Vulnerability Description
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Fasterxml | Jackson-Databind | >= 2.0.0, < 2.6.7.3 |
| Debian | Debian Linux | 8.0 |
| Oracle | Banking Platform | 2.5.0 |
| Oracle | Business Process Management Suite | 12.1.3.0.0 |
| Oracle | Communications Billing And Revenue Management | 7.5 |
| Oracle | Communications Instant Messaging Server | 10.0.1.3.0 |
| Oracle | Enterprise Manager For Virtualization | 13.2.2 |
| Oracle | Financial Services Analytical Applications Infrastructure | 8.0.2 |
| Oracle | Global Lifecycle Management Opatch | < 11.2.0.3.23 |
| Oracle | Jd Edwards Enterpriseone Orchestrator | 9.2 |
| Oracle | Jd Edwards Enterpriseone Tools | 9.2 |
| Oracle | Jdeveloper | 12.1.3.0.0 |
| Oracle | Nosql Database | < 19.3.12 |
| Oracle | Primavera P6 Enterprise Project Portfolio Management | >= 17.7, <= 17.12 |
| Oracle | Primavera Unifier | >= 17.7, <= 17.12 |
| Oracle | Retail Customer Management And Segmentation Foundation | 17.0 |
| Oracle | Retail Merchandising System | 15.0 |
| Oracle | Retail Workforce Management Software | 1.60.9.0.0 |
| Oracle | Siebel Engineering - Installer \& Deployment | <= 19.8 |
| Oracle | Siebel Ui Framework | <= 19.10 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/106601Third Party AdvisoryVDB Entry
- https://access.redhat.com/errata/RHBA-2019:0959Third Party Advisory
- https://access.redhat.com/errata/RHSA-2019:0782Third Party Advisory
- https://access.redhat.com/errata/RHSA-2019:0877Third Party Advisory
- https://access.redhat.com/errata/RHSA-2019:1782Third Party Advisory
- https://access.redhat.com/errata/RHSA-2019:1797Third Party Advisory
- https://access.redhat.com/errata/RHSA-2019:1822Third Party Advisory
- https://access.redhat.com/errata/RHSA-2019:1823Third Party Advisory
- https://access.redhat.com/errata/RHSA-2019:2804Third Party Advisory
- https://access.redhat.com/errata/RHSA-2019:2858Third Party Advisory
- https://access.redhat.com/errata/RHSA-2019:3002Third Party Advisory
- https://access.redhat.com/errata/RHSA-2019:3140Third Party Advisory
- https://access.redhat.com/errata/RHSA-2019:3149Third Party Advisory
- https://access.redhat.com/errata/RHSA-2019:3892Third Party Advisory
- https://access.redhat.com/errata/RHSA-2019:4037Third Party Advisory
FAQ
What is CVE-2018-14718?
CVE-2018-14718 is a vulnerability with a CVSS score of 9.8 (CRITICAL). FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization.
How severe is CVE-2018-14718?
CVE-2018-14718 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2018-14718?
Check the references section above for vendor advisories and patch information. Affected products include: Fasterxml Jackson-Databind, Debian Debian Linux, Oracle Banking Platform, Oracle Business Process Management Suite, Oracle Communications Billing And Revenue Management.