CVE-2019-12384
Description
FasterXML jackson-databind 2.x before 2.9.9.1 might allow attackers to have a variety of impacts by leveraging failure to block the logback-core class from polymorphic deserialization. Depending on the classpath content, remote code execution may be possible.
Risk Information
Base Score
5.9
MODERATE
Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
51.675
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple vulnerabilities are fixed in Jackson-databind 2.6.7.3 | Windows |
| Vulnerabilities CVE-2019-14439,CVE-2019-14379,CVE-2019-12814,CVE-2019-12384,CVE-2019-12086 are fixed in Jackson-databind 2.7.9.6 | Windows |
| Vulnerabilities CVE-2019-14439,CVE-2019-14379,CVE-2019-12814,CVE-2019-12384,CVE-2019-12086 are fixed in Jackson-databind 2.8.11.4 | Windows |
| Vulnerabilities CVE-2019-12814,CVE-2019-12384 are fixed in Jackson-databind 2.9.9.1 | Windows |
| Multiple Vulnerabilities are affected in IBM Sterling B2B Integrator 6.0.3.6 | Windows |
| Multiple Vulnerabilities are affected in IBM Sterling B2B Integrator 6.1.0.5 | Windows |
| Multiple Vulnerabilities are affected in IBM Operational Decision Manager 8.11.0.1 | Windows |
| Multiple Vulnerabilities are affected in IBM Operational Decision Manager 8.11.1 | Windows |
| Multiple Vulnerabilities are affected in IBM Operational Decision Manager 8.10.4 | Windows |
| Multiple Vulnerabilities are affected in IBM Operational Decision Manager 8.10.5.2 | Windows |
| Multiple Vulnerabilities are affected in IBM Operational Decision Manager 8.12.0.1 | Windows |
| Multiple Vulnerabilities are affected in IBM Sterling B2B Integrator 6.1.1.2 | Windows |
| (RHSA-2019:2720) pki-deps:10.6 security update apache-commons-collections-3.2.2-10.module+el8.0.0+3892+c903d3f0.noarch.rpm | Linux |
| (RHSA-2019:2720) pki-deps:10.6 security update apache-commons-lang-2.6-21.module+el8.0.0+3892+c903d3f0.noarch.rpm | Linux |
| (RHSA-2019:2720) pki-deps:10.6 security update bea-stax-api-1.2.0-16.module+el8.0.0+3892+c903d3f0.noarch.rpm | Linux |
| (RHSA-2019:2720) pki-deps:10.6 security update glassfish-fastinfoset-1.2.13-9.module+el8.0.0+3892+c903d3f0.noarch.rpm | Linux |
| (RHSA-2019:2720) pki-deps:10.6 security update glassfish-jaxb-api-2.2.12-8.module+el8.0.0+3892+c903d3f0.noarch.rpm | Linux |
| (RHSA-2019:2720) pki-deps:10.6 security update glassfish-jaxb-core-2.2.11-11.module+el8.0.0+3892+c903d3f0.noarch.rpm | Linux |
| (RHSA-2019:2720) pki-deps:10.6 security update glassfish-jaxb-runtime-2.2.11-11.module+el8.0.0+3892+c903d3f0.noarch.rpm | Linux |
| (RHSA-2019:2720) pki-deps:10.6 security update glassfish-jaxb-txw2-2.2.11-11.module+el8.0.0+3892+c903d3f0.noarch.rpm | Linux |
| (RHSA-2019:2720) pki-deps:10.6 security update jackson-annotations-2.9.9-1.module+el8.0.0+3892+c903d3f0.noarch.rpm | Linux |
| (RHSA-2019:2720) pki-deps:10.6 security update jackson-core-2.9.9-1.module+el8.0.0+3892+c903d3f0.noarch.rpm | Linux |
| (RHSA-2019:2720) pki-deps:10.6 security update jackson-databind-2.9.9.2-1.module+el8.0.0+3892+c903d3f0.noarch.rpm | Linux |
| (RHSA-2019:2720) pki-deps:10.6 security update jackson-jaxrs-json-provider-2.9.9-1.module+el8.0.0+3892+c903d3f0.noarch.rpm | Linux |
| (RHSA-2019:2720) pki-deps:10.6 security update jackson-jaxrs-providers-2.9.9-1.module+el8.0.0+3892+c903d3f0.noarch.rpm | Linux |
| (RHSA-2019:2720) pki-deps:10.6 security update jackson-module-jaxb-annotations-2.7.6-4.module+el8.0.0+3892+c903d3f0.noarch.rpm | Linux |
| (RHSA-2019:2720) pki-deps:10.6 security update jakarta-commons-httpclient-3.1-28.module+el8.0.0+3892+c903d3f0.noarch.rpm | Linux |
| (RHSA-2019:2720) pki-deps:10.6 security update javassist-3.18.1-8.module+el8.0.0+3892+c903d3f0.noarch.rpm | Linux |
| (RHSA-2019:2720) pki-deps:10.6 security update javassist-javadoc-3.18.1-8.module+el8.0.0+3892+c903d3f0.noarch.rpm | Linux |
| (RHSA-2019:2720) pki-deps:10.6 security update pki-servlet-4.0-api-9.0.7-14.module+el8.0.0+3892+c903d3f0.noarch.rpm | Linux |
| (RHSA-2019:2720) pki-deps:10.6 security update pki-servlet-container-9.0.7-14.module+el8.0.0+3892+c903d3f0.noarch.rpm | Linux |
| (RHSA-2019:2720) pki-deps:10.6 security update python-nss-debugsource-1.0.1-10.module+el8.0.0+3892+c903d3f0.x86_64.rpm | Linux |
| (RHSA-2019:2720) pki-deps:10.6 security update python-nss-doc-1.0.1-10.module+el8.0.0+3892+c903d3f0.x86_64.rpm | Linux |
| (RHSA-2019:2720) pki-deps:10.6 security update python3-nss-1.0.1-10.module+el8.0.0+3892+c903d3f0.x86_64.rpm | Linux |
| (RHSA-2019:2720) pki-deps:10.6 security update relaxngDatatype-2011.1-7.module+el8.0.0+3892+c903d3f0.noarch.rpm | Linux |
| (RHSA-2019:2720) pki-deps:10.6 security update resteasy-3.0.26-3.module+el8.0.0+3892+c903d3f0.noarch.rpm | Linux |
| (RHSA-2019:2720) pki-deps:10.6 security update slf4j-1.7.25-4.module+el8.0.0+3892+c903d3f0.noarch.rpm | Linux |
| (RHSA-2019:2720) pki-deps:10.6 security update slf4j-jdk14-1.7.25-4.module+el8.0.0+3892+c903d3f0.noarch.rpm | Linux |
| (RHSA-2019:2720) pki-deps:10.6 security update stax-ex-1.7.7-8.module+el8.0.0+3892+c903d3f0.noarch.rpm | Linux |
| (RHSA-2019:2720) pki-deps:10.6 security update velocity-1.7-24.module+el8.0.0+3892+c903d3f0.noarch.rpm | Linux |
| (RHSA-2019:2720) pki-deps:10.6 security update xalan-j2-2.7.1-38.module+el8.0.0+3892+c903d3f0.noarch.rpm | Linux |
| (RHSA-2019:2720) pki-deps:10.6 security update xerces-j2-2.11.0-34.module+el8.0.0+3892+c903d3f0.noarch.rpm | Linux |
| (RHSA-2019:2720) pki-deps:10.6 security update xml-commons-apis-1.4.01-25.module+el8.0.0+3892+c903d3f0.noarch.rpm | Linux |
| (RHSA-2019:2720) pki-deps:10.6 security update xml-commons-resolver-1.2-26.module+el8.0.0+3892+c903d3f0.noarch.rpm | Linux |
| (RHSA-2019:2720) pki-deps:10.6 security update xmlstreambuffer-1.5.4-8.module+el8.0.0+3892+c903d3f0.noarch.rpm | Linux |
| (RHSA-2019:2720) pki-deps:10.6 security update xsom-0-19.20110809svn.module+el8.0.0+3892+c903d3f0.noarch.rpm | Linux |
| (RHSA-2019:2720)Important: security update python3-nss-debuginfo-1.0.1-10.module+el8.0.0+3892+c903d3f0.x86_64.rpm | Linux |
| pki-deps:10.6 security update (RLSA-2019:2720) slf4j-1.7.25-4.module+el8.5.0+697+f586bb30.noarch.rpm | Linux |
| pki-deps:10.6 security update (RLSA-2019:2720) velocity-1.7-24.module+el8.3.0+53+ea062990.noarch.rpm | Linux |
| pki-deps:10.6 security update (RLSA-2019:2720) xalan-j2-2.7.1-38.module+el8.3.0+53+ea062990.noarch.rpm | Linux |
| pki-deps:10.6 security update (RLSA-2019:2720) javassist-3.18.1-8.module+el8.3.0+53+ea062990.noarch.rpm | Linux |
| pki-deps:10.6 security update (RLSA-2019:2720) xerces-j2-2.11.0-34.module+el8.3.0+53+ea062990.noarch.rpm | Linux |
| pki-deps:10.6 security update (RLSA-2019:2720) javassist-javadoc-3.18.1-8.module+el8.3.0+53+ea062990.noarch.rpm | Linux |
| pki-deps:10.6 security update (RLSA-2019:2720) apache-commons-lang-2.6-21.module+el8.3.0+53+ea062990.noarch.rpm | Linux |
| pki-deps:10.6 security update (RLSA-2019:2720) xml-commons-resolver-1.2-26.module+el8.3.0+53+ea062990.noarch.rpm | Linux |
| pki-deps:10.6 security update (RLSA-2019:2720) apache-commons-collections-3.2.2-10.module+el8.3.0+53+ea062990.noarch.rpm | Linux |
| pki-deps:10.6 security update (RLSA-2019:2720) jakarta-commons-httpclient-3.1-28.module+el8.3.0+53+ea062990.noarch.rpm | Linux |
| Apache-commons-collections update (ELSA-2019-2720) apache-commons-collections-3.2.2-10.module+el8.0.0+5332+2d497d9a.noarch.rpm | Linux |
| Apache-commons-lang update (ELSA-2019-2720) apache-commons-lang-2.6-21.module+el8.0.0+5332+2d497d9a.noarch.rpm | Linux |
| Bea-stax-api update (ELSA-2019-2720) bea-stax-api-1.2.0-16.module+el8.0.0+5332+2d497d9a.noarch.rpm | Linux |
| Glassfish-fastinfoset update (ELSA-2019-2720) glassfish-fastinfoset-1.2.13-9.module+el8.0.0+5332+2d497d9a.noarch.rpm | Linux |
| Glassfish-jaxb-api update (ELSA-2019-2720) glassfish-jaxb-api-2.2.12-8.module+el8.0.0+5332+2d497d9a.noarch.rpm | Linux |
| Glassfish-jaxb-core update (ELSA-2019-2720) glassfish-jaxb-core-2.2.11-11.module+el8.0.0+5332+2d497d9a.noarch.rpm | Linux |
| Glassfish-jaxb-runtime update (ELSA-2019-2720) glassfish-jaxb-runtime-2.2.11-11.module+el8.0.0+5332+2d497d9a.noarch.rpm | Linux |
| Glassfish-jaxb-txw2 update (ELSA-2019-2720) glassfish-jaxb-txw2-2.2.11-11.module+el8.0.0+5332+2d497d9a.noarch.rpm | Linux |
| Jackson-annotations update (ELSA-2019-2720) jackson-annotations-2.9.8-1.module+el8.0.0+5332+2d497d9a.noarch.rpm | Linux |
| Jackson-core update (ELSA-2019-2720) jackson-core-2.9.8-1.module+el8.0.0+5332+2d497d9a.noarch.rpm | Linux |
| Jackson-databind update (ELSA-2019-2720) jackson-databind-2.9.8-1.module+el8.0.0+5332+2d497d9a.noarch.rpm | Linux |
| Jackson-jaxrs-json-provider update (ELSA-2019-2720) jackson-jaxrs-json-provider-2.9.8-1.module+el8.0.0+5332+2d497d9a.noarch.rpm | Linux |
| Jackson-jaxrs-providers update (ELSA-2019-2720) jackson-jaxrs-providers-2.9.8-1.module+el8.0.0+5332+2d497d9a.noarch.rpm | Linux |
| Jackson-module-jaxb-annotations update (ELSA-2019-2720) jackson-module-jaxb-annotations-2.7.6-4.module+el8.0.0+5332+2d497d9a.noarch.rpm | Linux |
| Jakarta-commons-httpclient update (ELSA-2019-2720) jakarta-commons-httpclient-3.1-28.module+el8.0.0+5332+2d497d9a.noarch.rpm | Linux |
| Javassist update (ELSA-2019-2720) javassist-3.18.1-8.module+el8.0.0+5332+2d497d9a.noarch.rpm | Linux |
| Javassist-javadoc update (ELSA-2019-2720) javassist-javadoc-3.18.1-8.module+el8.0.0+5332+2d497d9a.noarch.rpm | Linux |
| Pki-servlet-4.0-api update (ELSA-2019-2720) pki-servlet-4.0-api-9.0.7-14.module+el8.0.0+5332+2d497d9a.noarch.rpm | Linux |
| Pki-servlet-container update (ELSA-2019-2720) pki-servlet-container-9.0.7-14.module+el8.0.0+5332+2d497d9a.noarch.rpm | Linux |
| Python-nss-doc update (ELSA-2019-2720) python-nss-doc-1.0.1-10.module+el8.0.0+5332+2d497d9a.x86_64.rpm | Linux |
| Python3-nss update (ELSA-2019-2720) python3-nss-1.0.1-10.module+el8.0.0+5332+2d497d9a.x86_64.rpm | Linux |
| RelaxngDatatype update (ELSA-2019-2720) relaxngDatatype-2011.1-7.module+el8.0.0+5332+2d497d9a.noarch.rpm | Linux |
| Resteasy update (ELSA-2019-2720) resteasy-3.0.26-3.module+el8.0.0+5332+2d497d9a.noarch.rpm | Linux |
| Slf4j update (ELSA-2019-2720) slf4j-1.7.25-4.module+el8.0.0+5332+2d497d9a.noarch.rpm | Linux |
| Slf4j-jdk14 update (ELSA-2019-2720) slf4j-jdk14-1.7.25-4.module+el8.0.0+5332+2d497d9a.noarch.rpm | Linux |
| Stax-ex update (ELSA-2019-2720) stax-ex-1.7.7-8.module+el8.0.0+5332+2d497d9a.noarch.rpm | Linux |
| Velocity update (ELSA-2019-2720) velocity-1.7-24.module+el8.0.0+5332+2d497d9a.noarch.rpm | Linux |
| Xalan-j2 update (ELSA-2019-2720) xalan-j2-2.7.1-38.module+el8.0.0+5332+2d497d9a.noarch.rpm | Linux |
| Xerces-j2 update (ELSA-2019-2720) xerces-j2-2.11.0-34.module+el8.0.0+5332+2d497d9a.noarch.rpm | Linux |
| Xml-commons-apis update (ELSA-2019-2720) xml-commons-apis-1.4.01-25.module+el8.0.0+5332+2d497d9a.noarch.rpm | Linux |
| Xml-commons-resolver update (ELSA-2019-2720) xml-commons-resolver-1.2-26.module+el8.0.0+5332+2d497d9a.noarch.rpm | Linux |
| Xmlstreambuffer update (ELSA-2019-2720) xmlstreambuffer-1.5.4-8.module+el8.0.0+5332+2d497d9a.noarch.rpm | Linux |
| Xsom update (ELSA-2019-2720) xsom-0-19.20110809svn.module+el8.0.0+5332+2d497d9a.noarch.rpm | Linux |
| Multiple vulnerabilities are fixed in Jackson-databind for Linux 2.6.7.3 | Linux |
| Vulnerabilities CVE-2019-14439,CVE-2019-14379,CVE-2019-12814,CVE-2019-12384,CVE-2019-12086 are fixed in Jackson-databind for Linux 2.7.9.6 | Linux |
| Vulnerabilities CVE-2019-14439,CVE-2019-14379,CVE-2019-12814,CVE-2019-12384,CVE-2019-12086 are fixed in Jackson-databind for Linux 2.8.11.4 | Linux |
| Vulnerabilities CVE-2019-12814,CVE-2019-12384 are fixed in Jackson-databind for Linux 2.9.9.1 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234