BDU:2019-02896CriticalConfirmedExploit available
BDU
BDU
Data Bank of Information Security Threats
BDU ФСТЭК is the authoritative Russian source of vulnerability information, covering both international CVEs relevant to domestic software and unique Russian-disclosed issues. Entries contain severity, affected product lists (in Russian), and mitigation recommendations.
Region
RU
Updates
1 ч
License
Открытые данные
Russian federal catalog of vulnerabilities and threats maintained by FSTEC. Required for compliance with Russian information security regulations (Приказ №17, Приказ №21).
https://bdu.fstec.ru →Share link
Anyone with the link can open this vulnerability.
Уязвимость функции FasterXML Java-библиотеки для грамматического разбора JSON файлов jackson-databind связана с неспособностью заблокироват…
CVSS
9.8
Critical
EPSS
0.00
p0
Published
2019-01-01
Updated
2019-01-01
Description
Уязвимость функции FasterXML Java-библиотеки для грамматического разбора JSON файлов jackson-databind связана с неспособностью заблокировать класс axis2-transport-jms от полиморфной десериализации. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, оказать воздействие на целостность данных, получить доступ к конфиденциальным данным, а также вызвать отказ в обслуживании
Tags · CWE
Pre-auth
Affected products
Fasterxml, llc Jackson-databindFasterxml, llc Jackson-databindFasterxml, llc Jackson-databindFasterxml, llc Jackson-databindFasterxml, llc Jackson-databindFasterxml, llc Jackson-databindFasterxml, llc Jackson-databindOracle corp. Banking platformOracle corp. Banking platformOracle corp. Banking platformOracle corp. Banking platformOracle corp. Banking platformOracle corp. Banking platformOracle corp. Banking platformOracle corp. Business process management suiteOracle corp. Business process management suiteOracle corp. Business process management suiteOracle corp. Business process management suiteOracle corp. Business process management suiteOracle corp. Business process management suite
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Timeline
2019-01-01
Published
2019-01-01
Updated
CVSS 3.1 breakdown
Attack Vector
AV: N
Network (N)
Attack Complexity
AC: L
Low (L)
Privileges Required
PR: N
None (N)
User Interaction
UI: N
None (N)
Scope
S: U
Unchanged (U)
Confidentiality Impact
C: H
High (H)
Integrity Impact
I: H
High (H)
Availability Impact
A: H
High (H)
Exploit indicators
EPSS
0.000 · p0
Known exploited (KEV)
No
Known exploits — Сканер-ВС
CVE-2018-19360
github-poc · https://github.com/dawetmaster/CVE-2018-19360-jackson-databind-vulnerable
Affected products
Oracle
Jd Edwards Enterpriseone ToolsRetail Xstore Point Of ServicePrimavera UnifierFinancial Services Analytical Applications InfrastructureWebcenter PortalCommunications Billing And Revenue ManagementBanking PlatformPrimavera P6 Enterprise Project Portfolio ManagementPrimavera GatewayRetail Customer Management And Segmentation Foundation+11
| Product | Vendor | Status |
|---|---|---|
| jackson-databind | fasterxml, llc | Tracked |
| jackson-databind | fasterxml, llc | Tracked |
| jackson-databind | fasterxml, llc | Tracked |
| jackson-databind | fasterxml, llc | Tracked |
| jackson-databind | fasterxml, llc | Tracked |
| jackson-databind | fasterxml, llc | Tracked |
| jackson-databind | fasterxml, llc | Tracked |
| banking platform | oracle corp. | Tracked |
| banking platform | oracle corp. | Tracked |
| banking platform | oracle corp. | Tracked |
| banking platform | oracle corp. | Tracked |
| banking platform | oracle corp. | Tracked |
| banking platform | oracle corp. | Tracked |
| banking platform | oracle corp. | Tracked |
| business process management suite | oracle corp. | Tracked |
| business process management suite | oracle corp. | Tracked |
| business process management suite | oracle corp. | Tracked |
| business process management suite | oracle corp. | Tracked |
| business process management suite | oracle corp. | Tracked |
| business process management suite | oracle corp. | Tracked |
Showing first 20 of 357
Source databases
BDU
BDU
Data Bank of Information Security Threats
BDU ФСТЭК is the authoritative Russian source of vulnerability information, covering both international CVEs relevant to domestic software and unique Russian-disclosed issues. Entries contain severity, affected product lists (in Russian), and mitigation recommendations.
Region
RU
Updates
1 ч
License
Открытые данные
Russian federal catalog of vulnerabilities and threats maintained by FSTEC. Required for compliance with Russian information security regulations (Приказ №17, Приказ №21).
https://bdu.fstec.ru →Related vulnerabilities