Search for vulnerabilities
Vulnerability details: VCID-hu2n-da94-aaae
Vulnerability ID VCID-hu2n-da94-aaae
Aliases CVE-2020-11620
GHSA-h4rc-386g-6m85
Summary jackson-databind mishandles the interaction between serialization gadgets and typing
Status Published
Exploitability 0.5
Weighted Severity 9.0
Risk 4.5
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-502 Deserialization of Untrusted Data
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
rhas Important https://access.redhat.com/errata/RHSA-2020:2067
rhas Important https://access.redhat.com/errata/RHSA-2020:2320
rhas Important https://access.redhat.com/errata/RHSA-2020:2565
rhas Important https://access.redhat.com/errata/RHSA-2020:3192
rhas Important https://access.redhat.com/errata/RHSA-2020:3196
rhas Important https://access.redhat.com/errata/RHSA-2020:3197
rhas Important https://access.redhat.com/errata/RHSA-2020:3779
rhas Moderate https://access.redhat.com/errata/RHSA-2020:5625
cvssv3 8.1 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-11620.json
epss 0.02079 https://api.first.org/data/v1/epss?cve=CVE-2020-11620
epss 0.02079 https://api.first.org/data/v1/epss?cve=CVE-2020-11620
epss 0.02079 https://api.first.org/data/v1/epss?cve=CVE-2020-11620
epss 0.02079 https://api.first.org/data/v1/epss?cve=CVE-2020-11620
epss 0.02241 https://api.first.org/data/v1/epss?cve=CVE-2020-11620
epss 0.02241 https://api.first.org/data/v1/epss?cve=CVE-2020-11620
epss 0.02241 https://api.first.org/data/v1/epss?cve=CVE-2020-11620
epss 0.02796 https://api.first.org/data/v1/epss?cve=CVE-2020-11620
epss 0.02796 https://api.first.org/data/v1/epss?cve=CVE-2020-11620
epss 0.02796 https://api.first.org/data/v1/epss?cve=CVE-2020-11620
epss 0.02796 https://api.first.org/data/v1/epss?cve=CVE-2020-11620
epss 0.02796 https://api.first.org/data/v1/epss?cve=CVE-2020-11620
epss 0.02796 https://api.first.org/data/v1/epss?cve=CVE-2020-11620
epss 0.02796 https://api.first.org/data/v1/epss?cve=CVE-2020-11620
epss 0.02796 https://api.first.org/data/v1/epss?cve=CVE-2020-11620
epss 0.02796 https://api.first.org/data/v1/epss?cve=CVE-2020-11620
epss 0.02796 https://api.first.org/data/v1/epss?cve=CVE-2020-11620
epss 0.02796 https://api.first.org/data/v1/epss?cve=CVE-2020-11620
epss 0.02796 https://api.first.org/data/v1/epss?cve=CVE-2020-11620
epss 0.02796 https://api.first.org/data/v1/epss?cve=CVE-2020-11620
epss 0.02796 https://api.first.org/data/v1/epss?cve=CVE-2020-11620
epss 0.02796 https://api.first.org/data/v1/epss?cve=CVE-2020-11620
epss 0.02796 https://api.first.org/data/v1/epss?cve=CVE-2020-11620
epss 0.02796 https://api.first.org/data/v1/epss?cve=CVE-2020-11620
epss 0.02796 https://api.first.org/data/v1/epss?cve=CVE-2020-11620
epss 0.02796 https://api.first.org/data/v1/epss?cve=CVE-2020-11620
epss 0.02796 https://api.first.org/data/v1/epss?cve=CVE-2020-11620
epss 0.02796 https://api.first.org/data/v1/epss?cve=CVE-2020-11620
epss 0.02796 https://api.first.org/data/v1/epss?cve=CVE-2020-11620
epss 0.02796 https://api.first.org/data/v1/epss?cve=CVE-2020-11620
epss 0.02796 https://api.first.org/data/v1/epss?cve=CVE-2020-11620
epss 0.02796 https://api.first.org/data/v1/epss?cve=CVE-2020-11620
epss 0.02796 https://api.first.org/data/v1/epss?cve=CVE-2020-11620
epss 0.02796 https://api.first.org/data/v1/epss?cve=CVE-2020-11620
epss 0.02796 https://api.first.org/data/v1/epss?cve=CVE-2020-11620
epss 0.02796 https://api.first.org/data/v1/epss?cve=CVE-2020-11620
epss 0.02796 https://api.first.org/data/v1/epss?cve=CVE-2020-11620
epss 0.02796 https://api.first.org/data/v1/epss?cve=CVE-2020-11620
epss 0.02796 https://api.first.org/data/v1/epss?cve=CVE-2020-11620
epss 0.02796 https://api.first.org/data/v1/epss?cve=CVE-2020-11620
epss 0.02796 https://api.first.org/data/v1/epss?cve=CVE-2020-11620
epss 0.02796 https://api.first.org/data/v1/epss?cve=CVE-2020-11620
epss 0.02796 https://api.first.org/data/v1/epss?cve=CVE-2020-11620
epss 0.02796 https://api.first.org/data/v1/epss?cve=CVE-2020-11620
epss 0.02796 https://api.first.org/data/v1/epss?cve=CVE-2020-11620
epss 0.02796 https://api.first.org/data/v1/epss?cve=CVE-2020-11620
epss 0.02796 https://api.first.org/data/v1/epss?cve=CVE-2020-11620
epss 0.02796 https://api.first.org/data/v1/epss?cve=CVE-2020-11620
epss 0.02796 https://api.first.org/data/v1/epss?cve=CVE-2020-11620
epss 0.02796 https://api.first.org/data/v1/epss?cve=CVE-2020-11620
epss 0.02796 https://api.first.org/data/v1/epss?cve=CVE-2020-11620
epss 0.02796 https://api.first.org/data/v1/epss?cve=CVE-2020-11620
epss 0.02796 https://api.first.org/data/v1/epss?cve=CVE-2020-11620
epss 0.02796 https://api.first.org/data/v1/epss?cve=CVE-2020-11620
epss 0.02796 https://api.first.org/data/v1/epss?cve=CVE-2020-11620
epss 0.02796 https://api.first.org/data/v1/epss?cve=CVE-2020-11620
epss 0.02796 https://api.first.org/data/v1/epss?cve=CVE-2020-11620
epss 0.02796 https://api.first.org/data/v1/epss?cve=CVE-2020-11620
epss 0.02796 https://api.first.org/data/v1/epss?cve=CVE-2020-11620
epss 0.02796 https://api.first.org/data/v1/epss?cve=CVE-2020-11620
epss 0.02796 https://api.first.org/data/v1/epss?cve=CVE-2020-11620
epss 0.02796 https://api.first.org/data/v1/epss?cve=CVE-2020-11620
epss 0.02796 https://api.first.org/data/v1/epss?cve=CVE-2020-11620
epss 0.02796 https://api.first.org/data/v1/epss?cve=CVE-2020-11620
epss 0.02796 https://api.first.org/data/v1/epss?cve=CVE-2020-11620
epss 0.02796 https://api.first.org/data/v1/epss?cve=CVE-2020-11620
epss 0.02796 https://api.first.org/data/v1/epss?cve=CVE-2020-11620
epss 0.02796 https://api.first.org/data/v1/epss?cve=CVE-2020-11620
epss 0.02796 https://api.first.org/data/v1/epss?cve=CVE-2020-11620
epss 0.02796 https://api.first.org/data/v1/epss?cve=CVE-2020-11620
epss 0.02796 https://api.first.org/data/v1/epss?cve=CVE-2020-11620
epss 0.02796 https://api.first.org/data/v1/epss?cve=CVE-2020-11620
epss 0.02796 https://api.first.org/data/v1/epss?cve=CVE-2020-11620
epss 0.04343 https://api.first.org/data/v1/epss?cve=CVE-2020-11620
epss 0.04343 https://api.first.org/data/v1/epss?cve=CVE-2020-11620
epss 0.04343 https://api.first.org/data/v1/epss?cve=CVE-2020-11620
epss 0.04343 https://api.first.org/data/v1/epss?cve=CVE-2020-11620
epss 0.04343 https://api.first.org/data/v1/epss?cve=CVE-2020-11620
epss 0.04343 https://api.first.org/data/v1/epss?cve=CVE-2020-11620
epss 0.04343 https://api.first.org/data/v1/epss?cve=CVE-2020-11620
epss 0.04343 https://api.first.org/data/v1/epss?cve=CVE-2020-11620
epss 0.04343 https://api.first.org/data/v1/epss?cve=CVE-2020-11620
epss 0.04343 https://api.first.org/data/v1/epss?cve=CVE-2020-11620
epss 0.05265 https://api.first.org/data/v1/epss?cve=CVE-2020-11620
rhbs high https://bugzilla.redhat.com/show_bug.cgi?id=1826798
cvssv3.1_qr HIGH https://github.com/advisories/GHSA-h4rc-386g-6m85
cvssv3.1 7.5 https://github.com/FasterXML/jackson-databind
generic_textual HIGH https://github.com/FasterXML/jackson-databind
cvssv3.1 8.1 https://github.com/FasterXML/jackson-databind/commit/08fbfacf89a4a4c026a6227a1b470ab7a13e2e88
generic_textual HIGH https://github.com/FasterXML/jackson-databind/commit/08fbfacf89a4a4c026a6227a1b470ab7a13e2e88
cvssv3.1 8.1 https://github.com/FasterXML/jackson-databind/commit/77040d85e3eb6710508e6445640ae1a3d5e60c22
generic_textual HIGH https://github.com/FasterXML/jackson-databind/commit/77040d85e3eb6710508e6445640ae1a3d5e60c22
cvssv3.1 8.1 https://github.com/FasterXML/jackson-databind/issues/2682
generic_textual HIGH https://github.com/FasterXML/jackson-databind/issues/2682
cvssv3.1 9.8 https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E
generic_textual CRITICAL https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E
cvssv3.1 9.8 https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E
generic_textual CRITICAL https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E
cvssv3.1 8.1 https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html
generic_textual HIGH https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html
cvssv3.1 8.8 https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
generic_textual HIGH https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
cvssv3.1 9.8 https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
generic_textual CRITICAL https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
cvssv2 6.8 https://nvd.nist.gov/vuln/detail/CVE-2020-11620
cvssv3 8.1 https://nvd.nist.gov/vuln/detail/CVE-2020-11620
cvssv3.1 8.1 https://nvd.nist.gov/vuln/detail/CVE-2020-11620
cvssv3.1 8.1 https://security.netapp.com/advisory/ntap-20200511-0004
generic_textual HIGH https://security.netapp.com/advisory/ntap-20200511-0004
cvssv3.1 9.8 https://www.oracle.com/security-alerts/cpujan2021.html
generic_textual CRITICAL https://www.oracle.com/security-alerts/cpujan2021.html
cvssv3.1 9.8 https://www.oracle.com/security-alerts/cpujul2020.html
generic_textual CRITICAL https://www.oracle.com/security-alerts/cpujul2020.html
cvssv3.1 9.8 https://www.oracle.com/security-alerts/cpuoct2020.html
generic_textual CRITICAL https://www.oracle.com/security-alerts/cpuoct2020.html
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-11620.json
https://api.first.org/data/v1/epss?cve=CVE-2020-11620
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11620
https://github.com/FasterXML/jackson-databind
https://github.com/FasterXML/jackson-databind/commit/08fbfacf89a4a4c026a6227a1b470ab7a13e2e88
https://github.com/FasterXML/jackson-databind/commit/77040d85e3eb6710508e6445640ae1a3d5e60c22
https://github.com/FasterXML/jackson-databind/issues/2682
https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E
https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E
https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html
https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
https://security.netapp.com/advisory/ntap-20200511-0004
https://security.netapp.com/advisory/ntap-20200511-0004/
https://www.oracle.com/security-alerts/cpujan2021.html
https://www.oracle.com/security-alerts/cpujul2020.html
https://www.oracle.com/security-alerts/cpuoct2020.html
1826798 https://bugzilla.redhat.com/show_bug.cgi?id=1826798
cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:linux:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:linux:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*
cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_contacts_server:8.0.0.4.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_contacts_server:8.0.0.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
CVE-2020-11620 https://nvd.nist.gov/vuln/detail/CVE-2020-11620
GHSA-h4rc-386g-6m85 https://github.com/advisories/GHSA-h4rc-386g-6m85
RHSA-2020:2067 https://access.redhat.com/errata/RHSA-2020:2067
RHSA-2020:2320 https://access.redhat.com/errata/RHSA-2020:2320
RHSA-2020:2565 https://access.redhat.com/errata/RHSA-2020:2565
RHSA-2020:3192 https://access.redhat.com/errata/RHSA-2020:3192
RHSA-2020:3196 https://access.redhat.com/errata/RHSA-2020:3196
RHSA-2020:3197 https://access.redhat.com/errata/RHSA-2020:3197
RHSA-2020:3779 https://access.redhat.com/errata/RHSA-2020:3779
RHSA-2020:5625 https://access.redhat.com/errata/RHSA-2020:5625
USN-USN-4813-1 https://usn.ubuntu.com/USN-4813-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-11620.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/FasterXML/jackson-databind
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/FasterXML/jackson-databind/commit/08fbfacf89a4a4c026a6227a1b470ab7a13e2e88
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/FasterXML/jackson-databind/commit/77040d85e3eb6710508e6445640ae1a3d5e60c22
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/FasterXML/jackson-databind/issues/2682
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2020-11620
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2020-11620
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2020-11620
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://security.netapp.com/advisory/ntap-20200511-0004
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.oracle.com/security-alerts/cpujan2021.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.oracle.com/security-alerts/cpujul2020.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.oracle.com/security-alerts/cpuoct2020.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.88771
EPSS Score 0.02079
Published At Dec. 17, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.