Home

CVE-2018-14720

Description

FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity (XXE) attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization.

Risk Information

Base Score
9.8
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
2.518

Associated Vulnerability

VulnerabilityOS Platform
Multiple vulnerabilities are fixed in Jackson-databind 2.8.11.3Windows
Multiple vulnerabilities are fixed in Jackson-databind 2.7.9.5Windows
Vulnerabilities CVE-2018-14719,CVE-2018-14720,CVE-2018-14721,CVE-2018-14718 are fixed in Jackson-databind 2.9.7Windows
Multiple Vulnerabilities are affected in Red Hat JBoss Enterprise Application Platform 7 7.2.0Windows
Multiple Vulnerabilities are affected in IBM Sterling B2B Integrator 6.0.3.6Windows
Multiple Vulnerabilities are affected in IBM Sterling B2B Integrator 6.1.0.5Windows
Multiple Vulnerabilities are affected in IBM Sterling B2B Integrator 6.1.1.2Windows
Multiple vulnerabilities are fixed in Jackson-databind for Linux 2.8.11.3Linux
Multiple vulnerabilities are fixed in Jackson-databind for Linux 2.7.9.5Linux
Vulnerabilities CVE-2018-14719,CVE-2018-14720,CVE-2018-14721,CVE-2018-14718 are fixed in Jackson-databind for Linux 2.9.7Linux
Improper Restriction of XML External Entity Reference Vulnerability (CVE-2018-14720)NCM

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234