CVE-2020-12022
published 2020-05-08CVE-2020-12022: Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. An improper validation vulnerability exists that could allow an attacker to inject specially…
PriorityP351critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.67%
73.9th percentile
Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. An improper validation vulnerability exists that could allow an attacker to inject specially crafted input into memory where it can be executed.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| advantech | webaccess | <= 8.4.4 | — |
| advantech | webaccess | — | — |
| fasterxml | jackson-databind | >= 0 < 2.4.2-3ubuntu0.1~esm2 | 2.4.2-3ubuntu0.1~esm2 |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Advantech WebAccess Node
cisa_ics·2020-05-07·CVSS 7.1
[HIGH] Advantech WebAccess Node
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Advantech WebAccess Node
Last RevisedMay 07, 2020
Alert CodeICSA-20-128-01
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low skill level to exploit
- Vendor: Advantech
- Equipment: WebAccess Node
- Vulnerabilities: Improper Validation of Array Index, Relative Path Traversal, SQL Injection, Stack-based Buffer Overflow, Heap-based Buffer Overflow, Out-of-bounds Read
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities may allow information disclosure, remote code execution, and compromise system availability.
## 3. TECHNICAL DETAI
GHSA
GHSA-rfp6-h7x3-4ggx: Advantech WebAccess Node, Version 8
ghsa_unreviewed·2022-05-24
CVE-2020-12022 [HIGH] GHSA-rfp6-h7x3-4ggx: Advantech WebAccess Node, Version 8
Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. An improper validation vulnerability exists that could allow an attacker to inject specially crafted input into memory where it can be executed.
OSV
jackson-databind vulnerabilities
osv·2021-03-15·CVSS 9.8
CVE-2018-11307 jackson-databind vulnerabilities
jackson-databind vulnerabilities
It was discovered that Jackson Databind incorrectly handled
deserialization. An attacker could possibly use this issue to obtain
sensitive information. (CVE-2018-11307, CVE-2019-12086, CVE-2019-12814)
It was discovered that Jackson Databind incorrectly handled
deserialization. An attacker could possibly use this issue to execute
arbitrary code or other unspecified impact. (CVE-2018-12022,
CVE-2018-12023, CVE-2018-14718, CVE-2018-14719, CVE-2018-19360,
CVE-2018-19361, CVE-2018-19362, CVE-2019-12384, CVE-2019-14379,
CVE-2019-14439, CVE-2019-14540, CVE-2019-16335, CVE-2019-16942,
CVE-2019-16943, CVE-2019-17267, CVE-2019-17531, CVE-2019-20330,
CVE-2020-10672, CVE-2020-10673, CVE-2020-10968, CVE-2020-10969,
CVE-2020-11111, CVE-2020-11112, CVE-2020-11113, CVE-2
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2020-05-08
Published