CVE-2020-24616

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 25-08-2020 08:15

Last modified: - 12-05-2022 04:42

Total changes: - 16

Description

FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

High

Attack complexity

Network

Attack vector

High

Availability

High

Confidentiality

High

Integrity

None

Privileges required

Unchanged

Scope

None

User interaction

8.1

Base score

2.2

5.9

Exploitability score

Impact score

Verification logic

vendor=fasterxml AND product=jackson-databind AND versionStartIncluding=2.9.0 AND versionEndExcluding=2.9.10.6

vendor=netapp AND product=active_iq_unified_manager AND version=- AND target_software=vmware_vsphere

vendor=netapp AND product=active_iq_unified_manager AND version=- AND target_software=linux

vendor=netapp AND product=active_iq_unified_manager AND version=- AND target_software=windows

vendor=oracle AND product=application_testing_suite AND version=13.3.0.1

vendor=oracle AND product=agile_plm AND version=9.3.6

vendor=oracle AND product=communications_policy_management AND version=12.5.0

vendor=oracle AND product=communications_diameter_signaling_router AND versionEndIncluding=8.2.2 AND versionStartIncluding=8.0.0

vendor=oracle AND product=communications_services_gatekeeper AND version=7.0

vendor=oracle AND product=communications_evolved_communications_application_server AND version=7.1

vendor=oracle AND product=communications_contacts_server AND version=8.0.0.5.0

vendor=oracle AND product=communications_calendar_server AND version=8.0.0.4.0

vendor=oracle AND product=communications_unified_inventory_management AND version=7.4.1

vendor=oracle AND product=communications_cloud_native_core_unified_data_repository AND version=1.4.0

vendor=oracle AND product=autovue_for_agile_product_lifecycle_management AND version=21.0.2

vendor=oracle AND product=banking_liquidity_management AND version=14.2

vendor=oracle AND product=banking_liquidity_management AND version=14.3

vendor=oracle AND product=banking_liquidity_management AND version=14.5

vendor=oracle AND product=banking_supply_chain_finance AND version=14.2

vendor=oracle AND product=banking_supply_chain_finance AND version=14.3

vendor=oracle AND product=banking_supply_chain_finance AND version=14.5

vendor=oracle AND product=blockchain_platform AND versionEndExcluding=21.1.2

vendor=oracle AND product=communications_calendar_server AND version=8.0

vendor=oracle AND product=communications_contacts_server AND version=8.0

vendor=oracle AND product=communications_element_manager AND versionEndIncluding=8.2.4.0 AND versionStartIncluding=8.2.0

vendor=oracle AND product=communications_instant_messaging_server AND version=10.0.1.5.0

vendor=oracle AND product=communications_messaging_server AND version=8.1

vendor=oracle AND product=communications_offline_mediation_controller AND version=12.0.0.3

vendor=oracle AND product=communications_pricing_design_center AND version=12.0.0.4.0

vendor=oracle AND product=communications_session_report_manager AND versionEndIncluding=8.2.2.1 AND versionStartIncluding=8.0.0.0

vendor=oracle AND product=identity_manager_connector AND version=11.1.1.5.0

vendor=oracle AND product=siebel_ui_framework AND versionEndIncluding=21.2

vendor=Debian AND product=debian_linux AND version=9.0

Reference

Keywords

CVE-2020-24616

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2020-24616

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures