CVE-2020-24750

Published Sep 17, 2020
Last updated a year ago
CVSS high 8.1
Overview

Description: FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.
Source: cve@mitre.org
NVD status: Analyzed
Risk scores

CVSS 3.1

Type: Primary
Base score: 8.1
Impact score: 5.9
Exploitability score: 2.2
Vector string: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH
CVSS 2.0

Type: Primary
Base score: 6.8
Impact score: 6.4
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:P/I:P/A:P
Weaknesses

nvd@nist.gov: CWE-502
Hype score: Not currently trending
Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4892ABAA-57A0-43D3-965C-2D7F4A8A6024",
            "versionEndExcluding": "2.6.7.5",
            "versionStartIncluding": "2.0.0"
          },
          {
            "criteria": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "96DBACC5-AC30-4F2A-9615-DDC912A188B0",
            "versionEndExcluding": "2.9.10.6",
            "versionStartIncluding": "2.7.0"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C650FEDB-E903-4C2D-AD40-282AB5F2E3C2"
          },
          {
            "criteria": "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A125E817-F974-4509-872C-B71933F42AD1"
          },
          {
            "criteria": "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "97994257-C9A4-4491-B362-E8B25B7187AB"
          },
          {
            "criteria": "cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0CF9A061-2421-426D-9854-0A4E55B2961D"
          },
          {
            "criteria": "cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F95EDC3D-54BB-48F9-82F2-7CCF335FCA78"
          },
          {
            "criteria": "cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.5.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B72B735F-4E52-484A-9C2C-23E6E2070385"
          },
          {
            "criteria": "cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8B36A1D4-F391-4EE3-9A65-0A10568795BA"
          },
          {
            "criteria": "cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "55116032-AAD1-4FEA-9DA8-2C4CBD3D3F61"
          },
          {
            "criteria": "cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.5.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0275F820-40BE-47B8-B167-815A55DF578E"
          },
          {
            "criteria": "cpe:2.3:a:oracle:banking_liquidity_management:14.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B7FC2BF9-B6D7-420E-9CF5-21AB770B9CC1"
          },
          {
            "criteria": "cpe:2.3:a:oracle:banking_liquidity_management:14.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D4DAB919-54FD-48F8-A664-CD85C0A4A0E7"
          },
          {
            "criteria": "cpe:2.3:a:oracle:banking_liquidity_management:14.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9D5A1417-2C59-431F-BF5C-A2BCFEBC95FD"
          },
          {
            "criteria": "cpe:2.3:a:oracle:banking_supply_chain_finance:14.2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6A8420D4-AAF1-44AA-BF28-48EE3ED310B9"
          },
          {
            "criteria": "cpe:2.3:a:oracle:banking_supply_chain_finance:14.3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2FB80AC5-35F2-4703-AD93-416B46972EEB"
          },
          {
            "criteria": "cpe:2.3:a:oracle:banking_supply_chain_finance:14.5.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "19DAAEFF-AB4A-4D0D-8C86-D2F2811B53B1"
          },
          {
            "criteria": "cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D0DBC938-A782-433F-8BF1-CA250C332AA7",
            "versionEndExcluding": "21.1.2"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_calendar_server:8.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5D55AB36-EDBB-4644-9579-21CE8278ED77"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "46059231-E7F6-4402-8119-1C7FE4ABEA96"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_contacts_server:8.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AE6D7E4F-FB11-4CED-81DB-D0BD21797C53"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_contacts_server:8.0.0.5.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D01A0BBC-DA0E-4AFE-83BF-4F3BA01653EC"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "526E2FE5-263F-416F-8628-6CD40B865780",
            "versionEndIncluding": "8.2.2",
            "versionStartIncluding": "8.0.0"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0331877D-D5DB-4EE8-8220-C1CDC3F90CB0",
            "versionEndIncluding": "8.2.4.0",
            "versionStartIncluding": "8.2.0"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.5.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C4A94B36-479F-48F2-9B9E-ACEA2589EF48"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_messaging_server:8.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E1214FDF-357A-4BB9-BADE-50FB2BD16D10"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "49ACFC73-A509-4D1C-8FC3-F68F495AB055"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_policy_management:12.5.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5312AC7A-3C16-4967-ACA6-317289A749D0"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A28F42F0-FBDA-4574-AD30-7A04F27FEA3E"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "062E4E7C-55BB-46F3-8B61-5A663B565891"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FB3E2625-08F0-4C8E-B43F-831F0290F0D7",
            "versionEndIncluding": "8.2.2.1",
            "versionStartIncluding": "8.0.0.0"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F5AA3C04-30A4-4975-B878-C5777F8BB918",
            "versionEndIncluding": "8.2.2.1",
            "versionStartIncluding": "8.2.0"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A7637F8B-15F1-42E2-BE18-E1FF7C66587D"
          },
          {
            "criteria": "cpe:2.3:a:oracle:identity_manager_connector:11.1.1.5.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9D7EA92D-9F26-4292-991A-891597337DFD"
          },
          {
            "criteria": "cpe:2.3:a:oracle:siebel_core_-_server_framework:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F9C855EA-6E35-4EFF-ADEB-0EDFF90272BD",
            "versionEndIncluding": "21.5"
          },
          {
            "criteria": "cpe:2.3:a:oracle:siebel_ui_framework:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0D9E0011-6FF5-4C90-9780-7A1297BB09BF",
            "versionEndIncluding": "21.2"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]
Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References
