FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig (aka ibatis-sqlmap).
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
History
02 Dec 2021, 21:22
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://www.oracle.com/security-alerts/cpuoct2020.html - Patch, Third Party Advisory | |
References | (MISC) https://www.oracle.com/security-alerts/cpuoct2021.html - Patch, Third Party Advisory | |
References | (MISC) https://www.oracle.com/security-alerts/cpujan2021.html - Patch, Third Party Advisory | |
CPE | cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:* |
20 Oct 2021, 11:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2020-03-02 04:15
Updated : 2024-02-04 20:39
NVD link : CVE-2020-9547
Mitre link : CVE-2020-9547
CVE.ORG link : CVE-2020-9547
JSON object : View
Products Affected
fasterxml
- jackson-databind
netapp
- active_iq_unified_manager
oracle
- enterprise_manager_base_platform
- autovue_for_agile_product_lifecycle_management
- global_lifecycle_management_opatch
- weblogic_server
- communications_network_charging_and_control
- communications_evolved_communications_application_server
- jd_edwards_enterpriseone_orchestrator
- retail_xstore_point_of_service
- jd_edwards_enterpriseone_tools
- communications_contacts_server
- banking_platform
- primavera_unifier
- communications_instant_messaging_server
debian
- debian_linux
CWE
CWE-502
Deserialization of Untrusted Data