FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).
oryginał ENCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HDebian
OSDebian8.0Fasterxml Jackson Databind
APPFasterxml2.8.0 – 2.8.11.6 (bez)2.9.0 – 2.9.10.4 (bez)2.0.0 – 2.7.9.7 (bez)Netapp Active Iq Unified Manager
APPNetapp≥ 9.5≥ 7.3Oracle Agile Plm
APPOracle9.3.6Oracle Autovue For Agile Product Lifecycle Management
APPOracle21.0.2Oracle Banking Digital Experience
APPOracle18.118.218.319.119.220.1Oracle Banking Platform
APPOracle2.4.0 – 2.9.0Oracle Communications Calendar Server
APPOracle8.0.0.4.0Oracle Communications Contacts Server
APPOracle8.0.0.4.08.0.0.5.0Oracle Communications Diameter Signaling Router
APPOracle8.0.0 – 8.2.2Oracle Communications Element Manager
APPOracle8.2.0 – 8.2.2Oracle Communications Evolved Communications Application Server
APPOracle7.1Oracle Communications Instant Messaging Server
APPOracle10.0.1.4.0Oracle Communications Network Charging And Control
APPOracle6.0.112.0.0 – 12.0.3Oracle Communications Session Report Manager
APPOracle8.2.0 – 8.2.2Oracle Communications Session Route Manager
APPOracle8.2.0 – 8.2.2Oracle Enterprise Manager Base Platform
APPOracle13.3.0.013.4.0.0Oracle Global Lifecycle Management Opatch
APPOracle< 12.2.0.1.20Oracle Jd Edwards Enterpriseone Orchestrator
APPOracle< 9.2.4.2Oracle Jd Edwards Enterpriseone Tools
APPOracle< 9.2.4.2Oracle Primavera Unifier
APPOracle16.116.218.819.1217.7 – 17.12Oracle Retail Merchandising System
APPOracle15.0Oracle Retail Sales Audit
APPOracle14.1Oracle Retail Xstore Point Of Service
APPOracle15.016.017.018.019.0Oracle Weblogic Server
APPOracle12.2.1.3.012.2.1.4.0
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
Tagi
Deserialization
CWE
Referencje
Powiązane podatności
CVE-2026-24061CRITICAL9.8⚠ KEVPL ✓ten sam produkt
GNU Inetutils telnetd: ominięcie uwierzytelnienia przez zmienną USER
CVE-2025-32463CRITICAL9.3⚠ KEVPL ✓ten sam produkt
Sudo: eskalacja uprawnień do root poprzez opcję --chroot (CVE-2025-32463)
CVE-2025-49113CRITICAL9.9⚠ KEVPL ✓ten sam produkt
RCE przez deserializację PHP w Roundcube Webmail (parametr _from)
CVE-2025-32433CRITICAL10.0⚠ KEVPL ✓ten sam produkt
Erlang/OTP SSH — nieuwierzytelniony RCE (CVSS 10.0)
CVE-2025-24201CRITICAL10.0⚠ KEVPL ✓ten sam produkt
Apple WebKit: out-of-bounds write umożliwiający ucieczkę z sandbox przeglądarki