VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-qhrk-7tpg-aaah

Essentials
Severities (108)
References (53)
Severity details (39)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-qhrk-7tpg-aaah
Aliases	CVE-2017-17485 GHSA-rfx6-vp9g-rh7v
Summary	High severity vulnerability that affects com.fasterxml.jackson.core:jackson-databind
Status	Published
Exploitability	0.5
Weighted Severity	9.0
Risk	4.5
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-502	Deserialization of Untrusted Data
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
rhas	Important	https://access.redhat.com/errata/RHSA-2018:0116
rhas	Important	https://access.redhat.com/errata/RHSA-2018:0342
rhas	Important	https://access.redhat.com/errata/RHSA-2018:0478
rhas	Important	https://access.redhat.com/errata/RHSA-2018:0479
rhas	Important	https://access.redhat.com/errata/RHSA-2018:0480
rhas	Important	https://access.redhat.com/errata/RHSA-2018:0481
rhas	Important	https://access.redhat.com/errata/RHSA-2018:1447
rhas	Important	https://access.redhat.com/errata/RHSA-2018:1448
rhas	Important	https://access.redhat.com/errata/RHSA-2018:1449
rhas	Important	https://access.redhat.com/errata/RHSA-2018:1450
rhas	Important	https://access.redhat.com/errata/RHSA-2018:1451
rhas	Important	https://access.redhat.com/errata/RHSA-2018:2930
rhas	Important	https://access.redhat.com/errata/RHSA-2019:1782
rhas	Important	https://access.redhat.com/errata/RHSA-2019:1797
rhas	Important	https://access.redhat.com/errata/RHSA-2019:2858
rhas	Important	https://access.redhat.com/errata/RHSA-2019:3149
cvssv3.1	7.5	https://access.redhat.com/errata/RHSA-2019:3892
rhas	Important	https://access.redhat.com/errata/RHSA-2019:3892
ssvc	Track	https://access.redhat.com/errata/RHSA-2019:3892
cvssv3	8.1	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17485.json
epss	0.13977	https://api.first.org/data/v1/epss?cve=CVE-2017-17485
epss	0.13977	https://api.first.org/data/v1/epss?cve=CVE-2017-17485
epss	0.13977	https://api.first.org/data/v1/epss?cve=CVE-2017-17485
epss	0.13977	https://api.first.org/data/v1/epss?cve=CVE-2017-17485
epss	0.13977	https://api.first.org/data/v1/epss?cve=CVE-2017-17485
epss	0.13977	https://api.first.org/data/v1/epss?cve=CVE-2017-17485
epss	0.13977	https://api.first.org/data/v1/epss?cve=CVE-2017-17485
epss	0.13977	https://api.first.org/data/v1/epss?cve=CVE-2017-17485
epss	0.13977	https://api.first.org/data/v1/epss?cve=CVE-2017-17485
epss	0.13977	https://api.first.org/data/v1/epss?cve=CVE-2017-17485
epss	0.13977	https://api.first.org/data/v1/epss?cve=CVE-2017-17485
epss	0.13977	https://api.first.org/data/v1/epss?cve=CVE-2017-17485
epss	0.21260	https://api.first.org/data/v1/epss?cve=CVE-2017-17485
epss	0.21260	https://api.first.org/data/v1/epss?cve=CVE-2017-17485
epss	0.21260	https://api.first.org/data/v1/epss?cve=CVE-2017-17485
epss	0.21260	https://api.first.org/data/v1/epss?cve=CVE-2017-17485
epss	0.73661	https://api.first.org/data/v1/epss?cve=CVE-2017-17485
epss	0.73661	https://api.first.org/data/v1/epss?cve=CVE-2017-17485
epss	0.73661	https://api.first.org/data/v1/epss?cve=CVE-2017-17485
epss	0.73661	https://api.first.org/data/v1/epss?cve=CVE-2017-17485
epss	0.73661	https://api.first.org/data/v1/epss?cve=CVE-2017-17485
epss	0.73661	https://api.first.org/data/v1/epss?cve=CVE-2017-17485
epss	0.73661	https://api.first.org/data/v1/epss?cve=CVE-2017-17485
epss	0.73661	https://api.first.org/data/v1/epss?cve=CVE-2017-17485
epss	0.77043	https://api.first.org/data/v1/epss?cve=CVE-2017-17485
epss	0.77043	https://api.first.org/data/v1/epss?cve=CVE-2017-17485
epss	0.77043	https://api.first.org/data/v1/epss?cve=CVE-2017-17485
epss	0.77043	https://api.first.org/data/v1/epss?cve=CVE-2017-17485
epss	0.77043	https://api.first.org/data/v1/epss?cve=CVE-2017-17485
epss	0.77043	https://api.first.org/data/v1/epss?cve=CVE-2017-17485
epss	0.77043	https://api.first.org/data/v1/epss?cve=CVE-2017-17485
epss	0.77043	https://api.first.org/data/v1/epss?cve=CVE-2017-17485
epss	0.77043	https://api.first.org/data/v1/epss?cve=CVE-2017-17485
epss	0.77043	https://api.first.org/data/v1/epss?cve=CVE-2017-17485
epss	0.77043	https://api.first.org/data/v1/epss?cve=CVE-2017-17485
epss	0.77043	https://api.first.org/data/v1/epss?cve=CVE-2017-17485
epss	0.77043	https://api.first.org/data/v1/epss?cve=CVE-2017-17485
epss	0.77043	https://api.first.org/data/v1/epss?cve=CVE-2017-17485
epss	0.77043	https://api.first.org/data/v1/epss?cve=CVE-2017-17485
epss	0.77043	https://api.first.org/data/v1/epss?cve=CVE-2017-17485
epss	0.77043	https://api.first.org/data/v1/epss?cve=CVE-2017-17485
epss	0.77043	https://api.first.org/data/v1/epss?cve=CVE-2017-17485
epss	0.77043	https://api.first.org/data/v1/epss?cve=CVE-2017-17485
epss	0.77043	https://api.first.org/data/v1/epss?cve=CVE-2017-17485
epss	0.77043	https://api.first.org/data/v1/epss?cve=CVE-2017-17485
epss	0.77043	https://api.first.org/data/v1/epss?cve=CVE-2017-17485
epss	0.77043	https://api.first.org/data/v1/epss?cve=CVE-2017-17485
epss	0.77043	https://api.first.org/data/v1/epss?cve=CVE-2017-17485
epss	0.77043	https://api.first.org/data/v1/epss?cve=CVE-2017-17485
epss	0.77043	https://api.first.org/data/v1/epss?cve=CVE-2017-17485
epss	0.77043	https://api.first.org/data/v1/epss?cve=CVE-2017-17485
rhbs	high	https://bugzilla.redhat.com/show_bug.cgi?id=1528565
cvssv3.1_qr	CRITICAL	https://github.com/advisories/GHSA-rfx6-vp9g-rh7v
cvssv3.1	7.5	https://github.com/FasterXML/jackson-databind
generic_textual	HIGH	https://github.com/FasterXML/jackson-databind
cvssv3.1	9.8	https://github.com/FasterXML/jackson-databind/commit/10fe7f17ea7c8da2a71e7a0c774b420a1d5c1b50
generic_textual	CRITICAL	https://github.com/FasterXML/jackson-databind/commit/10fe7f17ea7c8da2a71e7a0c774b420a1d5c1b50
cvssv3.1	9.8	https://github.com/FasterXML/jackson-databind/commit/2235894210c75f624a3d0cd60bfb0434a20a18bf
generic_textual	CRITICAL	https://github.com/FasterXML/jackson-databind/commit/2235894210c75f624a3d0cd60bfb0434a20a18bf
cvssv3.1	9.8	https://github.com/FasterXML/jackson-databind/commit/459107dccc9b3ea991af3e6ad0953e54b01ef7c1
generic_textual	CRITICAL	https://github.com/FasterXML/jackson-databind/commit/459107dccc9b3ea991af3e6ad0953e54b01ef7c1
cvssv3.1	9.8	https://github.com/FasterXML/jackson-databind/commit/4f16f67ebd22c7522fdbb8a7eb87e3026a807d61
generic_textual	CRITICAL	https://github.com/FasterXML/jackson-databind/commit/4f16f67ebd22c7522fdbb8a7eb87e3026a807d61
cvssv3.1	9.8	https://github.com/FasterXML/jackson-databind/commit/978798382ceb72229e5036aa1442943933d6d171
generic_textual	CRITICAL	https://github.com/FasterXML/jackson-databind/commit/978798382ceb72229e5036aa1442943933d6d171
cvssv3.1	9.8	https://github.com/FasterXML/jackson-databind/commit/bb45fb16709018842f858f1a6e1118676aaa34bd
generic_textual	CRITICAL	https://github.com/FasterXML/jackson-databind/commit/bb45fb16709018842f858f1a6e1118676aaa34bd
cvssv3.1	9.8	https://github.com/FasterXML/jackson-databind/commit/eb217dd0f87c5fb471e0668575644aa7eba9a3d3
generic_textual	CRITICAL	https://github.com/FasterXML/jackson-databind/commit/eb217dd0f87c5fb471e0668575644aa7eba9a3d3
cvssv3.1	9.8	https://github.com/FasterXML/jackson-databind/commit/f031f27a31625d07922bdd090664c69544200a5d
generic_textual	CRITICAL	https://github.com/FasterXML/jackson-databind/commit/f031f27a31625d07922bdd090664c69544200a5d
cvssv3.1	9.8	https://github.com/FasterXML/jackson-databind/issues/1855
generic_textual	CRITICAL	https://github.com/FasterXML/jackson-databind/issues/1855
cvssv3.1	9.8	https://github.com/irsl/jackson-rce-via-spel
generic_textual	CRITICAL	https://github.com/irsl/jackson-rce-via-spel
cvssv2	7.5	https://nvd.nist.gov/vuln/detail/CVE-2017-17485
cvssv3	9.8	https://nvd.nist.gov/vuln/detail/CVE-2017-17485
cvssv3.1	9.8	https://nvd.nist.gov/vuln/detail/CVE-2017-17485
cvssv3.1	9.8	https://security.netapp.com/advisory/ntap-20180201-0003
generic_textual	CRITICAL	https://security.netapp.com/advisory/ntap-20180201-0003
cvssv3.1	9.8	https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03902en_us
generic_textual	CRITICAL	https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03902en_us
cvssv3.1	9.8	https://web.archive.org/web/20200927162225/http://www.securityfocus.com/archive/1/541652/100/0/threaded
generic_textual	CRITICAL	https://web.archive.org/web/20200927162225/http://www.securityfocus.com/archive/1/541652/100/0/threaded
cvssv3.1	8.1	https://www.debian.org/security/2018/dsa-4114
generic_textual	HIGH	https://www.debian.org/security/2018/dsa-4114
cvssv3.1	9.8	https://www.oracle.com/security-alerts/cpuoct2020.html
generic_textual	CRITICAL	https://www.oracle.com/security-alerts/cpuoct2020.html

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17485.json
		https://api.first.org/data/v1/epss?cve=CVE-2017-17485
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17485
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5968
		https://github.com/FasterXML/jackson-databind
		https://github.com/FasterXML/jackson-databind/commit/10fe7f17ea7c8da2a71e7a0c774b420a1d5c1b50
		https://github.com/FasterXML/jackson-databind/commit/2235894210c75f624a3d0cd60bfb0434a20a18bf
		https://github.com/FasterXML/jackson-databind/commit/459107dccc9b3ea991af3e6ad0953e54b01ef7c1
		https://github.com/FasterXML/jackson-databind/commit/4f16f67ebd22c7522fdbb8a7eb87e3026a807d61
		https://github.com/FasterXML/jackson-databind/commit/978798382ceb72229e5036aa1442943933d6d171
		https://github.com/FasterXML/jackson-databind/commit/bb45fb16709018842f858f1a6e1118676aaa34bd
		https://github.com/FasterXML/jackson-databind/commit/eb217dd0f87c5fb471e0668575644aa7eba9a3d3
		https://github.com/FasterXML/jackson-databind/commit/f031f27a31625d07922bdd090664c69544200a5d
		https://github.com/FasterXML/jackson-databind/issues/1855
		https://github.com/irsl/jackson-rce-via-spel
		https://github.com/irsl/jackson-rce-via-spel/
		https://security.netapp.com/advisory/ntap-20180201-0003
		https://security.netapp.com/advisory/ntap-20180201-0003/
		https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03902en_us
		https://web.archive.org/web/20200927162225/http://www.securityfocus.com/archive/1/541652/100/0/threaded
		https://www.debian.org/security/2018/dsa-4114
		https://www.oracle.com/security-alerts/cpuoct2020.html
		http://www.securityfocus.com/archive/1/541652/100/0/threaded
		http://www.securityfocus.com/archive/1/archive/1/541652/100/0/threaded
1528565		https://bugzilla.redhat.com/show_bug.cgi?id=1528565
888318		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=888318
cpe:2.3:a:fasterxml:jackson-databind::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:fasterxml:jackson-databind::::::::
cpe:2.3:a:netapp:e-series_santricity_os_controller::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:e-series_santricity_os_controller::::::::
cpe:2.3:a:netapp:e-series_santricity_web_services_proxy:-:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:e-series_santricity_web_services_proxy:-:::::::*
cpe:2.3:a:netapp:oncommand_shift:-:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_shift:-:::::::*
cpe:2.3:a:netapp:snapcenter:-:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:snapcenter:-:::::::*
cpe:2.3:a:redhat:openshift_container_platform:3.11:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:3.11:::::::*
cpe:2.3:o:debian:debian_linux:8.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*
cpe:2.3:o:debian:debian_linux:9.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*
CVE-2017-17485		https://nvd.nist.gov/vuln/detail/CVE-2017-17485
GHSA-rfx6-vp9g-rh7v		https://github.com/advisories/GHSA-rfx6-vp9g-rh7v
RHSA-2018:0116		https://access.redhat.com/errata/RHSA-2018:0116
RHSA-2018:0342		https://access.redhat.com/errata/RHSA-2018:0342
RHSA-2018:0478		https://access.redhat.com/errata/RHSA-2018:0478
RHSA-2018:0479		https://access.redhat.com/errata/RHSA-2018:0479
RHSA-2018:0480		https://access.redhat.com/errata/RHSA-2018:0480
RHSA-2018:0481		https://access.redhat.com/errata/RHSA-2018:0481
RHSA-2018:1447		https://access.redhat.com/errata/RHSA-2018:1447
RHSA-2018:1448		https://access.redhat.com/errata/RHSA-2018:1448
RHSA-2018:1449		https://access.redhat.com/errata/RHSA-2018:1449
RHSA-2018:1450		https://access.redhat.com/errata/RHSA-2018:1450
RHSA-2018:1451		https://access.redhat.com/errata/RHSA-2018:1451
RHSA-2018:2930		https://access.redhat.com/errata/RHSA-2018:2930
RHSA-2019:1782		https://access.redhat.com/errata/RHSA-2019:1782
RHSA-2019:1797		https://access.redhat.com/errata/RHSA-2019:1797
RHSA-2019:2858		https://access.redhat.com/errata/RHSA-2019:2858
RHSA-2019:3149		https://access.redhat.com/errata/RHSA-2019:3149
RHSA-2019:3892		https://access.redhat.com/errata/RHSA-2019:3892

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://access.redhat.com/errata/RHSA-2019:3892

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:30:15Z/ Found at https://access.redhat.com/errata/RHSA-2019:3892

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17485.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/FasterXML/jackson-databind

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/FasterXML/jackson-databind/commit/10fe7f17ea7c8da2a71e7a0c774b420a1d5c1b50

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/FasterXML/jackson-databind/commit/2235894210c75f624a3d0cd60bfb0434a20a18bf

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/FasterXML/jackson-databind/commit/459107dccc9b3ea991af3e6ad0953e54b01ef7c1

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/FasterXML/jackson-databind/commit/4f16f67ebd22c7522fdbb8a7eb87e3026a807d61

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/FasterXML/jackson-databind/commit/978798382ceb72229e5036aa1442943933d6d171

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/FasterXML/jackson-databind/commit/bb45fb16709018842f858f1a6e1118676aaa34bd

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/FasterXML/jackson-databind/commit/eb217dd0f87c5fb471e0668575644aa7eba9a3d3

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/FasterXML/jackson-databind/commit/f031f27a31625d07922bdd090664c69544200a5d

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/FasterXML/jackson-databind/issues/1855

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/irsl/jackson-rce-via-spel

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2017-17485

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Exploitability (E)

Access Vector (AV)

Access Complexity (AC)

Authentication (Au)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

partial

complete

none

partial

complete

none

partial

complete

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2017-17485

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2017-17485

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://security.netapp.com/advisory/ntap-20180201-0003

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03902en_us

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://web.archive.org/web/20200927162225/http://www.securityfocus.com/archive/1/541652/100/0/threaded

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.debian.org/security/2018/dsa-4114

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.oracle.com/security-alerts/cpuoct2020.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.95807
EPSS Score	0.13977
Published At	Nov. 1, 2024, midnight

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.