0.7-2.redhat_00001.1.el7eap.noarch.rpm eap7-jackson-annotations-2.9.8-2.redhat_00004.1.el7eap.noarch.rpm eap7-jackson-core-2.9.8-2.redhat_00004.1.el7eap.noarch.rpm eap7-jackson-databind-2.9.8-2.redhat_00004.1.el7eap.noarch.rpm eap7-jackson-datatype-jdk8-2.9.8-1.redhat_00004.1.el7eap.noarch.rpm eap7-jackson-datatype-jsr310-2.9.8-1.redhat_00004.1.el7eap.noarch.rpm eap7-jackson-jaxrs-base-2.9.8-2.redhat_00004.1.el7eap.noarch.rpm eap7-jackson-jaxrs-json-provider-2.9.8-2.redhat_00004.1.el7eap.noarch.rpm eap7-jackson-module-jaxb-annotations-2.9.8-1.redhat_00004.1.el7eap.noarch.rpm eap7-jackson-modules-base-2.9.8-1.redhat_00004.1.el7eap.noarch.rpm eap7-jackson-modules-java8-2.9.8-1.redhat_00004.1.el7eap.noarch.rpm eap7-jberet-1.3.2-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-jberet-core-1.3.2-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-jboss-ejb-client-4.0.15-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-jboss-el-api_3.0_spec-1.0.13-2.Final_redhat_00001.1.el7eap.noarch.rpm eap7-jboss-genericjms-2.0.1-2.Final_redhat_00002.1.el7eap.noarch.rpm eap7-jboss-logmanager-2.1.7-3.Final_redhat_00001.1.el7eap.noarch.rpm eap7-jboss-remoting-jmx-3.0.1-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-jboss-security-negotiation-3.0.5-2.Final_redhat_00001.1.el7eap.noarch.rpm eap7-jboss-server-migration-1.3.0-7.Final_redhat_00004.1.el7eap.noarch.rpm eap7-jboss-server-migration-cli-1.3.0-7.Final_redhat_00004.1.el7eap.noarch.rpm eap7-jboss-server-migration-core-1.3.0-7.Final_redhat_00004.1.el7eap.noarch.rpm eap7-jboss-server-migration-eap6.4-1.3.0-7.Final_redhat_00004.1.el7eap.noarch.rpm eap7-jboss-server-migration-eap6.4-to-eap7.2-1.3.0-7.Final_redhat_00004.1.el7eap.noarch.rpm eap7-jboss-server-migration-eap7.0-1.3.0-7.Final_redhat_00004.1.el7eap.noarch.rpm eap7-jboss-server-migration-eap7.0-to-eap7.2-1.3.0-7.Final_redhat_00004.1.el7eap.noarch.rpm eap7-jboss-server-migration-eap7.1-1.3.0-7.Final_redhat_00004.1.el7eap.noarch.rpm eap7-jboss-server-migration-eap7.1-to-eap7.2-1.3.0-7.Final_redhat_00004.1.el7eap.noarch.rpm eap7-jboss-server-migration-eap7.2-1.3.0-7.Final_redhat_00004.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly10.0-1.3.0-7.Final_redhat_00004.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly10.0-to-eap7.2-1.3.0-7.Final_redhat_00004.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly10.1-1.3.0-7.Final_redhat_00004.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly10.1-to-eap7.2-1.3.0-7.Final_redhat_00004.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly11.0-1.3.0-7.Final_redhat_00004.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly11.0-to-eap7.2-1.3.0-7.Final_redhat_00004.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly12.0-1.3.0-7.Final_redhat_00004.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly12.0-to-eap7.2-1.3.0-7.Final_redhat_00004.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly13.0-server-1.3.0-7.Final_redhat_00004.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly8.2-1.3.0-7.Final_redhat_00004.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly8.2-to-eap7.2-1.3.0-7.Final_redhat_00004.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly9.0-1.3.0-7.Final_redhat_00004.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly9.0-to-eap7.2-1.3.0-7.Final_redhat_00004.1.el7eap.noarch.rpm eap7-narayana-5.9.1-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-narayana-compensations-5.9.1-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-narayana-jbosstxbridge-5.9.1-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-narayana-jbossxts-5.9.1-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-narayana-jts-idlj-5.9.1-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-narayana-jts-integration-5.9.1-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-narayana-restat-api-5.9.1-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-narayana-restat-bridge-5.9.1-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-narayana-restat-integration-5.9.1-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-narayana-restat-util-5.9.1-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-narayana-txframework-5.9.1-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-picketlink-api-2.5.5-16.SP12_redhat_4.1.el7eap.noarch.rpm eap7-picketlink-bindings-2.5.5-16.SP12_redhat_4.1.el7eap.noarch.rpm eap7-picketlink-common-2.5.5-16.SP12_redhat_4.1.el7eap.noarch.rpm eap7-picketlink-config-2.5.5-16.SP12_redhat_4.1.el7eap.noarch.rpm eap7-picketlink-federation-2.5.5-16.SP12_redhat_4.1.el7eap.noarch.rpm eap7-picketlink-idm-api-2.5.5-16.SP12_redhat_4.1.el7eap.noarch.rpm eap7-picketlink-idm-impl-2.5.5-16.SP12_redhat_4.1.el7eap.noarch.rpm eap7-picketlink-idm-simple-schema-2.5.5-16.SP12_redhat_4.1.el7eap.noarch.rpm eap7-picketlink-impl-2.5.5-16.SP12_redhat_4.1.el7eap.noarch.rpm eap7-picketlink-wildfly8-2.5.5-16.SP12_redhat_4.1.el7eap.noarch.rpm eap7-resteasy-3.6.1-4.SP3_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-atom-provider-3.6.1-4.SP3_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-cdi-3.6.1-4.SP3_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-client-3.6.1-4.SP3_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-client-microprofile-3.6.1-4.SP3_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-crypto-3.6.1-4.SP3_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-jackson-provider-3.6.1-4.SP3_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-jackson2-provider-3.6.1-4.SP3_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-jaxb-provider-3.6.1-4.SP3_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-jaxrs-3.6.1-4.SP3_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-jettison-provider-3.6.1-4.SP3_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-jose-jwt-3.6.1-4.SP3_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-jsapi-3.6.1-4.SP3_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-json-binding-provider-3.6.1-4.SP3_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-json-p-provider-3.6.1-4.SP3_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-multipart-provider-3.6.1-4.SP3_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-rxjava2-3.6.1-4.SP3_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-spring-3.6.1-4.SP3_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-validator-provider-11-3.6.1-4.SP3_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-yaml-provider-3.6.1-4.SP3_redhat_00001.1.el7eap.noarch.rpm eap7-sun-istack-commons-3.0.7-2.redhat_00001.1.el7eap.noarch.rpm eap7-undertow-2.0.19-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-undertow-jastow-2.0.7-2.Final_redhat_00001.1.el7eap.noarch.rpm eap7-undertow-server-1.2.4-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-wildfly-7.2.1-6.GA_redhat_00004.1.el7eap.noarch.rpm eap7-wildfly-elytron-1.6.2-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-wildfly-elytron-tool-1.4.1-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-wildfly-http-client-common-1.0.13-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-wildfly-http-ejb-client-1.0.13-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-wildfly-http-naming-client-1.0.13-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-wildfly-http-transaction-client-1.0.13-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-wildfly-java-jdk11-7.2.1-6.GA_redhat_00004.1.el7eap.noarch.rpm eap7-wildfly-java-jdk8-7.2.1-6.GA_redhat_00004.1.el7eap.noarch.rpm eap7-wildfly-javadocs-7.2.1-6.GA_redhat_00004.1.el7eap.noarch.rpm eap7-wildfly-modules-7.2.1-6.GA_redhat_00004.1.el7eap.noarch.rpm eap7-wildfly-transaction-client-1.1.3-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-yasson-1.0.2-1.redhat_00001.1.el7eap.noarch.rpm
x86_64: eap7-artemis-native-2.6.3-15.redhat_00020.el7eap.x86_64.rpm eap7-artemis-native-wildfly-2.6.3-15.redhat_00020.el7eap.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2018-11307 https://access.redhat.com/security/cve/CVE-2018-12022 https://access.redhat.com/security/cve/CVE-2018-12023 https://access.redhat.com/security/cve/CVE-2018-14642 https://access.redhat.com/security/cve/CVE-2018-14720 https://access.redhat.com/security/cve/CVE-2018-14721 https://access.redhat.com/security/cve/CVE-2019-3805 https://access.redhat.com/security/cve/CVE-2019-3894 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/ https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/html-single/installation_guide/
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBXNLIE9zjgjWX9erEAQglKw/+JyHe4joco43PeWiW+gtOUi1LmK+vvmA/ gkH43MSvriK9Skka+B0ZkTDUvIOe12f4be3IOpN3utcEcDHa/FgvsGZDnSSEsqRl 4W0cPWOFpeGw1NxgeP/wyHl/ccuwmFgXyxOstqx3T93HsVLBteQfjDM/TNbRATPu ESGwZbdJFWaGHTrYzK2U1z7kvWeG81Qc+nTzD52HT8Gl2Ru8Joy7cYhH2h42vLra PMOM5R7EWKINRFlIwPAO4rtvkZh+NfpViMvxcVxoObRue4FuAnoToZiyo50daPQI 0GSvYcPlUB6eVttOmQuq63j4pypm+p7uEf4gFkOc0n38RaiiRx7TLdAoRwjg/oL+ 9gKnDg1uXOy0UOLiQbYSQXTQiN/5fo5cpGJ2y0VCI/bWcULq4owLrwzGbcRS2kN1 RB94DglvRUcqbIcC3FIDKA6pUEAqyNL8j4moQfjvmxDHtdkFbWdMVyCPsVnqeRpi bXpTDQhsrdIEM6Hvmc16Zoli2vurhhwTOSEh5eBOP6H29UOduZRUA5Bi7QazgdOj B+NLXH2088Xy+bTvu9xv5iFBQ47Kp/EEvFr+xqU9sVzggIXpyLgn5G03/GOAKkJ7 DHVygbhSYgeopJnFD1vD1Xz5cQHwoFwao00DXti3rUi9FbcQR0H/UQSmNq/OujOk Jr14u9JZfcw=EHUv -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce .
For the stable distribution (stretch), these problems have been fixed in version 2.8.6-1+deb9u5.
We recommend that you upgrade your jackson-databind packages.
For the detailed security status of jackson-databind please refer to its security tracker page at: https://security-tracker.debian.org/tracker/jackson-databind
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlzoWnMACgkQEMKTtsN8 TjYKuA//TDDdI43NQ1mLh+bu0jrQOHZf8QLv/68kHpHe0kMAc92kSkK/k8GojxxZ u2BmBM8sYp7XzRN1wGfuh04BDnA6t9NdWl5VG/jaL2npubV6GeKa3b1trEol0WRw WJmwDkrp946XchxJZJyEU9QICaMBU4seDjq2nhSEzJhBiS6dHxh1PkCqpA0xL1iH yN/ZmSWbgIeZIbFMUiV6SghbXpEEAQjBVzeo7tbWddzDMV7atQdErpfOLoeAiWY3 6ER/AQqulMVaC3odGglzU2OksDfeRN4TIAVKhv7t0Jb6hJkJU3a5TJOe/jvWuNna b3+psiLU1LHHwlWZuUAbiFx6HZkLj0kxHH1IR9Om42MJ++lCZA78JbxwgfW9JsOH xbo+334isNCM6P7sdyvxabqwCSWbUFb+6eUR6Hqe9HaTrhWZPln3VL/pwszT7HSA Ut6RRIUcHu0BdMZZv08dO015j5Gk/a314BAvUQyRejYmM6WNQwwOkNHGp5I66VhA S284hCKozpttwG3ogDjbzwvCcmzUr757cgn4ACC6nXjfVnxz/u/WeMEAJfoYFPW8 +MKh7SkB1wADYBjgDt/HAG2e1A5GOjrtNO92x0GQ62iIs53iRvct6WmEJr4eQ/7T n3frp2khA85wvPhz3oj07KMxrnF4yBtrR6TO+eVkZAMp/COnosA= =PkmH -----END PGP SIGNATURE----- . (CVE-2019-12086)
- jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server via crafted JSON message. (CVE-2019-12814)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution:
For OpenShift Container Platform 4.1 see the following documentation, which will be updated shortly for release 4.1.18, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.openshift.com/container-platform/4.1/release_notes/ocp-4-1-rel ease-notes.html
- 1725795 - CVE-2019-12814 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server via crafted JSON message
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201903-0926",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "jackson-databind",
"scope": "lt",
"trust": 1.8,
"vendor": "fasterxml",
"version": "2.7.9.4"
},
{
"model": "jackson-databind",
"scope": "lt",
"trust": 1.8,
"vendor": "fasterxml",
"version": "2.8.11.2"
},
{
"model": "jackson-databind",
"scope": "lt",
"trust": 1.8,
"vendor": "fasterxml",
"version": "2.9.6"
},
{
"model": "retail merchandising system",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "jd edwards enterpriseone tools",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "jboss brms",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.4.10"
},
{
"model": "jboss enterprise application platform",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.2.0"
},
{
"model": "openshift container platform",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "3.11"
},
{
"model": "single sign-on",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.3"
},
{
"model": "decision manager",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.3.1"
},
{
"model": "jackson-databind",
"scope": "gte",
"trust": 1.0,
"vendor": "fasterxml",
"version": "2.8.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "29"
},
{
"model": "jackson-databind",
"scope": "gte",
"trust": 1.0,
"vendor": "fasterxml",
"version": "2.9.0"
},
{
"model": "jackson-databind",
"scope": "gte",
"trust": 1.0,
"vendor": "fasterxml",
"version": "2.7.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "automation manager",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.3.1"
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "enterprise manager for virtualization",
"scope": null,
"trust": 0.8,
"vendor": "oracle",
"version": null
},
{
"model": "jd edwards enterpriseone orchestrator",
"scope": null,
"trust": 0.8,
"vendor": "oracle",
"version": null
},
{
"model": "jd edwards enterpriseone tools",
"scope": null,
"trust": 0.8,
"vendor": "oracle",
"version": null
},
{
"model": "banking platform",
"scope": null,
"trust": 0.8,
"vendor": "oracle",
"version": null
},
{
"model": "communications billing and revenue management",
"scope": null,
"trust": 0.8,
"vendor": "oracle",
"version": null
},
{
"model": "communications instant messaging server",
"scope": null,
"trust": 0.8,
"vendor": "oracle",
"version": null
},
{
"model": "financial services analytical applications infrastructure",
"scope": null,
"trust": 0.8,
"vendor": "oracle",
"version": null
},
{
"model": "identity manager",
"scope": null,
"trust": 0.8,
"vendor": "oracle",
"version": null
},
{
"model": "utilities advanced spatial and operational analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.7.0.1"
},
{
"model": "primavera unifier",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "18.8"
},
{
"model": "primavera unifier",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "18.1"
},
{
"model": "primavera unifier",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "17.12"
},
{
"model": "primavera unifier",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "17.1"
},
{
"model": "primavera unifier",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "16.2"
},
{
"model": "primavera unifier",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "16.1"
},
{
"model": "primavera unifier",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "15.2"
},
{
"model": "primavera unifier",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "15.1"
},
{
"model": "enterprise manager for virtualization",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.3.1"
},
{
"model": "enterprise manager for virtualization",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2.3"
},
{
"model": "enterprise manager for virtualization",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2.2"
},
{
"model": "communications instant messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.0.1.2.0"
},
{
"model": "banking platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.6.2"
},
{
"model": "banking platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.6.1"
},
{
"model": "banking platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.6"
},
{
"model": "banking platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.5.0"
},
{
"model": "jackson-databind",
"scope": "eq",
"trust": 0.3,
"vendor": "fasterxml",
"version": "2.9.5"
},
{
"model": "jackson-databind",
"scope": "eq",
"trust": 0.3,
"vendor": "fasterxml",
"version": "2.9.4"
},
{
"model": "jackson-databind",
"scope": "eq",
"trust": 0.3,
"vendor": "fasterxml",
"version": "2.9.2"
},
{
"model": "jackson-databind",
"scope": "eq",
"trust": 0.3,
"vendor": "fasterxml",
"version": "2.9.1"
},
{
"model": "jackson-databind",
"scope": "eq",
"trust": 0.3,
"vendor": "fasterxml",
"version": "2.9"
},
{
"model": "jackson-databind",
"scope": "eq",
"trust": 0.3,
"vendor": "fasterxml",
"version": "2.8.11"
},
{
"model": "jackson-databind",
"scope": "eq",
"trust": 0.3,
"vendor": "fasterxml",
"version": "2.8.11.1"
},
{
"model": "jackson-databind",
"scope": "eq",
"trust": 0.3,
"vendor": "fasterxml",
"version": "2.7.9.3"
},
{
"model": "jackson-databind",
"scope": "eq",
"trust": 0.3,
"vendor": "fasterxml",
"version": "2.7.9.1"
},
{
"model": "jackson-databind",
"scope": "ne",
"trust": 0.3,
"vendor": "fasterxml",
"version": "2.9.6"
},
{
"model": "jackson-databind",
"scope": "ne",
"trust": 0.3,
"vendor": "fasterxml",
"version": "2.8.11.2"
},
{
"model": "jackson-databind",
"scope": "ne",
"trust": 0.3,
"vendor": "fasterxml",
"version": "2.7.9.4"
}
],
"sources": [
{
"db": "BID",
"id": "105659"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014819"
},
{
"db": "NVD",
"id": "CVE-2018-12023"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:fasterxml:jackson-databind",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:fedoraproject:fedora",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:oracle:enterprise_manager_for_virtualization",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:oracle:jd_edwards_enterpriseone_orchestrator",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:oracle:jd_edwards_enterpriseone_tools",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:oracle:banking_platform",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:oracle:communications_billing_and_revenue_management",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:oracle:communications_instant_messaging_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:oracle:financial_services_analytical_applications_infrastructure",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:oracle:identity_manager",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014819"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat,Tatu Saloranta",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201901-723"
}
],
"trust": 0.6
},
"cve": "CVE-2018-12023",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.9,
"id": "CVE-2018-12023",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.9,
"id": "VHN-121941",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:H/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.6,
"id": "CVE-2018-12023",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-12023",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2018-12023",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201901-723",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-121941",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2018-12023",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-121941"
},
{
"db": "VULMON",
"id": "CVE-2018-12023"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-723"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014819"
},
{
"db": "NVD",
"id": "CVE-2018-12023"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Oracle JDBC jar in the classpath, and an attacker can provide an LDAP service to access, it is possible to make the service execute a malicious payload. FasterXML jackson-databind Contains a vulnerability in the deserialization of unreliable data.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. FasterXML Jackson-databind is prone to a remote-code execution vulnerability. \nSuccessfully exploiting this issue allows attackers to execute arbitrary code in the context of the affected application. Failed exploits will result in denial-of-service conditions. \njackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6 are vulnerable. FasterXML Jackson is a data processing tool for Java developed by American FasterXML Company. jackson-databind is one of the components with data binding function. Red Hat A-MQ is a standards compliant\nmessaging system that is tailored for use in mission critical applications. It\nincludes bug fixes, which are documented in the patch notes accompanying\nthe package on the download page. See the download link given in the\nreferences section below. \n\nInstallation instructions are located in the download section of the\ncustomer portal. \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). Description:\n\nRed Hat Process Automation Manager is an open source business process\nmanagement suite that combines process management and decision service\nmanagement and enables business and IT users to create, manage, validate,\nand deploy process applications and decision services. \n\nIt is recommended to halt the server by stopping the JBoss Application\nServer process before installing this update; after installing the update,\nrestart the server by starting the JBoss Application Server process. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: Red Hat JBoss Enterprise Application Platform 7.2.1 on RHEL 7 security update\nAdvisory ID: RHSA-2019:1108-01\nProduct: Red Hat JBoss Enterprise Application Platform\nAdvisory URL: https://access.redhat.com/errata/RHSA-2019:1108\nIssue date: 2019-05-08\nCVE Names: CVE-2018-11307 CVE-2018-12022 CVE-2018-12023\n CVE-2018-14642 CVE-2018-14720 CVE-2018-14721\n CVE-2019-3805 CVE-2019-3894\n====================================================================\n1. Summary:\n\nAn update is now available for Red Hat JBoss Enterprise Application\nPlatform 7.2 for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat JBoss EAP 7.2 for RHEL 7 Server - noarch, x86_64\n\n3. Description:\n\nRed Hat JBoss Enterprise Application Platform 7 is a platform for Java\napplications based on JBoss Application Server 7. \n\nThis release of Red Hat JBoss Enterprise Application Platform 7.2.1 serves\nas a replacement for Red Hat JBoss Enterprise Application Platform 7.2.0,\nand includes bug fixes and enhancements. Refer to the Red Hat JBoss\nEnterprise Application Platform 7.2.1 Release Notes for information on the\nmost significant bug fixes and enhancements included in this release. \n\nSecurity Fix(es):\n\n* jackson-databind: Potential information exfiltration with default typing,\nserialization gadget from MyBatis (CVE-2018-11307)\n\n* jackson-databind: improper polymorphic deserialization of types from\nJodd-db library (CVE-2018-12022)\n\n* jackson-databind: improper polymorphic deserialization of types from\nOracle JDBC driver (CVE-2018-12023)\n\n* undertow: Infoleak in some circumstances where Undertow can serve data\nfrom a random buffer (CVE-2018-14642)\n\n* jackson-databind: exfiltration/XXE in some JDK classes (CVE-2018-14720)\n\n* jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class\n(CVE-2018-14721)\n\n* wildfly: Race condition on PID file allows for termination of arbitrary\nprocesses by local users (CVE-2019-3805)\n\n* wildfly: wrong SecurityIdentity for EE concurrency threads that are\nreused (CVE-2019-3894)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in\nthe References section. \n\n4. Solution:\n\nBefore applying this update, back up your existing Red Hat JBoss Enterprise\nApplication Platform installation and deployed applications. \n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1628702 - CVE-2018-14642 undertow: Infoleak in some circumstances where Undertow can serve data from a random buffer\n1660263 - CVE-2019-3805 wildfly: Race condition on PID file allows for termination of arbitrary processes by local users\n1666423 - CVE-2018-14720 jackson-databind: exfiltration/XXE in some JDK classes\n1666428 - CVE-2018-14721 jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class\n1671096 - CVE-2018-12023 jackson-databind: improper polymorphic deserialization of types from Oracle JDBC driver\n1671097 - CVE-2018-12022 jackson-databind: improper polymorphic deserialization of types from Jodd-db library\n1677341 - CVE-2018-11307 jackson-databind: Potential information exfiltration with default typing, serialization gadget from MyBatis\n1682108 - CVE-2019-3894 wildfly: wrong SecurityIdentity for EE concurrency threads that are reused\n\n6. JIRA issues fixed (https://issues.jboss.org/):\n\nJBEAP-14861 - [GSS](7.2.z) Upgrade JBeret from 1.3.1.Final to 1.3.2.Final\nJBEAP-15392 - (7.2.z) Upgrade Apache CXF from 3.2.5 to 3.2.7\nJBEAP-15477 - (7.2.z) Upgrade PicketLink bindings from 2.5.5.SP12-redhat-2 to 2.5.5.SP12-redhat-4\nJBEAP-15478 - (7.2.z) Upgrade PicketLink from 2.5.5.SP12-redhat-2 to 2.5.5.SP12-redhat-4\nJBEAP-15568 - [GSS](7.2.z) Upgrade ironjacamar from 1.4.11 Final to 1.4.15 Final\nJBEAP-15617 - (7.2.z) Upgrade WildFly Core from 6.0.11 to 6.0.12\nJBEAP-15622 - [GSS](7.2.z) Upgrade jboss-el-api_spec from 1.0.12.Final to 1.0.13.Final\nJBEAP-15748 - [GSS](7.2.z) Upgrade jastow from 2.0.6.Final-redhat-00001 to 2.0.7.Final-redhat-00001\nJBEAP-15805 - (7.2.z) Upgrade Hibernate ORM from 5.3.7 to 5.3.8\nJBEAP-15851 - [ENG] (7.2.z) Upgrade Infinispan from 9.3.3.Final to 9.3.6.Final\nJBEAP-15869 - (7.2.z) Upgrade Undertow from 2.0.15 to 2.0.19\nJBEAP-15876 - (7.2.z) Upgrade Artemis from 2.6.3.redhat-00014 to 2.6.3.redhat-00020\nJBEAP-16025 - Upgrade yasson from 1.0.1 to 1.0.2\nJBEAP-16037 - [GSS](7.2.z) Upgrade Narayana from 5.9.0.Final to 5.9.1.Final\nJBEAP-16086 - (7.2.z) Upgrade WildFly HTTP client from 1.0.12.Final to 1.0.13.Final\nJBEAP-16090 - [GSS](7.2.z) Upgrade jboss-ejb-client from 4.0.12 to 4.0.15\nJBEAP-16091 - [GSS](7.2.z) Upgrade wildfly-transaction-client from 1.1.2.Final-redhat-1 to 1.1.3.Final-redhat-1\nJBEAP-16112 - (7.2.z) Upgrade FasterXML Jackson from 2.9.5.redhat-2 to 2.9.8\nJBEAP-16122 - [Runtimes] (7.2.z) Upgrade istack from 3.0.5.redhat-1 to 3.0.7.redhat-00001\nJBEAP-16123 - [Runtimes] (7.2.x) Upgrade commons-digester from 1.8 to 1.8.1.redhat-4\nJBEAP-16124 - [Runtimes] (7.2.x) Upgrade hornetq from 2.4.7.redhat-1 to 2.4.7.redhat-2\nJBEAP-16125 - [Runtimes] (7.2.x) Upgrade org.jboss.genericjms from 2.0.1.Final-redhat-1 to 2.0.1.Final-redhat-00002\nJBEAP-16137 - (7.2.z) (WFCORE) Upgrade FasterXML Jackson from 2.9.2 to 2.9.8\nJBEAP-16146 - (7.2.z) Upgrade Elytron from 1.6.1.Final to 1.6.2.Final\nJBEAP-16147 - (7.2.z) Upgrade Elytron-Tool from 1.4.0 to 1.4.1.Final\nJBEAP-16234 - Tracker bug for the EAP 7.2.1 release for RHEL-7\nJBEAP-16259 - (7.2.z) Upgrade legacy EJB Client from 3.0.2.Final-redhat-1 to 3.0.3.Final-redhat-1\nJBEAP-16276 - (7.2.z) Upgrade elytron-web from 1.2.3.Final to 1.2.4.Final\nJBEAP-16321 - (7.2.z) HHH-13099 HHH-13283 Upgrade ByteBuddy from 1.8.17 to 1.9.5\nJBEAP-16347 - (7.2.z) Upgrade jboss-logmanager from 2.1.5.Final-redhat-00001 to 2.1.7.Final\nJBEAP-16356 - (7.2.z) Upgrade RESTEasy from 3.6.1.SP2 to 3.6.1.SP3\nJBEAP-16367 - (7.2.z) Upgrade commons-lang3 from 3.6.0-redhat-1 to 3.8-redhat-00001\nJBEAP-16368 - (7.2.z) Upgrade cxf-xjc from 3.2.2.redhat-00001 to 3.2.3.redhat-00002\nJBEAP-16369 - (7.2.z) Upgrade httpasyncclient from 4.1.3.redhat-2 to 4.1.4.redhat-00001\nJBEAP-16381 - (7.2.z) Upgrade jboss-remoting-jmx from 3.0.0.Final to 3.0.1.Final\nJBEAP-16418 - (7.2.z) Upgrade Hibernate ORM from 5.3.8 to 5.3.9\nJBEAP-9657 - (7.2.z) Upgrade jboss-negotiation from 3.0.4 to 3.0.5.Final-redhat-00001\n\n7. Package List:\n\nRed Hat JBoss EAP 7.2 for RHEL 7 Server:\n\nSource:\neap7-activemq-artemis-2.6.3-5.redhat_00020.1.el7eap.src.rpm\neap7-apache-commons-lang-3.8.0-1.redhat_00001.1.el7eap.src.rpm\neap7-apache-cxf-3.2.7-1.redhat_00001.1.el7eap.src.rpm\neap7-apache-cxf-xjc-utils-3.2.3-2.redhat_00002.1.el7eap.src.rpm\neap7-artemis-native-2.6.3-15.redhat_00020.el7eap.src.rpm\neap7-byte-buddy-1.9.5-1.redhat_00001.1.el7eap.src.rpm\neap7-dom4j-2.1.1-2.redhat_00001.1.el7eap.src.rpm\neap7-elytron-web-1.2.4-1.Final_redhat_00001.1.el7eap.src.rpm\neap7-hibernate-5.3.9-2.Final_redhat_00002.1.el7eap.src.rpm\neap7-httpcomponents-asyncclient-4.1.4-1.redhat_00001.1.el7eap.src.rpm\neap7-infinispan-9.3.6-1.Final_redhat_00001.1.el7eap.src.rpm\neap7-ironjacamar-1.4.15-1.Final_redhat_00001.1.el7eap.src.rpm\neap7-jackson-annotations-2.9.8-2.redhat_00004.1.el7eap.src.rpm\neap7-jackson-core-2.9.8-2.redhat_00004.1.el7eap.src.rpm\neap7-jackson-databind-2.9.8-2.redhat_00004.1.el7eap.src.rpm\neap7-jackson-jaxrs-providers-2.9.8-2.redhat_00004.1.el7eap.src.rpm\neap7-jackson-modules-base-2.9.8-1.redhat_00004.1.el7eap.src.rpm\neap7-jackson-modules-java8-2.9.8-1.redhat_00004.1.el7eap.src.rpm\neap7-jberet-1.3.2-1.Final_redhat_00001.1.el7eap.src.rpm\neap7-jboss-ejb-client-4.0.15-1.Final_redhat_00001.1.el7eap.src.rpm\neap7-jboss-el-api_3.0_spec-1.0.13-2.Final_redhat_00001.1.el7eap.src.rpm\neap7-jboss-genericjms-2.0.1-2.Final_redhat_00002.1.el7eap.src.rpm\neap7-jboss-logmanager-2.1.7-3.Final_redhat_00001.1.el7eap.src.rpm\neap7-jboss-remoting-jmx-3.0.1-1.Final_redhat_00001.1.el7eap.src.rpm\neap7-jboss-security-negotiation-3.0.5-2.Final_redhat_00001.1.el7eap.src.rpm\neap7-jboss-server-migration-1.3.0-7.Final_redhat_00004.1.el7eap.src.rpm\neap7-narayana-5.9.1-1.Final_redhat_00001.1.el7eap.src.rpm\neap7-picketlink-bindings-2.5.5-16.SP12_redhat_4.1.el7eap.src.rpm\neap7-picketlink-federation-2.5.5-16.SP12_redhat_4.1.el7eap.src.rpm\neap7-resteasy-3.6.1-4.SP3_redhat_00001.1.el7eap.src.rpm\neap7-sun-istack-commons-3.0.7-2.redhat_00001.1.el7eap.src.rpm\neap7-undertow-2.0.19-1.Final_redhat_00001.1.el7eap.src.rpm\neap7-undertow-jastow-2.0.7-2.Final_redhat_00001.1.el7eap.src.rpm\neap7-wildfly-7.2.1-6.GA_redhat_00004.1.el7eap.src.rpm\neap7-wildfly-elytron-1.6.2-1.Final_redhat_00001.1.el7eap.src.rpm\neap7-wildfly-elytron-tool-1.4.1-1.Final_redhat_00001.1.el7eap.src.rpm\neap7-wildfly-http-client-1.0.13-1.Final_redhat_00001.1.el7eap.src.rpm\neap7-wildfly-transaction-client-1.1.3-1.Final_redhat_00001.1.el7eap.src.rpm\neap7-yasson-1.0.2-1.redhat_00001.1.el7eap.src.rpm\n\nnoarch:\neap7-activemq-artemis-2.6.3-5.redhat_00020.1.el7eap.noarch.rpm\neap7-activemq-artemis-cli-2.6.3-5.redhat_00020.1.el7eap.noarch.rpm\neap7-activemq-artemis-commons-2.6.3-5.redhat_00020.1.el7eap.noarch.rpm\neap7-activemq-artemis-core-client-2.6.3-5.redhat_00020.1.el7eap.noarch.rpm\neap7-activemq-artemis-dto-2.6.3-5.redhat_00020.1.el7eap.noarch.rpm\neap7-activemq-artemis-hornetq-protocol-2.6.3-5.redhat_00020.1.el7eap.noarch.rpm\neap7-activemq-artemis-hqclient-protocol-2.6.3-5.redhat_00020.1.el7eap.noarch.rpm\neap7-activemq-artemis-jdbc-store-2.6.3-5.redhat_00020.1.el7eap.noarch.rpm\neap7-activemq-artemis-jms-client-2.6.3-5.redhat_00020.1.el7eap.noarch.rpm\neap7-activemq-artemis-jms-server-2.6.3-5.redhat_00020.1.el7eap.noarch.rpm\neap7-activemq-artemis-journal-2.6.3-5.redhat_00020.1.el7eap.noarch.rpm\neap7-activemq-artemis-native-2.6.3-5.redhat_00020.1.el7eap.noarch.rpm\neap7-activemq-artemis-ra-2.6.3-5.redhat_00020.1.el7eap.noarch.rpm\neap7-activemq-artemis-selector-2.6.3-5.redhat_00020.1.el7eap.noarch.rpm\neap7-activemq-artemis-server-2.6.3-5.redhat_00020.1.el7eap.noarch.rpm\neap7-activemq-artemis-service-extensions-2.6.3-5.redhat_00020.1.el7eap.noarch.rpm\neap7-activemq-artemis-tools-2.6.3-5.redhat_00020.1.el7eap.noarch.rpm\neap7-apache-commons-lang-3.8.0-1.redhat_00001.1.el7eap.noarch.rpm\neap7-apache-cxf-3.2.7-1.redhat_00001.1.el7eap.noarch.rpm\neap7-apache-cxf-rt-3.2.7-1.redhat_00001.1.el7eap.noarch.rpm\neap7-apache-cxf-services-3.2.7-1.redhat_00001.1.el7eap.noarch.rpm\neap7-apache-cxf-tools-3.2.7-1.redhat_00001.1.el7eap.noarch.rpm\neap7-apache-cxf-xjc-utils-3.2.3-2.redhat_00002.1.el7eap.noarch.rpm\neap7-byte-buddy-1.9.5-1.redhat_00001.1.el7eap.noarch.rpm\neap7-cxf-xjc-boolean-3.2.3-2.redhat_00002.1.el7eap.noarch.rpm\neap7-cxf-xjc-bug986-3.2.3-2.redhat_00002.1.el7eap.noarch.rpm\neap7-cxf-xjc-dv-3.2.3-2.redhat_00002.1.el7eap.noarch.rpm\neap7-cxf-xjc-runtime-3.2.3-2.redhat_00002.1.el7eap.noarch.rpm\neap7-cxf-xjc-ts-3.2.3-2.redhat_00002.1.el7eap.noarch.rpm\neap7-dom4j-2.1.1-2.redhat_00001.1.el7eap.noarch.rpm\neap7-hibernate-5.3.9-2.Final_redhat_00002.1.el7eap.noarch.rpm\neap7-hibernate-core-5.3.9-2.Final_redhat_00002.1.el7eap.noarch.rpm\neap7-hibernate-entitymanager-5.3.9-2.Final_redhat_00002.1.el7eap.noarch.rpm\neap7-hibernate-envers-5.3.9-2.Final_redhat_00002.1.el7eap.noarch.rpm\neap7-hibernate-java8-5.3.9-2.Final_redhat_00002.1.el7eap.noarch.rpm\neap7-httpcomponents-asyncclient-4.1.4-1.redhat_00001.1.el7eap.noarch.rpm\neap7-infinispan-9.3.6-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-infinispan-cachestore-jdbc-9.3.6-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-infinispan-cachestore-remote-9.3.6-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-infinispan-client-hotrod-9.3.6-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-infinispan-commons-9.3.6-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-infinispan-core-9.3.6-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-infinispan-hibernate-cache-commons-9.3.6-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-infinispan-hibernate-cache-spi-9.3.6-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-infinispan-hibernate-cache-v53-9.3.6-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-ironjacamar-1.4.15-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-ironjacamar-common-api-1.4.15-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-ironjacamar-common-impl-1.4.15-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-ironjacamar-common-spi-1.4.15-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-ironjacamar-core-api-1.4.15-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-ironjacamar-core-impl-1.4.15-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-ironjacamar-deployers-common-1.4.15-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-ironjacamar-jdbc-1.4.15-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-ironjacamar-validator-1.4.15-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-istack-commons-runtime-3.0.7-2.redhat_00001.1.el7eap.noarch.rpm\neap7-istack-commons-tools-3.0.7-2.redhat_00001.1.el7eap.noarch.rpm\neap7-jackson-annotations-2.9.8-2.redhat_00004.1.el7eap.noarch.rpm\neap7-jackson-core-2.9.8-2.redhat_00004.1.el7eap.noarch.rpm\neap7-jackson-databind-2.9.8-2.redhat_00004.1.el7eap.noarch.rpm\neap7-jackson-datatype-jdk8-2.9.8-1.redhat_00004.1.el7eap.noarch.rpm\neap7-jackson-datatype-jsr310-2.9.8-1.redhat_00004.1.el7eap.noarch.rpm\neap7-jackson-jaxrs-base-2.9.8-2.redhat_00004.1.el7eap.noarch.rpm\neap7-jackson-jaxrs-json-provider-2.9.8-2.redhat_00004.1.el7eap.noarch.rpm\neap7-jackson-module-jaxb-annotations-2.9.8-1.redhat_00004.1.el7eap.noarch.rpm\neap7-jackson-modules-base-2.9.8-1.redhat_00004.1.el7eap.noarch.rpm\neap7-jackson-modules-java8-2.9.8-1.redhat_00004.1.el7eap.noarch.rpm\neap7-jberet-1.3.2-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-jberet-core-1.3.2-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-jboss-ejb-client-4.0.15-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-jboss-el-api_3.0_spec-1.0.13-2.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-jboss-genericjms-2.0.1-2.Final_redhat_00002.1.el7eap.noarch.rpm\neap7-jboss-logmanager-2.1.7-3.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-jboss-remoting-jmx-3.0.1-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-jboss-security-negotiation-3.0.5-2.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-jboss-server-migration-1.3.0-7.Final_redhat_00004.1.el7eap.noarch.rpm\neap7-jboss-server-migration-cli-1.3.0-7.Final_redhat_00004.1.el7eap.noarch.rpm\neap7-jboss-server-migration-core-1.3.0-7.Final_redhat_00004.1.el7eap.noarch.rpm\neap7-jboss-server-migration-eap6.4-1.3.0-7.Final_redhat_00004.1.el7eap.noarch.rpm\neap7-jboss-server-migration-eap6.4-to-eap7.2-1.3.0-7.Final_redhat_00004.1.el7eap.noarch.rpm\neap7-jboss-server-migration-eap7.0-1.3.0-7.Final_redhat_00004.1.el7eap.noarch.rpm\neap7-jboss-server-migration-eap7.0-to-eap7.2-1.3.0-7.Final_redhat_00004.1.el7eap.noarch.rpm\neap7-jboss-server-migration-eap7.1-1.3.0-7.Final_redhat_00004.1.el7eap.noarch.rpm\neap7-jboss-server-migration-eap7.1-to-eap7.2-1.3.0-7.Final_redhat_00004.1.el7eap.noarch.rpm\neap7-jboss-server-migration-eap7.2-1.3.0-7.Final_redhat_00004.1.el7eap.noarch.rpm\neap7-jboss-server-migration-wildfly10.0-1.3.0-7.Final_redhat_00004.1.el7eap.noarch.rpm\neap7-jboss-server-migration-wildfly10.0-to-eap7.2-1.3.0-7.Final_redhat_00004.1.el7eap.noarch.rpm\neap7-jboss-server-migration-wildfly10.1-1.3.0-7.Final_redhat_00004.1.el7eap.noarch.rpm\neap7-jboss-server-migration-wildfly10.1-to-eap7.2-1.3.0-7.Final_redhat_00004.1.el7eap.noarch.rpm\neap7-jboss-server-migration-wildfly11.0-1.3.0-7.Final_redhat_00004.1.el7eap.noarch.rpm\neap7-jboss-server-migration-wildfly11.0-to-eap7.2-1.3.0-7.Final_redhat_00004.1.el7eap.noarch.rpm\neap7-jboss-server-migration-wildfly12.0-1.3.0-7.Final_redhat_00004.1.el7eap.noarch.rpm\neap7-jboss-server-migration-wildfly12.0-to-eap7.2-1.3.0-7.Final_redhat_00004.1.el7eap.noarch.rpm\neap7-jboss-server-migration-wildfly13.0-server-1.3.0-7.Final_redhat_00004.1.el7eap.noarch.rpm\neap7-jboss-server-migration-wildfly8.2-1.3.0-7.Final_redhat_00004.1.el7eap.noarch.rpm\neap7-jboss-server-migration-wildfly8.2-to-eap7.2-1.3.0-7.Final_redhat_00004.1.el7eap.noarch.rpm\neap7-jboss-server-migration-wildfly9.0-1.3.0-7.Final_redhat_00004.1.el7eap.noarch.rpm\neap7-jboss-server-migration-wildfly9.0-to-eap7.2-1.3.0-7.Final_redhat_00004.1.el7eap.noarch.rpm\neap7-narayana-5.9.1-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-narayana-compensations-5.9.1-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-narayana-jbosstxbridge-5.9.1-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-narayana-jbossxts-5.9.1-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-narayana-jts-idlj-5.9.1-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-narayana-jts-integration-5.9.1-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-narayana-restat-api-5.9.1-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-narayana-restat-bridge-5.9.1-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-narayana-restat-integration-5.9.1-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-narayana-restat-util-5.9.1-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-narayana-txframework-5.9.1-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-picketlink-api-2.5.5-16.SP12_redhat_4.1.el7eap.noarch.rpm\neap7-picketlink-bindings-2.5.5-16.SP12_redhat_4.1.el7eap.noarch.rpm\neap7-picketlink-common-2.5.5-16.SP12_redhat_4.1.el7eap.noarch.rpm\neap7-picketlink-config-2.5.5-16.SP12_redhat_4.1.el7eap.noarch.rpm\neap7-picketlink-federation-2.5.5-16.SP12_redhat_4.1.el7eap.noarch.rpm\neap7-picketlink-idm-api-2.5.5-16.SP12_redhat_4.1.el7eap.noarch.rpm\neap7-picketlink-idm-impl-2.5.5-16.SP12_redhat_4.1.el7eap.noarch.rpm\neap7-picketlink-idm-simple-schema-2.5.5-16.SP12_redhat_4.1.el7eap.noarch.rpm\neap7-picketlink-impl-2.5.5-16.SP12_redhat_4.1.el7eap.noarch.rpm\neap7-picketlink-wildfly8-2.5.5-16.SP12_redhat_4.1.el7eap.noarch.rpm\neap7-resteasy-3.6.1-4.SP3_redhat_00001.1.el7eap.noarch.rpm\neap7-resteasy-atom-provider-3.6.1-4.SP3_redhat_00001.1.el7eap.noarch.rpm\neap7-resteasy-cdi-3.6.1-4.SP3_redhat_00001.1.el7eap.noarch.rpm\neap7-resteasy-client-3.6.1-4.SP3_redhat_00001.1.el7eap.noarch.rpm\neap7-resteasy-client-microprofile-3.6.1-4.SP3_redhat_00001.1.el7eap.noarch.rpm\neap7-resteasy-crypto-3.6.1-4.SP3_redhat_00001.1.el7eap.noarch.rpm\neap7-resteasy-jackson-provider-3.6.1-4.SP3_redhat_00001.1.el7eap.noarch.rpm\neap7-resteasy-jackson2-provider-3.6.1-4.SP3_redhat_00001.1.el7eap.noarch.rpm\neap7-resteasy-jaxb-provider-3.6.1-4.SP3_redhat_00001.1.el7eap.noarch.rpm\neap7-resteasy-jaxrs-3.6.1-4.SP3_redhat_00001.1.el7eap.noarch.rpm\neap7-resteasy-jettison-provider-3.6.1-4.SP3_redhat_00001.1.el7eap.noarch.rpm\neap7-resteasy-jose-jwt-3.6.1-4.SP3_redhat_00001.1.el7eap.noarch.rpm\neap7-resteasy-jsapi-3.6.1-4.SP3_redhat_00001.1.el7eap.noarch.rpm\neap7-resteasy-json-binding-provider-3.6.1-4.SP3_redhat_00001.1.el7eap.noarch.rpm\neap7-resteasy-json-p-provider-3.6.1-4.SP3_redhat_00001.1.el7eap.noarch.rpm\neap7-resteasy-multipart-provider-3.6.1-4.SP3_redhat_00001.1.el7eap.noarch.rpm\neap7-resteasy-rxjava2-3.6.1-4.SP3_redhat_00001.1.el7eap.noarch.rpm\neap7-resteasy-spring-3.6.1-4.SP3_redhat_00001.1.el7eap.noarch.rpm\neap7-resteasy-validator-provider-11-3.6.1-4.SP3_redhat_00001.1.el7eap.noarch.rpm\neap7-resteasy-yaml-provider-3.6.1-4.SP3_redhat_00001.1.el7eap.noarch.rpm\neap7-sun-istack-commons-3.0.7-2.redhat_00001.1.el7eap.noarch.rpm\neap7-undertow-2.0.19-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-undertow-jastow-2.0.7-2.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-undertow-server-1.2.4-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-wildfly-7.2.1-6.GA_redhat_00004.1.el7eap.noarch.rpm\neap7-wildfly-elytron-1.6.2-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-wildfly-elytron-tool-1.4.1-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-wildfly-http-client-common-1.0.13-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-wildfly-http-ejb-client-1.0.13-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-wildfly-http-naming-client-1.0.13-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-wildfly-http-transaction-client-1.0.13-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-wildfly-java-jdk11-7.2.1-6.GA_redhat_00004.1.el7eap.noarch.rpm\neap7-wildfly-java-jdk8-7.2.1-6.GA_redhat_00004.1.el7eap.noarch.rpm\neap7-wildfly-javadocs-7.2.1-6.GA_redhat_00004.1.el7eap.noarch.rpm\neap7-wildfly-modules-7.2.1-6.GA_redhat_00004.1.el7eap.noarch.rpm\neap7-wildfly-transaction-client-1.1.3-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-yasson-1.0.2-1.redhat_00001.1.el7eap.noarch.rpm\n\nx86_64:\neap7-artemis-native-2.6.3-15.redhat_00020.el7eap.x86_64.rpm\neap7-artemis-native-wildfly-2.6.3-15.redhat_00020.el7eap.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n8. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-11307\nhttps://access.redhat.com/security/cve/CVE-2018-12022\nhttps://access.redhat.com/security/cve/CVE-2018-12023\nhttps://access.redhat.com/security/cve/CVE-2018-14642\nhttps://access.redhat.com/security/cve/CVE-2018-14720\nhttps://access.redhat.com/security/cve/CVE-2018-14721\nhttps://access.redhat.com/security/cve/CVE-2019-3805\nhttps://access.redhat.com/security/cve/CVE-2019-3894\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/\nhttps://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/html-single/installation_guide/\n\n9. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2019 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXNLIE9zjgjWX9erEAQglKw/+JyHe4joco43PeWiW+gtOUi1LmK+vvmA/\ngkH43MSvriK9Skka+B0ZkTDUvIOe12f4be3IOpN3utcEcDHa/FgvsGZDnSSEsqRl\n4W0cPWOFpeGw1NxgeP/wyHl/ccuwmFgXyxOstqx3T93HsVLBteQfjDM/TNbRATPu\nESGwZbdJFWaGHTrYzK2U1z7kvWeG81Qc+nTzD52HT8Gl2Ru8Joy7cYhH2h42vLra\nPMOM5R7EWKINRFlIwPAO4rtvkZh+NfpViMvxcVxoObRue4FuAnoToZiyo50daPQI\n0GSvYcPlUB6eVttOmQuq63j4pypm+p7uEf4gFkOc0n38RaiiRx7TLdAoRwjg/oL+\n9gKnDg1uXOy0UOLiQbYSQXTQiN/5fo5cpGJ2y0VCI/bWcULq4owLrwzGbcRS2kN1\nRB94DglvRUcqbIcC3FIDKA6pUEAqyNL8j4moQfjvmxDHtdkFbWdMVyCPsVnqeRpi\nbXpTDQhsrdIEM6Hvmc16Zoli2vurhhwTOSEh5eBOP6H29UOduZRUA5Bi7QazgdOj\nB+NLXH2088Xy+bTvu9xv5iFBQ47Kp/EEvFr+xqU9sVzggIXpyLgn5G03/GOAKkJ7\nDHVygbhSYgeopJnFD1vD1Xz5cQHwoFwao00DXti3rUi9FbcQR0H/UQSmNq/OujOk\nJr14u9JZfcw=EHUv\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 2.8.6-1+deb9u5. \n\nWe recommend that you upgrade your jackson-databind packages. \n\nFor the detailed security status of jackson-databind please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/jackson-databind\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlzoWnMACgkQEMKTtsN8\nTjYKuA//TDDdI43NQ1mLh+bu0jrQOHZf8QLv/68kHpHe0kMAc92kSkK/k8GojxxZ\nu2BmBM8sYp7XzRN1wGfuh04BDnA6t9NdWl5VG/jaL2npubV6GeKa3b1trEol0WRw\nWJmwDkrp946XchxJZJyEU9QICaMBU4seDjq2nhSEzJhBiS6dHxh1PkCqpA0xL1iH\nyN/ZmSWbgIeZIbFMUiV6SghbXpEEAQjBVzeo7tbWddzDMV7atQdErpfOLoeAiWY3\n6ER/AQqulMVaC3odGglzU2OksDfeRN4TIAVKhv7t0Jb6hJkJU3a5TJOe/jvWuNna\nb3+psiLU1LHHwlWZuUAbiFx6HZkLj0kxHH1IR9Om42MJ++lCZA78JbxwgfW9JsOH\nxbo+334isNCM6P7sdyvxabqwCSWbUFb+6eUR6Hqe9HaTrhWZPln3VL/pwszT7HSA\nUt6RRIUcHu0BdMZZv08dO015j5Gk/a314BAvUQyRejYmM6WNQwwOkNHGp5I66VhA\nS284hCKozpttwG3ogDjbzwvCcmzUr757cgn4ACC6nXjfVnxz/u/WeMEAJfoYFPW8\n+MKh7SkB1wADYBjgDt/HAG2e1A5GOjrtNO92x0GQ62iIs53iRvct6WmEJr4eQ/7T\nn3frp2khA85wvPhz3oj07KMxrnF4yBtrR6TO+eVkZAMp/COnosA=\n=PkmH\n-----END PGP SIGNATURE-----\n. (CVE-2019-12086)\n\n* jackson-databind: polymorphic typing issue allows attacker to read\narbitrary local files on the server via crafted JSON message. \n(CVE-2019-12814)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. Solution:\n\nFor OpenShift Container Platform 4.1 see the following documentation, which\nwill be updated shortly for release 4.1.18, for important instructions on\nhow to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.openshift.com/container-platform/4.1/release_notes/ocp-4-1-rel\nease-notes.html\n\n4. \n1725795 - CVE-2019-12814 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server via crafted JSON message",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-12023"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014819"
},
{
"db": "BID",
"id": "105659"
},
{
"db": "VULHUB",
"id": "VHN-121941"
},
{
"db": "VULMON",
"id": "CVE-2018-12023"
},
{
"db": "PACKETSTORM",
"id": "154505"
},
{
"db": "PACKETSTORM",
"id": "153724"
},
{
"db": "PACKETSTORM",
"id": "152765"
},
{
"db": "PACKETSTORM",
"id": "153090"
},
{
"db": "PACKETSTORM",
"id": "154649"
},
{
"db": "PACKETSTORM",
"id": "152766"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-12023",
"trust": 3.5
},
{
"db": "BID",
"id": "105659",
"trust": 2.1
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014819",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201901-723",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2019.1350",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4332",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.4254",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.0674",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4532",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "155352",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "152558",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "152620",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "155516",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-121941",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2018-12023",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "154505",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "153724",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "152765",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "153090",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "154649",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "152766",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-121941"
},
{
"db": "VULMON",
"id": "CVE-2018-12023"
},
{
"db": "BID",
"id": "105659"
},
{
"db": "PACKETSTORM",
"id": "154505"
},
{
"db": "PACKETSTORM",
"id": "153724"
},
{
"db": "PACKETSTORM",
"id": "152765"
},
{
"db": "PACKETSTORM",
"id": "153090"
},
{
"db": "PACKETSTORM",
"id": "154649"
},
{
"db": "PACKETSTORM",
"id": "152766"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-723"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014819"
},
{
"db": "NVD",
"id": "CVE-2018-12023"
}
]
},
"id": "VAR-201903-0926",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-121941"
}
],
"trust": 0.01
},
"last_update_date": "2025-12-22T22:40:37.555000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "FEDORA-2019-df57551f6d",
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZEDLDUYBSTDY4GWDBUXGJNS2RFYTFVRC/"
},
{
"title": "Backport #2052, #2058 fixes for 2.7.9.4",
"trust": 0.8,
"url": "https://github.com/FasterXML/jackson-databind/commit/28badf7ef60ac3e7ef151cd8e8ec010b8479226a"
},
{
"title": "CVE-2018-12023: Block polymorphic deserialization of types from Oracle JDBC driver #2058",
"trust": 0.8,
"url": "https://github.com/FasterXML/jackson-databind/issues/2058"
},
{
"title": "Oracle Critical Patch Update Advisory - January 2019",
"trust": 0.8,
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"title": "Oracle Critical Patch Update Advisory - October 2018",
"trust": 0.8,
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"title": "FasterXML Jackson-databind Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=88845"
},
{
"title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.1 on RHEL 7 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20191108 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.1 on RHEL 6 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20191107 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss BPM Suite 6.4.12 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20191797 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.1 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20191106 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat FIS 2.0 on Fuse 6.3.0 R13 security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20193002 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat Single Sign-On 7.3.1 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20191140 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss BRMS 6.4.12 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20191782 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Fuse/A-MQ 6.3 R13 security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20192804 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat Process Automation Manager 7.4.0 Security Update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20191823 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat Decision Manager 7.4.0 Security Update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20191822 - Security Advisory"
},
{
"title": "Red Hat: Important: rh-maven35-jackson-databind security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20190782 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat OpenShift Application Runtimes Thorntail 2.4.0 security \u0026 bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20190877 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat Data Grid 7.3.2 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20194037 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Data Virtualization 6.4.8 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20193140 - Security Advisory"
},
{
"title": "Red Hat: Important: OpenShift Container Platform 4.1.18 logging-elasticsearch5 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20192858 - Security Advisory"
},
{
"title": "Debian Security Advisories: DSA-4452-1 jackson-databind -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=a4042e15eece2d982640f9a553bd3505"
},
{
"title": "Red Hat: Important: OpenShift Container Platform logging-elasticsearch5-container security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20193149 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat Fuse 7.5.0 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20193892 - Security Advisory"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - January 2019",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=f655264a6935505d167bbf45f409a57b"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - October 2018",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=81c63752a6f26433af2128b2e8c02385"
},
{
"title": "IBM: Security Bulletin: Multiple Vulnerabilities in IBM Guardium Data Encryption (GDE)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=3dea47d76eee003a50f853f241578c37"
},
{
"title": "IBM: Security Bulletin: z/Transaction Processing Facility is affected by multiple vulnerabilities in the jackson-databind, jackson-dataformat-xml, jackson-core, slf4j-ext, and cxf-core packages",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=f974282a27702bae4111bf7716ee6cf6"
},
{
"title": "IBM: Security Bulletin: Multiple vulnerabilities in Data-Binding for Jackson shipped with IBM Operations Analytics \u2013 Log Analysis",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=1db4c8cb14383c63d0c04205c943ef8a"
},
{
"title": "cybsec",
"trust": 0.1,
"url": "https://github.com/ilmari666/cybsec "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-12023"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-723"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014819"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-502",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-121941"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014819"
},
{
"db": "NVD",
"id": "CVE-2018-12023"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "http://www.securityfocus.com/bid/105659"
},
{
"trust": 2.4,
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"trust": 2.4,
"url": "https://access.redhat.com/errata/rhsa-2019:0782"
},
{
"trust": 2.4,
"url": "https://access.redhat.com/errata/rhsa-2019:3892"
},
{
"trust": 2.4,
"url": "https://access.redhat.com/errata/rhsa-2019:4037"
},
{
"trust": 2.1,
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"trust": 2.1,
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"trust": 2.1,
"url": "https://github.com/fasterxml/jackson-databind/issues/2058"
},
{
"trust": 2.1,
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"trust": 2.1,
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-12023"
},
{
"trust": 1.9,
"url": "https://access.redhat.com/errata/rhsa-2019:1107"
},
{
"trust": 1.9,
"url": "https://access.redhat.com/errata/rhsa-2019:1108"
},
{
"trust": 1.9,
"url": "https://access.redhat.com/errata/rhsa-2019:1823"
},
{
"trust": 1.9,
"url": "https://access.redhat.com/errata/rhsa-2019:2804"
},
{
"trust": 1.9,
"url": "https://access.redhat.com/errata/rhsa-2019:2858"
},
{
"trust": 1.8,
"url": "https://seclists.org/bugtraq/2019/may/68"
},
{
"trust": 1.8,
"url": "https://security.netapp.com/advisory/ntap-20190530-0003/"
},
{
"trust": 1.8,
"url": "https://www.debian.org/security/2019/dsa-4452"
},
{
"trust": 1.8,
"url": "https://github.com/fasterxml/jackson-databind/commit/28badf7ef60ac3e7ef151cd8e8ec010b8479226a"
},
{
"trust": 1.8,
"url": "https://www.blackhat.com/docs/us-16/materials/us-16-munoz-a-journey-from-jndi-ldap-manipulation-to-rce.pdf"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhba-2019:0959"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2019:0877"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2019:1106"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2019:1140"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2019:1782"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2019:1797"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2019:1822"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2019:3002"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2019:3140"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2019:3149"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/7fcf88aff0d1deaa5c3c7be8d58c05ad7ad5da94b59065d8e7c50c5d%40%3cissues.lucene.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3cdev.drill.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3cdev.drill.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3cissues.drill.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/zedlduybstdy4gwdbuxgjns2rfytfvrc/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-12023"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/zedlduybstdy4gwdbuxgjns2rfytfvrc/"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3cdev.drill.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3cdev.drill.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3cissues.drill.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/7fcf88aff0d1deaa5c3c7be8d58c05ad7ad5da94b59065d8e7c50c5d@%3cissues.lucene.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-12022"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-11307"
},
{
"trust": 0.6,
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00005.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/152558/red-hat-security-advisory-2019-0782-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/152620/red-hat-security-advisory-2019-0877-01.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-guardium-data-encryption-gde-3/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-fasterxml-jackson-databind-affect-apache-solr-shipped-with-ibm-operations-analytics-log-analysis/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/76470"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/79390"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4532/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.4254/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4332/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/155516/red-hat-security-advisory-2019-4037-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/155352/red-hat-security-advisory-2019-3892-01.html"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/jackson-databind-code-execution-via-oracle-jdbc-driver-deserialization-28553"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-release-for-ibm-security-identity-governance-and-intelligence-in-response-to-security-vulnerabilities-3/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-third-party-vulnerable-library-jackson-databind-affects-ibm-engineering-lifecycle-optimization-publishing/"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.5,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2018-12023"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2018-12022"
},
{
"trust": 0.5,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2018-11307"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14720"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14721"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14718"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-19361"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14719"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-19360"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-19362"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2018-14720"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2018-14721"
},
{
"trust": 0.3,
"url": "https://github.com/fasterxml/jackson-databind"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2018-19360"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2018-14718"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2018-14719"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2018-19362"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2018-19361"
},
{
"trust": 0.2,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14642"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/html-single/installation_guide/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-14642"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-3894"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3894"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-3805"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3805"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12086"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/502.html"
},
{
"trust": 0.1,
"url": "https://tools.cisco.com/security/center/viewalert.x?alertid=60029"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/ilmari666/cybsec"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=securitypatches\u0026product=jboss.fuse\u0026version=6.3"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-10899"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-10899"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=jboss.amq.broker\u0026downloadtype=securitypatches\u0026version=6.3.0"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-10173"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10173"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_process_automation_manager/7.4/html/release_notes_for_red_hat_process_automation_manager_7.4/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=rhpam\u0026version=7.4.0"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/jackson-databind"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-15095"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14379"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7525"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-7489"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-5968"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-10237"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-17485"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.1/release_notes/ocp-4-1-rel"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-7525"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-7489"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12814"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-10237"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-5968"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12384"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-17485"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-15095"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12384"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12814"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12086"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14379"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-121941"
},
{
"db": "VULMON",
"id": "CVE-2018-12023"
},
{
"db": "BID",
"id": "105659"
},
{
"db": "PACKETSTORM",
"id": "154505"
},
{
"db": "PACKETSTORM",
"id": "153724"
},
{
"db": "PACKETSTORM",
"id": "152765"
},
{
"db": "PACKETSTORM",
"id": "153090"
},
{
"db": "PACKETSTORM",
"id": "154649"
},
{
"db": "PACKETSTORM",
"id": "152766"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-723"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014819"
},
{
"db": "NVD",
"id": "CVE-2018-12023"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-121941"
},
{
"db": "VULMON",
"id": "CVE-2018-12023"
},
{
"db": "BID",
"id": "105659"
},
{
"db": "PACKETSTORM",
"id": "154505"
},
{
"db": "PACKETSTORM",
"id": "153724"
},
{
"db": "PACKETSTORM",
"id": "152765"
},
{
"db": "PACKETSTORM",
"id": "153090"
},
{
"db": "PACKETSTORM",
"id": "154649"
},
{
"db": "PACKETSTORM",
"id": "152766"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-723"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014819"
},
{
"db": "NVD",
"id": "CVE-2018-12023"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-03-21T00:00:00",
"db": "VULHUB",
"id": "VHN-121941"
},
{
"date": "2019-03-21T00:00:00",
"db": "VULMON",
"id": "CVE-2018-12023"
},
{
"date": "2018-06-08T00:00:00",
"db": "BID",
"id": "105659"
},
{
"date": "2019-09-17T16:47:39",
"db": "PACKETSTORM",
"id": "154505"
},
{
"date": "2019-07-23T18:44:44",
"db": "PACKETSTORM",
"id": "153724"
},
{
"date": "2019-05-08T17:45:55",
"db": "PACKETSTORM",
"id": "152765"
},
{
"date": "2019-05-24T18:02:22",
"db": "PACKETSTORM",
"id": "153090"
},
{
"date": "2019-09-28T11:11:11",
"db": "PACKETSTORM",
"id": "154649"
},
{
"date": "2019-05-08T17:46:03",
"db": "PACKETSTORM",
"id": "152766"
},
{
"date": "2019-01-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201901-723"
},
{
"date": "2019-04-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-014819"
},
{
"date": "2019-03-21T16:00:12.407000",
"db": "NVD",
"id": "CVE-2018-12023"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-10-20T00:00:00",
"db": "VULHUB",
"id": "VHN-121941"
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2018-12023"
},
{
"date": "2019-07-17T07:00:00",
"db": "BID",
"id": "105659"
},
{
"date": "2021-04-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201901-723"
},
{
"date": "2019-04-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-014819"
},
{
"date": "2024-11-21T03:44:26.187000",
"db": "NVD",
"id": "CVE-2018-12023"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201901-723"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FasterXML jackson-databind Vulnerable to unreliable data deserialization",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014819"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201901-723"
}
],
"trust": 0.6
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.