FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.ehcache blocking.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HDebian
OSDebian8.0Fasterxml Jackson Databind
APPFasterxml2.8.0 – 2.8.11.5 (bez)2.9.0 – 2.9.10.2 (bez)2.0.0 – 2.7.9.7 (bez)Netapp Active Iq Unified Manager
APPNetapp≥ 7.3≥ 9.5Netapp Oncommand Api Services
APPNetappwszystkie wersjeNetapp Service Level Manager
APPNetappwszystkie wersjeNetapp Snapcenter
APPNetappwszystkie wersjeNetapp Steelstore Cloud Integrated Storage
APPNetappwszystkie wersjeOracle Banking Platform
APPOracle2.4.0 – 2.9.0Oracle Communications Billing And Revenue Management
APPOracle12.0.0.3.07.5.0.23.0Oracle Communications Cloud Native Core Network Slice Selection Function
APPOracle1.2.1Oracle Communications Contacts Server
APPOracle8.0.0.4.0Oracle Communications Evolved Communications Application Server
APPOracle7.1Oracle Communications Instant Messaging Server
APPOracle10.0.1.4.0Oracle Communications Network Charging And Control
APPOracle6.0.112.0.0 – 12.0.3Oracle Customer Management And Segmentation Foundation
APPOracle18.0Oracle Enterprise Manager Base Platform
APPOracle13.3.0.013.4.0.0Oracle Global Lifecycle Management Opatch
APPOracle< 11.2.0.3.2313.9.4.0.0 – 13.9.4.2.1 (bez)12.2.0.1.0 – 12.2.0.1.19 (bez)Oracle Goldengate Application Adapters
APPOracle19.1.0.0.0Oracle Goldengate Stream Analytics
APPOracle< 19.1.0.0.1Oracle Jd Edwards Enterpriseone Orchestrator
APPOracle< 9.2.4.2Oracle Jd Edwards Enterpriseone Tools
APPOracle< 9.2.4.2Oracle Primavera Unifier
APPOracle16.116.218.819.1217.7 – 17.12Oracle Retail Merchandising System
APPOracle15.0.316.0.216.0.3Oracle Retail Sales Audit
APPOracle14.1Oracle Retail Xstore Point Of Service
APPOracle15.016.017.018.019.0Oracle Siebel Engineering Installer \& Deployment
APPOracle≤ 2.20.5Oracle Siebel Ui Framework
APPOracle≤ 20.5Oracle Trace File Analyzer
APPOracle12.2.0.118c19cOracle Webcenter Portal
APPOracle12.2.1.3.012.2.1.4.0Oracle Weblogic Server
APPOracle12.2.1.3.012.2.1.4.0
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
Deserialization
CWE
References
Related vulnerabilities
CVE-2026-24061CRITICAL9.8⚠ KEVPL ✓ten sam produkt
GNU Inetutils telnetd: ominięcie uwierzytelnienia przez zmienną USER
CVE-2025-32463CRITICAL9.3⚠ KEVPL ✓ten sam produkt
Sudo: eskalacja uprawnień do root poprzez opcję --chroot (CVE-2025-32463)
CVE-2025-49113CRITICAL9.9⚠ KEVPL ✓ten sam produkt
RCE przez deserializację PHP w Roundcube Webmail (parametr _from)
CVE-2025-32433CRITICAL10.0⚠ KEVPL ✓ten sam produkt
Erlang/OTP SSH — nieuwierzytelniony RCE (CVSS 10.0)
CVE-2025-24201CRITICAL10.0⚠ KEVPL ✓ten sam produkt
Apple WebKit: out-of-bounds write umożliwiający ucieczkę z sandbox przeglądarki