Home

CVE-2019-16943

Description

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.

Risk Information

Base Score
9.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
1.841

Associated Vulnerability

VulnerabilityOS Platform
Multiple vulnerabilities are affected in Oracle WebLogic Server 12.2.1.3.0Windows
Multiple vulnerabilities are affected in Oracle WebLogic Server 12.2.1.4.0Windows
Multiple vulnerabilities are fixed in Jackson-databind 2.6.7.3Windows
Multiple vulnerabilities are fixed in Jackson-databind 2.8.11.5Windows
Vulnerabilities CVE-2019-17531,CVE-2019-16943,CVE-2019-16942 are fixed in Jackson-databind 2.9.10.1Windows
Multiple Vulnerabilities are affected in Netapp Active Iq Unified Manager 2.3Windows
Multiple Vulnerabilities are affected in Netapp Oncommand Workflow Automation 2.3Windows
Multiple Vulnerabilities are affected in Red Hat JBoss Enterprise Application Platform 7 7.2Windows
Multiple Vulnerabilities are affected in Red Hat JBoss Enterprise Application Platform 7 7.3Windows
Multiple Vulnerabilities are affected in IBM Sterling B2B Integrator 5.2.6.5Windows
Multiple Vulnerabilities are affected in IBM Sterling B2B Integrator 6.0.3.4Windows
Multiple Vulnerabilities are affected in IBM Cognos Analytics 11.1Windows
Multiple Vulnerabilities are affected in IBM Cognos Analytics 11.2Windows
Multiple Vulnerabilities are affected in IBM Sterling B2B Integrator 6.0.0.6Windows
Multiple Vulnerabilities are affected in IBM Sterling B2B Integrator 6.1.0.2Windows
(RHSA-2020:1644) pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update apache-commons-collections-3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch.rpmLinux
(RHSA-2020:1644) pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update apache-commons-lang-2.6-21.module+el8.1.0+3366+6dfb954c.noarch.rpmLinux
(RHSA-2020:1644) pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update bea-stax-api-1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch.rpmLinux
(RHSA-2020:1644) pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update glassfish-fastinfoset-1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch.rpmLinux
(RHSA-2020:1644) pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update glassfish-jaxb-api-2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch.rpmLinux
(RHSA-2020:1644) pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update glassfish-jaxb-core-2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch.rpmLinux
(RHSA-2020:1644) pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update glassfish-jaxb-runtime-2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch.rpmLinux
(RHSA-2020:1644) pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update glassfish-jaxb-txw2-2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch.rpmLinux
(RHSA-2020:1644) pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update jackson-annotations-2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch.rpmLinux
(RHSA-2020:1644) pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update jackson-core-2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch.rpmLinux
(RHSA-2020:1644) pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update jackson-databind-2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch.rpmLinux
(RHSA-2020:1644) pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update jackson-jaxrs-json-provider-2.9.9-1.module+el8.1.0+3832+9784644d.noarch.rpmLinux
(RHSA-2020:1644) pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update jackson-jaxrs-providers-2.9.9-1.module+el8.1.0+3832+9784644d.noarch.rpmLinux
(RHSA-2020:1644) pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update jackson-module-jaxb-annotations-2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch.rpmLinux
(RHSA-2020:1644) pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update jakarta-commons-httpclient-3.1-28.module+el8.1.0+3366+6dfb954c.noarch.rpmLinux
(RHSA-2020:1644) pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update javassist-3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch.rpmLinux
(RHSA-2020:1644) pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update javassist-javadoc-3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch.rpmLinux
(RHSA-2020:1644) pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update jss-4.6.2-4.module+el8.2.0+6123+b4678599.x86_64.rpmLinux
(RHSA-2020:1644) pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update jss-debugsource-4.6.2-4.module+el8.2.0+6123+b4678599.x86_64.rpmLinux
(RHSA-2020:1644) pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update jss-javadoc-4.6.2-4.module+el8.2.0+6123+b4678599.x86_64.rpmLinux
(RHSA-2020:1644) pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update ldapjdk-4.21.0-2.module+el8.2.0+4573+c3c38c7b.noarch.rpmLinux
(RHSA-2020:1644) pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update ldapjdk-javadoc-4.21.0-2.module+el8.2.0+4573+c3c38c7b.noarch.rpmLinux
(RHSA-2020:1644) pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update pki-base-10.8.3-1.module+el8.2.0+5925+bad5981a.noarch.rpmLinux
(RHSA-2020:1644) pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update pki-base-java-10.8.3-1.module+el8.2.0+5925+bad5981a.noarch.rpmLinux
(RHSA-2020:1644) pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update pki-ca-10.8.3-1.module+el8.2.0+5925+bad5981a.noarch.rpmLinux
(RHSA-2020:1644) pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update pki-core-debugsource-10.8.3-1.module+el8.2.0+5925+bad5981a.x86_64.rpmLinux
(RHSA-2020:1644) pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update pki-kra-10.8.3-1.module+el8.2.0+5925+bad5981a.noarch.rpmLinux
(RHSA-2020:1644) pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update pki-server-10.8.3-1.module+el8.2.0+5925+bad5981a.noarch.rpmLinux
(RHSA-2020:1644) pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update pki-servlet-4.0-api-9.0.7-16.module+el8.1.0+3366+6dfb954c.noarch.rpmLinux
(RHSA-2020:1644) pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update pki-servlet-engine-9.0.7-16.module+el8.1.0+3366+6dfb954c.noarch.rpmLinux
(RHSA-2020:1644) pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update pki-symkey-10.8.3-1.module+el8.2.0+5925+bad5981a.x86_64.rpmLinux
(RHSA-2020:1644) pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update pki-tools-10.8.3-1.module+el8.2.0+5925+bad5981a.x86_64.rpmLinux
(RHSA-2020:1644) pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update python-nss-debugsource-1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64.rpmLinux
(RHSA-2020:1644) pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update python-nss-doc-1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64.rpmLinux
(RHSA-2020:1644) pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update python3-nss-1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64.rpmLinux
(RHSA-2020:1644) pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update python3-pki-10.8.3-1.module+el8.2.0+5925+bad5981a.noarch.rpmLinux
(RHSA-2020:1644) pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update relaxngDatatype-2011.1-7.module+el8.1.0+3366+6dfb954c.noarch.rpmLinux
(RHSA-2020:1644) pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update resteasy-3.0.26-3.module+el8.1.0+3366+6dfb954c.noarch.rpmLinux
(RHSA-2020:1644) pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update slf4j-1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch.rpmLinux
(RHSA-2020:1644) pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update slf4j-jdk14-1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch.rpmLinux
(RHSA-2020:1644) pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update stax-ex-1.7.7-8.module+el8.1.0+3366+6dfb954c.noarch.rpmLinux
(RHSA-2020:1644) pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update tomcatjss-7.4.1-2.module+el8.2.0+4573+c3c38c7b.noarch.rpmLinux
(RHSA-2020:1644) pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update velocity-1.7-24.module+el8.1.0+3366+6dfb954c.noarch.rpmLinux
(RHSA-2020:1644) pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update xalan-j2-2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch.rpmLinux
(RHSA-2020:1644) pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update xerces-j2-2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch.rpmLinux
(RHSA-2020:1644) pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update xml-commons-apis-1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch.rpmLinux
(RHSA-2020:1644) pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update xml-commons-resolver-1.2-26.module+el8.1.0+3366+6dfb954c.noarch.rpmLinux
(RHSA-2020:1644) pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update xmlstreambuffer-1.5.4-8.module+el8.1.0+3366+6dfb954c.noarch.rpmLinux
(RHSA-2020:1644) pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update xsom-0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch.rpmLinux
pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update (RLSA-2020:1644) slf4j-1.7.25-4.module+el8.5.0+697+f586bb30.noarch.rpmLinux
pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update (RLSA-2020:1644) velocity-1.7-24.module+el8.3.0+53+ea062990.noarch.rpmLinux
pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update (RLSA-2020:1644) xalan-j2-2.7.1-38.module+el8.3.0+53+ea062990.noarch.rpmLinux
pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update (RLSA-2020:1644) javassist-3.18.1-8.module+el8.3.0+53+ea062990.noarch.rpmLinux
pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update (RLSA-2020:1644) xerces-j2-2.11.0-34.module+el8.3.0+53+ea062990.noarch.rpmLinux
pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update (RLSA-2020:1644) javassist-javadoc-3.18.1-8.module+el8.3.0+53+ea062990.noarch.rpmLinux
pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update (RLSA-2020:1644) apache-commons-lang-2.6-21.module+el8.3.0+53+ea062990.noarch.rpmLinux
pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update (RLSA-2020:1644) xml-commons-resolver-1.2-26.module+el8.3.0+53+ea062990.noarch.rpmLinux
pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update (RLSA-2020:1644) apache-commons-collections-3.2.2-10.module+el8.3.0+53+ea062990.noarch.rpmLinux
pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update (RLSA-2020:1644) jakarta-commons-httpclient-3.1-28.module+el8.3.0+53+ea062990.noarch.rpmLinux
Multiple vulnerabilities are fixed in Jackson-databind for Linux 2.6.7.3Linux
Multiple vulnerabilities are fixed in Jackson-databind for Linux 2.8.11.5Linux
Vulnerabilities CVE-2019-17531,CVE-2019-16943,CVE-2019-16942 are fixed in Jackson-databind for Linux 2.9.10.1Linux
Deserialization of Untrusted Data Vulnerability (CVE-2019-16943)NCM

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234