Vulnerability Description
A series of deserialization vulnerabilities have been discovered in Codehaus 1.9.x implemented in EAP 7. This CVE fixes CVE-2017-17485, CVE-2017-7525, CVE-2017-15095, CVE-2018-5968, CVE-2018-7489, CVE-2018-1000873, CVE-2019-12086 reported for FasterXML jackson-databind by implementing a whitelist approach that will mitigate these vulnerabilities and future ones alike.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Jboss Enterprise Application Platform | 7.2.0 |
| Redhat | Enterprise Linux | 6.0 |
Related Weaknesses (CWE)
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10202Issue TrackingVendor Advisory
- https://lists.apache.org/thread.html/r0fbf2c60967bc9f73d7f5a62ad3b955789f9a14b95
- https://lists.apache.org/thread.html/r1edabcfacdad42d3c830464e9cf07a9a489059a7b7
- https://lists.apache.org/thread.html/r356592d9874ab4bc9da4754592f8aa6edc894c95e1
- https://lists.apache.org/thread.html/r500867b74f42230a3d65b8aec31fc93ac390eeae73
- https://lists.apache.org/thread.html/r5f16a1bd31a7e94ca78eda686179930781aa3a4a99
- https://lists.apache.org/thread.html/r6dea2a887f5eb1d68f124d64b14cd1a04f682f06de
- https://lists.apache.org/thread.html/rce00a1c60f7df4b10e72fa87827c102f55b074bb91
- https://lists.apache.org/thread.html/refea6018a2c4e9eb7838cab567ed219c3f726dcd83
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10202Issue TrackingVendor Advisory
- https://lists.apache.org/thread.html/r0fbf2c60967bc9f73d7f5a62ad3b955789f9a14b95
- https://lists.apache.org/thread.html/r1edabcfacdad42d3c830464e9cf07a9a489059a7b7
- https://lists.apache.org/thread.html/r356592d9874ab4bc9da4754592f8aa6edc894c95e1
- https://lists.apache.org/thread.html/r500867b74f42230a3d65b8aec31fc93ac390eeae73
- https://lists.apache.org/thread.html/r5f16a1bd31a7e94ca78eda686179930781aa3a4a99
FAQ
What is CVE-2019-10202?
CVE-2019-10202 is a vulnerability with a CVSS score of 9.8 (CRITICAL). A series of deserialization vulnerabilities have been discovered in Codehaus 1.9.x implemented in EAP 7. This CVE fixes CVE-2017-17485, CVE-2017-7525, CVE-2017-15095, CVE-2018-5968, CVE-2018-7489, CVE...
How severe is CVE-2019-10202?
CVE-2019-10202 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2019-10202?
Check the references section above for vendor advisories and patch information. Affected products include: Redhat Jboss Enterprise Application Platform, Redhat Enterprise Linux.