CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2017-7525

CVSS 9.8v3.1pub. 2018-02-06upd. 2024-11-21

A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Debian

    OS
    Debian
    8.09.0
  • Fasterxml Jackson Databind

    APP
    Fasterxml
    2.9.0< 2.6.7.12.7.0 – 2.7.9.1 (bez)2.8.0 – 2.8.9 (bez)
  • Netapp Oncommand Balance

    APP
    Netapp
    wszystkie wersje
  • Netapp Oncommand Performance Manager

    APP
    Netapp
    wszystkie wersje
  • Netapp Oncommand Shift

    APP
    Netapp
    wszystkie wersje
  • Netapp Snapcenter

    APP
    Netapp
    wszystkie wersje
  • Oracle Banking Platform

    APP
    Oracle
    2.5.02.6.02.6.12.6.2
  • Oracle Communications Billing And Revenue Management

    APP
    Oracle
    12.07.5
  • Oracle Communications Communications Policy Management

    APP
    Oracle
    12.0 – 12.5.2
  • Oracle Communications Diameter Signaling Route

    APP
    Oracle
    < 8.3
  • Oracle Communications Instant Messaging Server

    APP
    Oracle
    10.0.110.0.1.2.0
  • Oracle Enterprise Manager For Virtualization

    APP
    Oracle
    13.2.213.2.313.3.1
  • Oracle Financial Services Analytical Applications Infrastructure

    APP
    Oracle
    8.0.2.0.08.0.3.0.08.0.4.0.08.0.5.0.08.0.6.0.08.0.7.0.0
  • Oracle Global Lifecycle Management Opatchauto

    APP
    Oracle
    < 12.2.0.1.14
  • Oracle Primavera Unifier

    APP
    Oracle
    16.116.218.817.1 – 17.12
  • Oracle Utilities Advanced Spatial And Operational Analytics

    APP
    Oracle
    2.7.0.1
  • Oracle Webcenter Portal

    APP
    Oracle
    12.2.1.3.0
  • Red Hat Enterprise Linux Server

    OS
    Redhat
    5.06.07.0
  • Red Hat Jboss Enterprise Application Platform

    APP
    Redhat
    6.0.06.4.07.07.1
  • Red Hat OpenShift Container Platform

    APP
    Redhat
    3.114.1
  • Red Hat Virtualization

    APP
    Redhat
    4.0
  • Red Hat Virtualization Host

    APP
    Redhat
    4.0
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
RCEDeserialization
CWE
References

Related vulnerabilities

CVE-2026-24061CRITICAL9.8⚠ KEVPL ✓ten sam produkt

GNU Inetutils telnetd: ominięcie uwierzytelnienia przez zmienną USER

CVE-2025-32463CRITICAL9.3⚠ KEVPL ✓ten sam produkt

Sudo: eskalacja uprawnień do root poprzez opcję --chroot (CVE-2025-32463)

CVE-2025-49113CRITICAL9.9⚠ KEVPL ✓ten sam produkt

RCE przez deserializację PHP w Roundcube Webmail (parametr _from)

CVE-2025-32433CRITICAL10.0⚠ KEVPL ✓ten sam produkt

Erlang/OTP SSH — nieuwierzytelniony RCE (CVSS 10.0)

CVE-2025-24201CRITICAL10.0⚠ KEVPL ✓ten sam produkt

Apple WebKit: out-of-bounds write umożliwiający ucieczkę z sandbox przeglądarki