CVE-2020-25649
03.12.2020, 17:15
A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.Enginsight
| Vendor | Product | Version |
|---|---|---|
| fasterxml | jackson-databind | 2.6.0 ≤ 𝑥 < 2.6.7.4 |
| fasterxml | jackson-databind | 2.9.0 ≤ 𝑥 < 2.9.10.7 |
| fasterxml | jackson-databind | 2.10.0 ≤ 𝑥 < 2.10.5.1 |
| netapp | oncommand_api_services | - |
| netapp | oncommand_workflow_automation | - |
| netapp | service_level_manager | - |
| quarkus | quarkus | 𝑥 ≤ 1.6.1 |
| apache | iotdb | 𝑥 < 0.12.0 |
| oracle | agile_plm | 9.3.6 |
| oracle | agile_product_lifecycle_management_integration_pack | 3.6 |
| oracle | banking_apis | 18.1 ≤ 𝑥 ≤ 18.3 |
| oracle | banking_apis | 19.1 |
| oracle | banking_apis | 19.2 |
| oracle | banking_apis | 20.1 |
| oracle | banking_apis | 21.1 |
| oracle | banking_platform | 2.6.2 |
| oracle | banking_platform | 2.7.0 |
| oracle | banking_platform | 2.7.1 |
| oracle | banking_platform | 2.8.0 |
| oracle | banking_platform | 2.9.0 |
| oracle | banking_platform | 2.10.0 |
| oracle | banking_treasury_management | 4.4 |
| oracle | blockchain_platform | 𝑥 < 21.1.2 |
| oracle | coherence | 12.2.1.4.0 |
| oracle | coherence | 14.1.1.0.0 |
| oracle | commerce_platform | 11.3.0 ≤ 𝑥 ≤ 11.3.2 |
| oracle | commerce_platform | 11.2.0 |
| oracle | communications_billing_and_revenue_management | 7.5.0.23.0 |
| oracle | communications_billing_and_revenue_management | 12.0.0.3.0 |
| oracle | communications_cloud_native_core_unified_data_repository | 1.4.0 |
| oracle | communications_convergent_charging_controller | 12.0.4.0.0 |
| oracle | communications_evolved_communications_application_server | 7.1 |
| oracle | communications_instant_messaging_server | 10.0.1.5.0 |
| oracle | communications_interactive_session_recorder | 6.3 |
| oracle | communications_interactive_session_recorder | 6.4 |
| oracle | communications_network_charging_and_control | 12.0.4.0.0 |
| oracle | communications_offline_mediation_controller | 12.0.0.3 |
| oracle | communications_pricing_design_center | 12.0.0.4.0 |
| oracle | communications_services_gatekeeper | 7.0 |
| oracle | communications_unified_inventory_management | 7.4.1 |
| oracle | goldengate_application_adapters | 19.1.0.0.0 |
| oracle | health_sciences_empirica_signal | 9.0 |
| oracle | health_sciences_empirica_signal | 9.1 |
| oracle | insurance_policy_administration | 11.1.0 ≤ 𝑥 ≤ 11.3.0 |
| oracle | insurance_policy_administration | 11.0.2 |
| oracle | insurance_rules_palette | 11.1.0 ≤ 𝑥 ≤ 11.3.0 |
| oracle | insurance_rules_palette | 11.0.2 |
| oracle | jd_edwards_enterpriseone_orchestrator | 𝑥 < 9.2.5.3 |
| oracle | jd_edwards_enterpriseone_tools | 𝑥 < 9.2.5.3 |
| oracle | primavera_gateway | 17.7 ≤ 𝑥 ≤ 17.12 |
| oracle | primavera_gateway | 17.12.0 ≤ 𝑥 ≤ 17.12.11 |
| oracle | primavera_gateway | 18.8.0 ≤ 𝑥 ≤ 18.8.11 |
| oracle | primavera_gateway | 19.12.0 ≤ 𝑥 ≤ 19.12.10 |
| oracle | primavera_gateway | 20.12.0 |
| oracle | retail_service_backbone | 14.1.3.2 |
| oracle | retail_service_backbone | 15.0.3.1 |
| oracle | retail_service_backbone | 16.0.3 |
| oracle | retail_xstore_point_of_service | 16.0.6 |
| oracle | retail_xstore_point_of_service | 17.0.4 |
| oracle | retail_xstore_point_of_service | 18.0.3 |
| oracle | retail_xstore_point_of_service | 19.0.2 |
| oracle | retail_xstore_point_of_service | 20.0.1 |
| oracle | sd-wan_edge | 9.0 |
| oracle | utilities_framework | 4.3.0.5.0 |
| oracle | utilities_framework | 4.3.0.6.0 |
| oracle | utilities_framework | 4.4.0.0.0 |
| oracle | utilities_framework | 4.4.0.2.0 |
| oracle | utilities_framework | 4.4.0.3.0 |
| oracle | webcenter_portal | 12.2.1.3.0 |
| oracle | webcenter_portal | 12.2.1.4.0 |
| oracle | communications_messaging_server | 8.0.2 |
| oracle | communications_messaging_server | 8.1 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
References