Vulnerability Database

289,697

Total vulnerabilities in the database

CVE-2020-11113

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).

CVSS v3:

  • Severity: High
  • Score: 8.8
  • AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v2:

  • Severity: Medium
  • Score: 6.8
  • AV:N/AC:M/Au:N/C:P/I:P/A:P

CWEs:

OWASP TOP 10:

Software From Fixed in
fasterxml / jackson-databind 2.9.0 2.9.10.4
debian / debian_linux 8.0 8.0.x
oracle / retail_xstore_point_of_service 15.0 15.0.x
oracle / primavera_unifier 16.2 16.2.x
oracle / retail_service_backbone 14.1 14.1.x
oracle / primavera_unifier 16.1 16.1.x
oracle / retail_service_backbone 15.0 15.0.x
oracle / weblogic_server 12.2.1.3.0 12.2.1.3.0.x
oracle / webcenter_portal 12.2.1.3.0 12.2.1.3.0.x
oracle / retail_xstore_point_of_service 16.0 16.0.x
oracle / primavera_unifier 18.8 18.8.x
oracle / primavera_unifier 17.7 17.12.x
oracle / retail_merchandising_system 15.0 15.0.x
oracle / agile_plm 9.3.6 9.3.6.x
oracle / banking_digital_experience 18.2 18.2.x
oracle / banking_digital_experience 18.3 18.3.x
oracle / banking_digital_experience 19.1 19.1.x
oracle / banking_digital_experience 18.1 18.1.x
oracle / weblogic_server 12.2.1.4.0 12.2.1.4.0.x
oracle / enterprise_manager_base_platform 13.3.0.0 13.3.0.0.x
oracle / financial_services_price_creation_and_discovery 8.0.7 8.0.7.x
oracle / primavera_unifier 19.12 19.12.x
oracle / financial_services_analytical_applications_infrastructure 8.0.6 8.1.0.x
oracle / webcenter_portal 12.2.1.4.0 12.2.1.4.0.x
oracle / enterprise_manager_base_platform 13.4.0.0 13.4.0.0.x
oracle / communications_instant_messaging_server 10.0.1.4.0 10.0.1.4.0.x
oracle / retail_xstore_point_of_service 17.0 17.0.x
oracle / retail_xstore_point_of_service 18.0 18.0.x
oracle / retail_xstore_point_of_service 19.0 19.0.x
oracle / communications_diameter_signaling_router 8.0.0 8.2.2.x
oracle / banking_digital_experience 19.2 19.2.x
oracle / financial_services_price_creation_and_discovery 8.0.6 8.0.6.x
oracle / banking_digital_experience 20.1 20.1.x
oracle / financial_services_institutional_performance_analytics 8.1.0 8.1.0.x
oracle / financial_services_institutional_performance_analytics 8.0.6 8.0.6.x
oracle / financial_services_institutional_performance_analytics 8.0.7 8.0.7.x
oracle / insurance_policy_administration_j2ee 11.0.2.25 11.0.2.25.x
oracle / insurance_policy_administration_j2ee 11.1.0.15 11.1.0.15.x
oracle / financial_services_retail_customer_analytics 8.0.6 8.0.6.x
oracle / retail_sales_audit 14.1 14.1.x
oracle / communications_evolved_communications_application_server 7.1 7.1.x
oracle / communications_network_charging_and_control 6.0.1 6.0.1.x
oracle / retail_service_backbone 16.0 16.0.x
oracle / jd_edwards_enterpriseone_tools - 9.2.4.2
oracle / jd_edwards_enterpriseone_orchestrator - 9.2.4.2
oracle / communications_network_charging_and_control 12.0.0 12.0.3.x
oracle / banking_platform 2.4.0 2.9.0.x
oracle / global_lifecycle_management_opatch - 12.2.0.1.20
oracle / communications_contacts_server 8.0.0.5.0 8.0.0.5.0.x
oracle / communications_calendar_server 8.0.0.4.0 8.0.0.4.0.x
oracle / communications_session_route_manager 8.2.0 8.2.2.x
oracle / communications_session_report_manager 8.2.0 8.2.2.x
oracle / communications_element_manager 8.2.0 8.2.2.x
oracle / autovue_for_agile_product_lifecycle_management 21.0.2 21.0.2.x
com.fasterxml.jackson.core / jackson-databind 2.9.0 2.9.10.4