CVE-2017-7525
Description
A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.
Risk Information
Base Score
9.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
79.267
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple vulnerabilities are affected in Oracle WebLogic Server 12.2.1.3 | Windows |
| Multiple vulnerabilities are affected in Oracle WebLogic Server 12.1.3.0 | Windows |
| Multiple vulnerabilities are affected in Oracle WebLogic Server 10.3.6.0 | Windows |
| Multiple vulnerabilities are affected in Oracle WebLogic Server 12.2.1.2 | Windows |
| Vulnerabilities CVE-2017-7525 are fixed in Jackson-databind 2.6.7.1 | Windows |
| Vulnerabilities CVE-2017-7525 are fixed in Jackson-databind 2.7.9.1 | Windows |
| Vulnerabilities CVE-2017-7525 are fixed in Jackson-databind 2.8.9 | Windows |
| Multiple Vulnerabilities are affected in IBM Cognos Analytics 11.0.12.0 | Windows |
| Multiple Vulnerabilities are affected in Red Hat JBoss Enterprise Application Platform 7 6.0.0 | Windows |
| Multiple Vulnerabilities are affected in Red Hat JBoss Enterprise Application Platform 7 6.4.0 | Windows |
| Multiple Vulnerabilities are affected in Red Hat JBoss Enterprise Application Platform 7 7.0.0 | Windows |
| Multiple Vulnerabilities are affected in Red Hat JBoss Enterprise Application Platform 7 7.1.0 | Windows |
| Multiple Vulnerabilities are affected in Netapp Snapcenter 2.3 | Windows |
| Multiple Vulnerabilities are affected in Netapp Oncommand Balance 2.3 | Windows |
| Multiple Vulnerabilities are affected in Netapp Oncommand Shift 2.3 | Windows |
| Multiple Vulnerabilities are affected in IBM Aspera Shares 1.10.1 | Windows |
| Python-twisted-web security update (CESA-2016:1978) python-twisted-web-12.1.0-5.el7_2.x86_64.rpm | Linux |
| (RHSA-2016:1978) Important: python-twisted-web security update python-twisted-web-12.1.0-5.el7_2.x86_64.rpm | Linux |
| Suite of data-processing tools for Java (USN-4741-1) libjackson-json-java_1.9.2-7ubuntu0.2_all.deb | Linux |
| Vulnerabilities CVE-2017-7525 are fixed in Jackson-databind for Linux 2.6.7.1 | Linux |
| Vulnerabilities CVE-2017-7525 are fixed in Jackson-databind for Linux 2.7.9.1 | Linux |
| Vulnerabilities CVE-2017-7525 are fixed in Jackson-databind for Linux 2.8.9 | Linux |
| CVE-2017-7525 | NCM |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234