CVE-2019-14379

CVE Database · CVE-2019-14379

CVE-2019-14379

· CRITICALModified

CVSS v3.1

9.8

EPSS

8.04%

Published

Jul 29, 2019

Modified

Nov 21, 2024

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code execution.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-1321

Affected Products (61)

fasterxml · jackson-databind (up to 2.6.7.3)vulnerable

fasterxml · jackson-databind (up to 2.7.9.6)vulnerable

fasterxml · jackson-databind (up to 2.8.11.4)vulnerable

fasterxml · jackson-databind (up to 2.9.9.2)vulnerable

debian · debian_linuxvulnerable

netapp · active_iq_unified_managervulnerable

netapp · oncommand_workflow_automationvulnerable

References (20)

http://seclists.org/fulldisclosure/2022/Mar/23

Mailing ListThird Party Advisory

https://access.redhat.com/errata/RHBA-2019:2824

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:2743

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:2858

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:2935

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:2936

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:2937

KEV Catalog EPSS Scores Vendors All CVEs

netapp · service_level_managervulnerable

netapp · snapcentervulnerable

fedoraproject · fedoravulnerable

redhat · jboss_enterprise_application_platformvulnerable

redhat · openshift_container_platformvulnerable

redhat · single_sign-onvulnerable

redhat · enterprise_linux

redhat · openshift_container_platformvulnerable

redhat · jboss_enterprise_application_platformvulnerable

redhat · single_sign-onvulnerable

redhat · enterprise_linux

redhat · jboss_enterprise_application_platformvulnerable

redhat · single_sign-onvulnerable

redhat · enterprise_linux

oracle · banking_platformvulnerable

oracle · communications_diameter_signaling_routervulnerable

oracle · communications_instant_messaging_servervulnerable

oracle · financial_services_analytical_applications_infrastructurevulnerable

oracle · goldengate_stream_analytics (up to 19.1.0.0.1)vulnerable

oracle · jd_edwards_enterpriseone_orchestratorvulnerable

oracle · jd_edwards_enterpriseone_toolsvulnerable

oracle · primavera_gatewayvulnerable

oracle · primavera_unifiervulnerable

Third Party Advisory