CVE-2017-7525

A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.

CVSS v3.0 9.8 CRITICAL
CVSS v2.0 7.5 HIGH

9.8^/10

CVSS v3.0 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://github.com/FasterXML/jackson-databind/issues/1599	Issue Tracking Patch Third Party Advisory
https://github.com/FasterXML/jackson-databind/issues/1723	Issue Tracking Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1462702	Issue Tracking Third Party Advisory
https://www.debian.org/security/2017/dsa-4004	Third Party Advisory
https://security.netapp.com/advisory/ntap-20171214-0002/	Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3458	Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3456	Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3455	Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3454	Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3141	Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2638	Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2637	Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2636	Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2635	Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2633	Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2547	Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2546	Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2477	Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1840	Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1839	Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1837	Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1836	Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1835	Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1834	Third Party Advisory
http://www.securitytracker.com/id/1039947	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1039744	Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/99623	Third Party Advisory VDB Entry
https://cwiki.apache.org/confluence/display/WW/S2-055	Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:0294	Third Party Advisory
http://www.securitytracker.com/id/1040360	Third Party Advisory VDB Entry
https://access.redhat.com/errata/RHSA-2018:0342	Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html	Patch Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1450	Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1449	Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html	Patch Third Party Advisory
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03902en_us	Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html	Patch Third Party Advisory
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html	Patch Third Party Advisory
https://lists.apache.org/thread.html/f60afd3c7e9ebaaf70fad4a4beb75cf8740ac959017a31e7006c7486@%3Cdev.lucene.apache.org%3E	Mailing List Third Party Advisory
https://lists.apache.org/thread.html/c2ed4c0126b43e324cf740012a0edd371fd36096fd777be7bfe7a2a6@%3Cdev.lucene.apache.org%3E	Mailing List Third Party Advisory
https://lists.apache.org/thread.html/c10a2bf0fdc3d25faf17bd191d6ec46b29a353fa9c97bebd7c4e5913@%3Cdev.lucene.apache.org%3E	Mailing List Third Party Advisory
https://lists.apache.org/thread.html/3c87dc8bca99a2b3b4743713b33d1de05b1d6b761fdf316224e9c81f@%3Cdev.lucene.apache.org%3E	Mailing List Third Party Advisory
https://lists.apache.org/thread.html/b1f33fe5ade396bb903fdcabe9f243f7692c7dfce5418d3743c2d346@%3Cdev.lucene.apache.org%3E	Mailing List Third Party Advisory
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html	Patch Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:0910	Third Party Advisory
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html	Patch Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2858	Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3149	Third Party Advisory
https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E	Mailing List Third Party Advisory
https://lists.apache.org/thread.html/4641ed8616ccc2c1fbddac2c3dc9900c96387bc226eaf0232d61909b@%3Ccommits.cassandra.apache.org%3E	Mailing List Third Party Advisory
https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3E	Mailing List Third Party Advisory
https://lists.apache.org/thread.html/5008bcbd45ee65ce39e4220b6ac53d28a24d6bc67d5804e9773a7399@%3Csolr-user.lucene.apache.org%3E	Mailing List Third Party Advisory
https://lists.apache.org/thread.html/c9d5ff20929e8a3c8794facf4c4b326a9c10618812eec356caa20b87@%3Csolr-user.lucene.apache.org%3E	Mailing List Third Party Advisory
https://lists.apache.org/thread.html/f095a791bda6c0595f691eddd0febb2d396987eec5cbd29120d8c629@%3Csolr-user.lucene.apache.org%3E	Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/01/msg00037.html	Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/08/msg00039.html	Mailing List Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2020.html	Third Party Advisory
https://lists.apache.org/thread.html/r68acf97f4526ba59a33cc6e592261ea4f85d890f99e79c82d57dd589@%3Cissues.spark.apache.org%3E	Mailing List Third Party Advisory
https://lists.apache.org/thread.html/rf7f87810c38dc9abf9f93989f76008f504cbf7c1a355214640b2d04c@%3Ccommits.cassandra.apache.org%3E	Mailing List Third Party Advisory
https://lists.apache.org/thread.html/r42ac3e39e6265db12d9fc6ae1cd4b5fea7aed9830dc6f6d58228fed7@%3Ccommits.cassandra.apache.org%3E	Mailing List Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:fasterxml:jackson-databind::::::::
	cpe:2.3:a:fasterxml:jackson-databind::::::::
	cpe:2.3:a:fasterxml:jackson-databind::::::::
	cpe:2.3:a:fasterxml:jackson-databind:2.9.0:prerelease1::::::
	cpe:2.3:a:fasterxml:jackson-databind:2.9.0:prerelease2::::::

Configuration 2 (hide)

OR	cpe:2.3:o:debian:debian_linux:9.0:::::::*
	cpe:2.3:o:debian:debian_linux:8.0:::::::*

Configuration 3 (hide)

OR	cpe:2.3:a:netapp:oncommand_balance:-:::::::*
	cpe:2.3:a:netapp:oncommand_performance_manager:-:::::linux::
	cpe:2.3:a:netapp:oncommand_performance_manager:-:::::vmware_vsphere::
	cpe:2.3:a:netapp:oncommand_shift:-:::::::*
	cpe:2.3:a:netapp:snapcenter:-:::::::*

Configuration 4 (hide)

AND

OR	cpe:2.3:a:redhat:openshift_container_platform:4.1:::::::*
	cpe:2.3:a:redhat:virtualization:4.0:::::::*
	cpe:2.3:a:redhat:virtualization_host:4.0:::::::*

cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

OR	cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:::::::*
	cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.4.0:::::::*
	cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0:::::::*
	cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.1:::::::*

OR	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*

Configuration 6 (hide)

AND

OR	cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:::::::*
	cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.4.0:::::::*

cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*

Configuration 7 (hide)

cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*

Configuration 8 (hide)

OR	cpe:2.3:a:oracle:banking_platform:2.5.0:::::::*
	cpe:2.3:a:oracle:banking_platform:2.6.0:::::::*
	cpe:2.3:a:oracle:banking_platform:2.6.1:::::::*
	cpe:2.3:a:oracle:banking_platform:2.6.2:::::::*
	cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5:::::::*
	cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0:::::::*
	cpe:2.3:a:oracle:communications_communications_policy_management::::::::
	cpe:2.3:a:oracle:communications_diameter_signaling_route::::::::
	cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1:::::::*
	cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.2.0:::::::*
	cpe:2.3:a:oracle:enterprise_manager_for_virtualization:13.2.2:::::::*
	cpe:2.3:a:oracle:enterprise_manager_for_virtualization:13.2.3:::::::*
	cpe:2.3:a:oracle:enterprise_manager_for_virtualization:13.3.1:::::::*
	cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.2.0.0:::::::*
	cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.3.0.0:::::::*
	cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.4.0.0:::::::*
	cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.5.0.0:::::::*
	cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6.0.0:::::::*
	cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.7.0.0:::::::*
	cpe:2.3:a:oracle:global_lifecycle_management_opatchauto::::::::
	cpe:2.3:a:oracle:primavera_unifier:16.1:::::::*
	cpe:2.3:a:oracle:primavera_unifier:16.2:::::::*
	cpe:2.3:a:oracle:primavera_unifier::::::::
	cpe:2.3:a:oracle:primavera_unifier:18.8:::::::*
	cpe:2.3:a:oracle:utilities_advanced_spatial_and_operational_analytics:2.7.0.1:::::::*
	cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:::::::*

Information

Published : 2018-02-06 07:29

Updated : 2022-04-12 09:17

NVD link : CVE-2017-7525

Mitre link : CVE-2017-7525

JSON object : View

CWE

CWE-184

Incomplete List of Disallowed Inputs

Products Affected

oracle

primavera_unifier
financial_services_analytical_applications_infrastructure
communications_instant_messaging_server
utilities_advanced_spatial_and_operational_analytics
communications_diameter_signaling_route
global_lifecycle_management_opatchauto
communications_communications_policy_management
banking_platform
webcenter_portal
enterprise_manager_for_virtualization
communications_billing_and_revenue_management

redhat

jboss_enterprise_application_platform
virtualization_host
virtualization
openshift_container_platform
enterprise_linux_server

netapp

oncommand_balance
oncommand_performance_manager
snapcenter
oncommand_shift

fasterxml

jackson-databind

debian

debian_linux

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://github.com/FasterXML/jackson-databind/issues/1599", "name": "https://github.com/FasterXML/jackson-databind/issues/1599", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "refsource": "CONFIRM"}, {"url": "https://github.com/FasterXML/jackson-databind/issues/1723", "name": "https://github.com/FasterXML/jackson-databind/issues/1723", "tags": ["Issue Tracking", "Third Party Advisory"], "refsource": "CONFIRM"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1462702", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1462702", "tags": ["Issue Tracking", "Third Party Advisory"], "refsource": "CONFIRM"}, {"url": "https://www.debian.org/security/2017/dsa-4004", "name": "DSA-4004", "tags": ["Third Party Advisory"], "refsource": "DEBIAN"}, {"url": "https://security.netapp.com/advisory/ntap-20171214-0002/", "name": "https://security.netapp.com/advisory/ntap-20171214-0002/", "tags": ["Third Party Advisory"], "refsource": "CONFIRM"}, {"url": "https://access.redhat.com/errata/RHSA-2017:3458", "name": "RHSA-2017:3458", "tags": ["Third Party Advisory"], "refsource": "REDHAT"}, {"url": "https://access.redhat.com/errata/RHSA-2017:3456", "name": "RHSA-2017:3456", "tags": ["Third Party Advisory"], "refsource": "REDHAT"}, {"url": "https://access.redhat.com/errata/RHSA-2017:3455", "name": "RHSA-2017:3455", "tags": ["Third Party Advisory"], "refsource": "REDHAT"}, {"url": "https://access.redhat.com/errata/RHSA-2017:3454", "name": "RHSA-2017:3454", "tags": ["Third Party Advisory"], "refsource": "REDHAT"}, {"url": "https://access.redhat.com/errata/RHSA-2017:3141", "name": "RHSA-2017:3141", "tags": ["Third Party Advisory"], "refsource": "REDHAT"}, {"url": "https://access.redhat.com/errata/RHSA-2017:2638", "name": "RHSA-2017:2638", "tags": ["Third Party Advisory"], "refsource": "REDHAT"}, {"url": "https://access.redhat.com/errata/RHSA-2017:2637", "name": "RHSA-2017:2637", "tags": ["Third Party Advisory"], "refsource": "REDHAT"}, {"url": "https://access.redhat.com/errata/RHSA-2017:2636", "name": "RHSA-2017:2636", "tags": ["Third Party Advisory"], "refsource": "REDHAT"}, {"url": "https://access.redhat.com/errata/RHSA-2017:2635", "name": "RHSA-2017:2635", "tags": ["Third Party Advisory"], "refsource": "REDHAT"}, {"url": "https://access.redhat.com/errata/RHSA-2017:2633", "name": "RHSA-2017:2633", "tags": ["Third Party Advisory"], "refsource": "REDHAT"}, {"url": "https://access.redhat.com/errata/RHSA-2017:2547", "name": "RHSA-2017:2547", "tags": ["Third Party Advisory"], "refsource": "REDHAT"}, {"url": "https://access.redhat.com/errata/RHSA-2017:2546", "name": "RHSA-2017:2546", "tags": ["Third Party Advisory"], "refsource": "REDHAT"}, {"url": "https://access.redhat.com/errata/RHSA-2017:2477", "name": "RHSA-2017:2477", "tags": ["Third Party Advisory"], "refsource": "REDHAT"}, {"url": "https://access.redhat.com/errata/RHSA-2017:1840", "name": "RHSA-2017:1840", "tags": ["Third Party Advisory"], "refsource": "REDHAT"}, {"url": "https://access.redhat.com/errata/RHSA-2017:1839", "name": "RHSA-2017:1839", "tags": ["Third Party Advisory"], "refsource": "REDHAT"}, {"url": "https://access.redhat.com/errata/RHSA-2017:1837", "name": "RHSA-2017:1837", "tags": ["Third Party Advisory"], "refsource": "REDHAT"}, {"url": "https://access.redhat.com/errata/RHSA-2017:1836", "name": "RHSA-2017:1836", "tags": ["Third Party Advisory"], "refsource": "REDHAT"}, {"url": "https://access.redhat.com/errata/RHSA-2017:1835", "name": "RHSA-2017:1835", "tags": ["Third Party Advisory"], "refsource": "REDHAT"}, {"url": "https://access.redhat.com/errata/RHSA-2017:1834", "name": "RHSA-2017:1834", "tags": ["Third Party Advisory"], "refsource": "REDHAT"}, {"url": "http://www.securitytracker.com/id/1039947", "name": "1039947", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "SECTRACK"}, {"url": "http://www.securitytracker.com/id/1039744", "name": "1039744", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "SECTRACK"}, {"url": "http://www.securityfocus.com/bid/99623", "name": "99623", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "BID"}, {"url": "https://cwiki.apache.org/confluence/display/WW/S2-055", "name": "https://cwiki.apache.org/confluence/display/WW/S2-055", "tags": ["Third Party Advisory"], "refsource": "CONFIRM"}, {"url": "https://access.redhat.com/errata/RHSA-2018:0294", "name": "RHSA-2018:0294", "tags": ["Third Party Advisory"], "refsource": "REDHAT"}, {"url": "http://www.securitytracker.com/id/1040360", "name": "1040360", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "SECTRACK"}, {"url": "https://access.redhat.com/errata/RHSA-2018:0342", "name": "RHSA-2018:0342", "tags": ["Third Party Advisory"], "refsource": "REDHAT"}, {"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", "tags": ["Patch", "Third Party Advisory"], "refsource": "CONFIRM"}, {"url": "https://access.redhat.com/errata/RHSA-2018:1450", "name": "RHSA-2018:1450", "tags": ["Third Party Advisory"], "refsource": "REDHAT"}, {"url": "https://access.redhat.com/errata/RHSA-2018:1449", "name": "RHSA-2018:1449", "tags": ["Third Party Advisory"], "refsource": "REDHAT"}, {"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", "tags": ["Patch", "Third Party Advisory"], "refsource": "CONFIRM"}, {"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03902en_us", "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03902en_us", "tags": ["Third Party Advisory"], "refsource": "CONFIRM"}, {"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", "tags": ["Patch", "Third Party Advisory"], "refsource": "CONFIRM"}, {"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", "tags": ["Patch", "Third Party Advisory"], "refsource": "CONFIRM"}, {"url": "https://lists.apache.org/thread.html/f60afd3c7e9ebaaf70fad4a4beb75cf8740ac959017a31e7006c7486@%3Cdev.lucene.apache.org%3E", "name": "[lucene-dev] 20190325 [jira] [Closed] (SOLR-13110) CVE-2017-7525 Threat Level 9 Against Solr v7.6. org.codehaus.jackson : jackson-mapper-asl : 1.9.13. .A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, ...", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/c2ed4c0126b43e324cf740012a0edd371fd36096fd777be7bfe7a2a6@%3Cdev.lucene.apache.org%3E", "name": "[lucene-dev] 20190325 [jira] [Assigned] (SOLR-13110) CVE-2017-7525 Threat Level 9 Against Solr v7.6. org.codehaus.jackson : jackson-mapper-asl : 1.9.13. .A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, ...", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/c10a2bf0fdc3d25faf17bd191d6ec46b29a353fa9c97bebd7c4e5913@%3Cdev.lucene.apache.org%3E", "name": "[lucene-dev] 20190325 [jira] [Resolved] (SOLR-13110) CVE-2017-7525 Threat Level 9 Against Solr v7.6. org.codehaus.jackson : jackson-mapper-asl : 1.9.13. .A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, ...", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/3c87dc8bca99a2b3b4743713b33d1de05b1d6b761fdf316224e9c81f@%3Cdev.lucene.apache.org%3E", "name": "[lucene-dev] 20190325 [jira] [Updated] (SOLR-13110) CVE-2017-7525 Threat Level 9 Against Solr v7.6. org.codehaus.jackson : jackson-mapper-asl : 1.9.13. .A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, ...", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/b1f33fe5ade396bb903fdcabe9f243f7692c7dfce5418d3743c2d346@%3Cdev.lucene.apache.org%3E", "name": "[lucene-dev] 20190325 [jira] [Updated] (SOLR-13110) CVE-2017-7525 Threat Level 9 Against Solr v7.6. org.codehaus.jackson : jackson-mapper-asl : 1.9.13. .A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, ...", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MLIST"}, {"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", "tags": ["Patch", "Third Party Advisory"], "refsource": "MISC"}, {"url": "https://access.redhat.com/errata/RHSA-2019:0910", "name": "RHSA-2019:0910", "tags": ["Third Party Advisory"], "refsource": "REDHAT"}, {"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "tags": ["Patch", "Third Party Advisory"], "refsource": "MISC"}, {"url": "https://access.redhat.com/errata/RHSA-2019:2858", "name": "RHSA-2019:2858", "tags": ["Third Party Advisory"], "refsource": "REDHAT"}, {"url": "https://access.redhat.com/errata/RHSA-2019:3149", "name": "RHSA-2019:3149", "tags": ["Third Party Advisory"], "refsource": "REDHAT"}, {"url": "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E", "name": "[lucene-solr-user] 20190104 Re: SOLR v7 Security Issues Caused Denial of Use - Sonatype Application Composition Report", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/4641ed8616ccc2c1fbddac2c3dc9900c96387bc226eaf0232d61909b@%3Ccommits.cassandra.apache.org%3E", "name": "[cassandra-commits] 20191113 [jira] [Created] (CASSANDRA-15416) CVE-2017-7525 ( jackson-databind is vulnerable to Remote Code Execution) on version 3.11.4", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3E", "name": "[druid-commits] 20191115 [GitHub] [incubator-druid] ccaominh opened a new pull request #8878: Address security vulnerabilities", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/5008bcbd45ee65ce39e4220b6ac53d28a24d6bc67d5804e9773a7399@%3Csolr-user.lucene.apache.org%3E", "name": "[lucene-solr-user] 20191218 CVE-2017-7525 fix for Solr 7.7.x", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/c9d5ff20929e8a3c8794facf4c4b326a9c10618812eec356caa20b87@%3Csolr-user.lucene.apache.org%3E", "name": "[lucene-solr-user] 20191218 Re: CVE-2017-7525 fix for Solr 7.7.x", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/f095a791bda6c0595f691eddd0febb2d396987eec5cbd29120d8c629@%3Csolr-user.lucene.apache.org%3E", "name": "[lucene-solr-user] 20191219 Re: CVE-2017-7525 fix for Solr 7.7.x", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MLIST"}, {"url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00037.html", "name": "[debian-lts-announce] 20200131 [SECURITY] [DLA 2091-1] libjackson-json-java security update", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MLIST"}, {"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00039.html", "name": "[debian-lts-announce] 20200824 [SECURITY] [DLA 2342-1] libjackson-json-java security update", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MLIST"}, {"url": "https://www.oracle.com/security-alerts/cpuoct2020.html", "name": "https://www.oracle.com/security-alerts/cpuoct2020.html", "tags": ["Third Party Advisory"], "refsource": "MISC"}, {"url": "https://lists.apache.org/thread.html/r68acf97f4526ba59a33cc6e592261ea4f85d890f99e79c82d57dd589@%3Cissues.spark.apache.org%3E", "name": "[spark-issues] 20210223 [jira] [Created] (SPARK-34511) Current Security vulnerabilities in spark libraries", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/rf7f87810c38dc9abf9f93989f76008f504cbf7c1a355214640b2d04c@%3Ccommits.cassandra.apache.org%3E", "name": "[cassandra-commits] 20210927 [jira] [Commented] (CASSANDRA-15416) CVE-2017-7525 ( jackson-databind is vulnerable to Remote Code Execution) on version 3.11.4", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/r42ac3e39e6265db12d9fc6ae1cd4b5fea7aed9830dc6f6d58228fed7@%3Ccommits.cassandra.apache.org%3E", "name": "[cassandra-commits] 20210927 [jira] [Updated] (CASSANDRA-15416) CVE-2017-7525 ( jackson-databind is vulnerable to Remote Code Execution) on version 3.11.4", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MLIST"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-184"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2017-7525", "ASSIGNER": "secalert@redhat.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}}, "publishedDate": "2018-02-06T15:29Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "2.6.7.1", "versionStartIncluding": "2.6.0"}, {"cpe23Uri": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "2.7.9.1", "versionStartIncluding": "2.7.0"}, {"cpe23Uri": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "2.8.9", "versionStartIncluding": "2.8.0"}, {"cpe23Uri": "cpe:2.3:a:fasterxml:jackson-databind:2.9.0:prerelease1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:fasterxml:jackson-databind:2.9.0:prerelease2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:linux:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:vmware_vsphere:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:redhat:openshift_container_platform:4.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:oracle:banking_platform:2.5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:banking_platform:2.6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:banking_platform:2.6.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:communications_communications_policy_management:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "12.5.2", "versionStartIncluding": "12.0"}, {"cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_route:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "8.3"}, {"cpe23Uri": "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_for_virtualization:13.2.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_for_virtualization:13.2.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_for_virtualization:13.3.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.2.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.3.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.4.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.5.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.7.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:global_lifecycle_management_opatchauto:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "12.2.0.1.14"}, {"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "17.12", "versionStartIncluding": "17.1"}, {"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:utilities_advanced_spatial_and_operational_analytics:2.7.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2022-04-12T16:17Z"}

9.8 /10