Russian Vulnerability Scanner Database

Back to List

BDU:2020-03616

Scores

EPSS

0.000none0.0%
0%20%40%60%80%100%

Percentile: 0.0%

CVSS

9.8critical3.x
0246810

CVSS Score: 9.8/10

All CVSS Scores

CVSS 3.x
9.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS 2.0
9.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Description

Уязвимость компонента br.com.anteros.dbcp.AnterosDBCPConfig Java-библиотеки для грамматического разбора JSON файлов jackson-databind связана с восстановлением в памяти недостоверных данных. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, вызвать отказ в обслуживании

Scaner-VS 7 — a modern vulnerability management solution

Uses this database for vulnerability detection. High-speed search, cross-platform, advanced configuration audit, and flexible filtering. Suitable for organizations of any size.
Learn more about Scaner-VS 7

Sources

bdu

Related Vulnerabilities

CVE-2020-9548

Exploits

Exploit ID: CVE-2020-9548

Source: github-poc

URL: https://github.com/fairyming/CVE-2020-9548

Reference Links

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9548
https://github.com/FasterXML/jackson-databind/issues/2634
https://lists.apache.org/thread.html/r35d30db00440ef63b791c4b7f7acb036e14d4a23afa2a249cb66c0fd
%3Cissues.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r9464a40d25c3ba1a55622db72f113eb494a889656962d098c70c5bb1
%3Cdev.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r98c9b6e4c9e17792e2cd1ec3e4aa20b61a791939046d3f10888176bb
%3Cissues.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/rb6fecb5e96a6d61e175ff49f33f2713798dd05cf03067c169d195596
%3Cissues.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/rd5a4457be4623038c3989294429bc063eec433a2e55995d81591e2ca
%3Cissues.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/rdd49ab9565bec436a896bc00c4b9fc9dce1598e106c318524fbdfec6
%3Cissues.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/rdd4df698d5d8e635144d2994922bf0842e933809eae259521f3b5097
%3Cissues.zookeeper.apache.org%3E
https://lists.debian.org/debian-lts-announce/2020/03/msg00008.html
https://medium.com/
cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
https://www.oracle.com/security-alerts/cpujul2020.html
https://www.oracle.com/security-alerts/cpujan2021.html
https://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023
https://abf.rosa.ru/advisories/ROSA-SA-2025-2629
https://redos.red-soft.ru/support/secure/uyazvimosti/mnozhestvennye-uyazvimosti-jackson-databind-cve-2020-9546-cve-2020-8840-cve-2020-9548-cve-2020-9547/?sphrase_id=1074012

Recommendations

Source: bdu

Использование рекомендаций:
Для jackson-databind:
https://github.com/FasterXML/jackson-databind/issues/2634

Для программных продуктов Oracle Corp.:
https://www.oracle.com/security-alerts/cpujul2020.html
https://www.oracle.com/security-alerts/cpujan2021.html

Для программных продуктов Red Hat Inc.:
https://access.redhat.com/security/cve/cve-2020-9548

Для Debian GNU/Linux:
https://lists.debian.org/debian-lts-announce/2020/03/msg00008.html

Для Astra Linux:
Обновление программного обеспечения (пакета jackson-databind) до 2.8.6-1+deb9u8 или более поздней версии

Для ОС ОН «Стрелец»:
Обновление программного обеспечения jackson-databind до версии 2.8.6-1+deb9u10

Для операционной системы РОСА ХРОМ: https://abf.rosa.ru/advisories/ROSA-SA-2025-2629

Для РЕД ОС:
https://redos.red-soft.ru/support/secure/uyazvimosti/mnozhestvennye-uyazvimosti-jackson-databind-cve-2020-9546-cve-2020-8840-cve-2020-9548-cve-2020-9547/?sphrase_id=1074012

URL: https://bdu.fstec.ru/vul/2020-03616

Vulnerable Software (330)

Type: Configuration

Vendor: fasterxml, llc

Product: jackson-databind

Operating System: astra 2.12

Trait: 
{  "version_end_excluding": "2.9.10.4",  "version_start_including": "2.0"}

Source: bdu

Type: Configuration

Vendor: fasterxml, llc

Product: jackson-databind

Operating System: red hat enterprise linux 8

Trait: 
{  "version_end_excluding": "2.9.10.4",  "version_start_including": "2.0"}

Source: bdu

Type: Configuration

Vendor: fasterxml, llc

Product: jackson-databind

Operating System: debian gnu/linux 8

Trait: 
{  "version_end_excluding": "2.9.10.4",  "version_start_including": "2.0"}

Source: bdu

Type: Configuration

Vendor: fasterxml, llc

Product: jackson-databind

Operating System: redos 7.3

Trait: 
{  "version_end_excluding": "2.9.10.4",  "version_start_including": "2.0"}

Source: bdu

Type: Configuration

Vendor: fasterxml, llc

Product: jackson-databind

Operating System: роса хром 12.4

Trait: 
{  "version_end_excluding": "2.9.10.4",  "version_start_including": "2.0"}

Source: bdu

Type: Configuration

Vendor: fasterxml, llc

Product: jackson-databind

Operating System: strelets *

Trait: 
{  "version_end_excluding": "2.9.10.4",  "version_start_including": "2.0"}

Source: bdu

Type: Configuration

Vendor: oracle corp.

Product: communications billing and revenue management

Operating System: astra 2.12

Trait: 
{  "version_exact": "7.5.0.23.0"}

Source: bdu

Type: Configuration

Vendor: oracle corp.

Product: communications billing and revenue management

Operating System: astra 2.12

Trait: 
{  "version_exact": "12.0.0.3.0"}

Source: bdu

Type: Configuration

Vendor: oracle corp.

Product: communications billing and revenue management

Operating System: red hat enterprise linux 8

Trait: 
{  "version_exact": "7.5.0.23.0"}

Source: bdu

Type: Configuration

Vendor: oracle corp.

Product: communications billing and revenue management

Operating System: red hat enterprise linux 8

Trait: 
{  "version_exact": "12.0.0.3.0"}

Source: bdu

Type: Configuration

Vendor: oracle corp.

Product: communications billing and revenue management

Operating System: debian gnu/linux 8

Trait: 
{  "version_exact": "7.5.0.23.0"}

Source: bdu

Type: Configuration

Vendor: oracle corp.

Product: communications billing and revenue management

Operating System: debian gnu/linux 8

Trait: 
{  "version_exact": "12.0.0.3.0"}

Source: bdu

Type: Configuration

Vendor: oracle corp.

Product: communications billing and revenue management

Operating System: redos 7.3

Trait: 
{  "version_exact": "7.5.0.23.0"}

Source: bdu

Type: Configuration

Vendor: oracle corp.

Product: communications billing and revenue management

Operating System: redos 7.3

Trait: 
{  "version_exact": "12.0.0.3.0"}

Source: bdu

Type: Configuration

Vendor: oracle corp.

Product: communications billing and revenue management

Operating System: роса хром 12.4

Trait: 
{  "version_exact": "7.5.0.23.0"}

Source: bdu

Type: Configuration

Vendor: oracle corp.

Product: communications billing and revenue management

Operating System: роса хром 12.4

Trait: 
{  "version_exact": "12.0.0.3.0"}

Source: bdu

Type: Configuration

Vendor: oracle corp.

Product: communications billing and revenue management

Operating System: strelets *

Trait: 
{  "version_exact": "7.5.0.23.0"}

Source: bdu

Type: Configuration

Vendor: oracle corp.

Product: communications billing and revenue management

Operating System: strelets *

Trait: 
{  "version_exact": "12.0.0.3.0"}

Source: bdu

Type: Configuration

Vendor: oracle corp.

Product: communications calendar server

Operating System: redos 7.3

Trait: 
{  "version_exact": "8.0.0.4.0"}

Source: bdu

Type: Configuration

Vendor: oracle corp.

Product: communications calendar server

Operating System: роса хром 12.4

Trait: 
{  "version_exact": "8.0.0.4.0"}

Source: bdu