Details of VAR-201907-0806

ID

VAR-201907-0806

CVE

CVE-2019-14379

TITLE

FasterXML jackson-databind Input validation error vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-201907-1434

DESCRIPTION

SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code execution. FasterXML Jackson is a data processing tool for Java developed by American FasterXML Company. jackson-databind is one of the components with data binding function. The SubTypeValidator.java file in versions earlier than FasterXML jackson-databind 2.9.9.2 has an input validation error vulnerability. An attacker could exploit this vulnerability to execute code. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2022-03-14-7 Xcode 13.3 Xcode 13.3 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213189. iTMSTransporter Available for: macOS Monterey 12 and later Impact: Multiple issues in iTMSTransporter Description: Multiple issues were addressed with updating FasterXML jackson-databind and Apache Log4j2. CVE-2019-14379 CVE-2021-44228 otool Available for: macOS Monterey 12 and later Impact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2022-22601: hjy79425575 CVE-2022-22602: hjy79425575 CVE-2022-22603: hjy79425575 CVE-2022-22604: hjy79425575 CVE-2022-22605: hjy79425575 CVE-2022-22606: hjy79425575 CVE-2022-22607: hjy79425575 CVE-2022-22608: hjy79425575 Additional recognition iTMSTransporter We would like to acknowledge Anthony Shaw of Microsoft for their assistance. ld64 We would like to acknowledge Pan ZhenPeng (@Peterpan0927) of Alibaba Security Pandora Lab for their assistance. Xcode IDE We would like to acknowledge an anonymous researcher for their assistance. Xcode 13.3 may be obtained from: https://developer.apple.com/xcode/downloads/ To check that the Xcode has been updated: * Select Xcode in the menu bar * Select About Xcode * The version after applying this update will be "Xcode 13.3". All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222. Description: Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services. It is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process. Description: Red Hat Single Sign-On 7.3 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1649870 - CVE-2019-14820 keycloak: adapter endpoints are exposed via arbitrary URLs 1713068 - CVE-2019-10184 undertow: Information leak in requests for directories without trailing slashes 1713468 - CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server. 1725795 - CVE-2019-12814 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server via crafted JSON message. JIRA issues fixed (https://issues.jboss.org/): KEYCLOAK-11454 - Tracker bug for the RH-SSO 7.3.4 release for RHEL7 7. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 8. The References section of this erratum contains a download link (you must log in to download the update). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat Data Grid 7.3.3 security update Advisory ID: RHSA-2020:0727-01 Product: Red Hat JBoss Data Grid Advisory URL: https://access.redhat.com/errata/RHSA-2020:0727 Issue date: 2020-03-05 CVE Names: CVE-2018-14335 CVE-2019-3805 CVE-2019-3888 CVE-2019-9512 CVE-2019-9514 CVE-2019-9515 CVE-2019-9518 CVE-2019-10173 CVE-2019-10174 CVE-2019-10184 CVE-2019-10212 CVE-2019-14379 ==================================================================== 1. Summary: An update for Red Hat Data Grid is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat Data Grid is a distributed, in-memory, NoSQL datastore based on the Infinispan project. This release of Red Hat Data Grid 7.3.3 serves as a replacement for Red Hat Data Grid 7.3.2 and includes bug fixes and enhancements, which are described in the Release Notes, linked to in the References section of this erratum. Security Fix(es): * HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512) * HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514) * HTTP/2: flood using SETTINGS frames results in unbounded memory growth (CVE-2019-9515) * HTTP/2: flood using empty frames results in excessive resource consumption (CVE-2019-9518) * xstream: remote code execution due to insecure XML deserialization (regression of CVE-2013-7285) (CVE-2019-10173) * infinispan: invokeAccessibly method from ReflectionUtil class allows to invoke private methods (CVE-2019-10174) * jackson-databind: default typing mishandling leading to remote code execution (CVE-2019-14379) * h2: Information Exposure due to insecure handling of permissions in the backup (CVE-2018-14335) * wildfly: Race condition on PID file allows for termination of arbitrary processes by local users (CVE-2019-3805) * undertow: leak credentials to log files UndertowLogger.REQUEST_LOGGER.undertowRequestFailed (CVE-2019-3888) * undertow: DEBUG log for io.undertow.request.security if enabled leaks credentials to log files (CVE-2019-10212) * undertow: Information leak in requests for directories without trailing slashes (CVE-2019-10184) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: To install this update, do the following: 1. Download the Data Grid 7.3.3 server patch from the customer portal. 2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on. 3. Install the Data Grid 7.3.3 server patch. Refer to the 7.3 Release Notes for patching instructions. 4. Restart Data Grid to ensure the changes take effect. 4. Bugs fixed (https://bugzilla.redhat.com/): 1610877 - CVE-2018-14335 h2: Information Exposure due to insecure handling of permissions in the backup 1660263 - CVE-2019-3805 wildfly: Race condition on PID file allows for termination of arbitrary processes by local users 1693777 - CVE-2019-3888 undertow: leak credentials to log files UndertowLogger.REQUEST_LOGGER.undertowRequestFailed 1703469 - CVE-2019-10174 infinispan: invokeAccessibly method from ReflectionUtil class allows to invoke private methods 1713068 - CVE-2019-10184 undertow: Information leak in requests for directories without trailing slashes 1722971 - CVE-2019-10173 xstream: remote code execution due to insecure XML deserialization (regression of CVE-2013-7285) 1731984 - CVE-2019-10212 undertow: DEBUG log for io.undertow.request.security if enabled leaks credentials to log files 1735645 - CVE-2019-9512 HTTP/2: flood using PING frames results in unbounded memory growth 1735744 - CVE-2019-9514 HTTP/2: flood using HEADERS frames results in unbounded memory growth 1735745 - CVE-2019-9515 HTTP/2: flood using SETTINGS frames results in unbounded memory growth 1735749 - CVE-2019-9518 HTTP/2: flood using empty frames results in excessive resource consumption 1737517 - CVE-2019-14379 jackson-databind: default typing mishandling leading to remote code execution 5. References: https://access.redhat.com/security/cve/CVE-2018-14335 https://access.redhat.com/security/cve/CVE-2019-3805 https://access.redhat.com/security/cve/CVE-2019-3888 https://access.redhat.com/security/cve/CVE-2019-9512 https://access.redhat.com/security/cve/CVE-2019-9514 https://access.redhat.com/security/cve/CVE-2019-9515 https://access.redhat.com/security/cve/CVE-2019-9518 https://access.redhat.com/security/cve/CVE-2019-10173 https://access.redhat.com/security/cve/CVE-2019-10174 https://access.redhat.com/security/cve/CVE-2019-10184 https://access.redhat.com/security/cve/CVE-2019-10212 https://access.redhat.com/security/cve/CVE-2019-14379 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product\xdata.grid&downloadType=patches&version=7.3 https://access.redhat.com/documentation/en-us/red_hat_data_grid/7.3/html-single/red_hat_data_grid_7.3_release_notes/index 6. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXmD2b9zjgjWX9erEAQhDqA/9G7uM0HlTt4M6Z9Zc23FSbbr+jj1k/o69 a5WWa+xS3Ko4IvlN5rt+wOHSFet+NTMAerNHzAsB2+viX1hr14Hwf3QnIom/yxbJ PaC1djdaZfcvSIODhbq/C5Ilae09x3rW1voQ39i1Q2bsEqVePLZdC75KjvNLsfqe QJCMvcO3jkccxn7k45baCfTGsFyOhHb17Y9DRarWsC7jO9kEjMxrUPN6qKP6BC9t RMuqDxo1aJnatMeCWb7NA0UpOz0+lFpuR+ZZYPV444nGmfTKrbc9c5TuQUCSP+LD sG1+fh2xMztuGxNiJfgSP3iqHmgXD9TBxh1kxn1kt59llCO5+Uqu/O5OsqeQQ0Ym I+a2VAzn2N776sTbWIZ3231IJex68oG+4/fIo6/FVVJpmtDIDgumgErTPD0kkNuT yyyn3u50RZohzSxEz37QdiQDJbiJcJhmtFR5fLRAbFa8Ys2Gw81PGFba95/kVooX K5uSukzOBm8nhxfBvwZDCY/gWuJwVLSAOJb4VoPZiR2WbZsx+9r+spQv6K9wYr5v s//DY88rsUSaMH4kGco//6Dqis8IwOISr/ZR+Edlnrz1rHv9Z4XerMw56VUKIHva mS7rdNmbLqHN0XfZImxewLca2i7sWIlxWrgKF2f4zEO3ermivdis7RdssZkJ9Zv9 S7B2VoNOQj4=zoia -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . JIRA issues fixed (https://issues.jboss.org/): JBEAP-16455 - [GSS](7.2.z) Upgrade Infinispan from 9.3.6 to 9.3.7 JBEAP-16779 - [GSS](7.2.z) Upgrade Hibernate ORM from 5.3.10 to 5.3.11 JBEAP-17045 - [GSS](7.2.z) Upgrade JSF based on Mojarra 2.3.5.SP3-redhat-00001 to 2.3.5.SP3-redhat-00002 JBEAP-17062 - [GSS](7.2.z) Upgrade Artemis from 2.7.0.redhat-00057 to 2.9.0.redhat-00005 JBEAP-17073 - [GSS](7.2.z) Upgrade jboss-ejb-client from 4.0.20 to 4.0.23 JBEAP-17109 - (7.2.z) Upgrade XNIO from 3.6.6.Final-redhat-00001 to 3.7.3.Final-redhat-00001 JBEAP-17112 - [GSS](7.2.z) Upgrade JBoss Remoting from 5.0.12 to 5.0.14.SP1 JBEAP-17144 - Tracker bug for the EAP 7.2.4 release for RHEL-8 JBEAP-17162 - [GSS](7.2.z) Upgrade jgroups from 4.0.19 to 4.0.20 JBEAP-17178 - (7.2.z) Upgrade IronJacamar from 1.4.16.Final to 1.4.17.Final JBEAP-17182 - (7.2.z) Upgrade PicketLink from 2.5.5.SP12-redhat-00006 to 2.5.5.SP12-redhat-00007 JBEAP-17183 - (7.2.z) Upgrade PicketLink bindings from 2.5.5.SP12-redhat-00006 to 2.5.5.SP12-redhat-00007 JBEAP-17223 - [GSS](7.2.z) Upgrade WildFly Core from 6.0.15 to 6.0.16 JBEAP-17238 - [GSS](7.2.z) Upgrade HAL from 3.0.13 to 3.0.16 JBEAP-17250 - [GSS](7.2.z) Upgrade JBoss MSC from 1.4.5 to 1.4.8 JBEAP-17271 - [GSS](7.2.z) Upgrade jboss-logmanager from 2.1.7.Final-redhat-00001 to 2.1.14.Final-redhat-00001 JBEAP-17273 - [GSS](7.2.z) Upgrade jboss-logging from 3.3.2.Final-redhat-00001 to 3.3.3.Final-redhat-00001 JBEAP-17274 - [GSS](7.2.z) Upgrade Wildfly Elytron from 1.6.3.Final-redhat-00001 to 1.6.4.Final-redhat-00001 JBEAP-17276 - [GSS](7.2.z) Upgrade wildfly-transaction-client from 1.1.4.Final-redhat-00001 to 1.1.6.Final-redhat-00001 JBEAP-17277 - [GSS](7.2.z) Upgrade Undertow from 2.0.22 to 2.0.25.SP1 JBEAP-17278 - [GSS](7.2.z) Upgrade JBoss Marshalling from 2.0.7 to 2.0.9 JBEAP-17294 - [GSS](7.2.z) Upgrade weld from 3.0.6.Final-redhat-00001 to 3.0.6.Final-redhat-00002 JBEAP-17311 - [GSS](7.2.z) Upgrade jboss-jaxrs-api_2.1_spec from 1.0.1.Final-redhat-00001 to 1.0.3.Final-redhat-00001 JBEAP-17320 - [GSS](7.2.z) Upgrade PicketBox from 5.0.3.Final-redhat-3 to 5.0.3.Final-redhat-00004 JBEAP-17321 - [GSS](7.2.z) Upgrade Narayana from 5.9.3.Final to 5.9.6.Final JBEAP-17334 - (7.2.z) Upgrade Elytron-Tool from 1.4.2 to 1.4.3.Final JBEAP-17527 - [GSS](7.2.z) Upgrade Hibernate ORM from 5.3.11 to 5.3.11.SP1 7

Trust: 1.89

sources: NVD: CVE-2019-14379 // VULHUB: VHN-146319 // VULMON: CVE-2019-14379 // PACKETSTORM: 166313 // PACKETSTORM: 155054 // PACKETSTORM: 154686 // PACKETSTORM: 154843 // PACKETSTORM: 154850 // PACKETSTORM: 156628 // PACKETSTORM: 155382 // PACKETSTORM: 154793 // PACKETSTORM: 154665

AFFECTED PRODUCTS

vendor:	netapp	model:	active iq unified manager	scope:	gte	version:	9.5	Trust: 1.0
vendor:	oracle	model:	banking platform	scope:	eq	version:	2.7.1	Trust: 1.0
vendor:	oracle	model:	financial services analytical applications infrastructure	scope:	lte	version:	8.0.8	Trust: 1.0
vendor:	fasterxml	model:	jackson-databind	scope:	lt	version:	2.9.9.2	Trust: 1.0
vendor:	oracle	model:	primavera gateway	scope:	eq	version:	16.2	Trust: 1.0
vendor:	oracle	model:	communications diameter signaling router	scope:	eq	version:	8.2.1	Trust: 1.0
vendor:	oracle	model:	banking platform	scope:	eq	version:	2.5.0	Trust: 1.0
vendor:	apple	model:	xcode	scope:	lt	version:	13.3	Trust: 1.0
vendor:	oracle	model:	primavera unifier	scope:	lte	version:	17.12	Trust: 1.0
vendor:	oracle	model:	primavera unifier	scope:	eq	version:	16.1	Trust: 1.0
vendor:	oracle	model:	retail xstore point of service	scope:	eq	version:	15.0	Trust: 1.0
vendor:	fasterxml	model:	jackson-databind	scope:	gte	version:	2.7.0	Trust: 1.0
vendor:	oracle	model:	communications diameter signaling router	scope:	eq	version:	8.2	Trust: 1.0
vendor:	fasterxml	model:	jackson-databind	scope:	lt	version:	2.7.9.6	Trust: 1.0
vendor:	oracle	model:	banking platform	scope:	eq	version:	2.6.1	Trust: 1.0
vendor:	netapp	model:	active iq unified manager	scope:	gte	version:	7.3	Trust: 1.0
vendor:	oracle	model:	retail xstore point of service	scope:	eq	version:	18.0	Trust: 1.0
vendor:	netapp	model:	snapcenter	scope:	eq	version:	-	Trust: 1.0
vendor:	oracle	model:	communications diameter signaling router	scope:	eq	version:	8.0.0	Trust: 1.0
vendor:	fasterxml	model:	jackson-databind	scope:	gte	version:	2.0.0	Trust: 1.0
vendor:	redhat	model:	single sign-on	scope:	eq	version:	7.3	Trust: 1.0
vendor:	oracle	model:	banking platform	scope:	eq	version:	2.4.0	Trust: 1.0
vendor:	oracle	model:	siebel engineering - installer \& deployment	scope:	lte	version:	19.8	Trust: 1.0
vendor:	fasterxml	model:	jackson-databind	scope:	lt	version:	2.8.11.4	Trust: 1.0
vendor:	oracle	model:	primavera gateway	scope:	eq	version:	18.8.0	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	8.0	Trust: 1.0
vendor:	fasterxml	model:	jackson-databind	scope:	gte	version:	2.8.0	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	29	Trust: 1.0
vendor:	oracle	model:	banking platform	scope:	eq	version:	2.7.0	Trust: 1.0
vendor:	oracle	model:	primavera gateway	scope:	eq	version:	17.12	Trust: 1.0
vendor:	oracle	model:	retail customer management and segmentation foundation	scope:	eq	version:	17.0	Trust: 1.0
vendor:	netapp	model:	oncommand workflow automation	scope:	eq	version:	-	Trust: 1.0
vendor:	oracle	model:	primavera unifier	scope:	eq	version:	16.2	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	30	Trust: 1.0
vendor:	oracle	model:	primavera unifier	scope:	eq	version:	18.8	Trust: 1.0
vendor:	oracle	model:	communications diameter signaling router	scope:	eq	version:	8.1	Trust: 1.0
vendor:	oracle	model:	retail xstore point of service	scope:	eq	version:	16.0	Trust: 1.0
vendor:	oracle	model:	communications instant messaging server	scope:	eq	version:	10.0.1.3.0	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	31	Trust: 1.0
vendor:	redhat	model:	jboss enterprise application platform	scope:	eq	version:	7.2	Trust: 1.0
vendor:	oracle	model:	jd edwards enterpriseone orchestrator	scope:	eq	version:	9.2	Trust: 1.0
vendor:	oracle	model:	banking platform	scope:	eq	version:	2.6.0	Trust: 1.0
vendor:	fasterxml	model:	jackson-databind	scope:	lt	version:	2.6.7.3	Trust: 1.0
vendor:	redhat	model:	openshift container platform	scope:	eq	version:	4.1	Trust: 1.0
vendor:	oracle	model:	goldengate stream analytics	scope:	lt	version:	19.1.0.0.1	Trust: 1.0
vendor:	oracle	model:	primavera unifier	scope:	gte	version:	17.7	Trust: 1.0
vendor:	netapp	model:	service level manager	scope:	eq	version:	-	Trust: 1.0
vendor:	oracle	model:	banking platform	scope:	eq	version:	2.4.1	Trust: 1.0
vendor:	oracle	model:	retail xstore point of service	scope:	eq	version:	17.0	Trust: 1.0
vendor:	redhat	model:	jboss enterprise application platform	scope:	eq	version:	7.3	Trust: 1.0
vendor:	oracle	model:	siebel ui framework	scope:	lte	version:	19.10	Trust: 1.0
vendor:	redhat	model:	openshift container platform	scope:	eq	version:	3.11	Trust: 1.0
vendor:	oracle	model:	jd edwards enterpriseone tools	scope:	eq	version:	9.2	Trust: 1.0
vendor:	oracle	model:	retail xstore point of service	scope:	eq	version:	7.1	Trust: 1.0
vendor:	oracle	model:	financial services analytical applications infrastructure	scope:	gte	version:	8.0.2	Trust: 1.0
vendor:	oracle	model:	primavera gateway	scope:	eq	version:	15.2	Trust: 1.0
vendor:	fasterxml	model:	jackson-databind	scope:	gte	version:	2.9.0	Trust: 1.0

sources: NVD: CVE-2019-14379

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-14379
value:	CRITICAL
Trust: 1.0
CNNVD:	CNNVD-201907-1434
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-146319
value:	HIGH
Trust: 0.1
VULMON:	CVE-2019-14379
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2019-14379
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
VULHUB:	VHN-146319
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-14379
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: VULHUB: VHN-146319 // VULMON: CVE-2019-14379 // CNNVD: CNNVD-201907-1434 // NVD: CVE-2019-14379

PROBLEMTYPE DATA

problemtype:	CWE-1321	Trust: 1.0
problemtype:	CWE-20	Trust: 0.1
problemtype:	CWE-915	Trust: 0.1

sources: VULHUB: VHN-146319 // NVD: CVE-2019-14379

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201907-1434

TYPE

code execution

Trust: 0.9

sources: PACKETSTORM: 166313 // PACKETSTORM: 155054 // PACKETSTORM: 154686 // PACKETSTORM: 154843 // PACKETSTORM: 154850 // PACKETSTORM: 156628 // PACKETSTORM: 155382 // PACKETSTORM: 154793 // PACKETSTORM: 154665

PATCH

title:	FasterXML jackson-databind Security vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=95557	Trust: 0.6
title:	Red Hat: Important: rh-maven35-jackson-databind security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192743 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat Process Automation Manager 7.5.0 Security Update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20193297 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat Decision Manager 7.5.0 Security Update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20193292 - Security Advisory	Trust: 0.1
title:	Debian CVElist Bug Report Logs: jackson-databind: CVE-2019-14361 CVE-2019-14379	url:	https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=a0e42c604708bdf7d86284f91b76327e	Trust: 0.1
title:	Red Hat: Important: Red Hat OpenShift Application Runtimes Vert.x 3.8.3 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20193901 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat Single Sign-On 7.3.4 security update on RHEL 8	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20193046 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.4 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192938 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat Single Sign-On 7.3.4 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20193050 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat Single Sign-On 7.3.4 security update on RHEL 7	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20193045 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat Single Sign-On 7.3.4 security update on RHEL 6	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20193044 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat OpenShift Application Runtimes Thorntail 2.5.0 security & bug fix update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192998 - Security Advisory	Trust: 0.1
title:	Red Hat: CVE-2019-14379	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2019-14379	Trust: 0.1
title:	Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.4 on RHEL 8 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192937 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.4 on RHEL 7 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192936 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.4 on RHEL 6 Security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192935 - Security Advisory	Trust: 0.1
title:	IBM: IBM Security Bulletin: IBM Security Guardium is affected by a jackson-databind vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=8e202227ddeed5e361f0c0e3dbbf0fe3	Trust: 0.1
title:	Red Hat: Important: Red Hat Data Grid 7.3.3 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20200727 - Security Advisory	Trust: 0.1
title:	IBM: IBM Security Bulletin: Vulnerabilities in FasterXML Jackson libraries affect IBM Cúram Social Program Management (CVE-2019-14439, CVE-2019-14379, CVE-2019-12814, CVE-2019-12086)	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=7577d61736064271602a887577c2f766	Trust: 0.1
title:	Red Hat: Important: Red Hat Fuse 7.6.0 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20200983 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: OpenShift Container Platform 4.1.18 logging-elasticsearch5 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192858 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: OpenShift Container Platform logging-elasticsearch5-container security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20193149 - Security Advisory	Trust: 0.1
title:	Hitachi Security Advisories: Multiple Vulnerabilities in Hitachi Ops Center Analyzer viewpoint	url:	https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories&qid=hitachi-sec-2020-109	Trust: 0.1
title:	Hitachi Security Advisories: Multiple Vulnerabilities in Cosminexus	url:	https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories&qid=hitachi-sec-2021-109	Trust: 0.1
title:	IBM: Security Bulletin: z/Transaction Processing Facility is affected by multiple vulnerabilities in the jackson-databind, jackson-dataformat-xml, jackson-core, slf4j-ext, and cxf-core packages	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=f974282a27702bae4111bf7716ee6cf6	Trust: 0.1
title:	IBM: Security Bulletin: Multiple vulnerabilities in Data-Binding for Jackson shipped with IBM Operations Analytics – Log Analysis	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=1db4c8cb14383c63d0c04205c943ef8a	Trust: 0.1
title:	IBM: Security Bulletin: IBM Cognos Analytics has addressed multiple vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=2ec7385c474071281be069b54d841de6	Trust: 0.1
title:	commons	url:	https://github.com/heike2718/commons	Trust: 0.1
title:	Jackson-deserialization-PoC	url:	https://github.com/galimba/Jackson-deserialization-PoC	Trust: 0.1
title:	cybsec	url:	https://github.com/ilmari666/cybsec	Trust: 0.1

sources: VULMON: CVE-2019-14379 // CNNVD: CNNVD-201907-1434

EXTERNAL IDS

db:	NVD	id:	CVE-2019-14379	Trust: 2.7
db:	PACKETSTORM	id:	166313	Trust: 0.8
db:	PACKETSTORM	id:	154469	Trust: 0.7
db:	PACKETSTORM	id:	162493	Trust: 0.7
db:	PACKETSTORM	id:	162350	Trust: 0.7
db:	CNNVD	id:	CNNVD-201907-1434	Trust: 0.7
db:	PACKETSTORM	id:	156628	Trust: 0.7
db:	PACKETSTORM	id:	155382	Trust: 0.7
db:	CS-HELP	id:	SB2022060909	Trust: 0.6
db:	CS-HELP	id:	SB2022031501	Trust: 0.6
db:	CS-HELP	id:	SB2021050708	Trust: 0.6
db:	CS-HELP	id:	SB2021042826	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.4754	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.4370	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.3481	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.4323	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.1076	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.4588	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.1440	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.1573	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.3074	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.1437	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.3836	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.3643	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.0381	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.0832	Trust: 0.6
db:	PACKETSTORM	id:	156941	Trust: 0.6
db:	NSFOCUS	id:	45801	Trust: 0.6
db:	VULHUB	id:	VHN-146319	Trust: 0.1
db:	VULMON	id:	CVE-2019-14379	Trust: 0.1
db:	PACKETSTORM	id:	155054	Trust: 0.1
db:	PACKETSTORM	id:	154686	Trust: 0.1
db:	PACKETSTORM	id:	154843	Trust: 0.1
db:	PACKETSTORM	id:	154850	Trust: 0.1
db:	PACKETSTORM	id:	154793	Trust: 0.1
db:	PACKETSTORM	id:	154665	Trust: 0.1

sources: VULHUB: VHN-146319 // VULMON: CVE-2019-14379 // PACKETSTORM: 166313 // PACKETSTORM: 155054 // PACKETSTORM: 154686 // PACKETSTORM: 154843 // PACKETSTORM: 154850 // PACKETSTORM: 156628 // PACKETSTORM: 155382 // PACKETSTORM: 154793 // PACKETSTORM: 154665 // CNNVD: CNNVD-201907-1434 // NVD: CVE-2019-14379

REFERENCES

url:	https://access.redhat.com/errata/rhsa-2019:2743	Trust: 2.5
url:	https://access.redhat.com/errata/rhsa-2019:3044	Trust: 2.5
url:	https://access.redhat.com/errata/rhsa-2019:3050	Trust: 2.5
url:	https://access.redhat.com/errata/rhsa-2019:3901	Trust: 2.5
url:	https://www.oracle.com/security-alerts/cpujul2020.html	Trust: 2.4
url:	https://lists.debian.org/debian-lts-announce/2019/08/msg00011.html	Trust: 2.4
url:	https://access.redhat.com/errata/rhsa-2019:2858	Trust: 2.4
url:	https://access.redhat.com/errata/rhsa-2019:3045	Trust: 2.4
url:	https://access.redhat.com/errata/rhsa-2019:3046	Trust: 2.4
url:	https://access.redhat.com/errata/rhsa-2019:2936	Trust: 1.9
url:	https://access.redhat.com/errata/rhsa-2019:2937	Trust: 1.9
url:	https://access.redhat.com/errata/rhsa-2019:2998	Trust: 1.9
url:	https://access.redhat.com/errata/rhsa-2019:3297	Trust: 1.9
url:	https://access.redhat.com/errata/rhsa-2020:0727	Trust: 1.9
url:	https://support.apple.com/kb/ht213189	Trust: 1.8
url:	https://security.netapp.com/advisory/ntap-20190814-0001/	Trust: 1.8
url:	http://seclists.org/fulldisclosure/2022/mar/23	Trust: 1.8
url:	https://github.com/fasterxml/jackson-databind/compare/jackson-databind-2.9.9.1...jackson-databind-2.9.9.2	Trust: 1.8
url:	https://github.com/fasterxml/jackson-databind/issues/2387	Trust: 1.8
url:	https://www.oracle.com/security-alerts/cpuapr2021.html	Trust: 1.8
url:	https://www.oracle.com/security-alerts/cpuapr2020.html	Trust: 1.8
url:	https://www.oracle.com/security-alerts/cpujan2020.html	Trust: 1.8
url:	https://www.oracle.com/security-alerts/cpuoct2020.html	Trust: 1.8
url:	https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html	Trust: 1.8
url:	https://access.redhat.com/errata/rhba-2019:2824	Trust: 1.8
url:	https://access.redhat.com/errata/rhsa-2019:2935	Trust: 1.8
url:	https://access.redhat.com/errata/rhsa-2019:2938	Trust: 1.8
url:	https://access.redhat.com/errata/rhsa-2019:3149	Trust: 1.8
url:	https://access.redhat.com/errata/rhsa-2019:3200	Trust: 1.8
url:	https://access.redhat.com/errata/rhsa-2019:3292	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-14379	Trust: 1.5
url:	https://lists.apache.org/thread.html/34717424b4d08b74f65c09a083d6dd1cb0763f37a15d6de135998c1d%40%3cdev.tomee.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/6788e4c991f75b89d290ad06b463fcd30bcae99fee610345a35b7bc6%40%3cissues.iceberg.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/5ecc333113b139429f4f05000d4aa2886974d4df3269c1dd990bb319%40%3cdev.tomee.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3cissues.drill.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3cdev.drill.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef%40%3cdev.struts.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/0d4b630d9ee724aee50703397d9d1afa2b2befc9395ba7797d0ccea9%40%3cdev.tomee.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/0fcef7321095ce0bc597d468d150cff3d647f4cb3aef3bd4d20e1c69%40%3ccommits.tinkerpop.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/99944f86abefde389da9b4040ea2327c6aa0b53a2ff9352bd4cfec17%40%3cissues.iceberg.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/75f482fdc84abe6d0c8f438a76437c335a7bbeb5cddd4d70b4bc0cbf%40%3cissues.iceberg.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3cissues.geode.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3cdev.drill.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/5fc0e16b7af2590bf1e97c76c136291c4fdb244ee63c65c485c9a7a1%40%3cdev.tomee.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/2766188be238a446a250ef76801037d452979152d85bce5e46805815%40%3cissues.iceberg.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/ee0a051428d2c719acfa297d0854a189ea5e284ef3ed491fa672f4be%40%3cdev.tomee.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/f17f63b0f8a57e4a5759e01d25cffc0548f0b61ff5c6bfd704ad2f2a%40%3ccommits.ambari.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/859815b2e9f1575acbb2b260b73861c16ca49bca627fa0c46419051f%40%3cissues.iceberg.apache.org%3e	Trust: 1.0
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ukuale2tuckekohe2d342pqxn4mwcslc/	Trust: 1.0
url:	https://lists.apache.org/thread.html/2d2a76440becb610b9a9cb49b15eac3934b02c2dbcaacde1000353e4%40%3cdev.tomee.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3cissues.bookkeeper.apache.org%3e	Trust: 1.0
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/txrvxnrfhjsqwfhprjqri5upmz63b544/	Trust: 1.0
url:	https://lists.apache.org/thread.html/525bcf949a4b0da87a375cbad2680b8beccde749522f24c49befe7fb%40%3ccommits.pulsar.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/87e46591de8925f719664a845572d184027258c5a7af0a471b53c77b%40%3cdev.tomee.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/689c6bcc6c7612eee71e453a115a4c8581e7b718537025d4b265783d%40%3cissues.iceberg.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/56c8042873595b8c863054c7bfccab4bf2c01c6f5abedae249d914b9%40%3cdev.tomee.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/8723b52c2544e6cb804bc8a36622c584acd1bd6c53f2b6034c9fea54%40%3cissues.iceberg.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/d161ff3d59c5a8213400dd6afb1cce1fac4f687c32d1e0c0bfbfaa2d%40%3cissues.iceberg.apache.org%3e	Trust: 1.0
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ovrzdn2t6az6djczj3vsiqivhbvmvwbl/	Trust: 1.0
url:	https://lists.apache.org/thread.html/e25e734c315f70d8876a846926cfe3bfa1a4888044f146e844caf72f%40%3ccommits.ambari.apache.org%3e	Trust: 1.0
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ukuale2tuckekohe2d342pqxn4mwcslc/	Trust: 0.8
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ovrzdn2t6az6djczj3vsiqivhbvmvwbl/	Trust: 0.8
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/txrvxnrfhjsqwfhprjqri5upmz63b544/	Trust: 0.8
url:	https://lists.apache.org/thread.html/e25e734c315f70d8876a846926cfe3bfa1a4888044f146e844caf72f@%3ccommits.ambari.apache.org%3e	Trust: 0.8
url:	https://lists.apache.org/thread.html/f17f63b0f8a57e4a5759e01d25cffc0548f0b61ff5c6bfd704ad2f2a@%3ccommits.ambari.apache.org%3e	Trust: 0.8
url:	https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3cissues.bookkeeper.apache.org%3e	Trust: 0.8
url:	https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3cdev.drill.apache.org%3e	Trust: 0.8
url:	https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3cdev.drill.apache.org%3e	Trust: 0.8
url:	https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3cissues.drill.apache.org%3e	Trust: 0.8
url:	https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3cissues.geode.apache.org%3e	Trust: 0.8
url:	https://lists.apache.org/thread.html/75f482fdc84abe6d0c8f438a76437c335a7bbeb5cddd4d70b4bc0cbf@%3cissues.iceberg.apache.org%3e	Trust: 0.8
url:	https://lists.apache.org/thread.html/689c6bcc6c7612eee71e453a115a4c8581e7b718537025d4b265783d@%3cissues.iceberg.apache.org%3e	Trust: 0.8
url:	https://lists.apache.org/thread.html/99944f86abefde389da9b4040ea2327c6aa0b53a2ff9352bd4cfec17@%3cissues.iceberg.apache.org%3e	Trust: 0.8
url:	https://lists.apache.org/thread.html/d161ff3d59c5a8213400dd6afb1cce1fac4f687c32d1e0c0bfbfaa2d@%3cissues.iceberg.apache.org%3e	Trust: 0.8
url:	https://lists.apache.org/thread.html/2766188be238a446a250ef76801037d452979152d85bce5e46805815@%3cissues.iceberg.apache.org%3e	Trust: 0.8
url:	https://lists.apache.org/thread.html/8723b52c2544e6cb804bc8a36622c584acd1bd6c53f2b6034c9fea54@%3cissues.iceberg.apache.org%3e	Trust: 0.8
url:	https://lists.apache.org/thread.html/859815b2e9f1575acbb2b260b73861c16ca49bca627fa0c46419051f@%3cissues.iceberg.apache.org%3e	Trust: 0.8
url:	https://lists.apache.org/thread.html/6788e4c991f75b89d290ad06b463fcd30bcae99fee610345a35b7bc6@%3cissues.iceberg.apache.org%3e	Trust: 0.8
url:	https://lists.apache.org/thread.html/525bcf949a4b0da87a375cbad2680b8beccde749522f24c49befe7fb@%3ccommits.pulsar.apache.org%3e	Trust: 0.8
url:	https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef@%3cdev.struts.apache.org%3e	Trust: 0.8
url:	https://lists.apache.org/thread.html/0fcef7321095ce0bc597d468d150cff3d647f4cb3aef3bd4d20e1c69@%3ccommits.tinkerpop.apache.org%3e	Trust: 0.8
url:	https://lists.apache.org/thread.html/56c8042873595b8c863054c7bfccab4bf2c01c6f5abedae249d914b9@%3cdev.tomee.apache.org%3e	Trust: 0.8
url:	https://lists.apache.org/thread.html/0d4b630d9ee724aee50703397d9d1afa2b2befc9395ba7797d0ccea9@%3cdev.tomee.apache.org%3e	Trust: 0.8
url:	https://lists.apache.org/thread.html/ee0a051428d2c719acfa297d0854a189ea5e284ef3ed491fa672f4be@%3cdev.tomee.apache.org%3e	Trust: 0.8
url:	https://lists.apache.org/thread.html/2d2a76440becb610b9a9cb49b15eac3934b02c2dbcaacde1000353e4@%3cdev.tomee.apache.org%3e	Trust: 0.8
url:	https://lists.apache.org/thread.html/34717424b4d08b74f65c09a083d6dd1cb0763f37a15d6de135998c1d@%3cdev.tomee.apache.org%3e	Trust: 0.8
url:	https://lists.apache.org/thread.html/5ecc333113b139429f4f05000d4aa2886974d4df3269c1dd990bb319@%3cdev.tomee.apache.org%3e	Trust: 0.8
url:	https://lists.apache.org/thread.html/87e46591de8925f719664a845572d184027258c5a7af0a471b53c77b@%3cdev.tomee.apache.org%3e	Trust: 0.8
url:	https://lists.apache.org/thread.html/5fc0e16b7af2590bf1e97c76c136291c4fdb244ee63c65c485c9a7a1@%3cdev.tomee.apache.org%3e	Trust: 0.8
url:	https://www.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.8
url:	https://bugzilla.redhat.com/):	Trust: 0.8
url:	https://access.redhat.com/security/team/contact/	Trust: 0.8
url:	https://access.redhat.com/security/updates/classification/#important	Trust: 0.8
url:	https://access.redhat.com/security/cve/cve-2019-14379	Trust: 0.8
url:	https://access.redhat.com/security/cve/cve-2019-10184	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2019-10184	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/1118283	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/1086039	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/1285282	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/1072724	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.3074/	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022060909	Trust: 0.6
url:	https://packetstormsecurity.com/files/155382/red-hat-security-advisory-2019-3901-01.html	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-android-mobile-sdk-compile-builder-includes-vulnerable-components/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.4754/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-fasterxml-jackson-databind-affect-apache-solr-shipped-with-ibm-operations-analytics-log-analysis/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.4588/	Trust: 0.6
url:	https://packetstormsecurity.com/files/166313/apple-security-advisory-2022-03-14-7.html	Trust: 0.6
url:	https://www.oracle.com/security-alerts/cpujan2020verbose.html	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-jackson-databind-affect-ibm-sterling-b2b-integrator-2/	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021042826	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cognos-business-intelligence-has-addressed-multiple-vulnerabilities-q12021/	Trust: 0.6
url:	https://support.apple.com/en-us/ht213189	Trust: 0.6
url:	https://packetstormsecurity.com/files/154469/red-hat-security-advisory-2019-2743-01.html	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cognos-analytics-has-addressed-multiple-vulnerabilities-3/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.1573	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.3643/	Trust: 0.6
url:	https://vigilance.fr/vulnerability/jackson-databind-code-execution-via-subtypevalidator-30021	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/1106763	Trust: 0.6
url:	https://packetstormsecurity.com/files/156941/red-hat-security-advisory-2020-0983-01.html	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-release-for-ibm-security-identity-governance-and-intelligence-in-response-to-security-vulnerabilities-2/	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021050708	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.3481/	Trust: 0.6
url:	https://packetstormsecurity.com/files/162493/red-hat-security-advisory-2021-1515-01.html	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/45801	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.0832/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.1437	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.4323/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.3836/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-affect-ibm-network-performance-insight-cve-2019-14379-cve-2019-17531-cve-2019-14439-and-cve-2019-14540/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.4370/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.0381/	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022031501	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.1076/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-affects-ibm-jazz-foundation-and-ibm-engineering-products/	Trust: 0.6
url:	https://packetstormsecurity.com/files/156628/red-hat-security-advisory-2020-0727-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.1440/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-fasterxml-jackson-databind-affect-ibm-spectrum-protect-plus-cve-2019-16943-cve-2019-16942-cve-2019-17531-cve-2019-17267-cve-2019-14540-cve-2019-163/	Trust: 0.6
url:	https://packetstormsecurity.com/files/162350/red-hat-security-advisory-2021-1230-01.html	Trust: 0.6
url:	https://access.redhat.com/security/cve/cve-2019-12384	Trust: 0.5
url:	https://access.redhat.com/security/cve/cve-2019-12814	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2019-12814	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2019-12384	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2019-12086	Trust: 0.5
url:	https://access.redhat.com/security/cve/cve-2019-12086	Trust: 0.5
url:	https://issues.jboss.org/):	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2019-10212	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2019-10212	Trust: 0.4
url:	https://access.redhat.com/articles/11258	Trust: 0.3
url:	https://access.redhat.com/security/team/key/	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2019-10202	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-10202	Trust: 0.2
url:	https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/html-single/installation_guide/	Trust: 0.2
url:	https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2019-14832	Trust: 0.2
url:	https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.3/	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2019-14820	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-14832	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-14820	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-10174	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2019-3888	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-3888	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2019-10174	Trust: 0.2
url:	https://cwe.mitre.org/data/definitions/1321.html	Trust: 0.1
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=60520	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://github.com/galimba/jackson-deserialization-poc	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22604	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22602	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22607	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22608	Trust: 0.1
url:	https://support.apple.com/ht213189.	Trust: 0.1
url:	https://developer.apple.com/xcode/downloads/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22606	Trust: 0.1
url:	https://support.apple.com/en-us/ht201222.	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22601	Trust: 0.1
url:	https://www.apple.com/support/security/pgp/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22605	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-44228	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22603	Trust: 0.1
url:	https://access.redhat.com/documentation/en-us/red_hat_process_automation_manager/7.5/html/release_notes_for_red_hat_process_automation_manager_7.5/index	Trust: 0.1
url:	https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions&product=rhpam&version=7.5.0	Trust: 0.1
url:	https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=core.service.rhsso&downloadtype=securitypatches&version=7.3	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-9514	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-14335	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-10173	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-9515	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-9512	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-9514	Trust: 0.1
url:	https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product\xdata.grid&downloadtype=patches&version=7.3	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-10173	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-9515	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-9518	Trust: 0.1
url:	https://access.redhat.com/documentation/en-us/red_hat_data_grid/7.3/html-single/red_hat_data_grid_7.3_release_notes/index	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-9512	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-3805	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-9518	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-14335	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-3805	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-16869	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-16869	Trust: 0.1
url:	https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions&product=catrhoar.eclipse.vertx&version=3.8.3	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-16942	Trust: 0.1
url:	https://access.redhat.com/documentation/en-us/red_hat_build_of_eclipse_vert.x/3.8/html/release_notes_for_eclipse_vert.x_3.8/index	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-16942	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-3868	Trust: 0.1
url:	https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions&product\xcatrhoar.thorntail&version=2.5.0	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-3868	Trust: 0.1
url:	https://access.redhat.com/documentation/en-us/red_hat_openshift_application_runtimes/1/html/release_notes_for_thorntail_2/	Trust: 0.1

CREDITS

Red Hat

Trust: 1.4

sources: PACKETSTORM: 155054 // PACKETSTORM: 154686 // PACKETSTORM: 154843 // PACKETSTORM: 154850 // PACKETSTORM: 156628 // PACKETSTORM: 155382 // PACKETSTORM: 154793 // PACKETSTORM: 154665 // CNNVD: CNNVD-201907-1434

SOURCES

db:	VULHUB	id:	VHN-146319
db:	VULMON	id:	CVE-2019-14379
db:	PACKETSTORM	id:	166313
db:	PACKETSTORM	id:	155054
db:	PACKETSTORM	id:	154686
db:	PACKETSTORM	id:	154843
db:	PACKETSTORM	id:	154850
db:	PACKETSTORM	id:	156628
db:	PACKETSTORM	id:	155382
db:	PACKETSTORM	id:	154793
db:	PACKETSTORM	id:	154665
db:	CNNVD	id:	CNNVD-201907-1434
db:	NVD	id:	CVE-2019-14379

LAST UPDATE DATE

2025-08-12T19:53:48.188000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-146319	date:	2022-12-02T00:00:00
db:	VULMON	id:	CVE-2019-14379	date:	2022-12-02T00:00:00
db:	CNNVD	id:	CNNVD-201907-1434	date:	2022-12-05T00:00:00
db:	NVD	id:	CVE-2019-14379	date:	2024-11-21T04:26:37.530

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-146319	date:	2019-07-29T00:00:00
db:	VULMON	id:	CVE-2019-14379	date:	2019-07-29T00:00:00
db:	PACKETSTORM	id:	166313	date:	2022-03-15T15:45:58
db:	PACKETSTORM	id:	155054	date:	2019-11-01T17:01:40
db:	PACKETSTORM	id:	154686	date:	2019-09-30T16:22:22
db:	PACKETSTORM	id:	154843	date:	2019-10-14T20:22:22
db:	PACKETSTORM	id:	154850	date:	2019-10-15T00:11:31
db:	PACKETSTORM	id:	156628	date:	2020-03-05T14:41:17
db:	PACKETSTORM	id:	155382	date:	2019-11-18T15:27:40
db:	PACKETSTORM	id:	154793	date:	2019-10-10T14:44:58
db:	PACKETSTORM	id:	154665	date:	2019-09-30T19:22:22
db:	CNNVD	id:	CNNVD-201907-1434	date:	2019-07-29T00:00:00
db:	NVD	id:	CVE-2019-14379	date:	2019-07-29T12:15:16.633