Описание
A series of deserialization vulnerabilities have been discovered in Codehaus 1.9.x implemented in EAP 7. This CVE fixes CVE-2017-17485, CVE-2017-7525, CVE-2017-15095, CVE-2018-5968, CVE-2018-7489, CVE-2018-1000873, CVE-2019-12086 reported for FasterXML jackson-databind by implementing a whitelist approach that will mitigate these vulnerabilities and future ones alike.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat BPM Suite 6 | codehaus | Out of support scope | ||
| Red Hat Decision Manager 7 | codehaus | Not affected | ||
| Red Hat JBoss A-MQ 6 | codehaus | Out of support scope | ||
| Red Hat JBoss BRMS 5 | codehaus | Out of support scope | ||
| Red Hat JBoss BRMS 6 | codehaus | Out of support scope | ||
| Red Hat JBoss Data Grid 7 | codehaus | Not affected | ||
| Red Hat JBoss Data Virtualization 6 | codehaus | Out of support scope | ||
| Red Hat JBoss Enterprise Application Platform 5 | codehaus | Out of support scope | ||
| Red Hat JBoss Enterprise Application Platform 6 | codehaus | Out of support scope | ||
| Red Hat JBoss Fuse 6 | codehaus | Out of support scope |
Показывать по
Дополнительная информация
Статус:
8.1 High
CVSS3
Связанные уязвимости
A series of deserialization vulnerabilities have been discovered in Codehaus 1.9.x implemented in EAP 7. This CVE fixes CVE-2017-17485, CVE-2017-7525, CVE-2017-15095, CVE-2018-5968, CVE-2018-7489, CVE-2018-1000873, CVE-2019-12086 reported for FasterXML jackson-databind by implementing a whitelist approach that will mitigate these vulnerabilities and future ones alike.
Deserialization of Untrusted Data in org.codehaus.jackson:jackson-mapper-asl
Уязвимость среды разработки программного обеспечения Codehaus платформы JBoss Enterprise Application Platform, позволяющая нарушителю выполнить произвольный код
8.1 High
CVSS3