VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-amhg-ukhs-aaah

Essentials
Severities (130)
References (59)
Severity details (45)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-amhg-ukhs-aaah
Aliases	CVE-2018-11307 GHSA-qr7j-h6gg-jmgc
Summary	Deserialization of Untrusted Data in jackson-databind
Status	Published
Exploitability	0.5
Weighted Severity	9.0
Risk	4.5
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-502	Deserialization of Untrusted Data
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
rhas	Important	https://access.redhat.com/errata/RHSA-2019:0782
rhas	Important	https://access.redhat.com/errata/RHSA-2019:0877
rhas	Important	https://access.redhat.com/errata/RHSA-2019:1106
rhas	Important	https://access.redhat.com/errata/RHSA-2019:1107
rhas	Important	https://access.redhat.com/errata/RHSA-2019:1108
rhas	Important	https://access.redhat.com/errata/RHSA-2019:1140
rhas	Important	https://access.redhat.com/errata/RHSA-2019:1822
rhas	Important	https://access.redhat.com/errata/RHSA-2019:1823
rhas	Important	https://access.redhat.com/errata/RHSA-2019:2804
rhas	Important	https://access.redhat.com/errata/RHSA-2019:2858
rhas	Important	https://access.redhat.com/errata/RHSA-2019:3002
rhas	Important	https://access.redhat.com/errata/RHSA-2019:3140
rhas	Important	https://access.redhat.com/errata/RHSA-2019:3149
cvssv3.1	7.5	https://access.redhat.com/errata/RHSA-2019:3892
rhas	Important	https://access.redhat.com/errata/RHSA-2019:3892
ssvc	Track	https://access.redhat.com/errata/RHSA-2019:3892
rhas	Important	https://access.redhat.com/errata/RHSA-2019:4037
cvssv3	5.6	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11307.json
epss	0.01278	https://api.first.org/data/v1/epss?cve=CVE-2018-11307
epss	0.01278	https://api.first.org/data/v1/epss?cve=CVE-2018-11307
epss	0.01278	https://api.first.org/data/v1/epss?cve=CVE-2018-11307
epss	0.01278	https://api.first.org/data/v1/epss?cve=CVE-2018-11307
epss	0.01278	https://api.first.org/data/v1/epss?cve=CVE-2018-11307
epss	0.01278	https://api.first.org/data/v1/epss?cve=CVE-2018-11307
epss	0.01278	https://api.first.org/data/v1/epss?cve=CVE-2018-11307
epss	0.01278	https://api.first.org/data/v1/epss?cve=CVE-2018-11307
epss	0.01802	https://api.first.org/data/v1/epss?cve=CVE-2018-11307
epss	0.01802	https://api.first.org/data/v1/epss?cve=CVE-2018-11307
epss	0.01802	https://api.first.org/data/v1/epss?cve=CVE-2018-11307
epss	0.01802	https://api.first.org/data/v1/epss?cve=CVE-2018-11307
epss	0.12636	https://api.first.org/data/v1/epss?cve=CVE-2018-11307
epss	0.12636	https://api.first.org/data/v1/epss?cve=CVE-2018-11307
epss	0.12636	https://api.first.org/data/v1/epss?cve=CVE-2018-11307
epss	0.12636	https://api.first.org/data/v1/epss?cve=CVE-2018-11307
epss	0.12636	https://api.first.org/data/v1/epss?cve=CVE-2018-11307
epss	0.12636	https://api.first.org/data/v1/epss?cve=CVE-2018-11307
epss	0.12636	https://api.first.org/data/v1/epss?cve=CVE-2018-11307
epss	0.12636	https://api.first.org/data/v1/epss?cve=CVE-2018-11307
epss	0.12636	https://api.first.org/data/v1/epss?cve=CVE-2018-11307
epss	0.12636	https://api.first.org/data/v1/epss?cve=CVE-2018-11307
epss	0.12636	https://api.first.org/data/v1/epss?cve=CVE-2018-11307
epss	0.12636	https://api.first.org/data/v1/epss?cve=CVE-2018-11307
epss	0.12636	https://api.first.org/data/v1/epss?cve=CVE-2018-11307
epss	0.12636	https://api.first.org/data/v1/epss?cve=CVE-2018-11307
epss	0.12636	https://api.first.org/data/v1/epss?cve=CVE-2018-11307
epss	0.12636	https://api.first.org/data/v1/epss?cve=CVE-2018-11307
epss	0.12636	https://api.first.org/data/v1/epss?cve=CVE-2018-11307
epss	0.12636	https://api.first.org/data/v1/epss?cve=CVE-2018-11307
epss	0.12636	https://api.first.org/data/v1/epss?cve=CVE-2018-11307
epss	0.12636	https://api.first.org/data/v1/epss?cve=CVE-2018-11307
epss	0.12636	https://api.first.org/data/v1/epss?cve=CVE-2018-11307
epss	0.12636	https://api.first.org/data/v1/epss?cve=CVE-2018-11307
epss	0.12636	https://api.first.org/data/v1/epss?cve=CVE-2018-11307
epss	0.12636	https://api.first.org/data/v1/epss?cve=CVE-2018-11307
epss	0.12636	https://api.first.org/data/v1/epss?cve=CVE-2018-11307
epss	0.12636	https://api.first.org/data/v1/epss?cve=CVE-2018-11307
epss	0.12636	https://api.first.org/data/v1/epss?cve=CVE-2018-11307
epss	0.12636	https://api.first.org/data/v1/epss?cve=CVE-2018-11307
epss	0.12636	https://api.first.org/data/v1/epss?cve=CVE-2018-11307
epss	0.12636	https://api.first.org/data/v1/epss?cve=CVE-2018-11307
epss	0.12636	https://api.first.org/data/v1/epss?cve=CVE-2018-11307
epss	0.12636	https://api.first.org/data/v1/epss?cve=CVE-2018-11307
epss	0.12636	https://api.first.org/data/v1/epss?cve=CVE-2018-11307
epss	0.12636	https://api.first.org/data/v1/epss?cve=CVE-2018-11307
epss	0.12636	https://api.first.org/data/v1/epss?cve=CVE-2018-11307
epss	0.12636	https://api.first.org/data/v1/epss?cve=CVE-2018-11307
epss	0.12636	https://api.first.org/data/v1/epss?cve=CVE-2018-11307
epss	0.12636	https://api.first.org/data/v1/epss?cve=CVE-2018-11307
epss	0.12636	https://api.first.org/data/v1/epss?cve=CVE-2018-11307
epss	0.12636	https://api.first.org/data/v1/epss?cve=CVE-2018-11307
epss	0.12636	https://api.first.org/data/v1/epss?cve=CVE-2018-11307
epss	0.12636	https://api.first.org/data/v1/epss?cve=CVE-2018-11307
epss	0.12636	https://api.first.org/data/v1/epss?cve=CVE-2018-11307
epss	0.12636	https://api.first.org/data/v1/epss?cve=CVE-2018-11307
epss	0.12636	https://api.first.org/data/v1/epss?cve=CVE-2018-11307
epss	0.12636	https://api.first.org/data/v1/epss?cve=CVE-2018-11307
epss	0.12636	https://api.first.org/data/v1/epss?cve=CVE-2018-11307
epss	0.12636	https://api.first.org/data/v1/epss?cve=CVE-2018-11307
epss	0.12636	https://api.first.org/data/v1/epss?cve=CVE-2018-11307
epss	0.12636	https://api.first.org/data/v1/epss?cve=CVE-2018-11307
epss	0.12636	https://api.first.org/data/v1/epss?cve=CVE-2018-11307
epss	0.12636	https://api.first.org/data/v1/epss?cve=CVE-2018-11307
epss	0.16423	https://api.first.org/data/v1/epss?cve=CVE-2018-11307
epss	0.16423	https://api.first.org/data/v1/epss?cve=CVE-2018-11307
epss	0.16423	https://api.first.org/data/v1/epss?cve=CVE-2018-11307
epss	0.16423	https://api.first.org/data/v1/epss?cve=CVE-2018-11307
epss	0.29481	https://api.first.org/data/v1/epss?cve=CVE-2018-11307
rhbs	high	https://bugzilla.redhat.com/show_bug.cgi?id=1677341
cvssv3.1_qr	CRITICAL	https://github.com/advisories/GHSA-qr7j-h6gg-jmgc
cvssv3.1	7.5	https://github.com/FasterXML/jackson-databind
generic_textual	HIGH	https://github.com/FasterXML/jackson-databind
cvssv3.1	9.8	https://github.com/FasterXML/jackson-databind/commit/051bd5e447fbc9539e12a4fe90eb989dba0c656
generic_textual	CRITICAL	https://github.com/FasterXML/jackson-databind/commit/051bd5e447fbc9539e12a4fe90eb989dba0c656
cvssv3.1	9.8	https://github.com/FasterXML/jackson-databind/commit/27b4defc270454dea6842bd9279f17387eceb73
generic_textual	CRITICAL	https://github.com/FasterXML/jackson-databind/commit/27b4defc270454dea6842bd9279f17387eceb73
cvssv3.1	9.8	https://github.com/FasterXML/jackson-databind/commit/78e78738d69adcb59fdac9fc12d9053ce8809f3d
generic_textual	CRITICAL	https://github.com/FasterXML/jackson-databind/commit/78e78738d69adcb59fdac9fc12d9053ce8809f3d
cvssv3.1	9.8	https://github.com/FasterXML/jackson-databind/issues/2032
generic_textual	CRITICAL	https://github.com/FasterXML/jackson-databind/issues/2032
cvssv3.1	6.1	https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E
generic_textual	MODERATE	https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E
cvssv3.1	6.1	https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E
generic_textual	MODERATE	https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E
cvssv3.1	7.5	https://lists.apache.org/thread.html/7fcf88aff0d1deaa5c3c7be8d58c05ad7ad5da94b59065d8e7c50c5d@%3Cissues.lucene.apache.org%3E
generic_textual	HIGH	https://lists.apache.org/thread.html/7fcf88aff0d1deaa5c3c7be8d58c05ad7ad5da94b59065d8e7c50c5d@%3Cissues.lucene.apache.org%3E
cvssv3.1	6.1	https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E
generic_textual	MODERATE	https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E
cvssv3.1	6.1	https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E
generic_textual	MODERATE	https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E
cvssv3.1	6.1	https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E
generic_textual	MODERATE	https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E
cvssv3.1	6.1	https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E
generic_textual	MODERATE	https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E
cvssv3.1	8.8	https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
generic_textual	HIGH	https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
cvssv3.1	9.8	https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
generic_textual	CRITICAL	https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
cvssv3.1	9.8	https://nvd.nist.gov/vuln/detail/CVE-2017-7525
generic_textual	CRITICAL	https://nvd.nist.gov/vuln/detail/CVE-2017-7525
cvssv2	7.5	https://nvd.nist.gov/vuln/detail/CVE-2018-11307
cvssv3	9.8	https://nvd.nist.gov/vuln/detail/CVE-2018-11307
cvssv3.1	9.8	https://nvd.nist.gov/vuln/detail/CVE-2018-11307
cvssv3.1	9.8	https://www.oracle.com/security-alerts/cpuapr2020.html
generic_textual	CRITICAL	https://www.oracle.com/security-alerts/cpuapr2020.html
cvssv3.1	9.8	https://www.oracle.com/security-alerts/cpujan2020.html
generic_textual	CRITICAL	https://www.oracle.com/security-alerts/cpujan2020.html
cvssv3.1	9.8	https://www.oracle.com/security-alerts/cpuoct2020.html
generic_textual	CRITICAL	https://www.oracle.com/security-alerts/cpuoct2020.html
cvssv3.1	5.9	https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
generic_textual	MODERATE	https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11307.json
		https://api.first.org/data/v1/epss?cve=CVE-2018-11307
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11307
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12022
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12023
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14718
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14719
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14720
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14721
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19360
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19361
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19362
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12086
		https://github.com/FasterXML/jackson-databind
		https://github.com/FasterXML/jackson-databind/commit/051bd5e447fbc9539e12a4fe90eb989dba0c656
		https://github.com/FasterXML/jackson-databind/commit/27b4defc270454dea6842bd9279f17387eceb73
		https://github.com/FasterXML/jackson-databind/commit/78e78738d69adcb59fdac9fc12d9053ce8809f3d
		https://github.com/FasterXML/jackson-databind/issues/2032
		https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E
		https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E
		https://lists.apache.org/thread.html/7fcf88aff0d1deaa5c3c7be8d58c05ad7ad5da94b59065d8e7c50c5d@%3Cissues.lucene.apache.org%3E
		https://lists.apache.org/thread.html/7fcf88aff0d1deaa5c3c7be8d58c05ad7ad5da94b59065d8e7c50c5d%40%3Cissues.lucene.apache.org%3E
		https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E
		https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E
		https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E
		https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E
		https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
		https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
		https://nvd.nist.gov/vuln/detail/CVE-2017-7525
		https://www.oracle.com/security-alerts/cpuapr2020.html
		https://www.oracle.com/security-alerts/cpujan2020.html
		https://www.oracle.com/security-alerts/cpuoct2020.html
		https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
1677341		https://bugzilla.redhat.com/show_bug.cgi?id=1677341
cpe:2.3:a:fasterxml:jackson-databind::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:fasterxml:jackson-databind::::::::
cpe:2.3:a:oracle:clusterware:12.1.0.2.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:clusterware:12.1.0.2.0:::::::*
cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.2.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.2.0:::::::*
cpe:2.3:a:oracle:global_lifecycle_management_opatch::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:global_lifecycle_management_opatch::::::::
cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:17.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:17.0:::::::*
cpe:2.3:a:oracle:utilities_advanced_spatial_and_operational_analytics:2.7.0.1:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:utilities_advanced_spatial_and_operational_analytics:2.7.0.1:::::::*
cpe:2.3:a:redhat:openshift_container_platform:3.11:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:3.11:::::::*
CVE-2018-11307		https://nvd.nist.gov/vuln/detail/CVE-2018-11307
GHSA-qr7j-h6gg-jmgc		https://github.com/advisories/GHSA-qr7j-h6gg-jmgc
RHSA-2019:0782		https://access.redhat.com/errata/RHSA-2019:0782
RHSA-2019:0877		https://access.redhat.com/errata/RHSA-2019:0877
RHSA-2019:1106		https://access.redhat.com/errata/RHSA-2019:1106
RHSA-2019:1107		https://access.redhat.com/errata/RHSA-2019:1107
RHSA-2019:1108		https://access.redhat.com/errata/RHSA-2019:1108
RHSA-2019:1140		https://access.redhat.com/errata/RHSA-2019:1140
RHSA-2019:1822		https://access.redhat.com/errata/RHSA-2019:1822
RHSA-2019:1823		https://access.redhat.com/errata/RHSA-2019:1823
RHSA-2019:2804		https://access.redhat.com/errata/RHSA-2019:2804
RHSA-2019:2858		https://access.redhat.com/errata/RHSA-2019:2858
RHSA-2019:3002		https://access.redhat.com/errata/RHSA-2019:3002
RHSA-2019:3140		https://access.redhat.com/errata/RHSA-2019:3140
RHSA-2019:3149		https://access.redhat.com/errata/RHSA-2019:3149
RHSA-2019:3892		https://access.redhat.com/errata/RHSA-2019:3892
RHSA-2019:4037		https://access.redhat.com/errata/RHSA-2019:4037
USN-USN-4813-1		https://usn.ubuntu.com/USN-4813-1/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://access.redhat.com/errata/RHSA-2019:3892

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:30:15Z/ Found at https://access.redhat.com/errata/RHSA-2019:3892

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11307.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/FasterXML/jackson-databind

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/FasterXML/jackson-databind/commit/051bd5e447fbc9539e12a4fe90eb989dba0c656

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/FasterXML/jackson-databind/commit/27b4defc270454dea6842bd9279f17387eceb73

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/FasterXML/jackson-databind/commit/78e78738d69adcb59fdac9fc12d9053ce8809f3d

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/FasterXML/jackson-databind/issues/2032

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://lists.apache.org/thread.html/7fcf88aff0d1deaa5c3c7be8d58c05ad7ad5da94b59065d8e7c50c5d@%3Cissues.lucene.apache.org%3E

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2017-7525

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2018-11307

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Exploitability (E)

Access Vector (AV)

Access Complexity (AC)

Authentication (Au)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

partial

complete

none

partial

complete

none

partial

complete

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2018-11307

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2018-11307

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.oracle.com/security-alerts/cpuapr2020.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.oracle.com/security-alerts/cpujan2020.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.oracle.com/security-alerts/cpuoct2020.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.86126
EPSS Score	0.01278
Published At	Nov. 1, 2024, midnight

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.