Search for vulnerabilities
Vulnerability details: VCID-n216-b3ud-aaas
Vulnerability ID VCID-n216-b3ud-aaas
Aliases CVE-2020-10672
GHSA-95cm-88f5-f2c7
Summary jackson-databind mishandles the interaction between serialization gadgets and typing
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (4)
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-96 Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')
CWE-502 Deserialization of Untrusted Data
System Score Found at
rhas Moderate https://access.redhat.com/errata/RHSA-2020:1644
rhas Important https://access.redhat.com/errata/RHSA-2020:2067
rhas Important https://access.redhat.com/errata/RHSA-2020:2333
rhas Important https://access.redhat.com/errata/RHSA-2020:3192
rhas Important https://access.redhat.com/errata/RHSA-2020:3196
rhas Important https://access.redhat.com/errata/RHSA-2020:3197
rhas Important https://access.redhat.com/errata/RHSA-2020:3461
rhas Important https://access.redhat.com/errata/RHSA-2020:3462
rhas Important https://access.redhat.com/errata/RHSA-2020:3463
rhas Important https://access.redhat.com/errata/RHSA-2020:3464
rhas Important https://access.redhat.com/errata/RHSA-2020:3501
rhas Important https://access.redhat.com/errata/RHSA-2020:3637
rhas Important https://access.redhat.com/errata/RHSA-2020:3638
rhas Important https://access.redhat.com/errata/RHSA-2020:3639
rhas Important https://access.redhat.com/errata/RHSA-2020:3642
rhas Important https://access.redhat.com/errata/RHSA-2020:3779
cvssv3 8.1 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10672.json
epss 0.00482 https://api.first.org/data/v1/epss?cve=CVE-2020-10672
epss 0.00482 https://api.first.org/data/v1/epss?cve=CVE-2020-10672
epss 0.00482 https://api.first.org/data/v1/epss?cve=CVE-2020-10672
epss 0.00482 https://api.first.org/data/v1/epss?cve=CVE-2020-10672
epss 0.00775 https://api.first.org/data/v1/epss?cve=CVE-2020-10672
epss 0.00775 https://api.first.org/data/v1/epss?cve=CVE-2020-10672
epss 0.00775 https://api.first.org/data/v1/epss?cve=CVE-2020-10672
epss 0.00775 https://api.first.org/data/v1/epss?cve=CVE-2020-10672
epss 0.00775 https://api.first.org/data/v1/epss?cve=CVE-2020-10672
epss 0.00775 https://api.first.org/data/v1/epss?cve=CVE-2020-10672
epss 0.00775 https://api.first.org/data/v1/epss?cve=CVE-2020-10672
epss 0.00775 https://api.first.org/data/v1/epss?cve=CVE-2020-10672
epss 0.00775 https://api.first.org/data/v1/epss?cve=CVE-2020-10672
epss 0.00775 https://api.first.org/data/v1/epss?cve=CVE-2020-10672
epss 0.00775 https://api.first.org/data/v1/epss?cve=CVE-2020-10672
epss 0.00775 https://api.first.org/data/v1/epss?cve=CVE-2020-10672
epss 0.4007 https://api.first.org/data/v1/epss?cve=CVE-2020-10672
epss 0.4007 https://api.first.org/data/v1/epss?cve=CVE-2020-10672
epss 0.4007 https://api.first.org/data/v1/epss?cve=CVE-2020-10672
epss 0.4007 https://api.first.org/data/v1/epss?cve=CVE-2020-10672
epss 0.4007 https://api.first.org/data/v1/epss?cve=CVE-2020-10672
epss 0.4007 https://api.first.org/data/v1/epss?cve=CVE-2020-10672
epss 0.4007 https://api.first.org/data/v1/epss?cve=CVE-2020-10672
epss 0.4007 https://api.first.org/data/v1/epss?cve=CVE-2020-10672
epss 0.4007 https://api.first.org/data/v1/epss?cve=CVE-2020-10672
epss 0.4007 https://api.first.org/data/v1/epss?cve=CVE-2020-10672
epss 0.4007 https://api.first.org/data/v1/epss?cve=CVE-2020-10672
epss 0.4007 https://api.first.org/data/v1/epss?cve=CVE-2020-10672
epss 0.4007 https://api.first.org/data/v1/epss?cve=CVE-2020-10672
epss 0.4007 https://api.first.org/data/v1/epss?cve=CVE-2020-10672
epss 0.4007 https://api.first.org/data/v1/epss?cve=CVE-2020-10672
epss 0.4007 https://api.first.org/data/v1/epss?cve=CVE-2020-10672
epss 0.4007 https://api.first.org/data/v1/epss?cve=CVE-2020-10672
epss 0.4007 https://api.first.org/data/v1/epss?cve=CVE-2020-10672
epss 0.4007 https://api.first.org/data/v1/epss?cve=CVE-2020-10672
epss 0.4007 https://api.first.org/data/v1/epss?cve=CVE-2020-10672
epss 0.4007 https://api.first.org/data/v1/epss?cve=CVE-2020-10672
epss 0.4007 https://api.first.org/data/v1/epss?cve=CVE-2020-10672
epss 0.4007 https://api.first.org/data/v1/epss?cve=CVE-2020-10672
epss 0.4007 https://api.first.org/data/v1/epss?cve=CVE-2020-10672
epss 0.4007 https://api.first.org/data/v1/epss?cve=CVE-2020-10672
epss 0.4007 https://api.first.org/data/v1/epss?cve=CVE-2020-10672
epss 0.4007 https://api.first.org/data/v1/epss?cve=CVE-2020-10672
epss 0.4007 https://api.first.org/data/v1/epss?cve=CVE-2020-10672
epss 0.4007 https://api.first.org/data/v1/epss?cve=CVE-2020-10672
epss 0.4007 https://api.first.org/data/v1/epss?cve=CVE-2020-10672
epss 0.4007 https://api.first.org/data/v1/epss?cve=CVE-2020-10672
epss 0.4007 https://api.first.org/data/v1/epss?cve=CVE-2020-10672
epss 0.4007 https://api.first.org/data/v1/epss?cve=CVE-2020-10672
epss 0.4007 https://api.first.org/data/v1/epss?cve=CVE-2020-10672
epss 0.4007 https://api.first.org/data/v1/epss?cve=CVE-2020-10672
epss 0.4007 https://api.first.org/data/v1/epss?cve=CVE-2020-10672
epss 0.4007 https://api.first.org/data/v1/epss?cve=CVE-2020-10672
epss 0.4007 https://api.first.org/data/v1/epss?cve=CVE-2020-10672
epss 0.4007 https://api.first.org/data/v1/epss?cve=CVE-2020-10672
epss 0.4007 https://api.first.org/data/v1/epss?cve=CVE-2020-10672
epss 0.4007 https://api.first.org/data/v1/epss?cve=CVE-2020-10672
epss 0.4007 https://api.first.org/data/v1/epss?cve=CVE-2020-10672
epss 0.4007 https://api.first.org/data/v1/epss?cve=CVE-2020-10672
epss 0.4007 https://api.first.org/data/v1/epss?cve=CVE-2020-10672
epss 0.4007 https://api.first.org/data/v1/epss?cve=CVE-2020-10672
epss 0.4007 https://api.first.org/data/v1/epss?cve=CVE-2020-10672
epss 0.4007 https://api.first.org/data/v1/epss?cve=CVE-2020-10672
epss 0.4007 https://api.first.org/data/v1/epss?cve=CVE-2020-10672
epss 0.4007 https://api.first.org/data/v1/epss?cve=CVE-2020-10672
epss 0.4007 https://api.first.org/data/v1/epss?cve=CVE-2020-10672
epss 0.4007 https://api.first.org/data/v1/epss?cve=CVE-2020-10672
epss 0.47931 https://api.first.org/data/v1/epss?cve=CVE-2020-10672
rhbs high https://bugzilla.redhat.com/show_bug.cgi?id=1815495
cvssv3.1_qr HIGH https://github.com/advisories/GHSA-95cm-88f5-f2c7
cvssv3.1 7.5 https://github.com/FasterXML/jackson-databind
generic_textual HIGH https://github.com/FasterXML/jackson-databind
cvssv3.1 8.1 https://github.com/FasterXML/jackson-databind/commit/08fbfacf89a4a4c026a6227a1b470ab7a13e2e88
generic_textual HIGH https://github.com/FasterXML/jackson-databind/commit/08fbfacf89a4a4c026a6227a1b470ab7a13e2e88
cvssv3.1 8.8 https://github.com/FasterXML/jackson-databind/commit/592872f4235c7f2a3280725278da55544032f72d
generic_textual HIGH https://github.com/FasterXML/jackson-databind/commit/592872f4235c7f2a3280725278da55544032f72d
cvssv3.1 8.8 https://github.com/FasterXML/jackson-databind/issues/2659
generic_textual HIGH https://github.com/FasterXML/jackson-databind/issues/2659
cvssv3.1 8.8 https://lists.debian.org/debian-lts-announce/2020/03/msg00027.html
generic_textual HIGH https://lists.debian.org/debian-lts-announce/2020/03/msg00027.html
cvssv3.1 8.8 https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
generic_textual HIGH https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
cvssv3.1 9.8 https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
generic_textual CRITICAL https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
cvssv2 6.8 https://nvd.nist.gov/vuln/detail/CVE-2020-10672
cvssv3 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-10672
cvssv3.1 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-10672
cvssv3.1 8.8 https://security.netapp.com/advisory/ntap-20200403-0002
generic_textual HIGH https://security.netapp.com/advisory/ntap-20200403-0002
cvssv3.1 9.8 https://www.oracle.com/security-alerts/cpujan2021.html
generic_textual CRITICAL https://www.oracle.com/security-alerts/cpujan2021.html
cvssv3.1 9.8 https://www.oracle.com/security-alerts/cpujul2020.html
generic_textual CRITICAL https://www.oracle.com/security-alerts/cpujul2020.html
cvssv3.1 9.8 https://www.oracle.com/security-alerts/cpuoct2020.html
generic_textual CRITICAL https://www.oracle.com/security-alerts/cpuoct2020.html
cvssv3.1 8.2 https://www.oracle.com/security-alerts/cpuoct2021.html
generic_textual HIGH https://www.oracle.com/security-alerts/cpuoct2021.html
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10672.json
https://api.first.org/data/v1/epss?cve=CVE-2020-10672
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10672
https://github.com/FasterXML/jackson-databind
https://github.com/FasterXML/jackson-databind/commit/08fbfacf89a4a4c026a6227a1b470ab7a13e2e88
https://github.com/FasterXML/jackson-databind/commit/592872f4235c7f2a3280725278da55544032f72d
https://github.com/FasterXML/jackson-databind/issues/2659
https://lists.debian.org/debian-lts-announce/2020/03/msg00027.html
https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
https://security.netapp.com/advisory/ntap-20200403-0002
https://security.netapp.com/advisory/ntap-20200403-0002/
https://www.oracle.com/security-alerts/cpujan2021.html
https://www.oracle.com/security-alerts/cpujul2020.html
https://www.oracle.com/security-alerts/cpuoct2020.html
https://www.oracle.com/security-alerts/cpuoct2021.html
1815495 https://bugzilla.redhat.com/show_bug.cgi?id=1815495
cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*
cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*
cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_contacts_server:8.0.0.4.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_contacts_server:8.0.0.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_contacts_server:8.0.0.5.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_contacts_server:8.0.0.5.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.7:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.1.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.7:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:*
cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.0.2.25:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.0.2.25:*:*:*:*:*:*:*
cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.1.0.15:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.1.0.15:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_service_backbone:14.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_service_backbone:14.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_service_backbone:15.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_service_backbone:15.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_service_backbone:16.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_service_backbone:16.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
CVE-2020-10672 https://nvd.nist.gov/vuln/detail/CVE-2020-10672
GHSA-95cm-88f5-f2c7 https://github.com/advisories/GHSA-95cm-88f5-f2c7
RHSA-2020:1644 https://access.redhat.com/errata/RHSA-2020:1644
RHSA-2020:2067 https://access.redhat.com/errata/RHSA-2020:2067
RHSA-2020:2333 https://access.redhat.com/errata/RHSA-2020:2333
RHSA-2020:3192 https://access.redhat.com/errata/RHSA-2020:3192
RHSA-2020:3196 https://access.redhat.com/errata/RHSA-2020:3196
RHSA-2020:3197 https://access.redhat.com/errata/RHSA-2020:3197
RHSA-2020:3461 https://access.redhat.com/errata/RHSA-2020:3461
RHSA-2020:3462 https://access.redhat.com/errata/RHSA-2020:3462
RHSA-2020:3463 https://access.redhat.com/errata/RHSA-2020:3463
RHSA-2020:3464 https://access.redhat.com/errata/RHSA-2020:3464
RHSA-2020:3501 https://access.redhat.com/errata/RHSA-2020:3501
RHSA-2020:3637 https://access.redhat.com/errata/RHSA-2020:3637
RHSA-2020:3638 https://access.redhat.com/errata/RHSA-2020:3638
RHSA-2020:3639 https://access.redhat.com/errata/RHSA-2020:3639
RHSA-2020:3642 https://access.redhat.com/errata/RHSA-2020:3642
RHSA-2020:3779 https://access.redhat.com/errata/RHSA-2020:3779
RHSA-2025:1746 https://access.redhat.com/errata/RHSA-2025:1746
USN-USN-4813-1 https://usn.ubuntu.com/USN-4813-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10672.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/FasterXML/jackson-databind
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/FasterXML/jackson-databind/commit/08fbfacf89a4a4c026a6227a1b470ab7a13e2e88
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://github.com/FasterXML/jackson-databind/commit/592872f4235c7f2a3280725278da55544032f72d
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://github.com/FasterXML/jackson-databind/issues/2659
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://lists.debian.org/debian-lts-announce/2020/03/msg00027.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2020-10672
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2020-10672
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2020-10672
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://security.netapp.com/advisory/ntap-20200403-0002
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.oracle.com/security-alerts/cpujan2021.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.oracle.com/security-alerts/cpujul2020.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.oracle.com/security-alerts/cpuoct2020.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N Found at https://www.oracle.com/security-alerts/cpuoct2021.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.75607
EPSS Score 0.00482
Published At Dec. 17, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.