CVE-2019-16943

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.

Published: Oct 1, 2019
Updated: Nov 8, 2023
CVE: CVE-2019-16943
GHSA: GHSA-fmmc-742q-jg75
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

CWEs:

CWE-502

OWASP TOP 10:

A8 - Insecure Deserialization

Affected Software
References

Software	From	Fixed in
fasterxml / jackson-databind	2.9.0	2.9.10.1
debian / debian_linux	8.0	8.0.x
debian / debian_linux	9.0	9.0.x
debian / debian_linux	10.0	10.0.x
fedoraproject / fedora	30	30.x
fedoraproject / fedora	31	31.x
redhat / jboss_enterprise_application_platform	7.2	7.2.x
redhat / jboss_enterprise_application_platform	7.3	7.3.x
oracle / banking_platform	2.4.0	2.4.0.x
oracle / jd_edwards_enterpriseone_tools	9.2	9.2.x
oracle / banking_platform	2.4.1	2.4.1.x
oracle / primavera_gateway	16.1	16.1.x
oracle / primavera_gateway	16.2	16.2.x
oracle / banking_platform	2.5.0	2.5.0.x
oracle / weblogic_server	12.2.1.3.0	12.2.1.3.0.x
oracle / webcenter_portal	12.2.1.3.0	12.2.1.3.0.x
oracle / webcenter_sites	12.2.1.3.0	12.2.1.3.0.x
oracle / jd_edwards_enterpriseone_orchestrator	9.2	9.2.x
oracle / banking_platform	2.6.0	2.6.0.x
oracle / banking_platform	2.6.1	2.6.1.x
oracle / banking_platform	2.6.2	2.6.2.x
oracle / weblogic_server	12.2.1.4.0	12.2.1.4.0.x
oracle / webcenter_sites	12.2.1.4.0	12.2.1.4.0.x
oracle / webcenter_portal	12.2.1.4.0	12.2.1.4.0.x
oracle / communications_billing_and_revenue_management	12.0.0.3.0	12.0.0.3.0.x
oracle / communications_billing_and_revenue_management	7.5.0.23.0	7.5.0.23.0.x
oracle / trace_file_analyzer	19c	19c.x
oracle / trace_file_analyzer	18c	18c.x
oracle / trace_file_analyzer	12.2.0.1	12.2.0.1.x
oracle / siebel_engineering_-_installer_&_deployment	-	2.20.5.x
oracle / retail_sales_audit	14.1	14.1.x
oracle / retail_merchandising_system	15.0.3	15.0.3.x
oracle / retail_merchandising_system	16.0.2	16.0.2.x
oracle / retail_merchandising_system	16.0.3	16.0.3.x
oracle / global_lifecycle_management_nextgen_oui_framework	13.9.4.2.2	13.9.4.2.2.x
oracle / global_lifecycle_management_nextgen_oui_framework	12.2.1.4.0	12.2.1.4.0.x
oracle / global_lifecycle_management_nextgen_oui_framework	12.2.1.3.0	12.2.1.3.0.x
oracle / banking_platform	2.7.0	2.7.0.x
oracle / banking_platform	2.7.1	2.7.1.x
oracle / banking_platform	2.9.0	2.9.0.x
oracle / primavera_gateway	19.12.0	19.12.0.x
oracle / primavera_gateway	18.8.0	18.8.8.x
oracle / primavera_gateway	17.7	17.12.6.x
oracle / communications_evolved_communications_application_server	7.1	7.1.x
oracle / communications_calendar_server	8.0.0.3.0	8.0.0.3.0.x
oracle / communications_calendar_server	8.0.0.2.0	8.0.0.2.0.x
oracle / goldengate_application_adapters	19.1.0.0.0	19.1.0.0.0.x
oracle / communications_cloud_native_core_network_slice_selection_function	1.2.1	1.2.1.x
netapp / active_iq_unified_manager	7.3	7.3.x
netapp / active_iq_unified_manager	9.5	9.5.x
com.fasterxml.jackson.core / jackson-databind	-	2.9.10.1
fasterxml / jackson-databind	2.0.0	2.6.7.3
fasterxml / jackson-databind	2.7.0	2.8.11.5

Vulnerability Database

289,599

CVE-2019-16943