CVE-2019-14540

Published Sep 15, 2019
Last updated a year ago
CVSS critical 9.8
Overview

Description: A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariConfig.
Source: cve@mitre.org
NVD status: Modified
Risk scores

CVSS 3.1

Type: Primary
Base score: 9.8
Impact score: 5.9
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL
CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P
Weaknesses

nvd@nist.gov: CWE-502
Hype score: Not currently trending
Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7036DA13-110D-40B3-8494-E361BBF4AFCD",
            "versionEndExcluding": "2.6.7.3",
            "versionStartIncluding": "2.0.0"
          },
          {
            "criteria": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5F83B193-74CF-459A-8055-AE0F033D5BCB",
            "versionEndExcluding": "2.8.11.5",
            "versionStartIncluding": "2.7.0"
          },
          {
            "criteria": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FE5543DD-3F9D-45EF-8034-E1EF9657955A",
            "versionEndExcluding": "2.9.10",
            "versionStartIncluding": "2.9.0"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:netapp:oncommand_api_services:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5EC98B22-FFAA-4B59-8E63-EBAA4336AD13"
          },
          {
            "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3"
          },
          {
            "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3"
          },
          {
            "criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"
          },
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252"
          },
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0C3AA5CE-9ACB-4E96-A4C1-50A662D641FB"
          },
          {
            "criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B4911A72-5FAE-47C5-A141-2E3CA8E1CCAB"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:oracle:banking_platform:2.4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C2BEE49E-A5AA-42D3-B422-460454505480"
          },
          {
            "criteria": "cpe:2.3:a:oracle:banking_platform:2.4.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F4FF66F7-10C8-4A1C-910A-EF7D12A4284C"
          },
          {
            "criteria": "cpe:2.3:a:oracle:banking_platform:2.5.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "35AD0C07-9688-4397-8D45-FBB88C0F0C11"
          },
          {
            "criteria": "cpe:2.3:a:oracle:banking_platform:2.6.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8972497F-6E24-45A9-9A18-EB0E842CB1D4"
          },
          {
            "criteria": "cpe:2.3:a:oracle:banking_platform:2.6.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "400509A8-D6F2-432C-A2F1-AD5B8778D0D9"
          },
          {
            "criteria": "cpe:2.3:a:oracle:banking_platform:2.7.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "282150FF-C945-4A3E-8A80-E8757A8907EA"
          },
          {
            "criteria": "cpe:2.3:a:oracle:banking_platform:2.7.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "645AA3D1-C8B5-4CD2-8ACE-31541FA267F0"
          },
          {
            "criteria": "cpe:2.3:a:oracle:customer_management_and_segmentation_foundation:18.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "727DF4F5-3D21-491E-96B9-EC973A6C9C18"
          },
          {
            "criteria": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "51433748-DED0-416D-8BFE-F3493E13772E",
            "versionEndIncluding": "8.0.8",
            "versionStartIncluding": "8.0.2"
          },
          {
            "criteria": "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F6455EB1-C741-45E8-A53E-E7AD7A5D00EE",
            "versionEndExcluding": "11.2.0.3.23"
          },
          {
            "criteria": "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BFD43191-E67F-4D1B-967B-3C7B20331945",
            "versionEndExcluding": "12.2.0.1.19",
            "versionStartIncluding": "12.2.0.1.0"
          },
          {
            "criteria": "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "062C588A-CBBA-470F-8D11-2F961922E927",
            "versionEndExcluding": "13.9.4.2.1",
            "versionStartIncluding": "13.9.4.0.0"
          },
          {
            "criteria": "cpe:2.3:a:oracle:goldengate_application_adapters:19.1.0.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E7BE0590-31BD-4FCD-B50E-A5F86196F99E"
          },
          {
            "criteria": "cpe:2.3:a:oracle:goldengate_stream_analytics:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F4E7F2AA-B851-4D85-9895-2CDD6BE9FCB4",
            "versionEndExcluding": "19.1.0.0.1"
          },
          {
            "criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E1A68EF8-15AA-42A7-9734-6F9470EB35CD",
            "versionEndIncluding": "5.7.30",
            "versionStartIncluding": "5.7.0"
          },
          {
            "criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0E1A3769-E443-4511-B349-B5304F5E6EBD",
            "versionEndIncluding": "8.0.20",
            "versionStartIncluding": "8.0.0"
          },
          {
            "criteria": "cpe:2.3:a:oracle:primavera_gateway:15.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6CBFA960-D242-43ED-8D4C-A60F01B70740"
          },
          {
            "criteria": "cpe:2.3:a:oracle:primavera_gateway:15.2.18:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D9E628E7-6CC5-418C-939F-8EEA69B222A0"
          },
          {
            "criteria": "cpe:2.3:a:oracle:primavera_gateway:16.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0513B305-97EF-4609-A82E-D0CDFF9925BA"
          },
          {
            "criteria": "cpe:2.3:a:oracle:primavera_gateway:16.2.11:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1DFB9704-6B99-4113-8537-E4AE0F791B86"
          },
          {
            "criteria": "cpe:2.3:a:oracle:primavera_gateway:17.12:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "61A7F6E0-A4A4-4FC3-90CB-156933CB3B9A"
          },
          {
            "criteria": "cpe:2.3:a:oracle:primavera_gateway:17.12.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2F5647E5-B051-41A6-B186-3584C725908B"
          },
          {
            "criteria": "cpe:2.3:a:oracle:primavera_gateway:18.8.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "99365245-49E8-4616-BD24-CE564AC1D17E"
          },
          {
            "criteria": "cpe:2.3:a:oracle:primavera_gateway:18.8.8.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4A405B01-7DC5-41A0-9B61-C2DBE1C71A67"
          },
          {
            "criteria": "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "08FA59A8-6A62-4B33-8952-D6E658F8DAC9",
            "versionEndIncluding": "17.12",
            "versionStartIncluding": "17.7"
          },
          {
            "criteria": "cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D55A54FD-7DD1-49CD-BE81-0BE73990943C"
          },
          {
            "criteria": "cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "82EB08C0-2D46-4635-88DF-E54F6452D3A3"
          },
          {
            "criteria": "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "202AD518-2E9B-4062-B063-9858AE1F9CE2"
          },
          {
            "criteria": "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "10864586-270E-4ACF-BDCC-ECFCD299305F"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:17.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A7FBF5C7-EC73-4CE4-8CB7-E9CF5705DB25"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A0ED83E3-E6BF-4EAA-AF8F-33485A88A218"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "11DA6839-849D-4CEF-85F3-38FE75E07183"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BCE78490-A4BE-40BD-8C72-0A4526BBD4A4"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "55AE3629-4A66-49E4-A33D-6D81CC94962F"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4CB39A1A-AD29-45DD-9EB5-5E2053A01B9A"
          },
          {
            "criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F14A818F-AA16-4438-A3E4-E64C9287AC66"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]
Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References
