CVE-2019-17267

Aliases:GHSA-f3j5-rmmp-3fc5

Advisory lineage Upstream: 0 Downstream: 8

Downstream

DEBIAN-CVE-2019-17267 DLA-2030-1 MGASA-2021-0153 RHSA-2020:0159 RHSA-2020:0160 RHSA-2020:0161

Modified

Published: 06 Oct 2019, 23:08

Last modified:05 Aug 2024, 01:33

Vulnerability Summary

Overall Risk (default)

high

70/100

CVSS Score

9.8 CRITICAL

v3.1 (nvd)

EPSS Score

1.23% LOW

1% probability +0.03%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

06 Oct 2019, 23:08

Published

Vulnerability first disclosed

05 Aug 2024, 01:33

Last Modified

Vulnerability information updated

Description

A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to net.sf.ehcache.hibernate.EhcacheJtaTransactionManagerLookup.

CVSS Metrics

v3.1•CRITICAL•Score: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
v2.0•HIGH•Score: 7.5AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS Trends

Current EPSS score: 1.23%• Percentile: 79%

Techniques & Countermeasures

CWE-502•Deserialization of Untrusted Data
The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

Affected Systems

debian•debian_linux
8.0
fasterxml•jackson-databind
≥ 2.0.0, < 2.8.11.5 | ≥ 2.9.0, < 2.9.10
com.fasterxml.jackson.core•jackson-databind
≥ 2.9.0, < 2.9.10 | < 2.8.11.5
netapp•active_iq_unified_manager
≥ 7.3 | ≥ 9.5
netapp•oncommand_api_services
na
netapp•oncommand_workflow_automation
na
netapp•service_level_manager
na
netapp•steelstore_cloud_integrated_storage
na
oracle•customer_management_and_segmentation_foundation
< 18.0
oracle•goldengate_application_adapters
19.1.0.0.0
oracle•retail_customer_management_and_segmentation_foundation
17.0
Unknown•WebLogic Server
12.2.1.3.0
redhat•jboss_enterprise_application_platform
7.2 | 7.3