Vulnerability Description
FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.ehcache blocking.
CVSS Score
9.8
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Fasterxml | Jackson-Databind | >= 2.0.0, < 2.7.9.7 |
| Oracle | Banking Platform | >= 2.4.0, <= 2.9.0 |
| Oracle | Communications Billing And Revenue Management | 7.5.0.23.0 |
| Oracle | Communications Cloud Native Core Network Slice Selection Function | 1.2.1 |
| Oracle | Communications Contacts Server | 8.0.0.4.0 |
| Oracle | Communications Evolved Communications Application Server | 7.1 |
| Oracle | Communications Instant Messaging Server | 10.0.1.4.0 |
| Oracle | Communications Network Charging And Control | >= 12.0.0, <= 12.0.3 |
| Oracle | Customer Management And Segmentation Foundation | 18.0 |
| Oracle | Enterprise Manager Base Platform | 13.3.0.0 |
| Oracle | Global Lifecycle Management Opatch | < 11.2.0.3.23 |
| Oracle | Goldengate Application Adapters | 19.1.0.0.0 |
| Oracle | Goldengate Stream Analytics | < 19.1.0.0.1 |
| Oracle | Jd Edwards Enterpriseone Orchestrator | < 9.2.4.2 |
| Oracle | Jd Edwards Enterpriseone Tools | < 9.2.4.2 |
| Oracle | Primavera Unifier | >= 17.7, <= 17.12 |
| Oracle | Retail Merchandising System | 15.0.3 |
| Oracle | Retail Sales Audit | 14.1 |
| Oracle | Retail Xstore Point Of Service | 15.0 |
| Oracle | Siebel Engineering - Installer \& Deployment | <= 2.20.5 |
Related Weaknesses (CWE)
References
- https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.10.1.PatchThird Party Advisory
- https://github.com/FasterXML/jackson-databind/issues/2526PatchThird Party Advisory
- https://lists.apache.org/thread.html/r107c8737db39ec9ec4f4e7147b249e29be79170b9e
- https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab
- https://lists.apache.org/thread.html/r2c77dd6ab8344285bd8e481b57cf3029965a4b0036
- https://lists.apache.org/thread.html/r392099ed2757ff2e383b10440594e914d080511d7d
- https://lists.apache.org/thread.html/r3f8180d0d25a7c6473ebb9714b0c1d19a73f455ae7
- https://lists.apache.org/thread.html/r428735963bee7cb99877b88d3228e28ec28af64646
- https://lists.apache.org/thread.html/r50f513772f12e1babf65c7c2b9c16425bac2d94535
- https://lists.apache.org/thread.html/r5c14fdcabdeaba258857bcb67198652e4dce1d33dd
- https://lists.apache.org/thread.html/r5c3644c97f0434d1ceb48ff48897a67bdbf3baf7ef
- https://lists.apache.org/thread.html/r5d3d10fdf28110da3f9ac1b7d08d7e252f98d7d37c
- https://lists.apache.org/thread.html/r67f4d4c48197454b83d62afbed8bebbda3764e6e3a
- https://lists.apache.org/thread.html/r707d23bb9ee245f50aa909add0da6e8d8f24719b12
- https://lists.apache.org/thread.html/r7a0821b44247a1e6c6fe5f2943b90ebc4f80a8d1fb
FAQ
What is CVE-2019-20330?
CVE-2019-20330 is a vulnerability with a CVSS score of 9.8 (CRITICAL). FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.ehcache blocking.
How severe is CVE-2019-20330?
CVE-2019-20330 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2019-20330?
Check the references section above for vendor advisories and patch information. Affected products include: Fasterxml Jackson-Databind, Oracle Banking Platform, Oracle Communications Billing And Revenue Management, Oracle Communications Cloud Native Core Network Slice Selection Function, Oracle Communications Contacts Server.