Search for vulnerabilities
Vulnerability details: VCID-jshw-wv7j-aaac
Vulnerability ID VCID-jshw-wv7j-aaac
Aliases CVE-2018-7489
GHSA-cggj-fvv3-cqwv
Summary FasterXML jackson-databind allows unauthenticated remote code execution
Status Published
Exploitability 2.0
Weighted Severity 9.0
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (5)
CWE-184 Incomplete List of Disallowed Inputs
CWE-502 Deserialization of Untrusted Data
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-20 Improper Input Validation
System Score Found at
rhas Important https://access.redhat.com/errata/RHSA-2018:1447
rhas Important https://access.redhat.com/errata/RHSA-2018:1448
rhas Important https://access.redhat.com/errata/RHSA-2018:1449
rhas Important https://access.redhat.com/errata/RHSA-2018:1450
rhas Important https://access.redhat.com/errata/RHSA-2018:1451
rhas Moderate https://access.redhat.com/errata/RHSA-2018:1786
rhas Moderate https://access.redhat.com/errata/RHSA-2018:2088
rhas Moderate https://access.redhat.com/errata/RHSA-2018:2089
rhas Moderate https://access.redhat.com/errata/RHSA-2018:2090
rhas Moderate https://access.redhat.com/errata/RHSA-2018:2938
rhas Critical https://access.redhat.com/errata/RHSA-2018:2939
rhas Important https://access.redhat.com/errata/RHSA-2019:2858
rhas Important https://access.redhat.com/errata/RHSA-2019:3149
rhas Important https://access.redhat.com/errata/RHSA-2020:2562
cvssv3 8.1 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7489.json
epss 0.27829 https://api.first.org/data/v1/epss?cve=CVE-2018-7489
epss 0.27829 https://api.first.org/data/v1/epss?cve=CVE-2018-7489
epss 0.27829 https://api.first.org/data/v1/epss?cve=CVE-2018-7489
epss 0.27829 https://api.first.org/data/v1/epss?cve=CVE-2018-7489
epss 0.27829 https://api.first.org/data/v1/epss?cve=CVE-2018-7489
epss 0.27829 https://api.first.org/data/v1/epss?cve=CVE-2018-7489
epss 0.27829 https://api.first.org/data/v1/epss?cve=CVE-2018-7489
epss 0.27829 https://api.first.org/data/v1/epss?cve=CVE-2018-7489
epss 0.27829 https://api.first.org/data/v1/epss?cve=CVE-2018-7489
epss 0.4268 https://api.first.org/data/v1/epss?cve=CVE-2018-7489
epss 0.4268 https://api.first.org/data/v1/epss?cve=CVE-2018-7489
epss 0.4268 https://api.first.org/data/v1/epss?cve=CVE-2018-7489
epss 0.4268 https://api.first.org/data/v1/epss?cve=CVE-2018-7489
epss 0.4268 https://api.first.org/data/v1/epss?cve=CVE-2018-7489
epss 0.4268 https://api.first.org/data/v1/epss?cve=CVE-2018-7489
epss 0.4268 https://api.first.org/data/v1/epss?cve=CVE-2018-7489
epss 0.4268 https://api.first.org/data/v1/epss?cve=CVE-2018-7489
epss 0.4268 https://api.first.org/data/v1/epss?cve=CVE-2018-7489
epss 0.4268 https://api.first.org/data/v1/epss?cve=CVE-2018-7489
epss 0.4268 https://api.first.org/data/v1/epss?cve=CVE-2018-7489
epss 0.4268 https://api.first.org/data/v1/epss?cve=CVE-2018-7489
epss 0.4268 https://api.first.org/data/v1/epss?cve=CVE-2018-7489
epss 0.4268 https://api.first.org/data/v1/epss?cve=CVE-2018-7489
epss 0.4268 https://api.first.org/data/v1/epss?cve=CVE-2018-7489
epss 0.4268 https://api.first.org/data/v1/epss?cve=CVE-2018-7489
epss 0.4268 https://api.first.org/data/v1/epss?cve=CVE-2018-7489
epss 0.4268 https://api.first.org/data/v1/epss?cve=CVE-2018-7489
epss 0.4268 https://api.first.org/data/v1/epss?cve=CVE-2018-7489
epss 0.4268 https://api.first.org/data/v1/epss?cve=CVE-2018-7489
epss 0.4268 https://api.first.org/data/v1/epss?cve=CVE-2018-7489
epss 0.4268 https://api.first.org/data/v1/epss?cve=CVE-2018-7489
epss 0.4268 https://api.first.org/data/v1/epss?cve=CVE-2018-7489
epss 0.4268 https://api.first.org/data/v1/epss?cve=CVE-2018-7489
epss 0.4268 https://api.first.org/data/v1/epss?cve=CVE-2018-7489
epss 0.4268 https://api.first.org/data/v1/epss?cve=CVE-2018-7489
epss 0.4268 https://api.first.org/data/v1/epss?cve=CVE-2018-7489
epss 0.4268 https://api.first.org/data/v1/epss?cve=CVE-2018-7489
epss 0.4268 https://api.first.org/data/v1/epss?cve=CVE-2018-7489
epss 0.4268 https://api.first.org/data/v1/epss?cve=CVE-2018-7489
epss 0.4268 https://api.first.org/data/v1/epss?cve=CVE-2018-7489
epss 0.4268 https://api.first.org/data/v1/epss?cve=CVE-2018-7489
epss 0.4268 https://api.first.org/data/v1/epss?cve=CVE-2018-7489
epss 0.4268 https://api.first.org/data/v1/epss?cve=CVE-2018-7489
epss 0.4268 https://api.first.org/data/v1/epss?cve=CVE-2018-7489
epss 0.4268 https://api.first.org/data/v1/epss?cve=CVE-2018-7489
epss 0.4268 https://api.first.org/data/v1/epss?cve=CVE-2018-7489
epss 0.4268 https://api.first.org/data/v1/epss?cve=CVE-2018-7489
epss 0.4268 https://api.first.org/data/v1/epss?cve=CVE-2018-7489
epss 0.4268 https://api.first.org/data/v1/epss?cve=CVE-2018-7489
epss 0.4268 https://api.first.org/data/v1/epss?cve=CVE-2018-7489
epss 0.4268 https://api.first.org/data/v1/epss?cve=CVE-2018-7489
epss 0.60501 https://api.first.org/data/v1/epss?cve=CVE-2018-7489
epss 0.71919 https://api.first.org/data/v1/epss?cve=CVE-2018-7489
epss 0.71919 https://api.first.org/data/v1/epss?cve=CVE-2018-7489
epss 0.71919 https://api.first.org/data/v1/epss?cve=CVE-2018-7489
epss 0.71919 https://api.first.org/data/v1/epss?cve=CVE-2018-7489
epss 0.93666 https://api.first.org/data/v1/epss?cve=CVE-2018-7489
epss 0.93666 https://api.first.org/data/v1/epss?cve=CVE-2018-7489
epss 0.93666 https://api.first.org/data/v1/epss?cve=CVE-2018-7489
epss 0.93666 https://api.first.org/data/v1/epss?cve=CVE-2018-7489
epss 0.93666 https://api.first.org/data/v1/epss?cve=CVE-2018-7489
epss 0.93666 https://api.first.org/data/v1/epss?cve=CVE-2018-7489
epss 0.93666 https://api.first.org/data/v1/epss?cve=CVE-2018-7489
epss 0.93666 https://api.first.org/data/v1/epss?cve=CVE-2018-7489
epss 0.93666 https://api.first.org/data/v1/epss?cve=CVE-2018-7489
epss 0.93666 https://api.first.org/data/v1/epss?cve=CVE-2018-7489
cvssv3.1_qr CRITICAL https://github.com/advisories/GHSA-cggj-fvv3-cqwv
cvssv3.1 7.5 https://github.com/FasterXML/jackson-databind
generic_textual HIGH https://github.com/FasterXML/jackson-databind
cvssv3.1 9.8 https://github.com/FasterXML/jackson-databind/commit/60d459cedcf079c6106ae7da2ac562bc32dcabe1
generic_textual CRITICAL https://github.com/FasterXML/jackson-databind/commit/60d459cedcf079c6106ae7da2ac562bc32dcabe1
cvssv3.1 9.8 https://github.com/FasterXML/jackson-databind/commit/6799f8f10cc78e9af6d443ed6982d00a13f2e7d2
generic_textual CRITICAL https://github.com/FasterXML/jackson-databind/commit/6799f8f10cc78e9af6d443ed6982d00a13f2e7d2
cvssv3.1 9.8 https://github.com/FasterXML/jackson-databind/commit/bc22f90eb7f896ace9567598a99cb1ff6e0f9d9d
generic_textual CRITICAL https://github.com/FasterXML/jackson-databind/commit/bc22f90eb7f896ace9567598a99cb1ff6e0f9d9d
cvssv3.1 9.8 https://github.com/FasterXML/jackson-databind/commit/c921f0935d5e41bf206e702d8077a275ba1a6efc
generic_textual CRITICAL https://github.com/FasterXML/jackson-databind/commit/c921f0935d5e41bf206e702d8077a275ba1a6efc
cvssv3.1 9.8 https://github.com/FasterXML/jackson-databind/commit/ca2bfc86af82a1479112004b663ba74c760752e6
generic_textual CRITICAL https://github.com/FasterXML/jackson-databind/commit/ca2bfc86af82a1479112004b663ba74c760752e6
cvssv3.1 9.8 https://github.com/FasterXML/jackson-databind/commit/ddfddfba6414adbecaff99684ef66eebd3a92e92
generic_textual CRITICAL https://github.com/FasterXML/jackson-databind/commit/ddfddfba6414adbecaff99684ef66eebd3a92e92
cvssv3.1 9.8 https://github.com/FasterXML/jackson-databind/commit/e66c0a9d3c926ff1b63bf586c824ead1d02f2a3d
generic_textual CRITICAL https://github.com/FasterXML/jackson-databind/commit/e66c0a9d3c926ff1b63bf586c824ead1d02f2a3d
cvssv3.1 9.8 https://github.com/FasterXML/jackson-databind/commit/e8f043d1aac9b82eee907e0f0c3abbdea723a935
generic_textual CRITICAL https://github.com/FasterXML/jackson-databind/commit/e8f043d1aac9b82eee907e0f0c3abbdea723a935
cvssv3.1 9.8 https://github.com/FasterXML/jackson-databind/issues/1931
generic_textual CRITICAL https://github.com/FasterXML/jackson-databind/issues/1931
cvssv3.1 9.8 https://lists.apache.org/thread.html/r1d4a247329a8478073163567bbc8c8cb6b49c6bfc2bf58153a857af1@%3Ccommits.druid.apache.org%3E
generic_textual CRITICAL https://lists.apache.org/thread.html/r1d4a247329a8478073163567bbc8c8cb6b49c6bfc2bf58153a857af1@%3Ccommits.druid.apache.org%3E
cvssv3.1 7.5 https://lists.apache.org/thread.html/r1d4a247329a8478073163567bbc8c8cb6b49c6bfc2bf58153a857af1%40%3Ccommits.druid.apache.org%3E
generic_textual HIGH https://lists.apache.org/thread.html/r1d4a247329a8478073163567bbc8c8cb6b49c6bfc2bf58153a857af1%40%3Ccommits.druid.apache.org%3E
cvssv2 7.5 https://nvd.nist.gov/vuln/detail/CVE-2018-7489
cvssv3 9.8 https://nvd.nist.gov/vuln/detail/CVE-2018-7489
cvssv3.1 9.8 https://security.netapp.com/advisory/ntap-20180328-0001
generic_textual CRITICAL https://security.netapp.com/advisory/ntap-20180328-0001
cvssv3.1 9.8 https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03902en_us
generic_textual CRITICAL https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03902en_us
cvssv3.1 9.8 https://www.debian.org/security/2018/dsa-4190
generic_textual CRITICAL https://www.debian.org/security/2018/dsa-4190
cvssv3.1 9.8 https://www.oracle.com/security-alerts/cpuoct2020.html
generic_textual CRITICAL https://www.oracle.com/security-alerts/cpuoct2020.html
cvssv3.1 9.8 https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
generic_textual LOW https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
cvssv3.1 9.8 https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
generic_textual CRITICAL https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
cvssv3.1 5.9 https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
generic_textual MODERATE https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
cvssv3.1 9.8 http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
generic_textual CRITICAL http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
cvssv3.1 9.8 http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
generic_textual CRITICAL http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
cvssv3.1 5.9 http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
generic_textual MODERATE http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7489.json
https://api.first.org/data/v1/epss?cve=CVE-2018-7489
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7489
https://github.com/FasterXML/jackson-databind
https://github.com/FasterXML/jackson-databind/commit/60d459cedcf079c6106ae7da2ac562bc32dcabe1
https://github.com/FasterXML/jackson-databind/commit/6799f8f10cc78e9af6d443ed6982d00a13f2e7d2
https://github.com/FasterXML/jackson-databind/commit/bc22f90eb7f896ace9567598a99cb1ff6e0f9d9d
https://github.com/FasterXML/jackson-databind/commit/c921f0935d5e41bf206e702d8077a275ba1a6efc
https://github.com/FasterXML/jackson-databind/commit/ca2bfc86af82a1479112004b663ba74c760752e6
https://github.com/FasterXML/jackson-databind/commit/ddfddfba6414adbecaff99684ef66eebd3a92e92
https://github.com/FasterXML/jackson-databind/commit/e66c0a9d3c926ff1b63bf586c824ead1d02f2a3d
https://github.com/FasterXML/jackson-databind/commit/e8f043d1aac9b82eee907e0f0c3abbdea723a935
https://github.com/FasterXML/jackson-databind/issues/1931
https://lists.apache.org/thread.html/r1d4a247329a8478073163567bbc8c8cb6b49c6bfc2bf58153a857af1@%3Ccommits.druid.apache.org%3E
https://lists.apache.org/thread.html/r1d4a247329a8478073163567bbc8c8cb6b49c6bfc2bf58153a857af1%40%3Ccommits.druid.apache.org%3E
https://security.netapp.com/advisory/ntap-20180328-0001
https://security.netapp.com/advisory/ntap-20180328-0001/
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03902en_us
https://www.debian.org/security/2018/dsa-4190
https://www.oracle.com/security-alerts/cpuoct2020.html
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
http://www.securityfocus.com/bid/103203
http://www.securitytracker.com/id/1040693
http://www.securitytracker.com/id/1041890
891614 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891614
cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.4.19:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.4.19:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.1.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.1.2:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
CVE-2018-7489 https://nvd.nist.gov/vuln/detail/CVE-2018-7489
GHSA-cggj-fvv3-cqwv https://github.com/advisories/GHSA-cggj-fvv3-cqwv
RHEA-2018:2082 https://bugzilla.redhat.com/show_bug.cgi?id=1549276
RHSA-2018:1447 https://access.redhat.com/errata/RHSA-2018:1447
RHSA-2018:1448 https://access.redhat.com/errata/RHSA-2018:1448
RHSA-2018:1449 https://access.redhat.com/errata/RHSA-2018:1449
RHSA-2018:1450 https://access.redhat.com/errata/RHSA-2018:1450
RHSA-2018:1451 https://access.redhat.com/errata/RHSA-2018:1451
RHSA-2018:1786 https://access.redhat.com/errata/RHSA-2018:1786
RHSA-2018:2088 https://access.redhat.com/errata/RHSA-2018:2088
RHSA-2018:2089 https://access.redhat.com/errata/RHSA-2018:2089
RHSA-2018:2090 https://access.redhat.com/errata/RHSA-2018:2090
RHSA-2018:2938 https://access.redhat.com/errata/RHSA-2018:2938
RHSA-2018:2939 https://access.redhat.com/errata/RHSA-2018:2939
RHSA-2019:2858 https://access.redhat.com/errata/RHSA-2019:2858
RHSA-2019:3149 https://access.redhat.com/errata/RHSA-2019:3149
RHSA-2020:2562 https://access.redhat.com/errata/RHSA-2020:2562
No exploits are available.
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7489.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/FasterXML/jackson-databind
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/FasterXML/jackson-databind/commit/60d459cedcf079c6106ae7da2ac562bc32dcabe1
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/FasterXML/jackson-databind/commit/6799f8f10cc78e9af6d443ed6982d00a13f2e7d2
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/FasterXML/jackson-databind/commit/bc22f90eb7f896ace9567598a99cb1ff6e0f9d9d
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/FasterXML/jackson-databind/commit/c921f0935d5e41bf206e702d8077a275ba1a6efc
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/FasterXML/jackson-databind/commit/ca2bfc86af82a1479112004b663ba74c760752e6
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/FasterXML/jackson-databind/commit/ddfddfba6414adbecaff99684ef66eebd3a92e92
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/FasterXML/jackson-databind/commit/e66c0a9d3c926ff1b63bf586c824ead1d02f2a3d
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/FasterXML/jackson-databind/commit/e8f043d1aac9b82eee907e0f0c3abbdea723a935
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/FasterXML/jackson-databind/issues/1931
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://lists.apache.org/thread.html/r1d4a247329a8478073163567bbc8c8cb6b49c6bfc2bf58153a857af1@%3Ccommits.druid.apache.org%3E
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://lists.apache.org/thread.html/r1d4a247329a8478073163567bbc8c8cb6b49c6bfc2bf58153a857af1%40%3Ccommits.druid.apache.org%3E
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2018-7489
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2018-7489
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://security.netapp.com/advisory/ntap-20180328-0001
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03902en_us
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.debian.org/security/2018/dsa-4190
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.oracle.com/security-alerts/cpuoct2020.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Found at http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.96051
EPSS Score 0.27829
Published At April 2, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.