CVE-2018-12022

Current Description

An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Jodd-db jar (for database access for the Jodd framework) in the classpath, and an attacker can provide an LDAP service to access, it is possible to make the service execute a malicious payload.

Basic Data

PublishedMarch 21, 2019
Last ModifiedSeptember 17, 2019
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-502
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:H/Au:N/C:P/I:P/A:P
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityHIGH
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score5.1
SeverityMEDIUM
Exploitability Score4.9
Impact Score6.4
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

CVSS 3 - Version3.0
CVSS 3 - Vector StringCVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
CVSS 3 - Attack VectorNETWORK
CVSS 3 - Attack ComplexityHIGH
CVSS 3 - Privileges RequiredNONE
CVSS 3 - User InteractionREQUIRED
CVSS 3 - ScopeUNCHANGED
CVSS 3 - Confidentiality ImpactHIGH
CVSS 3 - Integrity ImpactHIGH
CVSS 3 - Availability ImpactHIGH
CVSS 3 - Base Score7.5
CVSS 3 - Base SeverityHIGH
Exploitability Score1.6
Base SeverityHIGH

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationFasterxmlJackson-databind********2.7.02.7.9.4
    2.3ApplicationFasterxmlJackson-databind********2.8.02.8.11.2
    2.3ApplicationFasterxmlJackson-databind********2.9.02.9.6
  • OR - Configuration 2
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSDebianDebian Linux9.0*******
    2.3OSFedoraprojectFedora29*******
  • OR - Configuration 3
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationOracleJd Edwards Enterpriseone Tools9.2*******
    2.3ApplicationOracleRetail Merchandising System15.0*******
  • OR - Configuration 4
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationRedhatAutomation Manager7.3.1*******
    2.3ApplicationRedhatDecision Manager7.3.1*******
    2.3ApplicationRedhatJboss Brms6.4.10*******
    2.3ApplicationRedhatJboss Enterprise Application Platform7.2.0*******
    2.3ApplicationRedhatOpenshift Container Platform3.11*******
    2.3ApplicationRedhatSingle Sign-on7.3*******

Vulnerable Software List

VendorProductVersions
Fasterxml Jackson-databind *
Debian Debian Linux 9.0
Redhat Jboss Brms 6.4.10
Redhat Jboss Enterprise Application Platform 7.2.0
Redhat Single Sign-on 7.3
Redhat Automation Manager 7.3.1
Redhat Decision Manager 7.3.1
Redhat Openshift Container Platform 3.11
Oracle Retail Merchandising System 15.0
Oracle Jd Edwards Enterpriseone Tools 9.2
Fedoraproject Fedora 29

References

NameSourceURLTags
107585http://www.securityfocus.com/bid/107585BIDThird Party Advisory VDB Entry
RHBA-2019:0959https://access.redhat.com/errata/RHBA-2019:0959REDHATThird Party Advisory
RHSA-2019:0782https://access.redhat.com/errata/RHSA-2019:0782REDHATThird Party Advisory
RHSA-2019:0877https://access.redhat.com/errata/RHSA-2019:0877REDHATThird Party Advisory
RHSA-2019:1106https://access.redhat.com/errata/RHSA-2019:1106REDHATThird Party Advisory
RHSA-2019:1107https://access.redhat.com/errata/RHSA-2019:1107REDHATThird Party Advisory
RHSA-2019:1108https://access.redhat.com/errata/RHSA-2019:1108REDHATThird Party Advisory
RHSA-2019:1140https://access.redhat.com/errata/RHSA-2019:1140REDHATThird Party Advisory
RHSA-2019:1782https://access.redhat.com/errata/RHSA-2019:1782REDHATThird Party Advisory
RHSA-2019:1797https://access.redhat.com/errata/RHSA-2019:1797REDHATThird Party Advisory
RHSA-2019:1822https://access.redhat.com/errata/RHSA-2019:1822REDHATThird Party Advisory
RHSA-2019:1823https://access.redhat.com/errata/RHSA-2019:1823REDHATThird Party Advisory
RHSA-2019:2804https://access.redhat.com/errata/RHSA-2019:2804REDHAT
RHSA-2019:2858https://access.redhat.com/errata/RHSA-2019:2858REDHAT
RHSA-2019:3002https://access.redhat.com/errata/RHSA-2019:3002REDHAT
RHSA-2019:3140https://access.redhat.com/errata/RHSA-2019:3140REDHAT
RHSA-2019:3149https://access.redhat.com/errata/RHSA-2019:3149REDHAT
RHSA-2019:3892https://access.redhat.com/errata/RHSA-2019:3892REDHAT
RHSA-2019:4037https://access.redhat.com/errata/RHSA-2019:4037REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=1671098https://bugzilla.redhat.com/show_bug.cgi?id=1671098CONFIRMIssue Tracking Third Party Advisory
https://github.com/FasterXML/jackson-databind/commit/28badf7ef60ac3e7ef151cd8e8ec010b8479226ahttps://github.com/FasterXML/jackson-databind/commit/28badf7ef60ac3e7ef151cd8e8ec010b8479226aCONFIRMPatch Third Party Advisory
https://github.com/FasterXML/jackson-databind/issues/2052https://github.com/FasterXML/jackson-databind/issues/2052CONFIRMPatch Third Party Advisory
[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilitieshttps://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3CdevMLIST
[lucene-issues] 20191004 [GitHub] [lucene-solr] marungo opened a new pull request #925: SOLR-13818: Upgrade jackson to 2.10.0https://lists.apache.org/thread.html/7fcf88aff0d1deaa5c3c7be8d58c05ad7ad5da94b59065d8e7c50c5d@%3CissMLIST
[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilitieshttps://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3CdevMLIST
[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilitieshttps://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3CissMLIST
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZEDLDUYBSTDY4GWDBUXGJNS2RFYTFVRC/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZEDLDMISCThird Party Advisory
https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e80MISCThird Party Advisory
20190527 [SECURITY] [DSA 4452-1] jackson-databind security updatehttps://seclists.org/bugtraq/2019/May/68BUGTRAQMailing List Third Party Advisory
https://security.netapp.com/advisory/ntap-20190530-0003/https://security.netapp.com/advisory/ntap-20190530-0003/CONFIRMThird Party Advisory
https://www.blackhat.com/docs/us-16/materials/us-16-Munoz-A-Journey-From-JNDI-LDAP-Manipulation-To-RCE.pdfhttps://www.blackhat.com/docs/us-16/materials/us-16-Munoz-A-Journey-From-JNDI-LDAP-Manipulation-To-RMISCTechnical Description Third Party Advisory
DSA-4452https://www.debian.org/security/2019/dsa-4452DEBIANThird Party Advisory
N/Ahttps://www.oracle.com/security-alerts/cpuapr2020.htmlN/A
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlhttps://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlMISCPatch Third Party Advisory
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlhttps://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlMISCPatch Third Party Advisory