Vulnerability Database

309,103

Total vulnerabilities in the database

CVE-2020-25649

A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.

CVSS v3:

  • Severity: High
  • Score: 7.5
  • AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CVSS v2:

  • Severity: Medium
  • Score: 5
  • AV:N/AC:L/Au:N/C:N/I:P/A:N

CWEs:

OWASP TOP 10:

Software From Fixed in
fasterxml / jackson-databind 2.10.0 2.10.5.1
fasterxml / jackson-databind 2.9.0 2.9.10.7
fasterxml / jackson-databind 2.6.0 2.6.7.4
fedoraproject / fedora 32 32.x
quarkus / quarkus - 1.6.1.x
apache / iotdb - 0.12.0
oracle / webcenter_portal 12.2.1.3.0 12.2.1.3.0.x
oracle / banking_platform 2.6.2 2.6.2.x
oracle / utilities_framework 4.3.0.5.0 4.3.0.5.0.x
oracle / utilities_framework 4.3.0.6.0 4.3.0.6.0.x
oracle / utilities_framework 4.4.0.0.0 4.4.0.0.0.x
oracle / agile_plm 9.3.6 9.3.6.x
oracle / coherence 12.2.1.4.0 12.2.1.4.0.x
oracle / webcenter_portal 12.2.1.4.0 12.2.1.4.0.x
oracle / sd-wan_edge 9.0 9.0.x
oracle / coherence 14.1.1.0.0 14.1.1.0.0.x
oracle / utilities_framework 4.4.0.2.0 4.4.0.2.0.x
oracle / communications_billing_and_revenue_management 12.0.0.3.0 12.0.0.3.0.x
oracle / communications_billing_and_revenue_management 7.5.0.23.0 7.5.0.23.0.x
oracle / communications_services_gatekeeper 7.0 7.0.x
oracle / banking_platform 2.7.0 2.7.0.x
oracle / banking_platform 2.7.1 2.7.1.x
oracle / banking_platform 2.9.0 2.9.0.x
oracle / communications_evolved_communications_application_server 7.1 7.1.x
oracle / goldengate_application_adapters 19.1.0.0.0 19.1.0.0.0.x
oracle / retail_service_backbone 16.0.3 16.0.3.x
oracle / banking_platform 2.8.0 2.8.0.x
oracle / primavera_gateway 17.7 17.12.x
oracle / insurance_rules_palette 11.0.2 11.0.2.x
oracle / communications_interactive_session_recorder 6.3 6.3.x
oracle / communications_interactive_session_recorder 6.4 6.4.x
oracle / communications_messaging_server 8.1 8.1.x
oracle / communications_messaging_server 8.0.2 8.0.2.x
oracle / commerce_platform 11.3.0 11.3.2.x
oracle / commerce_platform 11.2.0 11.2.0.x
oracle / communications_unified_inventory_management 7.4.1 7.4.1.x
oracle / retail_xstore_point_of_service 16.0.6 16.0.6.x
oracle / retail_xstore_point_of_service 17.0.4 17.0.4.x
oracle / retail_xstore_point_of_service 18.0.3 18.0.3.x
oracle / retail_xstore_point_of_service 19.0.2 19.0.2.x
oracle / retail_xstore_point_of_service 20.0.1 20.0.1.x
oracle / health_sciences_empirica_signal 9.0 9.0.x
oracle / banking_platform 2.10.0 2.10.0.x
oracle / retail_service_backbone 15.0.3.1 15.0.3.1.x
oracle / retail_service_backbone 14.1.3.2 14.1.3.2.x
oracle / jd_edwards_enterpriseone_tools - 9.2.5.3
oracle / jd_edwards_enterpriseone_orchestrator - 9.2.5.3
oracle / insurance_rules_palette 11.1.0 11.3.0.x
oracle / insurance_policy_administration 11.1.0 11.3.0.x
oracle / insurance_policy_administration 11.0.2 11.0.2.x
oracle / banking_treasury_management 4.4 4.4.x
oracle / primavera_gateway 20.12.0 20.12.0.x
oracle / primavera_gateway 19.12.0 19.12.10.x
oracle / primavera_gateway 18.8.0 18.8.11.x
oracle / primavera_gateway 17.12.0 17.12.11.x
oracle / communications_cloud_native_core_unified_data_repository 1.4.0 1.4.0.x
oracle / communications_network_charging_and_control 12.0.4.0.0 12.0.4.0.0.x
oracle / communications_convergent_charging_controller 12.0.4.0.0 12.0.4.0.0.x
oracle / utilities_framework 4.4.0.3.0 4.4.0.3.0.x
oracle / health_sciences_empirica_signal 9.1 9.1.x
oracle / agile_product_lifecycle_management_integration_pack 3.6 3.6.x
oracle / communications_pricing_design_center 12.0.0.4.0 12.0.0.4.0.x
oracle / banking_apis 18.1 18.3.x
oracle / banking_apis 19.1 19.1.x
oracle / banking_apis 19.2 19.2.x
oracle / banking_apis 20.1 20.1.x
oracle / banking_apis 21.1 21.1.x
oracle / communications_instant_messaging_server 10.0.1.5.0 10.0.1.5.0.x
oracle / communications_offline_mediation_controller 12.0.0.3 12.0.0.3.x
oracle / blockchain_platform - 21.1.2
Maven icon com.fasterxml.jackson.core / jackson-databind - 2.6.7.4
Maven icon com.fasterxml.jackson.core / jackson-databind 2.7.0.0 2.9.10.7
Maven icon com.fasterxml.jackson.core / jackson-databind 2.10.0.0 2.10.5.1