A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
Configuration 6 (hide)
|
History
25 Jul 2022, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
10 May 2022, 15:46
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:* cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:* |
|
References | (MISC) https://www.oracle.com/security-alerts/cpuoct2021.html - Patch, Third Party Advisory | |
References | (MISC) https://www.oracle.com/security-alerts/cpujan2022.html - Patch, Third Party Advisory | |
References | (MISC) https://www.oracle.com/security-alerts/cpuapr2022.html - Patch, Third Party Advisory |
20 Apr 2022, 00:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
01 Mar 2022, 16:56
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://www.oracle.com/security-alerts/cpujan2022.html - Patch, Vendor Advisory | |
CPE | cpe:2.3:a:oracle:banking_apis:19.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_apis:19.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_apis:*:*:*:*:*:*:*:* cpe:2.3:a:oracle:agile_product_lifecycle_management_integration_pack:3.6:*:*:*:*:e-business_suite:*:* cpe:2.3:a:oracle:banking_apis:20.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_apis:21.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.5.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.4.0:*:*:*:*:*:*:* |
07 Feb 2022, 16:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
26 Oct 2021, 19:58
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://www.oracle.com/security-alerts/cpuoct2021.html - Third Party Advisory | |
CPE | cpe:2.3:a:oracle:primavera_gateway:19.12:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_gateway:18.8:*:*:*:*:*:*:* |
20 Oct 2021, 11:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
18 Oct 2021, 12:41
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:health_sciences_empirica_signal:9.0:*:*:*:*:*:*:* cpe:2.3:o:oracle:communications_messaging_server:8.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_service_backbone:16.0.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:utilities_framework:4.4.0.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* cpe:2.3:a:oracle:health_sciences_empirica_signal:9.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_policy_administration:11.0.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_rules_palette:11.0.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:sd-wan_edge:9.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:utilities_framework:4.3.0.5.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_interactive_session_recorder:6.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_platform:2.7.0:*:*:*:*:*:*:* cpe:2.3:a:apache:iotdb:*:*:*:*:*:*:*:* cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.4.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_gateway:20.12.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_convergent_charging_controller:12.0.4.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_gateway:19.12:*:*:*:*:*:*:* cpe:2.3:a:oracle:utilities_framework:4.4.0.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:coherence:14.1.1.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_platform:2.8.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_rules_palette:*:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:commerce_platform:*:*:*:*:*:*:*:* cpe:2.3:a:oracle:utilities_framework:4.4.0.3.0:*:*:*:*:*:*:* cpe:2.3:o:oracle:communications_messaging_server:8.0.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_service_backbone:14.1.3.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_platform:2.9.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_gateway:18.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_service_backbone:15.0.3.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:commerce_platform:11.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:utilities_framework:4.3.0.6.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_xstore_point_of_service:20.0.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_platform:2.7.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:coherence:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:goldengate_application_adapters:19.1.0.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_policy_administration:*:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_gateway:20.12:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_platform:2.10.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_treasury_management:4.4:*:*:*:*:*:*:* |
|
References | (MLIST) https://lists.apache.org/thread.html/r8764bb835bcb8e311c882ff91dd3949c9824e905e880930be56f6ba3@%3Cuser.spark.apache.org%3E - Mailing List, Third Party Advisory | |
References | (MISC) https://www.oracle.com/security-alerts/cpuApr2021.html - Patch, Third Party Advisory | |
References | (N/A) https://www.oracle.com//security-alerts/cpujul2021.html - Patch, Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r6a6df5647583541e3cb71c75141008802f7025cee1c430d4ed78f4cc@%3Cissues.hive.apache.org%3E - Mailing List, Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r6a4f3ef6edfed2e0884269d84798f766779bbbc1005f7884e0800d61@%3Cdev.knox.apache.org%3E - Mailing List, Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r605764e05e201db33b3e9c2e66ff620658f07ad74f296abe483f7042@%3Creviews.iotdb.apache.org%3E - Mailing List, Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r73bef1bb601a9f093f915f8075eb49fcca51efade57b817afd5def07@%3Ccommits.iotdb.apache.org%3E - Mailing List, Patch, Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/ra409f798a1e5a6652b7097429b388650ccd65fd958cee0b6f69bba00@%3Cissues.hive.apache.org%3E - Mailing List, Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/rc82ff47853289e9cd17f5cfbb053c04cafc75ee32e3d7223963f83bb@%3Cdev.knox.apache.org%3E - Mailing List, Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r024b7bda9c43c5560d81238748775c5ecfe01b57280f90df1f773949@%3Cissues.hive.apache.org%3E - Mailing List, Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r765283e145049df9b8998f14dcd444345555aae02b1610cfb3188bf8@%3Cnotifications.iotdb.apache.org%3E - Mailing List, Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cdev.kafka.apache.org%3E - Mailing List, Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r7cb5b4b3e4bd41a8042e5725b7285877a17bcbf07f4eb3f7b316af60@%3Creviews.iotdb.apache.org%3E - Mailing List, Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r6cbd599b80e787f02ff7a1391d9278a03f37d6a6f4f943f0f01a62fb@%3Creviews.iotdb.apache.org%3E - Mailing List, Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cusers.kafka.apache.org%3E - Mailing List, Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r8ae961c80930e2717c75025414ce48a432cea1137c02f648b1fb9524@%3Cissues.hive.apache.org%3E - Mailing List, Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/rdca8711bb7aa5d47a44682606cd0ea3497e2e922f22b7ee83e81e6c1@%3Cissues.hive.apache.org%3E - Mailing List, Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cdev.kafka.apache.org%3E - Mailing List, Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cusers.kafka.apache.org%3E - Mailing List, Third Party Advisory |
13 Oct 2021, 00:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
02 Sep 2021, 04:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
31 Aug 2021, 22:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
22 Jun 2021, 02:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
14 Jun 2021, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
01 Jun 2021, 20:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2020-12-03 17:15
Updated : 2024-02-04 21:23
NVD link : CVE-2020-25649
Mitre link : CVE-2020-25649
CVE.ORG link : CVE-2020-25649
JSON object : View
Products Affected
oracle
- agile_plm
- utilities_framework
- primavera_gateway
- communications_offline_mediation_controller
- coherence
- communications_network_charging_and_control
- communications_evolved_communications_application_server
- goldengate_application_adapters
- blockchain_platform
- communications_interactive_session_recorder
- commerce_platform
- agile_product_lifecycle_management_integration_pack
- webcenter_portal
- jd_edwards_enterpriseone_orchestrator
- retail_service_backbone
- communications_convergent_charging_controller
- banking_platform
- communications_messaging_server
- communications_billing_and_revenue_management
- retail_xstore_point_of_service
- jd_edwards_enterpriseone_tools
- communications_services_gatekeeper
- communications_unified_inventory_management
- communications_instant_messaging_server
- sd-wan_edge
- communications_cloud_native_core_unified_data_repository
- banking_apis
- banking_treasury_management
- insurance_policy_administration
- insurance_rules_palette
- health_sciences_empirica_signal
- communications_pricing_design_center
fedoraproject
- fedora
quarkus
- quarkus
apache
- iotdb
netapp
- service_level_manager
- oncommand_api_services
- oncommand_workflow_automation
fasterxml
- jackson-databind
CWE
CWE-611
Improper Restriction of XML External Entity Reference