Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
8.1
CVSSv3

CVE-2020-36182

Published: 07/01/2021 Updated: 13/09/2023
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 8.1 | Impact Score: 5.9 | Exploitability Score: 2.2
VMScore: 605
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Jackson-databind

Vulnerability Summary

FasterXML jackson-databind 2.x prior to 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

fasterxml jackson-databind

netapp cloud backup -

netapp service level manager -

debian debian linux 9.0

oracle webcenter portal 12.2.1.3.0

oracle primavera unifier 17.2

oracle application testing suite 13.3.0.1

oracle primavera unifier 18.8

oracle primavera unifier

oracle agile plm 9.3.6

oracle communications policy management 12.5.0

oracle primavera unifier 19.12

oracle webcenter portal 12.2.1.4.0

oracle communications billing and revenue management 12.0.0.3.0

oracle communications billing and revenue management 7.5.0.23.0

oracle communications services gatekeeper 7.0

oracle retail merchandising system 15.0.3

oracle communications evolved communications application server 7.1

oracle goldengate application adapters 19.1.0.0.0

oracle data integrator 12.2.1.4.0

oracle primavera unifier 20.12

oracle banking virtual account management 14.3.0

oracle insurance rules palette 11.0.2

oracle commerce platform

oracle commerce platform 11.2.0

oracle communications unified inventory management 7.4.1

oracle retail xstore point of service 16.0.6

oracle retail xstore point of service 17.0.4

oracle retail xstore point of service 18.0.3

oracle retail xstore point of service 19.0.2

oracle retail service backbone 15.0.3.1

oracle retail service backbone 14.1.3.2

oracle jd edwards enterpriseone tools

oracle jd edwards enterpriseone orchestrator

oracle insurance rules palette

oracle insurance policy administration

oracle insurance policy administration 11.0.2

oracle banking treasury management 4.4

oracle primavera gateway 20.12.0

oracle primavera gateway

oracle communications cloud native core unified data repository 1.4.0

oracle communications network charging and control 12.0.4.0.0

oracle communications convergent charging controller 12.0.4.0.0

oracle retail customer management and segmentation foundation

oracle autovue for agile product lifecycle management 21.0.2

oracle documaker 12.6.3

oracle documaker 12.6.4

oracle banking virtual account management 14.2.0

oracle banking virtual account management 14.5.0

oracle retail service backbone 16.0.3.0

oracle banking credit facilities process management 14.2

oracle banking credit facilities process management 14.3

oracle banking credit facilities process management 14.5

oracle banking corporate lending process management 14.2

oracle banking corporate lending process management 14.3

oracle banking corporate lending process management 14.5

oracle banking supply chain finance 14.2

oracle banking supply chain finance 14.3

oracle banking supply chain finance 14.5

oracle communications diameter signaling route

oracle communications session route manager

oracle communications session report manager

oracle communications pricing design center 12.0.0.4.0

oracle communications cloud native core policy 1.14.0

oracle communications instant messaging server 10.0.1.5.0

oracle communications offline mediation controller 12.0.0.3

oracle banking extensibility workbench 14.2

oracle banking extensibility workbench 14.3

oracle banking extensibility workbench 14.5

oracle communications element manager

oracle documaker 12.6.0

oracle blockchain platform

Vendor Advisories

Hitachi Security Advisories: Multiple Vulnerabilities in Cosminexus
Cosminexus Component Container contain the following vulnerabilities: CVE-2020-35490, CVE-2020-35491, CVE-2020-35728, CVE-2020-36179, CVE-2020-36180, CVE-2020-36181, CVE-2020-36182, CVE-2020-36183, CVE-2020-36184, CVE-2020-36185, CVE-2020-36186, CVE-2020-36187, CVE-2020-36188, CVE-2020-36189 Affected products and versions are listed below Ple ...

Github Repositories

https://github.com/Al1ex/CVE-2020-36179

CVE-2020-36179~82 Jackson-databind SSRF&RCE

Description CVE-2020-36179: FasterXML jackson-databind 2x before 29108 mishandles the interaction between serialization gadgets and typing, related to oaddorgapachecommonsdbcpcpdsadapterDriverAdapterCPDS CVE-2020-36180: FasterXML jackson-databind 2x before 29108 mishandles the interaction between serialization gadgets and typing, related to orgapachecommons

References

CWE-502https://github.com/FasterXML/jackson-databind/issues/3004https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062https://security.netapp.com/advisory/ntap-20210205-0005/https://lists.debian.org/debian-lts-announce/2021/04/msg00025.htmlhttps://www.oracle.com/security-alerts/cpuApr2021.htmlhttps://www.oracle.com//security-alerts/cpujul2021.htmlhttps://www.oracle.com/security-alerts/cpuoct2021.htmlhttps://www.oracle.com/security-alerts/cpujan2022.htmlhttps://www.oracle.com/security-alerts/cpuapr2022.htmlhttps://www.oracle.com/security-alerts/cpujul2022.htmlhttps://nvd.nist.govhttps://github.com/Al1ex/CVE-2020-36179https://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2021-128/index.html
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27977IMAPlocal usersCVE-2024-32038CVE-2023-49963CVE-2023-22869CVE-2024-31497localCVE-2024-2961
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook