Home

CVE-2018-14719

Description

FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the blaze-ds-opt and blaze-ds-core classes from polymorphic deserialization.

Risk Information

Base Score
9.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
2.605

Associated Vulnerability

VulnerabilityOS Platform
Multiple Vulnerabilities are affected in Oracle 11.2.0.4Windows
Multiple Vulnerabilities are affected in Oracle 12.1.0.2Windows
Multiple Vulnerabilities are affected in Oracle 12.2.0.1Windows
Multiple Vulnerabilities are affected in Oracle 18cWindows
Multiple Vulnerabilities are affected in Oracle 19cWindows
Multiple vulnerabilities are fixed in Jackson-databind 2.8.11.3Windows
Multiple vulnerabilities are fixed in Jackson-databind 2.7.9.5Windows
Vulnerabilities CVE-2018-14719,CVE-2018-14720,CVE-2018-14721,CVE-2018-14718 are fixed in Jackson-databind 2.9.7Windows
Multiple Vulnerabilities are affected in IBM Sterling B2B Integrator 6.0.3.1Windows
Multiple Vulnerabilities are affected in Netapp Snapcenter 2.3Windows
Multiple Vulnerabilities are affected in Netapp Oncommand Workflow Automation 2.3Windows
Multiple Vulnerabilities are affected in IBM Sterling B2B Integrator 5.2.6.5Windows
Multiple vulnerabilities are fixed in Jackson-databind for Linux 2.8.11.3Linux
Multiple vulnerabilities are fixed in Jackson-databind for Linux 2.7.9.5Linux
Vulnerabilities CVE-2018-14719,CVE-2018-14720,CVE-2018-14721,CVE-2018-14718 are fixed in Jackson-databind for Linux 2.9.7Linux
Deserialization of Untrusted Data Vulnerability (CVE-2018-14719)NCM

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234