CVE-2020-24750
17.09.2020, 19:15
FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.Enginsight
| Vendor | Product | Version |
|---|---|---|
| fasterxml | jackson-databind | 2.0.0 ≤ 𝑥 < 2.6.7.5 |
| fasterxml | jackson-databind | 2.7.0 ≤ 𝑥 < 2.9.10.6 |
| oracle | agile_plm | 9.3.6 |
| oracle | application_testing_suite | 13.3.0.1 |
| oracle | autovue_for_agile_product_lifecycle_management | 21.0.2 |
| oracle | banking_corporate_lending_process_management | 14.2.0 |
| oracle | banking_corporate_lending_process_management | 14.3.0 |
| oracle | banking_corporate_lending_process_management | 14.5.0 |
| oracle | banking_credit_facilities_process_management | 14.2.0 |
| oracle | banking_credit_facilities_process_management | 14.3.0 |
| oracle | banking_credit_facilities_process_management | 14.5.0 |
| oracle | banking_liquidity_management | 14.2 |
| oracle | banking_liquidity_management | 14.3 |
| oracle | banking_liquidity_management | 14.5 |
| oracle | banking_supply_chain_finance | 14.2.0 |
| oracle | banking_supply_chain_finance | 14.3.0 |
| oracle | banking_supply_chain_finance | 14.5.0 |
| oracle | blockchain_platform | 𝑥 < 21.1.2 |
| oracle | communications_calendar_server | 8.0 |
| oracle | communications_calendar_server | 8.0.0.4.0 |
| oracle | communications_contacts_server | 8.0 |
| oracle | communications_contacts_server | 8.0.0.5.0 |
| oracle | communications_diameter_signaling_router | 8.0.0 ≤ 𝑥 ≤ 8.2.2 |
| oracle | communications_element_manager | 8.2.0 ≤ 𝑥 ≤ 8.2.4.0 |
| oracle | communications_instant_messaging_server | 10.0.1.5.0 |
| oracle | communications_messaging_server | 8.1 |
| oracle | communications_offline_mediation_controller | 12.0.0.3.0 |
| oracle | communications_policy_management | 12.5.0 |
| oracle | communications_pricing_design_center | 12.0.0.4.0 |
| oracle | communications_services_gatekeeper | 7.0 |
| oracle | communications_session_report_manager | 8.0.0.0 ≤ 𝑥 ≤ 8.2.2.1 |
| oracle | communications_session_route_manager | 8.2.0 ≤ 𝑥 ≤ 8.2.2.1 |
| oracle | communications_unified_inventory_management | 7.4.1 |
| oracle | identity_manager_connector | 11.1.1.5.0 |
| oracle | siebel_core_-_server_framework | 𝑥 ≤ 21.5 |
| oracle | siebel_ui_framework | 𝑥 ≤ 21.2 |
| debian | debian_linux | 9.0 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Common Weakness Enumeration
References