CVE-2018-19360: FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the axis2-transport-jms class from…

critical9.8CVSS 3.0

AVNACLPRNUINSUCHIHAH

FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the axis2-transport-jms class from polymorphic deserialization.

Affected

30 ranges· showing 25

Vendor	Product	Version range	Fixed in
debian	debian_linux	—	—
debian	jackson-databind	< jackson-databind 2.9.8-1 (bookworm)	jackson-databind 2.9.8-1 (bookworm)
fasterxml	jackson-databind	>= 0 < 2.9.8-1	2.9.8-1
fasterxml	jackson-databind	>= 0 < 2.9.8-1	2.9.8-1
fasterxml	jackson-databind	>= 0 < 2.9.8-1	2.9.8-1
fasterxml	jackson-databind	>= 0 < 2.9.8-1	2.9.8-1
fasterxml	jackson-databind	>= 0 < 2.4.2-3ubuntu0.1~esm2	2.4.2-3ubuntu0.1~esm2
fasterxml	jackson-databind	2.6.0 – 2.6.7.2	—
fasterxml	jackson-databind	>= 2.7.0 < 2.7.9.5	2.7.9.5
fasterxml	jackson-databind	>= 2.8.0 < 2.8.11.3	2.8.11.3
fasterxml	jackson-databind	>= 2.9.0 < 2.9.8	2.9.8
oracle	business_process_management_suite	—	—
oracle	business_process_management_suite	—	—
oracle	primavera_p6_enterprise_project_portfolio_management	—	—
oracle	primavera_p6_enterprise_project_portfolio_management	—	—
oracle	primavera_p6_enterprise_project_portfolio_management	—	—
oracle	primavera_p6_enterprise_project_portfolio_management	—	—
oracle	primavera_p6_enterprise_project_portfolio_management	—	—
oracle	primavera_p6_enterprise_project_portfolio_management	17.7 – 17.12	—
oracle	primavera_unifier	—	—
oracle	primavera_unifier	—	—
oracle	primavera_unifier	—	—
oracle	primavera_unifier	17.7 – 17.12	—
oracle	retail_workforce_management_software	—	—
oracle	webcenter_portal	—	—

CVSS provenance

nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

osv9.8CRITICAL