{ "threat_severity" : "Moderate", "public_date" : "2018-07-27T00:00:00Z", "bugzilla" : { "description" : "jackson-databind: exfiltration/XXE in some JDK classes", "id" : "1666423", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1666423" }, "cvss3" : { "cvss3_base_score" : "7.5", "cvss3_scoring_vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "status" : "verified" }, "cwe" : "CWE-611", "details" : [ "FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity (XXE) attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization.", "A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the slf4j, flex messaging, sun DRSHelper and JAX-WS gadgets when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code." ], "statement" : "Red Hat Satellite 6 is not affected by this issue, since its only supported Java runtime (openJDK) doesn't bundle the com.sun.deploy.security.ruleset.DRSHelper class.\nRed Hat Enterprise Virtualization 4 is not affected by this issue, since its only supported Java runtime (openJDK) doesn't bundle the com.sun.deploy.security.ruleset.DRSHelper class.", "affected_release" : [ { "product_name" : "OpenShift Logging 5.0", "release_date" : "2021-05-06T00:00:00Z", "advisory" : "RHSA-2021:1515", "cpe" : "cpe:/a:redhat:logging:5.0::el8", "package" : "openshift-logging/elasticsearch6-rhel8:v5.0.3-1" }, { "product_name" : "Red Hat Data Grid", "release_date" : "2019-12-02T00:00:00Z", "advisory" : "RHSA-2019:4037", "cpe" : "cpe:/a:redhat:jboss_data_grid:7.3", "package" : "jackson-databind" }, { "product_name" : "Red Hat Fuse 7.5.0", "release_date" : "2019-11-14T00:00:00Z", "advisory" : "RHSA-2019:3892", "cpe" : "cpe:/a:redhat:jboss_fuse:7", "package" : "jackson-databind" }, { "product_name" : "Red Hat JBoss BPMS 7.4", "release_date" : "2019-07-22T00:00:00Z", "advisory" : "RHSA-2019:1823", "cpe" : "cpe:/a:redhat:jboss_bpms:7.4", "package" : "jackson-databind" }, { "product_name" : "Red Hat JBoss BRMS 7.4", "release_date" : "2019-07-22T00:00:00Z", "advisory" : "RHSA-2019:1822", "cpe" : "cpe:/a:redhat:jboss_enterprise_brms_platform:7.4", "package" : "jackson-databind" }, { "product_name" : "Red Hat JBoss EAP 7.2", "release_date" : "2019-05-08T00:00:00Z", "advisory" : "RHSA-2019:1106", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2", "package" : "jackson-databind" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date" : "2019-05-08T00:00:00Z", "advisory" : "RHSA-2019:1107", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package" : "eap7-activemq-artemis-0:2.6.3-5.redhat_00020.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date" : "2019-05-08T00:00:00Z", "advisory" : "RHSA-2019:1107", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package" : "eap7-apache-commons-lang-0:3.8.0-1.redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date" : "2019-05-08T00:00:00Z", "advisory" : "RHSA-2019:1107", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package" : "eap7-apache-cxf-0:3.2.7-1.redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date" : "2019-05-08T00:00:00Z", "advisory" : "RHSA-2019:1107", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package" : "eap7-apache-cxf-xjc-utils-0:3.2.3-2.redhat_00002.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date" : "2019-05-08T00:00:00Z", "advisory" : "RHSA-2019:1107", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package" : "eap7-artemis-native-0:2.6.3-15.redhat_00020.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date" : "2019-05-08T00:00:00Z", "advisory" : "RHSA-2019:1107", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package" : "eap7-byte-buddy-0:1.9.5-1.redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date" : "2019-05-08T00:00:00Z", "advisory" : "RHSA-2019:1107", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package" : "eap7-dom4j-0:2.1.1-2.redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date" : "2019-05-08T00:00:00Z", "advisory" : "RHSA-2019:1107", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package" : "eap7-elytron-web-0:1.2.4-1.Final_redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date" : "2019-05-08T00:00:00Z", "advisory" : "RHSA-2019:1107", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package" : "eap7-hibernate-0:5.3.9-2.Final_redhat_00002.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date" : "2019-05-08T00:00:00Z", "advisory" : "RHSA-2019:1107", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package" : "eap7-httpcomponents-asyncclient-0:4.1.4-1.redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date" : "2019-05-08T00:00:00Z", "advisory" : "RHSA-2019:1107", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package" : "eap7-infinispan-0:9.3.6-1.Final_redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date" : "2019-05-08T00:00:00Z", "advisory" : "RHSA-2019:1107", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package" : "eap7-ironjacamar-0:1.4.15-1.Final_redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date" : "2019-05-08T00:00:00Z", "advisory" : "RHSA-2019:1107", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package" : "eap7-jackson-annotations-0:2.9.8-2.redhat_00004.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date" : "2019-05-08T00:00:00Z", "advisory" : "RHSA-2019:1107", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package" : "eap7-jackson-core-0:2.9.8-2.redhat_00004.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date" : "2019-05-08T00:00:00Z", "advisory" : "RHSA-2019:1107", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package" : "eap7-jackson-databind-0:2.9.8-2.redhat_00004.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date" : "2019-05-08T00:00:00Z", "advisory" : "RHSA-2019:1107", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package" : "eap7-jackson-jaxrs-providers-0:2.9.8-2.redhat_00004.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date" : "2019-05-08T00:00:00Z", "advisory" : "RHSA-2019:1107", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package" : "eap7-jackson-modules-base-0:2.9.8-1.redhat_00004.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date" : "2019-05-08T00:00:00Z", "advisory" : "RHSA-2019:1107", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package" : "eap7-jackson-modules-java8-0:2.9.8-1.redhat_00004.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date" : "2019-05-08T00:00:00Z", "advisory" : "RHSA-2019:1107", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package" : "eap7-jberet-0:1.3.2-1.Final_redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date" : "2019-05-08T00:00:00Z", "advisory" : "RHSA-2019:1107", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package" : "eap7-jboss-ejb-client-0:4.0.15-1.Final_redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date" : "2019-05-08T00:00:00Z", "advisory" : "RHSA-2019:1107", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package" : "eap7-jboss-el-api_3.0_spec-0:1.0.13-2.Final_redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date" : "2019-05-08T00:00:00Z", "advisory" : "RHSA-2019:1107", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package" : "eap7-jboss-genericjms-0:2.0.1-2.Final_redhat_00002.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date" : "2019-05-08T00:00:00Z", "advisory" : "RHSA-2019:1107", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package" : "eap7-jboss-logmanager-0:2.1.7-3.Final_redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date" : "2019-05-08T00:00:00Z", "advisory" : "RHSA-2019:1107", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package" : "eap7-jboss-remoting-jmx-0:3.0.1-1.Final_redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date" : "2019-05-08T00:00:00Z", "advisory" : "RHSA-2019:1107", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package" : "eap7-jboss-security-negotiation-0:3.0.5-2.Final_redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date" : "2019-05-08T00:00:00Z", "advisory" : "RHSA-2019:1107", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package" : "eap7-jboss-server-migration-0:1.3.0-7.Final_redhat_00004.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date" : "2019-05-08T00:00:00Z", "advisory" : "RHSA-2019:1107", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package" : "eap7-narayana-0:5.9.1-1.Final_redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date" : "2019-05-08T00:00:00Z", "advisory" : "RHSA-2019:1107", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package" : "eap7-picketlink-bindings-0:2.5.5-16.SP12_redhat_4.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date" : "2019-05-08T00:00:00Z", "advisory" : "RHSA-2019:1107", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package" : "eap7-picketlink-federation-0:2.5.5-16.SP12_redhat_4.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date" : "2019-05-08T00:00:00Z", "advisory" : "RHSA-2019:1107", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package" : "eap7-resteasy-0:3.6.1-4.SP3_redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date" : "2019-05-08T00:00:00Z", "advisory" : "RHSA-2019:1107", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package" : "eap7-sun-istack-commons-0:3.0.7-2.redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date" : "2019-05-08T00:00:00Z", "advisory" : "RHSA-2019:1107", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package" : "eap7-undertow-0:2.0.19-1.Final_redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date" : "2019-05-08T00:00:00Z", "advisory" : "RHSA-2019:1107", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package" : "eap7-undertow-jastow-0:2.0.7-2.Final_redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date" : "2019-05-08T00:00:00Z", "advisory" : "RHSA-2019:1107", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package" : "eap7-wildfly-0:7.2.1-6.GA_redhat_00004.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date" : "2019-05-08T00:00:00Z", "advisory" : "RHSA-2019:1107", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package" : "eap7-wildfly-elytron-0:1.6.2-1.Final_redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date" : "2019-05-08T00:00:00Z", "advisory" : "RHSA-2019:1107", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package" : "eap7-wildfly-elytron-tool-0:1.4.1-1.Final_redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date" : "2019-05-08T00:00:00Z", "advisory" : "RHSA-2019:1107", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package" : "eap7-wildfly-http-client-0:1.0.13-1.Final_redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date" : "2019-05-08T00:00:00Z", "advisory" : "RHSA-2019:1107", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package" : "eap7-wildfly-transaction-client-0:1.1.3-1.Final_redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date" : "2019-05-08T00:00:00Z", "advisory" : "RHSA-2019:1107", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package" : "eap7-yasson-0:1.0.2-1.redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date" : "2019-05-08T00:00:00Z", "advisory" : "RHSA-2019:1108", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package" : "eap7-activemq-artemis-0:2.6.3-5.redhat_00020.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date" : "2019-05-08T00:00:00Z", "advisory" : "RHSA-2019:1108", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package" : "eap7-apache-commons-lang-0:3.8.0-1.redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date" : "2019-05-08T00:00:00Z", "advisory" : "RHSA-2019:1108", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package" : "eap7-apache-cxf-0:3.2.7-1.redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date" : "2019-05-08T00:00:00Z", "advisory" : "RHSA-2019:1108", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package" : "eap7-apache-cxf-xjc-utils-0:3.2.3-2.redhat_00002.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date" : "2019-05-08T00:00:00Z", "advisory" : "RHSA-2019:1108", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package" : "eap7-artemis-native-0:2.6.3-15.redhat_00020.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date" : "2019-05-08T00:00:00Z", "advisory" : "RHSA-2019:1108", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package" : "eap7-byte-buddy-0:1.9.5-1.redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date" : "2019-05-08T00:00:00Z", "advisory" : "RHSA-2019:1108", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package" : "eap7-dom4j-0:2.1.1-2.redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date" : "2019-05-08T00:00:00Z", "advisory" : "RHSA-2019:1108", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package" : "eap7-elytron-web-0:1.2.4-1.Final_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date" : "2019-05-08T00:00:00Z", "advisory" : "RHSA-2019:1108", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package" : "eap7-hibernate-0:5.3.9-2.Final_redhat_00002.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date" : "2019-05-08T00:00:00Z", "advisory" : "RHSA-2019:1108", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package" : "eap7-httpcomponents-asyncclient-0:4.1.4-1.redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date" : "2019-05-08T00:00:00Z", "advisory" : "RHSA-2019:1108", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package" : "eap7-infinispan-0:9.3.6-1.Final_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date" : "2019-05-08T00:00:00Z", "advisory" : "RHSA-2019:1108", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package" : "eap7-ironjacamar-0:1.4.15-1.Final_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date" : "2019-05-08T00:00:00Z", "advisory" : "RHSA-2019:1108", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package" : "eap7-jackson-annotations-0:2.9.8-2.redhat_00004.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date" : "2019-05-08T00:00:00Z", "advisory" : "RHSA-2019:1108", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package" : "eap7-jackson-core-0:2.9.8-2.redhat_00004.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date" : "2019-05-08T00:00:00Z", "advisory" : "RHSA-2019:1108", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package" : "eap7-jackson-databind-0:2.9.8-2.redhat_00004.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date" : "2019-05-08T00:00:00Z", "advisory" : "RHSA-2019:1108", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package" : "eap7-jackson-jaxrs-providers-0:2.9.8-2.redhat_00004.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date" : "2019-05-08T00:00:00Z", "advisory" : "RHSA-2019:1108", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package" : "eap7-jackson-modules-base-0:2.9.8-1.redhat_00004.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date" : "2019-05-08T00:00:00Z", "advisory" : "RHSA-2019:1108", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package" : "eap7-jackson-modules-java8-0:2.9.8-1.redhat_00004.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date" : "2019-05-08T00:00:00Z", "advisory" : "RHSA-2019:1108", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package" : "eap7-jberet-0:1.3.2-1.Final_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date" : "2019-05-08T00:00:00Z", "advisory" : "RHSA-2019:1108", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package" : "eap7-jboss-ejb-client-0:4.0.15-1.Final_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date" : "2019-05-08T00:00:00Z", "advisory" : "RHSA-2019:1108", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package" : "eap7-jboss-el-api_3.0_spec-0:1.0.13-2.Final_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date" : "2019-05-08T00:00:00Z", "advisory" : "RHSA-2019:1108", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package" : "eap7-jboss-genericjms-0:2.0.1-2.Final_redhat_00002.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date" : "2019-05-08T00:00:00Z", "advisory" : "RHSA-2019:1108", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package" : "eap7-jboss-logmanager-0:2.1.7-3.Final_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date" : "2019-05-08T00:00:00Z", "advisory" : "RHSA-2019:1108", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package" : "eap7-jboss-remoting-jmx-0:3.0.1-1.Final_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date" : "2019-05-08T00:00:00Z", "advisory" : "RHSA-2019:1108", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package" : "eap7-jboss-security-negotiation-0:3.0.5-2.Final_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date" : "2019-05-08T00:00:00Z", "advisory" : "RHSA-2019:1108", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package" : "eap7-jboss-server-migration-0:1.3.0-7.Final_redhat_00004.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date" : "2019-05-08T00:00:00Z", "advisory" : "RHSA-2019:1108", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package" : "eap7-narayana-0:5.9.1-1.Final_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date" : "2019-05-08T00:00:00Z", "advisory" : "RHSA-2019:1108", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package" : "eap7-picketlink-bindings-0:2.5.5-16.SP12_redhat_4.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date" : "2019-05-08T00:00:00Z", "advisory" : "RHSA-2019:1108", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package" : "eap7-picketlink-federation-0:2.5.5-16.SP12_redhat_4.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date" : "2019-05-08T00:00:00Z", "advisory" : "RHSA-2019:1108", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package" : "eap7-resteasy-0:3.6.1-4.SP3_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date" : "2019-05-08T00:00:00Z", "advisory" : "RHSA-2019:1108", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package" : "eap7-sun-istack-commons-0:3.0.7-2.redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date" : "2019-05-08T00:00:00Z", "advisory" : "RHSA-2019:1108", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package" : "eap7-undertow-0:2.0.19-1.Final_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date" : "2019-05-08T00:00:00Z", "advisory" : "RHSA-2019:1108", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package" : "eap7-undertow-jastow-0:2.0.7-2.Final_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date" : "2019-05-08T00:00:00Z", "advisory" : "RHSA-2019:1108", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package" : "eap7-wildfly-0:7.2.1-6.GA_redhat_00004.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date" : "2019-05-08T00:00:00Z", "advisory" : "RHSA-2019:1108", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package" : "eap7-wildfly-elytron-0:1.6.2-1.Final_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date" : "2019-05-08T00:00:00Z", "advisory" : "RHSA-2019:1108", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package" : "eap7-wildfly-elytron-tool-0:1.4.1-1.Final_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date" : "2019-05-08T00:00:00Z", "advisory" : "RHSA-2019:1108", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package" : "eap7-wildfly-http-client-0:1.0.13-1.Final_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date" : "2019-05-08T00:00:00Z", "advisory" : "RHSA-2019:1108", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package" : "eap7-wildfly-transaction-client-0:1.1.3-1.Final_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date" : "2019-05-08T00:00:00Z", "advisory" : "RHSA-2019:1108", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package" : "eap7-yasson-0:1.0.2-1.redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform Continuous Delivery", "release_date" : "2020-06-15T00:00:00Z", "advisory" : "RHSA-2020:2564", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform_cd:16", "package" : "jackson-databind" }, { "product_name" : "Red Hat OpenShift Container Platform 3.11", "release_date" : "2019-10-18T00:00:00Z", "advisory" : "RHSA-2019:3149", "cpe" : "cpe:/a:redhat:openshift:3.11::el7", "package" : "openshift3/ose-logging-elasticsearch5:v3.11.153-2" }, { "product_name" : "Red Hat OpenShift Container Platform 4.1", "release_date" : "2019-09-27T00:00:00Z", "advisory" : "RHSA-2019:2858", "cpe" : "cpe:/a:redhat:openshift:4.1::el7", "package" : "openshift4/ose-logging-elasticsearch5:v4.1.18-201909201915" }, { "product_name" : "Red Hat OpenShift Container Platform 4.6", "release_date" : "2021-04-27T00:00:00Z", "advisory" : "RHSA-2021:1230", "cpe" : "cpe:/a:redhat:openshift:4.6::el8", "package" : "openshift4/ose-logging-elasticsearch6:v4.6.0-202104161407.p0" }, { "product_name" : "Red Hat Single Sign-On 7.3.1 zip", "release_date" : "2019-05-09T00:00:00Z", "advisory" : "RHSA-2019:1140", "cpe" : "cpe:/a:redhat:jboss_single_sign_on:7.3" }, { "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date" : "2019-04-17T00:00:00Z", "advisory" : "RHSA-2019:0782", "cpe" : "cpe:/a:redhat:rhel_software_collections:3::el7", "package" : "rh-maven35-jackson-databind-0:2.7.6-2.5.el7" }, { "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS", "release_date" : "2019-04-17T00:00:00Z", "advisory" : "RHSA-2019:0782", "cpe" : "cpe:/a:redhat:rhel_software_collections:3::el7", "package" : "rh-maven35-jackson-databind-0:2.7.6-2.5.el7" }, { "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS", "release_date" : "2019-04-17T00:00:00Z", "advisory" : "RHSA-2019:0782", "cpe" : "cpe:/a:redhat:rhel_software_collections:3::el7", "package" : "rh-maven35-jackson-databind-0:2.7.6-2.5.el7" }, { "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS", "release_date" : "2019-04-17T00:00:00Z", "advisory" : "RHSA-2019:0782", "cpe" : "cpe:/a:redhat:rhel_software_collections:3::el7", "package" : "rh-maven35-jackson-databind-0:2.7.6-2.5.el7" } ], "package_state" : [ { "product_name" : "Red Hat BPM Suite 6", "fix_state" : "Will not fix", "package_name" : "jackson-databind", "cpe" : "cpe:/a:redhat:jboss_enterprise_bpms_platform" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "jackson-databind", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat JBoss A-MQ 6", "fix_state" : "Out of support scope", "package_name" : "jackson-databind", "cpe" : "cpe:/a:redhat:jboss_amq:6" }, { "product_name" : "Red Hat JBoss BRMS 6", "fix_state" : "Will not fix", "package_name" : "jackson-databind", "cpe" : "cpe:/a:redhat:jboss_enterprise_brms_platform:6" }, { "product_name" : "Red Hat JBoss Data Virtualization 6", "fix_state" : "Will not fix", "package_name" : "jackson-databind", "cpe" : "cpe:/a:redhat:jboss_data_virtualization:6" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6", "fix_state" : "Not affected", "package_name" : "jackson-databind", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6" }, { "product_name" : "Red Hat JBoss Fuse 6", "fix_state" : "Will not fix", "package_name" : "jackson-databind", "cpe" : "cpe:/a:redhat:jboss_fuse:6" }, { "product_name" : "Red Hat JBoss Fuse Integration Service 2", "fix_state" : "Will not fix", "package_name" : "jackson-databind", "cpe" : "cpe:/a:redhat:fuse_integration_services:2" }, { "product_name" : "Red Hat JBoss Operations Network 3", "fix_state" : "Not affected", "package_name" : "Core Server", "cpe" : "cpe:/a:redhat:jboss_operations_network:3" }, { "product_name" : "Red Hat Mobile Application Platform 4", "fix_state" : "Not affected", "package_name" : "jackson-databind", "cpe" : "cpe:/a:redhat:mobile_application_platform:4" }, { "product_name" : "Red Hat OpenShift Application Runtimes", "fix_state" : "Will not fix", "package_name" : "jackson-databind", "cpe" : "cpe:/a:redhat:openshift_application_runtimes:1.0" }, { "product_name" : "Red Hat OpenShift Container Platform 3.10", "fix_state" : "Affected", "package_name" : "elasticsearch-cloud-kubernetes", "cpe" : "cpe:/a:redhat:openshift:3.10" }, { "product_name" : "Red Hat OpenShift Container Platform 3.10", "fix_state" : "Affected", "package_name" : "openshift-elasticsearch-plugin", "cpe" : "cpe:/a:redhat:openshift:3.10" }, { "product_name" : "Red Hat OpenShift Container Platform 3.11", "fix_state" : "Not affected", "package_name" : "jackson-databind", "cpe" : "cpe:/a:redhat:openshift:3.11" }, { "product_name" : "Red Hat OpenShift Container Platform 3.6", "fix_state" : "Affected", "package_name" : "openshift-elasticsearch-plugin", "cpe" : "cpe:/a:redhat:openshift:3.6" }, { "product_name" : "Red Hat OpenShift Container Platform 3.7", "fix_state" : "Affected", "package_name" : "openshift-elasticsearch-plugin", "cpe" : "cpe:/a:redhat:openshift:3.7" }, { "product_name" : "Red Hat OpenShift Container Platform 3.9", "fix_state" : "Affected", "package_name" : "elasticsearch-cloud-kubernetes", "cpe" : "cpe:/a:redhat:openshift:3.9" }, { "product_name" : "Red Hat OpenShift Container Platform 3.9", "fix_state" : "Affected", "package_name" : "openshift-elasticsearch-plugin", "cpe" : "cpe:/a:redhat:openshift:3.9" }, { "product_name" : "Red Hat OpenStack Platform 10 (Newton)", "fix_state" : "Will not fix", "package_name" : "opendaylight", "cpe" : "cpe:/a:redhat:openstack:10" }, { "product_name" : "Red Hat OpenStack Platform 13 (Queens)", "fix_state" : "Will not fix", "package_name" : "opendaylight", "cpe" : "cpe:/a:redhat:openstack:13" }, { "product_name" : "Red Hat OpenStack Platform 14 (Rocky)", "fix_state" : "Will not fix", "package_name" : "opendaylight", "cpe" : "cpe:/a:redhat:openstack:14" }, { "product_name" : "Red Hat OpenStack Platform 8 (Liberty)", "fix_state" : "Will not fix", "package_name" : "opendaylight", "cpe" : "cpe:/a:redhat:openstack:8" }, { "product_name" : "Red Hat OpenStack Platform 9 (Mitaka)", "fix_state" : "Will not fix", "package_name" : "opendaylight", "cpe" : "cpe:/a:redhat:openstack:9" }, { "product_name" : "Red Hat Satellite 6", "fix_state" : "Not affected", "package_name" : "jackson-databind", "cpe" : "cpe:/a:redhat:satellite:6" }, { "product_name" : "Red Hat Subscription Asset Manager", "fix_state" : "Not affected", "package_name" : "jackson-databind", "cpe" : "cpe:/a:rhel_sam:1" }, { "product_name" : "Red Hat Virtualization 4", "fix_state" : "Not affected", "package_name" : "rhvm-appliance", "cpe" : "cpe:/o:redhat:rhev_hypervisor:4" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2018-14720\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-14720" ], "name" : "CVE-2018-14720", "mitigation" : { "value" : "The following conditions are needed for an exploit, we recommend avoiding all if possible \n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`", "lang" : "en:us" }, "csaw" : false }