V
Scaner-VS
ENRU
HomeCatalogSourcesCWECAPECATT&CKMitigationsProductsVendorsDocs
Back to catalog
CVE-2020-36186
DEB
HighConfirmedExploit available

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.t…

CVSS
8.1
High
EPSS
0.05
p91
Published
2020-01-01
Updated
2020-01-01
Description

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource.

Tags · CWE
Pre-auth
CWE-502
CAPEC-586
Affected products
Agile_plmApplication_testing_suiteAutovue_for_agile_product_lifecycle_managementBanking_corporate_lending_process_managementBanking_credit_facilities_process_managementBanking_extensibility_workbenchBanking_supply_chain_financeBanking_treasury_managementBanking_virtual_account_managementBlockchain_platform ≤ 21.1.2Commerce_platform 11.3.0–11.3.2Commerce_platformCommunications_billing_and_revenue_managementCommunications_cloud_native_core_policyCommunications_cloud_native_core_unified_data_repositoryCommunications_convergent_charging_controllerCommunications_diameter_signaling_route 8.0.0.0–8.5.0.0Communications_element_manager 8.2.0.0–8.2.4.0Communications_evolved_communications_application_serverCommunications_instant_messaging_serverCommunications_network_charging_and_controlCommunications_offline_mediation_controllerCommunications_policy_managementCommunications_pricing_design_centerCommunications_services_gatekeeperCommunications_session_report_manager 8.0.0.0–8.2.2.1Communications_session_route_manager 8.2.0.0–8.2.2.1Communications_unified_inventory_managementData_integratorDocumakerGoldengate_application_adaptersInsurance_policy_administration 11.1.0–11.3.0Insurance_policy_administrationInsurance_rules_palette 11.1.0–11.3.0Insurance_rules_paletteJd_edwards_enterpriseone_orchestrator < 9.2.5.3Jd_edwards_enterpriseone_tools < 9.2.5.3Primavera_gateway 17.12.0–17.12.11Primavera_gateway 18.8.0–18.8.11Primavera_gateway 19.12.0–19.12.10Primavera_gatewayPrimavera_unifier 17.7–17.12Primavera_unifierRetail_customer_management_and_segmentation_foundation 16.0–19.0Retail_merchandising_systemRetail_service_backboneRetail_xstore_point_of_serviceWebcenter_portal
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Timeline
2020-01-01
Published
2020-01-01
Updated
CVSS 3.1 breakdown
Attack Vector
AV: N
Network (N)
Attack Complexity
AC: H
High (H)
Privileges Required
PR: N
None (N)
User Interaction
UI: N
None (N)
Scope
S: U
Unchanged (U)
Confidentiality Impact
C: H
High (H)
Integrity Impact
I: H
High (H)
Availability Impact
A: H
High (H)
Exploit indicators
EPSS
0.052 · p91
Known exploited (KEV)
No
Known exploits — Сканер-ВС
CVE-2020-36186
github-poc · https://github.com/dawetmaster/CVE-2020-36186-jackson-databind-vulnerable
Enterprise
Affected products
Debian
Debian LinuxJackson-databind
Canonical
Jackson-databind
Oracle
Jd Edwards Enterpriseone ToolsRetail Xstore Point Of ServicePrimavera UnifierCommunications Cloud Native Core PolicyWebcenter PortalCommunications Billing And Revenue ManagementApplication Testing SuitePrimavera GatewayCommunications Instant Messaging ServerRetail Customer Management And Segmentation Foundation+31
Netapp
Cloud BackupService Level Manager
Fasterxml
Jackson-databind
ProductVendorStatus
jackson-databindTracked
jackson-databindTracked
jackson-databindTracked
jackson-databindTracked
jackson-databindTracked
jackson-databindTracked
jackson-databindTracked
jackson-databindTracked
jackson-databindTracked
jackson-databindTracked
jackson-databindTracked
jackson-databindTracked
jackson-databindTracked
jackson-databindTracked
agile_plm*Tracked
application_testing_suite*Tracked
autovue_for_agile_product_lifecycle_management*Tracked
banking_corporate_lending_process_management*Tracked
banking_credit_facilities_process_management*Tracked
banking_extensibility_workbench*Tracked
Showing first 20 of 59
Source databases
DEB
CVE
UBU
Related vulnerabilities
BDU:2021-02829