CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2020-9548

CVSS 9.8v3.1pub. 2020-03-02upd. 2024-11-21

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Debian

    OS
    Debian
    8.0
  • Fasterxml Jackson Databind

    APP
    Fasterxml
    2.8.0 – 2.8.11.6 (bez)2.9.0 – 2.9.10.4 (bez)2.0.0 – 2.7.9.7 (bez)
  • Netapp Active Iq Unified Manager

    APP
    Netapp
    ≥ 9.5≥ 7.3
  • Oracle Agile Plm

    APP
    Oracle
    9.3.6
  • Oracle Autovue For Agile Product Lifecycle Management

    APP
    Oracle
    21.0.2
  • Oracle Banking Digital Experience

    APP
    Oracle
    18.118.218.319.119.220.1
  • Oracle Banking Platform

    APP
    Oracle
    2.4.0 – 2.9.0
  • Oracle Communications Calendar Server

    APP
    Oracle
    8.0.0.4.0
  • Oracle Communications Contacts Server

    APP
    Oracle
    8.0.0.4.08.0.0.5.0
  • Oracle Communications Diameter Signaling Router

    APP
    Oracle
    8.0.0 – 8.2.2
  • Oracle Communications Element Manager

    APP
    Oracle
    8.2.0 – 8.2.2
  • Oracle Communications Evolved Communications Application Server

    APP
    Oracle
    7.1
  • Oracle Communications Instant Messaging Server

    APP
    Oracle
    10.0.1.4.0
  • Oracle Communications Network Charging And Control

    APP
    Oracle
    6.0.112.0.0 – 12.0.3
  • Oracle Communications Session Report Manager

    APP
    Oracle
    8.2.0 – 8.2.2
  • Oracle Communications Session Route Manager

    APP
    Oracle
    8.2.0 – 8.2.2
  • Oracle Enterprise Manager Base Platform

    APP
    Oracle
    13.3.0.013.4.0.0
  • Oracle Global Lifecycle Management Opatch

    APP
    Oracle
    < 12.2.0.1.20
  • Oracle Jd Edwards Enterpriseone Orchestrator

    APP
    Oracle
    < 9.2.4.2
  • Oracle Jd Edwards Enterpriseone Tools

    APP
    Oracle
    < 9.2.4.2
  • Oracle Primavera Unifier

    APP
    Oracle
    16.116.218.819.1217.7 – 17.12
  • Oracle Retail Merchandising System

    APP
    Oracle
    15.0
  • Oracle Retail Sales Audit

    APP
    Oracle
    14.1
  • Oracle Retail Xstore Point Of Service

    APP
    Oracle
    15.016.017.018.019.0
  • Oracle Weblogic Server

    APP
    Oracle
    12.2.1.3.012.2.1.4.0
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
Deserialization
CWE
References

Related vulnerabilities

CVE-2026-24061CRITICAL9.8⚠ KEVPL ✓ten sam produkt

GNU Inetutils telnetd: ominięcie uwierzytelnienia przez zmienną USER

CVE-2025-32463CRITICAL9.3⚠ KEVPL ✓ten sam produkt

Sudo: eskalacja uprawnień do root poprzez opcję --chroot (CVE-2025-32463)

CVE-2025-49113CRITICAL9.9⚠ KEVPL ✓ten sam produkt

RCE przez deserializację PHP w Roundcube Webmail (parametr _from)

CVE-2025-32433CRITICAL10.0⚠ KEVPL ✓ten sam produkt

Erlang/OTP SSH — nieuwierzytelniony RCE (CVSS 10.0)

CVE-2025-24201CRITICAL10.0⚠ KEVPL ✓ten sam produkt

Apple WebKit: out-of-bounds write umożliwiający ucieczkę z sandbox przeglądarki