CVE-2018-11307

{"id": "CVE-2018-11307", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2019-07-09T16:15:12.807", "references": [{"url": "https://access.redhat.com/errata/RHSA-2019:0782", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://access.redhat.com/errata/RHSA-2019:1822", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://access.redhat.com/errata/RHSA-2019:1823", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://access.redhat.com/errata/RHSA-2019:2804", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://access.redhat.com/errata/RHSA-2019:2858", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://access.redhat.com/errata/RHSA-2019:3002", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://access.redhat.com/errata/RHSA-2019:3140", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://access.redhat.com/errata/RHSA-2019:3149", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://access.redhat.com/errata/RHSA-2019:3892", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://access.redhat.com/errata/RHSA-2019:4037", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/FasterXML/jackson-databind/issues/2032", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E", "tags": ["Mailing List", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://lists.apache.org/thread.html/7fcf88aff0d1deaa5c3c7be8d58c05ad7ad5da94b59065d8e7c50c5d%40%3Cissues.lucene.apache.org%3E", "tags": ["Mailing List", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E", "tags": ["Mailing List", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E", "tags": ["Mailing List", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7525", "tags": ["Third Party Advisory", "US Government Resource"], "source": "cve@mitre.org"}, {"url": "https://www.oracle.com/security-alerts/cpuapr2020.html", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.oracle.com/security-alerts/cpujan2020.html", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.oracle.com/security-alerts/cpuoct2020.html", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "tags": ["Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://access.redhat.com/errata/RHSA-2019:0782", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://access.redhat.com/errata/RHSA-2019:1822", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://access.redhat.com/errata/RHSA-2019:1823", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://access.redhat.com/errata/RHSA-2019:2804", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://access.redhat.com/errata/RHSA-2019:2858", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://access.redhat.com/errata/RHSA-2019:3002", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://access.redhat.com/errata/RHSA-2019:3140", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://access.redhat.com/errata/RHSA-2019:3149", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://access.redhat.com/errata/RHSA-2019:3892", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://access.redhat.com/errata/RHSA-2019:4037", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/FasterXML/jackson-databind/issues/2032", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.apache.org/thread.html/7fcf88aff0d1deaa5c3c7be8d58c05ad7ad5da94b59065d8e7c50c5d%40%3Cissues.lucene.apache.org%3E", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7525", "tags": ["Third Party Advisory", "US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.oracle.com/security-alerts/cpuapr2020.html", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.oracle.com/security-alerts/cpujan2020.html", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.oracle.com/security-alerts/cpuoct2020.html", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "tags": ["Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-502"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.5. Use of Jackson default typing along with a gadget class from iBatis allows exfiltration of content. Fixed in 2.7.9.4, 2.8.11.2, and 2.9.6."}, {"lang": "es", "value": "Se detect\u00f3 un problema en jackson-databind versiones 2.0.0 hasta 2.9.5 de FasterXML. El uso de escritura predeterminada de Jackson junto con una clase de gadget de iBatis permite la exfiltraci\u00f3n de contenido. Se corrigi\u00f3 en las versiones 2.7.9.4, 2.8.11.2 y 2.9.6."}], "lastModified": "2024-11-21T03:43:06.380", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7036DA13-110D-40B3-8494-E361BBF4AFCD", "versionEndExcluding": "2.6.7.3", "versionStartIncluding": "2.0.0"}, {"criteria": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "44F16CE8-7CAD-4846-A38E-8192D56AB09B", "versionEndExcluding": "2.7.9.4", "versionStartIncluding": "2.7.0"}, {"criteria": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "02EA57F3-507D-4E70-BA77-D235A59C2800", "versionEndExcluding": "2.8.11.2", "versionStartIncluding": "2.8.0"}, {"criteria": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "429C17F2-AB58-4BC0-8EB0-AF3322DDD528", "versionEndExcluding": "2.9.6", "versionStartIncluding": "2.9.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2F87326E-0B56-4356-A889-73D026DB1D4B"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redhat:openshift_container_platform:4.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "064E7BDD-4EF0-4A0D-A38D-8C75BAFEDCEF"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:clusterware:12.1.0.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6C9084DB-329E-403F-8D0A-5B9F53183714"}, {"criteria": "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9615B3B8-B176-4359-97B5-D2E2FEE5BFEA"}, {"criteria": "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F6455EB1-C741-45E8-A53E-E7AD7A5D00EE", "versionEndExcluding": "11.2.0.3.23"}, {"criteria": "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BFD43191-E67F-4D1B-967B-3C7B20331945", "versionEndExcluding": "12.2.0.1.19", "versionStartIncluding": "12.2.0.1.0"}, {"criteria": "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "062C588A-CBBA-470F-8D11-2F961922E927", "versionEndExcluding": "13.9.4.2.1", "versionStartIncluding": "13.9.4.0.0"}, {"criteria": "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:17.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A7FBF5C7-EC73-4CE4-8CB7-E9CF5705DB25"}, {"criteria": "cpe:2.3:a:oracle:utilities_advanced_spatial_and_operational_analytics:2.7.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6FD0EC40-B96B-4E9C-9A81-4E65C4B9512E"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}