Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
8.1
CVSSv3

CVE-2020-36189

Published: 06/01/2021 Updated: 13/09/2023
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 8.1 | Impact Score: 5.9 | Exploitability Score: 2.2
VMScore: 605
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Jackson-databind

Vulnerability Summary

FasterXML jackson-databind 2.x prior to 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

fasterxml jackson-databind

netapp cloud backup -

netapp service level manager -

debian debian linux 9.0

oracle webcenter portal 12.2.1.3.0

oracle application testing suite 13.3.0.1

oracle banking platform 2.6.2

oracle primavera unifier 18.8

oracle primavera unifier

oracle agile plm 9.3.6

oracle primavera unifier 19.12

oracle webcenter portal 12.2.1.4.0

oracle communications billing and revenue management 12.0.0.3.0

oracle communications billing and revenue management 7.5.0.23.0

oracle communications services gatekeeper 7.0

oracle retail merchandising system 15.0.3

oracle banking platform 2.7.0

oracle banking platform 2.7.1

oracle banking platform 2.9.0

oracle communications evolved communications application server 7.1

oracle goldengate application adapters 19.1.0.0.0

oracle retail service backbone 16.0.3

oracle banking platform 2.8.0

oracle primavera unifier 20.12

oracle banking virtual account management 14.3.0

oracle insurance rules palette 11.0.2

oracle communications interactive session recorder 6.3

oracle communications interactive session recorder 6.4

oracle commerce platform

oracle commerce platform 11.2.0

oracle communications diameter signaling router

oracle communications unified inventory management 7.4.1

oracle retail xstore point of service 16.0.6

oracle retail xstore point of service 17.0.4

oracle retail xstore point of service 18.0.3

oracle retail xstore point of service 19.0.2

oracle banking platform 2.10.0

oracle retail service backbone 15.0.3.1

oracle retail service backbone 14.1.3.2

oracle jd edwards enterpriseone orchestrator

oracle insurance rules palette

oracle insurance policy administration

oracle insurance policy administration 11.0.2

oracle primavera gateway 20.12.0

oracle primavera gateway

oracle communications cloud native core unified data repository 1.4.0

oracle communications network charging and control 12.0.4.0.0

oracle communications convergent charging controller 12.0.4.0.0

oracle retail customer management and segmentation foundation

oracle jd edwards enterpriseone tools

oracle autovue for agile product lifecycle management 21.0.2

oracle documaker 12.6.3

oracle documaker 12.6.4

oracle banking virtual account management 14.2.0

oracle banking virtual account management 14.5.0

oracle communications messaging server 8.1

oracle banking treasury management 14.4

oracle communications messaging server 8.0.2

oracle communications session route manager

oracle communications pricing design center 12.0.0.4.0

oracle communications cloud native core policy 1.14.0

oracle communications instant messaging server 10.0.1.5.0

oracle communications offline mediation controller 12.0.0.3

oracle blockchain platform

Vendor Advisories

Hitachi Security Advisories: Multiple Vulnerabilities in Cosminexus
Cosminexus Component Container contain the following vulnerabilities: CVE-2020-35490, CVE-2020-35491, CVE-2020-35728, CVE-2020-36179, CVE-2020-36180, CVE-2020-36181, CVE-2020-36182, CVE-2020-36183, CVE-2020-36184, CVE-2020-36185, CVE-2020-36186, CVE-2020-36187, CVE-2020-36188, CVE-2020-36189 Affected products and versions are listed below Ple ...

References

CWE-502https://github.com/FasterXML/jackson-databind/issues/2996https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062https://security.netapp.com/advisory/ntap-20210205-0005/https://lists.debian.org/debian-lts-announce/2021/04/msg00025.htmlhttps://www.oracle.com/security-alerts/cpuApr2021.htmlhttps://www.oracle.com//security-alerts/cpujul2021.htmlhttps://www.oracle.com/security-alerts/cpuoct2021.htmlhttps://www.oracle.com/security-alerts/cpujan2022.htmlhttps://www.oracle.com/security-alerts/cpuapr2022.htmlhttps://www.oracle.com/security-alerts/cpujul2022.htmlhttps://nvd.nist.govhttps://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2021-128/index.html
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30924CVE-2024-3400overflowCVE-2024-23528CVE-2024-21338CVE-2024-3818CVE-2024-23535NULL pointer dereferenceelevation of privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook