Redhat » Automation Manager : Security Vulnerabilities, CVEs, CVSS score >= 5
FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the jboss-common-core class from polymorphic deserialization.
Max CVSS
9.8
EPSS Score
0.86%
Published
2019-01-02
Updated
2020-08-31
FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the openjpa class from polymorphic deserialization.
Max CVSS
9.8
EPSS Score
0.86%
Published
2019-01-02
Updated
2020-08-31
FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the axis2-transport-jms class from polymorphic deserialization.
Max CVSS
9.8
EPSS Score
0.86%
Published
2019-01-02
Updated
2020-08-31
An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Oracle JDBC jar in the classpath, and an attacker can provide an LDAP service to access, it is possible to make the service execute a malicious payload.
Max CVSS
7.5
EPSS Score
0.89%
Published
2019-03-21
Updated
2020-10-20
An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Jodd-db jar (for database access for the Jodd framework) in the classpath, and an attacker can provide an LDAP service to access, it is possible to make the service execute a malicious payload.
Max CVSS
7.5
EPSS Score
0.77%
Published
2019-03-21
Updated
2023-09-13
5 vulnerabilities found