CVE-2019-7489
published 2019-12-23CVE-2019-7489: A vulnerability in SonicWall Email Security appliance allow an unauthenticated user to perform remote code execution. This vulnerability affected Email…
PriorityP262critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
5.28%
91.5th percentile
A vulnerability in SonicWall Email Security appliance allow an unauthenticated user to perform remote code execution. This vulnerability affected Email Security Appliance version 10.0.2 and earlier.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sonicwall | email_security | — | — |
| sonicwall | email_security_appliance | <= 10.0.2 | — |
| sonicwall | email_security_appliance | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- ·Affected product and version: SonicWall Email Security Appliance version 10.0.2 and earlier are vulnerable to unauthenticated remote code execution. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
ghsa9.8CRITICAL
vendor_redhat9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
SonicWall
CVE-2019-7489: A vulnerability in SonicWall Email Security appliance allow an unauthenticated user to perform remote code execution. This vulnerability affected Emai
vendor_sonicwall·2019-12-23·CVSS 9.8
CVE-2019-7489 [CRITICAL] CWE-285 CVE-2019-7489: A vulnerability in SonicWall Email Security appliance allow an unauthenticated user to perform remote code execution. This vulnerability affected Emai
CVE-2019-7489: A vulnerability in SonicWall Email Security appliance allow an unauthenticated user to perform remote code execution. This vulnerability affected Email Security Appliance version 10.0.2 and earlier.
Red Hat
codehaus: incomplete fix for unsafe deserialization in jackson-databind vulnerabilities
vendor_redhat·2019-09-30·CVSS 9.8
CVE-2019-10202 [CRITICAL] CWE-502 codehaus: incomplete fix for unsafe deserialization in jackson-databind vulnerabilities
codehaus: incomplete fix for unsafe deserialization in jackson-databind vulnerabilities
A series of deserialization vulnerabilities have been discovered in Codehaus 1.9.x implemented in EAP 7. This CVE fixes CVE-2017-17485, CVE-2017-7525, CVE-2017-15095, CVE-2018-5968, CVE-2018-7489, CVE-2018-1000873, CVE-2019-12086 reported for FasterXML jackson-databind by implementing a whitelist approach that will mitigate these vulnerabilities and future ones alike.
Package: codehaus (Red Hat BPM Suite 6) - Out of support scope
Package: codehaus (Red Hat Decision Manager 7) - Not affected
Package: codehaus (Red Hat JBoss A-MQ 6) - Out of support scope
Package: codehaus (Red Hat JBoss BRMS 5) - Out of support scope
Package: codehaus (Red Hat JBoss BRMS 6) - Out of support scope
Package: codehaus
GHSA
GHSA-jm7g-2g23-xwrc: A vulnerability in SonicWall Email Security appliance allow an unauthenticated user to perform remote code execution
ghsa_unreviewed·2022-05-24
CVE-2019-7489 [HIGH] GHSA-jm7g-2g23-xwrc: A vulnerability in SonicWall Email Security appliance allow an unauthenticated user to perform remote code execution
A vulnerability in SonicWall Email Security appliance allow an unauthenticated user to perform remote code execution. This vulnerability affected Email Security Appliance version 10.0.2 and earlier.
GHSA
Deserialization of Untrusted Data in org.codehaus.jackson:jackson-mapper-asl
ghsa·2022-05-24·CVSS 9.8
CVE-2019-10202 [CRITICAL] CWE-502 Deserialization of Untrusted Data in org.codehaus.jackson:jackson-mapper-asl
Deserialization of Untrusted Data in org.codehaus.jackson:jackson-mapper-asl
A series of deserialization vulnerabilities have been discovered in Codehaus 1.9.x implemented in EAP 7. This CVE fixes CVE-2017-17485, CVE-2017-7525, CVE-2017-15095, CVE-2018-5968, CVE-2018-7489, CVE-2018-1000873, CVE-2019-12086 reported for FasterXML jackson-databind by implementing a whitelist approach that will mitigate these vulnerabilities and future ones alike.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2019-12-23
Published