Vulnerability Details : CVE-2018-7489
FasterXML jackson-databind before 2.7.9.3, 2.8.x before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the c3p0 libraries are available in the classpath.
Vulnerability category: Execute code
Products affected by CVE-2018-7489
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.4.19:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*
- cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*
- cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-7489
60.50%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 98 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-7489
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST | |
|
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2018-7489
-
The product implements a protection mechanism that relies on a list of inputs (or properties of inputs) that are not allowed by policy or otherwise require other action to neutralize before additional processing takes place, but the list is incomplete.Assigned by: nvd@nist.gov (Primary)
-
The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-7489
-
http://www.securitytracker.com/id/1041890
Oracle Database Multiple Bugs Let Remote and Local Users Deny Service and Let Remote Users Modify Data and Gain Elevated Privileges - SecurityTrackerThird Party Advisory;VDB Entry
-
https://www.oracle.com/security-alerts/cpuoct2020.html
Oracle Critical Patch Update Advisory - October 2020
-
https://github.com/FasterXML/jackson-databind/issues/1931
Two more `c3p0` gadgets to exploit default typing issue [CVE-2018-7489] · Issue #1931 · FasterXML/jackson-databind · GitHubThird Party Advisory
-
http://www.securitytracker.com/id/1040693
Oracle Financial Services Applications Flaws Let Remote Users Access and Modify Data and Gain Elevated Privileges on the Target System - SecurityTrackerThird Party Advisory;VDB Entry
-
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
CPU Oct 2018Patch
-
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
Oracle Critical Patch Update - April 2018Patch
-
https://access.redhat.com/errata/RHSA-2018:2088
RHSA-2018:2088 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
Oracle Critical Patch Update - July 2019Patch
-
https://access.redhat.com/errata/RHSA-2018:2938
RHSA-2018:2938 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2018:1451
RHSA-2018:1451 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://lists.apache.org/thread.html/r1d4a247329a8478073163567bbc8c8cb6b49c6bfc2bf58153a857af1@%3Ccommits.druid.apache.org%3E
[GitHub] [druid] jihoonson opened a new pull request #11030: Suppress cves - Pony Mail
-
https://www.debian.org/security/2018/dsa-4190
Debian -- Security Information -- DSA-4190-1 jackson-databindThird Party Advisory
-
https://security.netapp.com/advisory/ntap-20180328-0001/
CVE-2018-7489 Jackson JSON Library Vulnerability in NetApp Products | NetApp Product SecurityThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2019:3149
RHSA-2019:3149 - Security Advisory - Red Hat Customer Portal
-
https://access.redhat.com/errata/RHSA-2018:1448
RHSA-2018:1448 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
Oracle Critical Patch Update - April 2019Patch;Third Party Advisory
-
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
Oracle Critical Patch Update - January 2019Patch;Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2018:2089
RHSA-2018:2089 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2018:1450
RHSA-2018:1450 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2018:2090
RHSA-2018:2090 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2018:2939
RHSA-2018:2939 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2019:2858
RHSA-2019:2858 - Security Advisory - Red Hat Customer Portal
-
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
CPU July 2018Patch
-
https://access.redhat.com/errata/RHSA-2018:1447
RHSA-2018:1447 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2018:1786
RHSA-2018:1786 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2018:1449
RHSA-2018:1449 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://www.securityfocus.com/bid/103203
FasterXML Jackson-databind CVE-2018-7489 Incomplete Fix Remote Code Execution VulnerabilityThird Party Advisory;VDB Entry
-
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03902en_us
HPESBHF03902 rev.1 - HPE Intelligent Management Center (iMC) PLAT, Remote Code ExecutionThird Party Advisory
Jump to