CVE-2018-19361

Published Jan 2, 2019

Last updated a year ago

CVSS critical 9.8

Overview

Description: FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the openjpa class from polymorphic deserialization.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 3.0

Type: Primary
Base score: 9.8
Impact score: 5.9
Exploitability score: 3.9
Vector string: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL

CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-502

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5128ECDA-6F9A-42AC-9063-CDFC4C256537",
            "versionEndIncluding": "2.6.7.2",
            "versionStartIncluding": "2.6.0"
          },
          {
            "criteria": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B99066EB-FF79-4D9D-9466-B04AD4D3A814",
            "versionEndExcluding": "2.7.9.5",
            "versionStartIncluding": "2.7.0"
          },
          {
            "criteria": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F4D3858C-DAF3-4522-90EC-EFCD13BD121E",
            "versionEndExcluding": "2.8.11.3",
            "versionStartIncluding": "2.8.0"
          },
          {
            "criteria": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E92778FA-5912-46E8-A33B-4BD14935647B",
            "versionEndExcluding": "2.9.8",
            "versionStartIncluding": "2.9.0"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"
          },
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:oracle:business_process_management_suite:12.1.3.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B887E174-57AB-449D-AEE4-82DD1A3E5C84"
          },
          {
            "criteria": "cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E869C417-C0E6-4FC3-B406-45598A1D1906"
          },
          {
            "criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7A1E1023-2EB9-4334-9B74-CA71480F71C2",
            "versionEndIncluding": "17.12",
            "versionStartIncluding": "17.7"
          },
          {
            "criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:15.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "93A4E178-0082-45C5-BBC0-0A4E51C8B1DE"
          },
          {
            "criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:15.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3F021C23-AB9B-4877-833F-D01359A98762"
          },
          {
            "criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:16.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2F8ED016-32A1-42EE-844E-3E6B2C116B74"
          },
          {
            "criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:16.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A046CC2C-445F-4336-8810-930570B4FEC6"
          },
          {
            "criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:18.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0745445C-EC43-4091-BA7C-5105AFCC6F1F"
          },
          {
            "criteria": "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "08FA59A8-6A62-4B33-8952-D6E658F8DAC9",
            "versionEndIncluding": "17.12",
            "versionStartIncluding": "17.7"
          },
          {
            "criteria": "cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D55A54FD-7DD1-49CD-BE81-0BE73990943C"
          },
          {
            "criteria": "cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "82EB08C0-2D46-4635-88DF-E54F6452D3A3"
          },
          {
            "criteria": "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "202AD518-2E9B-4062-B063-9858AE1F9CE2"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_workforce_management_software:1.60.9.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9967AAFD-2199-4668-9105-207D4866B707"
          },
          {
            "criteria": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D6A4F71A-4269-40FC-8F61-1D1301F2B728"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:redhat:automation_manager:7.3.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D44D4F38-4028-4EAA-895C-1E2816FB36EA"
          },
          {
            "criteria": "cpe:2.3:a:redhat:decision_manager:7.3.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D5CD928F-C9BA-443F-A46D-4FE7756D936B"
          },
          {
            "criteria": "cpe:2.3:a:redhat:jboss_bpm_suite:6.4.11:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "07E373FB-14EA-4EA2-8E4A-0B86A7184B85"
          },
          {
            "criteria": "cpe:2.3:a:redhat:jboss_brms:6.4.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "88C5E02F-C70E-41F4-B146-40C88439017A"
          },
          {
            "criteria": "cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2F87326E-0B56-4356-A889-73D026DB1D4B"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References