Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
8.1
CVSSv3

CVE-2020-35728

Published: 27/12/2020 Updated: 07/11/2023
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 8.1 | Impact Score: 5.9 | Exploitability Score: 2.2
VMScore: 607
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Fasterxml

Vulnerability Summary

FasterXML jackson-databind 2.x prior to 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

fasterxml jackson-databind

debian debian linux 9.0

netapp service level manager -

oracle webcenter portal 12.2.1.3.0

oracle application testing suite 13.3.0.1

oracle primavera unifier

oracle agile plm 9.3.6

oracle communications policy management 12.5.0

oracle webcenter portal 12.2.1.4.0

oracle communications billing and revenue management 12.0.0.3.0

oracle communications billing and revenue management 7.5.0.23.0

oracle communications services gatekeeper 7.0

oracle retail merchandising system 15.0.3

oracle communications evolved communications application server 7.1

oracle goldengate application adapters 19.1.0.0.0

oracle data integrator 12.2.1.4.0

oracle primavera unifier 20.12

oracle banking virtual account management 14.3.0

oracle autovue 21.0.2

oracle insurance rules palette 11.0.2

oracle commerce platform

oracle commerce platform 11.2.0

oracle communications unified inventory management 7.4.1

oracle retail xstore point of service 16.0.6

oracle retail xstore point of service 17.0.4

oracle retail xstore point of service 18.0.3

oracle retail xstore point of service 19.0.2

oracle retail service backbone 15.0.3.1

oracle retail service backbone 14.1.3.2

oracle jd edwards enterpriseone tools

oracle jd edwards enterpriseone orchestrator

oracle insurance rules palette

oracle insurance policy administration

oracle insurance policy administration 11.0.2

oracle primavera gateway 20.12.0

oracle primavera gateway

oracle communications cloud native core unified data repository 1.4.0

oracle communications network charging and control 12.0.4.0.0

oracle communications convergent charging controller 12.0.4.0.0

oracle retail customer management and segmentation foundation

oracle banking virtual account management 14.2.0

oracle banking virtual account management 14.5.0

oracle retail service backbone 16.0.3.0

oracle banking credit facilities process management 14.2

oracle banking credit facilities process management 14.3

oracle banking credit facilities process management 14.5

oracle banking corporate lending process management 14.2

oracle banking corporate lending process management 14.3

oracle banking corporate lending process management 14.5

oracle banking supply chain finance 14.2

oracle banking supply chain finance 14.3

oracle banking supply chain finance 14.5

oracle banking treasury management 14.4

oracle communications diameter signaling route

oracle communications session route manager

oracle communications session report manager

oracle communications cloud native core policy 1.14.0

oracle banking extensibility workbench 14.2

oracle banking extensibility workbench 14.3

oracle banking extensibility workbench 14.5

oracle communications element manager

oracle blockchain platform

Vendor Advisories

Hitachi Security Advisories: Multiple Vulnerabilities in Cosminexus
Cosminexus Component Container contain the following vulnerabilities: CVE-2020-35490, CVE-2020-35491, CVE-2020-35728, CVE-2020-36179, CVE-2020-36180, CVE-2020-36181, CVE-2020-36182, CVE-2020-36183, CVE-2020-36184, CVE-2020-36185, CVE-2020-36186, CVE-2020-36187, CVE-2020-36188, CVE-2020-36189 Affected products and versions are listed below Ple ...

References

CWE-502https://github.com/FasterXML/jackson-databind/issues/2999https://security.netapp.com/advisory/ntap-20210129-0007/https://lists.debian.org/debian-lts-announce/2021/04/msg00025.htmlhttps://www.oracle.com/security-alerts/cpuApr2021.htmlhttps://www.oracle.com//security-alerts/cpujul2021.htmlhttps://www.oracle.com/security-alerts/cpuoct2021.htmlhttps://www.oracle.com/security-alerts/cpujan2022.htmlhttps://www.oracle.com/security-alerts/cpuapr2022.htmlhttps://www.oracle.com/security-alerts/cpujul2022.htmlhttps://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062https://nvd.nist.govhttps://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2021-128/index.html
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27977IMAPlocal usersCVE-2024-32038CVE-2023-49963CVE-2023-22869CVE-2024-31497localCVE-2024-2961
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook