V
Scaner-VS
ENRU
HomeCatalogSourcesCWECAPECATT&CKMitigationsProductsVendorsDocs
Back to catalog
CVE-2019-14439
DEB
HighConfirmedExploit available

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2. This occurs when Default Typing is enabled (eit…

CVSS
7.5
High
EPSS
0.11
p95
Published
2019-01-01
Updated
2019-01-01
Description

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2. This occurs when Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the logback jar in the classpath.

Tags · CWE
Pre-auth
CWE-502
CAPEC-586
Affected products
Banking_platformCommunications_diameter_signaling_routerCommunications_instant_messaging_serverFinancial_services_analytical_applications_infrastructure 8.0.2–8.0.8Global_lifecycle_management_opatch < 11.2.0.3.23Global_lifecycle_management_opatch 12.2.0.1.0–12.2.0.1.19Global_lifecycle_management_opatch 13.9.4.0.0–13.9.4.2.1Global_lifecycle_management_opatchGoldengate_stream_analytics < 19.1.0.0.1Jd_edwards_enterpriseone_orchestratorJd_edwards_enterpriseone_toolsPrimavera_gateway 17.7–17.12Primavera_gatewayRetail_customer_management_and_segmentation_foundationRetail_xstore_point_of_serviceSiebel_engineering_-_installer_\&_deployment ≤ 19.8Siebel_ui_framework ≤ 19.10
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Timeline
2019-01-01
Published
2019-01-01
Updated
CVSS 3.1 breakdown
Attack Vector
AV: N
Network (N)
Attack Complexity
AC: L
Low (L)
Privileges Required
PR: N
None (N)
User Interaction
UI: N
None (N)
Scope
S: U
Unchanged (U)
Confidentiality Impact
C: H
High (H)
Integrity Impact
I: N
None (N)
Availability Impact
A: N
None (N)
Exploit indicators
EPSS
0.108 · p95
Known exploited (KEV)
No
Known exploits — Сканер-ВС
CVE-2019-14439
github-poc · https://github.com/jas502n/CVE-2019-14439
Enterprise
Affected products
Debian
Debian LinuxJackson-databind
Canonical
Jackson-databind
Red Hat
Jboss Middleware Text-only Advisories
Oracle
Jd Edwards Enterpriseone ToolsRetail Xstore Point Of ServiceFinancial Services Analytical Applications InfrastructureCommunications Diameter Signaling RouterBanking PlatformPrimavera GatewayCommunications Instant Messaging ServerSiebel Ui FrameworkRetail Customer Management And Segmentation FoundationJd Edwards Enterpriseone Orchestrator+3
Fedoraproject
Fedora
Apache
Drill
Fasterxml
Jackson-databind
ProductVendorStatus
jackson-databindTracked
jackson-databindTracked
jackson-databindTracked
jackson-databindTracked
jackson-databindTracked
jackson-databindTracked
jackson-databindTracked
jackson-databindTracked
jackson-databindTracked
jackson-databindTracked
jackson-databindTracked
jackson-databindTracked
jackson-databindTracked
jackson-databindTracked
jackson-databindTracked
jackson-databindTracked
jackson-databindTracked
jackson-databindTracked
banking_platform*Tracked
communications_diameter_signaling_router*Tracked
Showing first 20 of 36
Source databases
DEB
CVE
UBU
Related vulnerabilities
BDU:2019-04086