FasterXML jackson-databind 2.x prior to 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms).
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
fasterxml jackson-databind |
||
netapp active iq unified manager |
||
netapp steelstore cloud integrated storage - |
||
debian debian linux 8.0 |
||
oracle agile plm 9.3.6 |
||
oracle autovue for agile product lifecycle management 21.0.2 |
||
oracle banking digital experience 18.1 |
||
oracle banking digital experience 18.2 |
||
oracle banking digital experience 18.3 |
||
oracle banking digital experience 19.1 |
||
oracle banking digital experience 19.2 |
||
oracle banking digital experience 20.1 |
||
oracle communications calendar server 8.0.0.4.0 |
||
oracle communications contacts server 8.0.0.5.0 |
||
oracle communications diameter signaling router |
||
oracle communications element manager |
||
oracle communications evolved communications application server 7.1 |
||
oracle communications instant messaging server 10.0.1.4.0 |
||
oracle communications session report manager |
||
oracle communications session route manager |