Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
668
VMScore

CVE-2019-14379

Published: 29/07/2019 Updated: 07/11/2023
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Fasterxml

Vulnerability Summary

SubTypeValidator.java in FasterXML jackson-databind prior to 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code execution.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

fasterxml jackson-databind

debian debian linux 8.0

netapp snapcenter -

netapp oncommand workflow automation -

netapp service level manager -

netapp active iq unified manager

fedoraproject fedora 29

fedoraproject fedora 30

fedoraproject fedora 31

redhat jboss_enterprise_application_platform 7.2

redhat jboss_enterprise_application_platform 7.3

redhat openshift_container_platform 4.1

redhat single_sign-on 7.3

redhat openshift container platform 3.11

oracle retail xstore point of service 15.0

oracle primavera unifier 16.2

oracle banking platform 2.4.0

oracle retail xstore point of service 7.1

oracle jd edwards enterpriseone tools 9.2

oracle banking platform 2.4.1

oracle primavera gateway 16.2

oracle primavera gateway 15.2

oracle banking platform 2.5.0

oracle primavera unifier 16.1

oracle retail xstore point of service 16.0

oracle primavera gateway 17.12

oracle jd edwards enterpriseone orchestrator 9.2

oracle banking platform 2.6.0

oracle banking platform 2.6.1

oracle primavera unifier 18.8

oracle retail customer management and segmentation foundation 17.0

oracle primavera unifier

oracle siebel ui framework

oracle retail xstore point of service 17.0

oracle retail xstore point of service 18.0

oracle banking platform 2.7.0

oracle banking platform 2.7.1

oracle goldengate stream analytics

oracle communications diameter signaling router 8.2.1

oracle communications diameter signaling router 8.0.0

oracle communications diameter signaling router 8.1

oracle communications diameter signaling router 8.2

oracle financial services analytical applications infrastructure

oracle primavera gateway 18.8.0

oracle siebel engineering - installer \\& deployment

oracle communications instant messaging server 10.0.1.3.0

apple xcode

Vendor Advisories

Debian CVElist Bug Report Logs: jackson-databind: CVE-2019-14361 CVE-2019-14379
Debian Bug report logs - #933393 jackson-databind: CVE-2019-14361 CVE-2019-14379 Package: src:jackson-databind; Maintainer for src:jackson-databind is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 30 Jul 2019 08:45:06 UTC Sever ...
Red Hat: CVE-2019-14379
Impact: Important Public Date: 2019-07-23 CWE: CWE-502 Bugzilla: 1737517: CVE-2019-14379 jackson-databi ...
Red Hat: Important: rh-maven35-jackson-databind security update
Synopsis Important: rh-maven35-jackson-databind security update Type/Severity Security Advisory: Important Topic An update for rh-maven35-jackson-databind is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Important A Common Vulne ...
Red Hat: Important: Red Hat Process Automation Manager 7.5.0 Security Update
Synopsis Important: Red Hat Process Automation Manager 750 Security Update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat Process Automation ManagerRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scor ...
Red Hat: Important: Red Hat Decision Manager 7.5.0 Security Update
Synopsis Important: Red Hat Decision Manager 750 Security Update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat Decision ManagerRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) ba ...
Red Hat: Important: Red Hat Data Grid 7.3.3 security update
Synopsis Important: Red Hat Data Grid 733 security update Type/Severity Security Advisory: Important Topic An update for Red Hat Data Grid is now availableRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, whic ...
Red Hat: Important: Red Hat OpenShift Application Runtimes Vert.x 3.8.3 security update
Synopsis Important: Red Hat OpenShift Application Runtimes Vertx 383 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat OpenShift Application RuntimesRed Hat Product Security has rated this update as having a security impact of Important A Common Vul ...
Red Hat: Important: OpenShift Container Platform logging-elasticsearch5-container security update
Synopsis Important: OpenShift Container Platform logging-elasticsearch5-container security update Type/Severity Security Advisory: Important Topic An update for logging-elasticsearch5-container is now available for Red Hat OpenShift Container Platform 311Red Hat Product Security has rated this update as h ...
Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.4 on RHEL 6 Security update
Synopsis Important: Red Hat JBoss Enterprise Application Platform 724 on RHEL 6 Security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Enterprise Application Platform 72 for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as ...
Red Hat: Important: Red Hat Single Sign-On 7.3.4 security update on RHEL 7
Synopsis Important: Red Hat Single Sign-On 734 security update on RHEL 7 Type/Severity Security Advisory: Important Topic New Red Hat Single Sign-On 734 packages are now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Co ...
Red Hat: Important: Red Hat Single Sign-On 7.3.4 security update on RHEL 6
Synopsis Important: Red Hat Single Sign-On 734 security update on RHEL 6 Type/Severity Security Advisory: Important Topic New Red Hat Single Sign-On 734 packages are now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Important A Co ...
Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.4 on RHEL 8 security update
Synopsis Important: Red Hat JBoss Enterprise Application Platform 724 on RHEL 8 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Enterprise Application Platform 72 for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as ...
Red Hat: Important: Red Hat Single Sign-On 7.3.4 security update on RHEL 8
Synopsis Important: Red Hat Single Sign-On 734 security update on RHEL 8 Type/Severity Security Advisory: Important Topic New Red Hat Single Sign-On 734 packages are now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Important A Co ...
Red Hat: Important: Red Hat Single Sign-On 7.3.4 security update
Synopsis Important: Red Hat Single Sign-On 734 security update Type/Severity Security Advisory: Important Topic A security update is now available for Red Hat Single Sign-On 73 from the Customer PortalRed Hat Product Security has rated this update as having a security impact of Important A Common Vulne ...
Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.4 security update
Synopsis Important: Red Hat JBoss Enterprise Application Platform 724 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Enterprise Application Platform 72 for Red Hat Enterprise LinuxRed Hat Product Security has rated this update as having a se ...
Red Hat: Important: Red Hat Fuse 7.6.0 security update
Synopsis Important: Red Hat Fuse 760 security update Type/Severity Security Advisory: Important Topic A minor version update (from 75 to 76) is now available for Red Hat Fuse The purpose of this text-only errata is to inform you about the security issues fixed in this releaseRed Hat Product Security h ...
Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.4 on RHEL 7 security update
Synopsis Important: Red Hat JBoss Enterprise Application Platform 724 on RHEL 7 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Enterprise Application Platform 72 for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as ...
Red Hat: Important: OpenShift Container Platform 4.1.18 logging-elasticsearch5 security update
Synopsis Important: OpenShift Container Platform 4118 logging-elasticsearch5 security update Type/Severity Security Advisory: Important Topic An update for logging-elasticsearch5-container is now available for Red Hat OpenShift Container Platform 41Red Hat Product Security has rated this update as havin ...
Red Hat: Important: Red Hat OpenShift Application Runtimes Thorntail 2.5.0 security & bug fix update
Synopsis Important: Red Hat OpenShift Application Runtimes Thorntail 250 security & bug fix update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat OpenShift Application RuntimesRed Hat Product Security has rated this update as having a security impact of Import ...
Hitachi Security Advisories: Multiple Vulnerabilities in Cosminexus
Cosminexus Component Container contain the following vulnerabilities: CVE-2019-12086, CVE-2019-12384, CVE-2019-12814, CVE-2019-14379, CVE-2019-14439, CVE-2019-14540, CVE-2019-14892, CVE-2019-14893, CVE-2019-16335, CVE-2019-16942, CVE-2019-16943, CVE-2019-17267, CVE-2019-17531, CVE-2019-20330, CVE-2020-8840, CVE-2020-9546, CVE-2020-9547, CVE-20 ...
Hitachi Security Advisories: Multiple Vulnerabilities in Hitachi Ops Center Analyzer viewpoint
Multiple vulnerabilities have been found in Hitachi Ops Center Analyzer viewpoint CVE-2018-10054, CVE-2018-14335, CVE-2018-20200, CVE-2019-10086, CVE-2019-12086, CVE-2019-12384, CVE-2019-12814, CVE-2019-14379, CVE-2019-14439, CVE-2019-14540, CVE-2019-14892, CVE-2019-14893, CVE-2019-16335, CVE-2019-16942, CVE-2019-16943, CVE-2019-17267, CVE-2019- ...

Github Repositories

https://github.com/heike2718/commons

commonly used classes and functionality

commons commonly used classes and functionality Releases 420 common API for serverside loggs of client errors 410 moved RefreshAccessTokenPayload to authprovider 401 CVE-2019-14379, CVE-2019-14439 400 refreshToken aus Client-Authentisierung entfernt Es genügt ein kurzzeitig gültiges accessToken, welches über Server-Server-Kommunikation mittels ClientSecr

References

CWE-1321https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.9.1...jackson-databind-2.9.9.2https://github.com/FasterXML/jackson-databind/issues/2387https://lists.debian.org/debian-lts-announce/2019/08/msg00011.htmlhttps://security.netapp.com/advisory/ntap-20190814-0001/https://access.redhat.com/errata/RHSA-2019:2743https://access.redhat.com/errata/RHSA-2019:2858https://access.redhat.com/errata/RHSA-2019:2937https://access.redhat.com/errata/RHSA-2019:2936https://access.redhat.com/errata/RHSA-2019:2935https://access.redhat.com/errata/RHSA-2019:2938https://access.redhat.com/errata/RHSA-2019:2998https://access.redhat.com/errata/RHBA-2019:2824https://access.redhat.com/errata/RHSA-2019:3046https://access.redhat.com/errata/RHSA-2019:3045https://access.redhat.com/errata/RHSA-2019:3044https://access.redhat.com/errata/RHSA-2019:3050https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.htmlhttps://access.redhat.com/errata/RHSA-2019:3149https://access.redhat.com/errata/RHSA-2019:3292https://access.redhat.com/errata/RHSA-2019:3297https://access.redhat.com/errata/RHSA-2019:3200https://access.redhat.com/errata/RHSA-2019:3901https://www.oracle.com/security-alerts/cpujan2020.htmlhttps://access.redhat.com/errata/RHSA-2020:0727https://www.oracle.com/security-alerts/cpuapr2020.htmlhttps://www.oracle.com/security-alerts/cpujul2020.htmlhttps://www.oracle.com/security-alerts/cpuoct2020.htmlhttps://www.oracle.com/security-alerts/cpuApr2021.htmlhttps://support.apple.com/kb/HT213189http://seclists.org/fulldisclosure/2022/Mar/23https://lists.apache.org/thread.html/e25e734c315f70d8876a846926cfe3bfa1a4888044f146e844caf72f%40%3Ccommits.ambari.apache.org%3Ehttps://lists.apache.org/thread.html/f17f63b0f8a57e4a5759e01d25cffc0548f0b61ff5c6bfd704ad2f2a%40%3Ccommits.ambari.apache.org%3Ehttps://lists.apache.org/thread.html/525bcf949a4b0da87a375cbad2680b8beccde749522f24c49befe7fb%40%3Ccommits.pulsar.apache.org%3Ehttps://lists.apache.org/thread.html/0d4b630d9ee724aee50703397d9d1afa2b2befc9395ba7797d0ccea9%40%3Cdev.tomee.apache.org%3Ehttps://lists.apache.org/thread.html/56c8042873595b8c863054c7bfccab4bf2c01c6f5abedae249d914b9%40%3Cdev.tomee.apache.org%3Ehttps://lists.apache.org/thread.html/2d2a76440becb610b9a9cb49b15eac3934b02c2dbcaacde1000353e4%40%3Cdev.tomee.apache.org%3Ehttps://lists.apache.org/thread.html/34717424b4d08b74f65c09a083d6dd1cb0763f37a15d6de135998c1d%40%3Cdev.tomee.apache.org%3Ehttps://lists.apache.org/thread.html/ee0a051428d2c719acfa297d0854a189ea5e284ef3ed491fa672f4be%40%3Cdev.tomee.apache.org%3Ehttps://lists.apache.org/thread.html/5ecc333113b139429f4f05000d4aa2886974d4df3269c1dd990bb319%40%3Cdev.tomee.apache.org%3Ehttps://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef%40%3Cdev.struts.apache.org%3Ehttps://lists.apache.org/thread.html/5fc0e16b7af2590bf1e97c76c136291c4fdb244ee63c65c485c9a7a1%40%3Cdev.tomee.apache.org%3Ehttps://lists.apache.org/thread.html/87e46591de8925f719664a845572d184027258c5a7af0a471b53c77b%40%3Cdev.tomee.apache.org%3Ehttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UKUALE2TUCKEKOHE2D342PQXN4MWCSLC/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OVRZDN2T6AZ6DJCZJ3VSIQIVHBVMVWBL/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TXRVXNRFHJSQWFHPRJQRI5UPMZ63B544/https://lists.apache.org/thread.html/0fcef7321095ce0bc597d468d150cff3d647f4cb3aef3bd4d20e1c69%40%3Ccommits.tinkerpop.apache.org%3Ehttps://lists.apache.org/thread.html/859815b2e9f1575acbb2b260b73861c16ca49bca627fa0c46419051f%40%3Cissues.iceberg.apache.org%3Ehttps://lists.apache.org/thread.html/689c6bcc6c7612eee71e453a115a4c8581e7b718537025d4b265783d%40%3Cissues.iceberg.apache.org%3Ehttps://lists.apache.org/thread.html/2766188be238a446a250ef76801037d452979152d85bce5e46805815%40%3Cissues.iceberg.apache.org%3Ehttps://lists.apache.org/thread.html/75f482fdc84abe6d0c8f438a76437c335a7bbeb5cddd4d70b4bc0cbf%40%3Cissues.iceberg.apache.org%3Ehttps://lists.apache.org/thread.html/99944f86abefde389da9b4040ea2327c6aa0b53a2ff9352bd4cfec17%40%3Cissues.iceberg.apache.org%3Ehttps://lists.apache.org/thread.html/8723b52c2544e6cb804bc8a36622c584acd1bd6c53f2b6034c9fea54%40%3Cissues.iceberg.apache.org%3Ehttps://lists.apache.org/thread.html/d161ff3d59c5a8213400dd6afb1cce1fac4f687c32d1e0c0bfbfaa2d%40%3Cissues.iceberg.apache.org%3Ehttps://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3Ehttps://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3Ehttps://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3Ehttps://lists.apache.org/thread.html/6788e4c991f75b89d290ad06b463fcd30bcae99fee610345a35b7bc6%40%3Cissues.iceberg.apache.org%3Ehttps://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3Ehttps://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3Ehttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=933393https://nvd.nist.govhttps://github.com/heike2718/commonshttps://access.redhat.com/security/cve/cve-2019-14379
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4651CVE-2024-34255elevation of privilegeCVE-2024-25529CVE-2024-4671NULL pointer dereferenceCVE-2024-25527template injectionCVE-2008-0166
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook