8.1
CVSSv3

CVE-2020-24616

Published: 25/08/2020 Updated: 07/11/2023
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 8.1 | Impact Score: 5.9 | Exploitability Score: 2.2
VMScore: 607
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Summary

FasterXML jackson-databind 2.x prior to 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

fasterxml jackson-databind

netapp active iq unified manager -

oracle application testing suite 13.3.0.1

oracle agile plm 9.3.6

oracle communications policy management 12.5.0

oracle communications diameter signaling router

oracle communications services gatekeeper 7.0

oracle communications evolved communications application server 7.1

oracle communications contacts server 8.0.0.5.0

oracle communications calendar server 8.0.0.4.0

oracle communications unified inventory management 7.4.1

oracle communications cloud native core unified data repository 1.4.0

oracle communications element manager

oracle autovue for agile product lifecycle management 21.0.2

oracle communications messaging server 8.1

oracle siebel ui framework

oracle banking supply chain finance 14.2

oracle banking supply chain finance 14.3

oracle banking supply chain finance 14.5

oracle identity manager connector 11.1.1.5.0

oracle communications contacts server 8.0

oracle communications calendar server 8.0

oracle banking liquidity management 14.3

oracle banking liquidity management 14.5

oracle banking liquidity management 14.2

oracle communications session report manager

oracle communications pricing design center 12.0.0.4.0

oracle communications instant messaging server 10.0.1.5.0

oracle communications offline mediation controller 12.0.0.3

oracle blockchain platform

debian debian linux 9.0

Vendor Advisories

Cosminexus Component Container contain the following vulnerabilities: CVE-2019-12086, CVE-2019-12384, CVE-2019-12814, CVE-2019-14379, CVE-2019-14439, CVE-2019-14540, CVE-2019-14892, CVE-2019-14893, CVE-2019-16335, CVE-2019-16942, CVE-2019-16943, CVE-2019-17267, CVE-2019-17531, CVE-2019-20330, CVE-2020-8840, CVE-2020-9546, CVE-2020-9547, CVE-20 ...

Github Repositories

cve-2020-24616 poc

cve-2020-24616-poc cve-2020-24616 poc java菜鸟写的第一个poc 参考了很多Jndi注入的Poc

Vulnerable dummy-application for checking different SCA tools

Приложение для обзора технических средств по компонентному анализу Приложение разработано в рамках разработки дипломной работы на тему "Аналитическое исследование программной защиты приложений от ата

Data Mart As A Service

Cubed Cubed is a self-serve data mart and funnel analysis pipeline management platform Table of Contents Background Install Configuration Usage Security Contribute License Background Do you find it difficult deriving insights from wide and sparse data sets, and want to only focus on data relevant to your needs? Do you want to study the user conversions across multiple inte

安全类各家文库大乱斗

SecBooks 各大文库公众号文章收集,部分文库使用gitbook部署;部分公众号使用杂散文章为主。 使用插件 "hide-element", "back-to-top-button", "-lunr", "-search", "search-pro", "splitter" #目录自动生成插件(book sm) npm install -g gitbook-summ

PoC in GitHub 2021 CVE-2021-1056 (2021-01-07) NVIDIA GPU Display Driver for Linux, all versions, contains a vulnerability in the kernel mode layer (nvidiako) in which it does not completely honor operating system file system permissions to provide GPU device-level isolation, which may lead to denial of service or information disclosure pokerfaceSad/CVE-2021-1056 CVE-2021-

PoC in GitHub 2020 CVE-2020-0014 (2020-02-13) It is possible for a malicious application to construct a TYPE_TOAST window manually and make that window clickable This could lead to a local escalation of privilege with no additional execution privileges needed User action is needed for exploitationProduct: AndroidVersions: Android-80 Android-81 Android-9 Android-10Android

PoC in GitHub 2020 CVE-2020-0014 It is possible for a malicious application to construct a TYPE_TOAST window manually and make that window clickable This could lead to a local escalation of privilege with no additional execution privileges needed User action is needed for exploitationProduct: AndroidVersions: Android-80 Android-81 Android-9 Android-10Android ID: A-1286745