CVE-2020-14195
16.06.2020, 16:15
FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity).Enginsight
| Vendor | Product | Version |
|---|---|---|
| fasterxml | jackson-databind | 2.9.0 ≤ 𝑥 < 2.9.10.5 |
| netapp | active_iq_unified_manager | 7.3 ≤ |
| netapp | active_iq_unified_manager | 7.3 ≤ |
| netapp | active_iq_unified_manager | 9.5 ≤ |
| netapp | steelstore_cloud_integrated_storage | - |
| debian | debian_linux | 8.0 |
| oracle | agile_plm | 9.3.6 |
| oracle | banking_digital_experience | 18.1 |
| oracle | banking_digital_experience | 18.2 |
| oracle | banking_digital_experience | 18.3 |
| oracle | banking_digital_experience | 19.1 |
| oracle | banking_digital_experience | 19.2 |
| oracle | banking_digital_experience | 20.1 |
| oracle | communications_calendar_server | 8.0.0.4.0 |
| oracle | communications_contacts_server | 8.0.0.5.0 |
| oracle | communications_diameter_signaling_router | 8.0.0 ≤ 𝑥 ≤ 8.2.2 |
| oracle | communications_element_manager | 8.2.0 ≤ 𝑥 ≤ 8.2.2 |
| oracle | communications_evolved_communications_application_server | 7.1 |
| oracle | communications_instant_messaging_server | 10.0.1.4.0 |
| oracle | communications_session_report_manager | 8.2.0 ≤ 𝑥 ≤ 8.2.2 |
| oracle | communications_session_route_manager | 8.2.0 ≤ 𝑥 ≤ 8.2.2 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Common Weakness Enumeration
References