Details of VAR-202003-1778

ID

VAR-202003-1778

CVE

CVE-2020-10673

TITLE

FasterXML jackson-databind Security hole

Trust: 0.6

sources: CNNVD: CNNVD-202003-1151

DESCRIPTION

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus). FasterXML Jackson is a data processing tool for Java developed by American FasterXML Company. jackson-databind is one of the components with data binding function. A security vulnerability exists in FasterXML jackson-databind 2.x versions prior to 2.9.10.4 due to insecure deserialization of com.caucho.config.types.ResourceRef (caucho-quercus). A remote attacker could exploit this vulnerability with specially crafted input to execute arbitrary code on the system. Description: Red Hat Decision Manager is an open source decision management platform that combines business rules management, complex event processing, Decision Model & Notation (DMN) execution, and Business Optimizer for solving planning problems. It automates business decisions and makes that logic available to the entire business. It is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process. The References section of this erratum contains a download link (you must log in to download the update). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat JBoss Enterprise Application Platform 7.3.2 security update Advisory ID: RHSA-2020:3461-01 Product: Red Hat JBoss Enterprise Application Platform Advisory URL: https://access.redhat.com/errata/RHSA-2020:3461 Issue date: 2020-08-17 CVE Names: CVE-2019-14900 CVE-2020-1710 CVE-2020-1748 CVE-2020-10672 CVE-2020-10673 CVE-2020-10683 CVE-2020-10687 CVE-2020-10693 CVE-2020-10714 CVE-2020-10718 CVE-2020-10740 CVE-2020-14297 ===================================================================== 1. Summary: An update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat JBoss EAP 7.3 for RHEL 6 Server - noarch 3. Description: Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.3.2 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.1, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.2 Release Notes for information about the most significant bug fixes and enhancements included in this release. Security Fix(es): * wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API (CVE-2020-10718) * dom4j: XML External Entity vulnerability in default SAX parser (CVE-2020-10683) * wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714) * wildfly-undertow: Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests (CVE-2020-10687) * jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10673) * hibernate-core: hibernate: SQL injection issue in Hibernate ORM (CVE-2019-14900) * wildfly: unsafe deserialization in Wildfly Enterprise Java Beans (CVE-2020-10740) * jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10672) * undertow: EAP: field-name is not parsed in accordance to RFC7230 (CVE-2020-1710) * hibernate-validator: Improper input validation in the interpolation of constraint error messages (CVE-2020-10693) * wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain (CVE-2020-1748) * wildfly: Some EJB transaction objects may get accumulated causing Denial of Service (CVE-2020-14297) For more details about the security issue(s), including the impact, a CVSS score, and other related information, see the CVE page(s) listed in the References section. 4. Solution: Before applying this update, ensure all previously released errata relevant to your system have been applied. For details about how to apply this update, see: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1666499 - CVE-2019-14900 hibernate: SQL injection issue in Hibernate ORM 1694235 - CVE-2020-10683 dom4j: XML External Entity vulnerability in default SAX parser 1785049 - CVE-2020-10687 Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests 1793970 - CVE-2020-1710 EAP: field-name is not parsed in accordance to RFC7230 1805501 - CVE-2020-10693 hibernate-validator: Improper input validation in the interpolation of constraint error messages 1807707 - CVE-2020-1748 Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain 1815470 - CVE-2020-10673 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution 1815495 - CVE-2020-10672 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution 1825714 - CVE-2020-10714 wildfly-elytron: session fixation when using FORM authentication 1828476 - CVE-2020-10718 wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API 1834512 - CVE-2020-10740 wildfly: unsafe deserialization in Wildfly Enterprise Java Beans 1853595 - CVE-2020-14297 wildfly: Some EJB transaction objects may get accumulated causing Denial of Service 6. JIRA issues fixed (https://issues.jboss.org/): JBEAP-18793 - [GSS](7.3.z) Upgrade Hibernate ORM from 5.3.16 to 5.3.17 JBEAP-19095 - [GSS](7.3.z) Upgrade wildfly-http-client from 1.0.20 to 1.0.21 JBEAP-19134 - (7.3.z) Upgrade HAL from 3.2.8.Final-redhat-00001 to 3.2.9.Final JBEAP-19185 - (7.3.z) Upgrade IronJacamar from 1.4.20.Final to 1.4.22.Final JBEAP-19203 - (7.3.z) WFCORE-4850 - Updating mockserver to 5.9.0. Exclusion of dependency from xom.io7m JBEAP-19205 - (7.3.z) Upgrade WildFly Core from 10.1.5.Final-redhat-00001 to 10.1.x JBEAP-19269 - [GSS](7.3.z) Upgrade jboss-logmanager from 2.1.14.Final to 2.1.15.Final JBEAP-19322 - (7.3.z) Upgrade XNIO from 3.7.7 to 3.7.8.SP1 JBEAP-19325 - (7.3.z) Upgrade Infinispan from 9.4.18.Final-redhat-00001 to 9.4.19.Final-redhat-00001 JBEAP-19397 - (7.3.z) Upgrade JSF based on Mojarra 2.3.9.SP09-redhat-00001 to 2.3.9.SP11-redhat-00001 JBEAP-19409 - Tracker bug for the EAP 7.3.2 release for RHEL-6 JBEAP-19529 - (7.3.z) Update PR template to include PR-processor hints. JBEAP-19564 - [GSS](7.3.z) Upgrade jboss-ejb-client from 4.0.31.Final-redhat-00001 to 4.0.33.Final-redhat-00001 JBEAP-19585 - [GSS](7.3.z) Upgrade org.jboss.genericjms from 2.0.4 to 2.0.6 JBEAP-19617 - (7.3.z) Upgrade wildfly-naming-client from 1.0.12.Final-redhat-00001 to 1.0.13.Final-redhat-00001 JBEAP-19619 - (7.3.z) Upgrade JBoss JSF API from 3.0.0.SP02-redhat-00001 to 3.0.0.SP04-redhat-00001 JBEAP-19673 - (7.3.z) [WFCORE] Upgrade WildFly Common to 1.5.2.Final JBEAP-19674 - (7.3.z) [WFCORE] Upgrade galleon and wildfly-galleon-plugins from 4.1.2.Final to 4.2.4.Final JBEAP-19874 - [GSS](7.3.z) Upgrade wildfly-http-client from 1.0.21.Final-redhat-00001 to 1.0.22.Final-redhat-00001 7. Package List: Red Hat JBoss EAP 7.3 for RHEL 6 Server: Source: eap7-dom4j-2.1.3-1.redhat_00001.1.el6eap.src.rpm eap7-elytron-web-1.6.2-1.Final_redhat_00001.1.el6eap.src.rpm eap7-glassfish-jsf-2.3.9-11.SP11_redhat_00001.1.el6eap.src.rpm eap7-hal-console-3.2.9-1.Final_redhat_00001.1.el6eap.src.rpm eap7-hibernate-5.3.17-1.Final_redhat_00001.1.el6eap.src.rpm eap7-hibernate-validator-6.0.20-1.Final_redhat_00001.1.el6eap.src.rpm eap7-infinispan-9.4.19-1.Final_redhat_00001.1.el6eap.src.rpm eap7-ironjacamar-1.4.22-1.Final_redhat_00001.1.el6eap.src.rpm eap7-jackson-annotations-2.10.4-1.redhat_00001.1.el6eap.src.rpm eap7-jackson-core-2.10.4-1.redhat_00001.1.el6eap.src.rpm eap7-jackson-databind-2.10.4-1.redhat_00001.1.el6eap.src.rpm eap7-jackson-jaxrs-providers-2.10.4-1.redhat_00001.1.el6eap.src.rpm eap7-jackson-modules-base-2.10.4-1.redhat_00001.1.el6eap.src.rpm eap7-jackson-modules-java8-2.10.4-1.redhat_00001.1.el6eap.src.rpm eap7-jboss-genericjms-2.0.6-1.Final_redhat_00001.1.el6eap.src.rpm eap7-jboss-jsf-api_2.3_spec-3.0.0-4.SP04_redhat_00001.1.el6eap.src.rpm eap7-jboss-logmanager-2.1.15-1.Final_redhat_00001.1.el6eap.src.rpm eap7-jboss-server-migration-1.7.1-7.Final_redhat_00009.1.el6eap.src.rpm eap7-jboss-xnio-base-3.7.8-1.SP1_redhat_00001.1.el6eap.src.rpm eap7-netty-4.1.48-1.Final_redhat_00001.1.el6eap.src.rpm eap7-undertow-2.0.30-4.SP4_redhat_00001.1.el6eap.src.rpm eap7-wildfly-7.3.2-4.GA_redhat_00002.1.el6eap.src.rpm eap7-wildfly-common-1.5.2-1.Final_redhat_00002.1.el6eap.src.rpm eap7-wildfly-elytron-1.10.7-1.Final_redhat_00001.1.el6eap.src.rpm eap7-wildfly-http-client-1.0.22-1.Final_redhat_00001.1.el6eap.src.rpm noarch: eap7-dom4j-2.1.3-1.redhat_00001.1.el6eap.noarch.rpm eap7-glassfish-jsf-2.3.9-11.SP11_redhat_00001.1.el6eap.noarch.rpm eap7-hal-console-3.2.9-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-hibernate-5.3.17-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-hibernate-core-5.3.17-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-hibernate-entitymanager-5.3.17-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-hibernate-envers-5.3.17-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-hibernate-java8-5.3.17-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-hibernate-validator-6.0.20-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-hibernate-validator-cdi-6.0.20-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-infinispan-9.4.19-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-infinispan-cachestore-jdbc-9.4.19-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-infinispan-cachestore-remote-9.4.19-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-infinispan-client-hotrod-9.4.19-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-infinispan-commons-9.4.19-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-infinispan-core-9.4.19-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-infinispan-hibernate-cache-commons-9.4.19-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-infinispan-hibernate-cache-spi-9.4.19-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-infinispan-hibernate-cache-v53-9.4.19-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-ironjacamar-1.4.22-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-ironjacamar-common-api-1.4.22-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-ironjacamar-common-impl-1.4.22-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-ironjacamar-common-spi-1.4.22-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-ironjacamar-core-api-1.4.22-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-ironjacamar-core-impl-1.4.22-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-ironjacamar-deployers-common-1.4.22-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-ironjacamar-jdbc-1.4.22-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-ironjacamar-validator-1.4.22-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-jackson-annotations-2.10.4-1.redhat_00001.1.el6eap.noarch.rpm eap7-jackson-core-2.10.4-1.redhat_00001.1.el6eap.noarch.rpm eap7-jackson-databind-2.10.4-1.redhat_00001.1.el6eap.noarch.rpm eap7-jackson-datatype-jdk8-2.10.4-1.redhat_00001.1.el6eap.noarch.rpm eap7-jackson-datatype-jsr310-2.10.4-1.redhat_00001.1.el6eap.noarch.rpm eap7-jackson-jaxrs-base-2.10.4-1.redhat_00001.1.el6eap.noarch.rpm eap7-jackson-jaxrs-json-provider-2.10.4-1.redhat_00001.1.el6eap.noarch.rpm eap7-jackson-module-jaxb-annotations-2.10.4-1.redhat_00001.1.el6eap.noarch.rpm eap7-jackson-modules-base-2.10.4-1.redhat_00001.1.el6eap.noarch.rpm eap7-jackson-modules-java8-2.10.4-1.redhat_00001.1.el6eap.noarch.rpm eap7-jboss-genericjms-2.0.6-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-jboss-jsf-api_2.3_spec-3.0.0-4.SP04_redhat_00001.1.el6eap.noarch.rpm eap7-jboss-logmanager-2.1.15-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-jboss-server-migration-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-server-migration-cli-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-server-migration-core-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-server-migration-eap6.4-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-server-migration-eap6.4-to-eap7.3-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-server-migration-eap7.0-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-server-migration-eap7.1-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-server-migration-eap7.2-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-server-migration-eap7.2-to-eap7.3-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-server-migration-eap7.3-server-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly10.0-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly10.1-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly11.0-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly12.0-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly13.0-server-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly14.0-server-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly15.0-server-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly16.0-server-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly17.0-server-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly18.0-server-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly8.2-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly9.0-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-xnio-base-3.7.8-1.SP1_redhat_00001.1.el6eap.noarch.rpm eap7-netty-4.1.48-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-netty-all-4.1.48-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-undertow-2.0.30-4.SP4_redhat_00001.1.el6eap.noarch.rpm eap7-undertow-server-1.6.2-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-wildfly-7.3.2-4.GA_redhat_00002.1.el6eap.noarch.rpm eap7-wildfly-common-1.5.2-1.Final_redhat_00002.1.el6eap.noarch.rpm eap7-wildfly-elytron-1.10.7-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-wildfly-elytron-tool-1.10.7-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-wildfly-http-client-common-1.0.22-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-wildfly-http-ejb-client-1.0.22-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-wildfly-http-naming-client-1.0.22-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-wildfly-http-transaction-client-1.0.22-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-wildfly-javadocs-7.3.2-4.GA_redhat_00002.1.el6eap.noarch.rpm eap7-wildfly-modules-7.3.2-4.GA_redhat_00002.1.el6eap.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 8. References: https://access.redhat.com/security/cve/CVE-2019-14900 https://access.redhat.com/security/cve/CVE-2020-1710 https://access.redhat.com/security/cve/CVE-2020-1748 https://access.redhat.com/security/cve/CVE-2020-10672 https://access.redhat.com/security/cve/CVE-2020-10673 https://access.redhat.com/security/cve/CVE-2020-10683 https://access.redhat.com/security/cve/CVE-2020-10687 https://access.redhat.com/security/cve/CVE-2020-10693 https://access.redhat.com/security/cve/CVE-2020-10714 https://access.redhat.com/security/cve/CVE-2020-10718 https://access.redhat.com/security/cve/CVE-2020-10740 https://access.redhat.com/security/cve/CVE-2020-14297 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/ https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/ 9. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXzqIS9zjgjWX9erEAQjYNxAAk4rojlcRbfjwu0wlWLTU1MbxQNclVtVh MpQnFzyvJVVXX0lslx7NGxHlRNWRgqI/XC1QDqlHpRs4du5/a2Uj+8c5u+WPQefF QCqOvSntbMli42/I7+fCehLVofx/HkuAVcBoGrIGby1E4rddDljh4bH3r43I7wa5 HN9ki8uFAy8bIAzfXW+RB4rxtnsAABv/VFoH1fWmrXCXE6A6aG+AU86ddty0JQHN JhQp6v/X/3ccCvHYTAO8vlbqIJ4fE86e1+5oRBor+4ZD4mMVzGKm4cf8CMPXsKIB 9dFGo8WHFBgEi4hBbBFtFfaE2DGZ6K4Q7X0IAhiiYJmpPg8NgzGiqVvOAG+/OrBz DE84ZPxZwS1zR82wwIyHP4W5mYIhQTxhtp+E9Klu4gpFIAmK8bVfGf2Ub0HOCS6z sbN1Eiv0SBfWRHBfBkuRTBd0aEcmGRNl4GSXzXtanTf0OhFk/4pxdJPmKDEBFWvg 3dtwFi7+/8JoAch8GKQCo4UoSo6etQu45sUH6Q8ozuxYA72+J9K7cpwp/fVhiYRT nruC+2HDuugrC8UVJ/24E++49omdSXAm+UR9tvkFdVU3IpXLJNWO8s4QbrGC7CN7 Lvg/ukygGhrEEyQ1J9yYSeeNISQWJGOSKj/bgYRAh/AbX/QcZZfus7ppAasNjndn Bk4PSTq9yaw= =ZNiG -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Description: Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications

Trust: 1.71

sources: NVD: CVE-2020-10673 // VULHUB: VHN-163175 // VULMON: CVE-2020-10673 // PACKETSTORM: 158650 // PACKETSTORM: 158884 // PACKETSTORM: 159083 // PACKETSTORM: 158889 // PACKETSTORM: 159080 // PACKETSTORM: 158916 // PACKETSTORM: 159082

AFFECTED PRODUCTS

vendor:	oracle	model:	communications contacts server	scope:	eq	version:	8.0.0.4.0	Trust: 1.0
vendor:	oracle	model:	communications network charging and control	scope:	lte	version:	12.0.3	Trust: 1.0
vendor:	oracle	model:	communications session route manager	scope:	gte	version:	8.2.0	Trust: 1.0
vendor:	oracle	model:	financial services analytical applications infrastructure	scope:	gte	version:	8.0.6	Trust: 1.0
vendor:	oracle	model:	primavera unifier	scope:	lte	version:	17.12	Trust: 1.0
vendor:	oracle	model:	primavera unifier	scope:	eq	version:	16.1	Trust: 1.0
vendor:	oracle	model:	retail xstore point of service	scope:	eq	version:	15.0	Trust: 1.0
vendor:	oracle	model:	financial services analytical applications infrastructure	scope:	lte	version:	8.1.0	Trust: 1.0
vendor:	oracle	model:	jd edwards enterpriseone tools	scope:	lt	version:	9.2.4.2	Trust: 1.0
vendor:	oracle	model:	communications evolved communications application server	scope:	eq	version:	7.1	Trust: 1.0
vendor:	oracle	model:	communications session route manager	scope:	lte	version:	8.2.2	Trust: 1.0
vendor:	oracle	model:	retail sales audit	scope:	eq	version:	14.1	Trust: 1.0
vendor:	oracle	model:	retail xstore point of service	scope:	eq	version:	19.0	Trust: 1.0
vendor:	oracle	model:	retail xstore point of service	scope:	eq	version:	18.0	Trust: 1.0
vendor:	oracle	model:	financial services institutional performance analytics	scope:	eq	version:	8.0.6	Trust: 1.0
vendor:	fasterxml	model:	jackson-databind	scope:	gte	version:	2.0.0	Trust: 1.0
vendor:	oracle	model:	insurance policy administration j2ee	scope:	eq	version:	11.1.0.15	Trust: 1.0
vendor:	oracle	model:	banking digital experience	scope:	eq	version:	18.1	Trust: 1.0
vendor:	oracle	model:	global lifecycle management opatch	scope:	lt	version:	12.2.0.1.20	Trust: 1.0
vendor:	oracle	model:	retail merchandising system	scope:	eq	version:	15.0	Trust: 1.0
vendor:	oracle	model:	financial services price creation and discovery	scope:	eq	version:	8.0.7	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	8.0	Trust: 1.0
vendor:	oracle	model:	banking platform	scope:	lte	version:	2.9.0	Trust: 1.0
vendor:	oracle	model:	banking digital experience	scope:	eq	version:	20.1	Trust: 1.0
vendor:	fasterxml	model:	jackson-databind	scope:	lt	version:	2.9.10.4	Trust: 1.0
vendor:	oracle	model:	communications session report manager	scope:	gte	version:	8.2.0	Trust: 1.0
vendor:	oracle	model:	communications instant messaging server	scope:	eq	version:	10.0.1.4.0	Trust: 1.0
vendor:	oracle	model:	banking digital experience	scope:	eq	version:	18.2	Trust: 1.0
vendor:	netapp	model:	steelstore cloud integrated storage	scope:	eq	version:	-	Trust: 1.0
vendor:	oracle	model:	communications session report manager	scope:	lte	version:	8.2.2	Trust: 1.0
vendor:	oracle	model:	jd edwards enterpriseone orchestrator	scope:	lt	version:	9.2.4.2	Trust: 1.0
vendor:	oracle	model:	primavera unifier	scope:	eq	version:	16.2	Trust: 1.0
vendor:	oracle	model:	primavera unifier	scope:	eq	version:	18.8	Trust: 1.0
vendor:	oracle	model:	retail service backbone	scope:	eq	version:	15.0	Trust: 1.0
vendor:	oracle	model:	retail xstore point of service	scope:	eq	version:	16.0	Trust: 1.0
vendor:	oracle	model:	enterprise manager base platform	scope:	eq	version:	13.4.0.0	Trust: 1.0
vendor:	oracle	model:	communications element manager	scope:	gte	version:	8.2.0	Trust: 1.0
vendor:	oracle	model:	financial services institutional performance analytics	scope:	eq	version:	8.1.0	Trust: 1.0
vendor:	oracle	model:	communications element manager	scope:	lte	version:	8.2.2	Trust: 1.0
vendor:	oracle	model:	insurance policy administration j2ee	scope:	eq	version:	11.0.2.25	Trust: 1.0
vendor:	oracle	model:	agile plm	scope:	eq	version:	9.3.6	Trust: 1.0
vendor:	oracle	model:	banking digital experience	scope:	eq	version:	19.2	Trust: 1.0
vendor:	oracle	model:	communications contacts server	scope:	eq	version:	8.0.0.5.0	Trust: 1.0
vendor:	fasterxml	model:	jackson-databind	scope:	lt	version:	2.6.7.4	Trust: 1.0
vendor:	oracle	model:	primavera unifier	scope:	gte	version:	17.7	Trust: 1.0
vendor:	oracle	model:	autovue for agile product lifecycle management	scope:	eq	version:	21.0.2	Trust: 1.0
vendor:	oracle	model:	weblogic server	scope:	eq	version:	12.2.1.3.0	Trust: 1.0
vendor:	oracle	model:	primavera unifier	scope:	eq	version:	19.12	Trust: 1.0
vendor:	oracle	model:	retail xstore point of service	scope:	eq	version:	17.0	Trust: 1.0
vendor:	oracle	model:	weblogic server	scope:	eq	version:	12.2.1.4.0	Trust: 1.0
vendor:	oracle	model:	financial services price creation and discovery	scope:	eq	version:	8.0.6	Trust: 1.0
vendor:	oracle	model:	banking digital experience	scope:	eq	version:	19.1	Trust: 1.0
vendor:	oracle	model:	communications network charging and control	scope:	eq	version:	6.0.1	Trust: 1.0
vendor:	oracle	model:	retail service backbone	scope:	eq	version:	14.1	Trust: 1.0
vendor:	oracle	model:	communications diameter signaling router	scope:	lte	version:	8.2.2	Trust: 1.0
vendor:	oracle	model:	enterprise manager base platform	scope:	eq	version:	13.3.0.0	Trust: 1.0
vendor:	oracle	model:	retail service backbone	scope:	eq	version:	16.0	Trust: 1.0
vendor:	oracle	model:	financial services retail customer analytics	scope:	eq	version:	8.0.6	Trust: 1.0
vendor:	oracle	model:	financial services institutional performance analytics	scope:	eq	version:	8.0.7	Trust: 1.0
vendor:	oracle	model:	communications diameter signaling router	scope:	gte	version:	8.0.0	Trust: 1.0
vendor:	fasterxml	model:	jackson-databind	scope:	gte	version:	2.9.0	Trust: 1.0
vendor:	oracle	model:	communications calendar server	scope:	eq	version:	8.0.0.4.0	Trust: 1.0
vendor:	oracle	model:	banking platform	scope:	gte	version:	2.4.0	Trust: 1.0
vendor:	oracle	model:	banking digital experience	scope:	eq	version:	18.3	Trust: 1.0
vendor:	oracle	model:	communications network charging and control	scope:	gte	version:	12.0.0	Trust: 1.0

sources: NVD: CVE-2020-10673

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-10673
value:	HIGH
Trust: 1.0
134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2020-10673
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-202003-1151
value:	HIGH
Trust: 0.6
VULHUB:	VHN-163175
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2020-10673
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-10673
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
VULHUB:	VHN-163175
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-10673
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 2.0

sources: VULHUB: VHN-163175 // VULMON: CVE-2020-10673 // CNNVD: CNNVD-202003-1151 // NVD: CVE-2020-10673 // NVD: CVE-2020-10673

PROBLEMTYPE DATA

problemtype:	CWE-502	Trust: 1.0
problemtype:	NVD-CWE-Other	Trust: 1.0

sources: NVD: CVE-2020-10673

THREAT TYPE

remote

Trust: 1.1

sources: PACKETSTORM: 158884 // PACKETSTORM: 159083 // PACKETSTORM: 158889 // PACKETSTORM: 159080 // PACKETSTORM: 159082 // CNNVD: CNNVD-202003-1151

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202003-1151

PATCH

title:	FasterXML jackson-databind Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=112629	Trust: 0.6
title:	Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.3.2 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20203461 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.3.2 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20203462 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.3.2 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20203463 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.3.2 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20203464 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat Single Sign-On 7.4.2 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20203501 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.9 on RHEL 7 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20203638 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: EAP Continuous Delivery Technical Preview Release 20 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20203585 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.9 on RHEL 6 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20203637 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.9 on RHEL 8 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20203639 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.9 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20203642 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat Data Grid 7.3.7 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20203779 - Security Advisory	Trust: 0.1
title:	IBM: Security Bulletin: Multiple Security Vulnerabilities in Jackson-Databind Affect IBM Sterling B2B Integrator	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=9bb4efe27af18414a7db703d1dd40070	Trust: 0.1
title:	Red Hat: Important: Red Hat Decision Manager 7.8.0 Security Update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20203196 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat Process Automation Manager 7.8.0 Security Update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20203197 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat build of Thorntail 2.5.1 security and bug fix update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20202067 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat Fuse 7.7.0 release and security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20203192 - Security Advisory	Trust: 0.1
title:	Hitachi Security Advisories: Multiple Vulnerabilities in Cosminexus	url:	https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories&qid=hitachi-sec-2021-109	Trust: 0.1
title:	IBM: Security Bulletin: z/Transaction Processing Facility is affected by multiple vulnerabilities in the jackson-databind, jackson-dataformat-xml, jackson-core, slf4j-ext, and cxf-core packages	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=f974282a27702bae4111bf7716ee6cf6	Trust: 0.1
title:	IBM: Security Bulletin: Multiple vulnerabilities in Data-Binding for Jackson shipped with IBM Operations Analytics â€“ Log Analysis	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=1db4c8cb14383c63d0c04205c943ef8a	Trust: 0.1
title:	CVE-2020-10673	url:	https://github.com/Al1ex/CVE-2020-10673	Trust: 0.1
title:	Cubed	url:	https://github.com/yahoo/cubed	Trust: 0.1
title:	https://github.com/huike007/poc	url:	https://github.com/huike007/poc	Trust: 0.1

sources: VULMON: CVE-2020-10673 // CNNVD: CNNVD-202003-1151

EXTERNAL IDS

db:	NVD	id:	CVE-2020-10673	Trust: 2.5
db:	PACKETSTORM	id:	159083	Trust: 0.8
db:	PACKETSTORM	id:	158916	Trust: 0.8
db:	CNNVD	id:	CNNVD-202003-1151	Trust: 0.7
db:	PACKETSTORM	id:	159208	Trust: 0.7
db:	PACKETSTORM	id:	158651	Trust: 0.7
db:	PACKETSTORM	id:	159015	Trust: 0.7
db:	PACKETSTORM	id:	158891	Trust: 0.7
db:	NSFOCUS	id:	48050	Trust: 0.6
db:	CS-HELP	id:	SB2022060909	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.1766	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.2837	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.2588	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.2619	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.1040	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.3065	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.3190	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.2826	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.2992	Trust: 0.6
db:	PACKETSTORM	id:	158884	Trust: 0.2
db:	PACKETSTORM	id:	158889	Trust: 0.2
db:	PACKETSTORM	id:	159080	Trust: 0.2
db:	PACKETSTORM	id:	159082	Trust: 0.2
db:	PACKETSTORM	id:	158650	Trust: 0.2
db:	PACKETSTORM	id:	159081	Trust: 0.1
db:	PACKETSTORM	id:	158881	Trust: 0.1
db:	VULHUB	id:	VHN-163175	Trust: 0.1
db:	VULMON	id:	CVE-2020-10673	Trust: 0.1

sources: VULHUB: VHN-163175 // VULMON: CVE-2020-10673 // PACKETSTORM: 158650 // PACKETSTORM: 158884 // PACKETSTORM: 159083 // PACKETSTORM: 158889 // PACKETSTORM: 159080 // PACKETSTORM: 158916 // PACKETSTORM: 159082 // CNNVD: CNNVD-202003-1151 // NVD: CVE-2020-10673

REFERENCES

url:	https://security.netapp.com/advisory/ntap-20200403-0002/	Trust: 1.7
url:	https://github.com/fasterxml/jackson-databind/issues/2660	Trust: 1.7
url:	https://www.oracle.com/security-alerts/cpujan2021.html	Trust: 1.7
url:	https://www.oracle.com/security-alerts/cpujul2020.html	Trust: 1.7
url:	https://www.oracle.com/security-alerts/cpuoct2020.html	Trust: 1.7
url:	https://www.oracle.com/security-alerts/cpuoct2021.html	Trust: 1.7
url:	https://lists.debian.org/debian-lts-announce/2020/03/msg00027.html	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10673	Trust: 1.3
url:	https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062	Trust: 1.0
url:	https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062	Trust: 0.7
url:	https://access.redhat.com/security/cve/cve-2020-10672	Trust: 0.7
url:	https://access.redhat.com/security/updates/classification/#important	Trust: 0.7
url:	https://access.redhat.com/security/cve/cve-2020-10673	Trust: 0.7
url:	https://access.redhat.com/security/team/contact/	Trust: 0.7
url:	https://www.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10672	Trust: 0.7
url:	https://bugzilla.redhat.com/):	Trust: 0.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-1710	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10740	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10693	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10687	Trust: 0.6
url:	https://access.redhat.com/security/cve/cve-2020-10714	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10683	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10714	Trust: 0.6
url:	https://access.redhat.com/security/cve/cve-2020-10683	Trust: 0.6
url:	https://access.redhat.com/security/cve/cve-2020-10693	Trust: 0.6
url:	https://access.redhat.com/security/cve/cve-2020-10687	Trust: 0.6
url:	https://access.redhat.com/security/cve/cve-2020-10740	Trust: 0.6
url:	https://access.redhat.com/security/cve/cve-2020-1710	Trust: 0.6
url:	https://access.redhat.com/security/cve/cve-2020-10718	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10718	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2020-1748	Trust: 0.6
url:	https://access.redhat.com/security/cve/cve-2020-1748	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022060909	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-series-of-vulnerabilities-in-fasterxml-jackson-databind-affect-apache-solr-shipped-with-ibm-operations-analytics-log-analysis/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.2992/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-jackson-databind-shipped-with-ibm-cloud-pak-system/	Trust: 0.6
url:	https://packetstormsecurity.com/files/159015/red-hat-security-advisory-2020-3585-01.html	Trust: 0.6
url:	https://vigilance.fr/vulnerability/fasterxml-jackson-databind-privilege-escalation-via-resourceref-31850	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.2588/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.2837/	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/6525182	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-faster-xml-jackson-databind-affect-ibm-spectrum-protect-plus-cve-2020-10673-cve-2020-1112-cve-2020-11113-cve-2020-10672-cve-2020-10968-cve-2020-10969-cve-2/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.2619/	Trust: 0.6
url:	https://packetstormsecurity.com/files/158916/red-hat-security-advisory-2020-3501-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.1766/	Trust: 0.6
url:	https://packetstormsecurity.com/files/158651/red-hat-security-advisory-2020-3197-01.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/158891/red-hat-security-advisory-2020-3463-01.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/159208/red-hat-security-advisory-2020-3779-01.html	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/6528214	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-jackson-databind-affect-ibm-sterling-b2b-integrator-3/	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/48050	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.2826/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.3190/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.1040/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-affects-ibm-jazz-foundation-and-ibm-engineering-products/	Trust: 0.6
url:	https://packetstormsecurity.com/files/159083/red-hat-security-advisory-2020-3642-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.3065/	Trust: 0.6
url:	https://issues.jboss.org/):	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2020-14297	Trust: 0.5
url:	https://access.redhat.com/security/cve/cve-2020-14297	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2019-14900	Trust: 0.5
url:	https://access.redhat.com/security/cve/cve-2019-14900	Trust: 0.5
url:	https://access.redhat.com/security/cve/cve-2020-9547	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2020-9546	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2020-9548	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2020-8840	Trust: 0.4
url:	https://access.redhat.com/articles/11258	Trust: 0.4
url:	https://access.redhat.com/security/team/key/	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2020-14307	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2020-14307	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2020-6950	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2020-1695	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9547	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2020-1695	Trust: 0.3
url:	https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/html-single/installation_guide/	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9548	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9546	Trust: 0.3
url:	https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2020-8840	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6950	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2020-11612	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-11612	Trust: 0.2
url:	https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/	Trust: 0.2
url:	https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-14060	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-11112	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-12406	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-11113	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-9514	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-10968	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-17573	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-20444	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-1718	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-14060	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-9515	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-13990	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-11620	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-9512	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-12406	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-17573	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-9514	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-20330	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-9515	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-14061	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-11619	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-20445	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-1718	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-9518	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-20444	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-13990	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2020:3196	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-14062	Trust: 0.1
url:	https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions&product=rhdm&version=7.8.0	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-16869	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-10969	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-11619	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-11620	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-7238	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-11111	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-20330	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-9512	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-7238	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-12423	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-11112	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-16869	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-12423	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10968	Trust: 0.1
url:	https://access.redhat.com/documentation/en-us/red_hat_decision_manager/7.8/html/release_notes_for_red_hat_decision_manager_7.8/index	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-11111	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-20445	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-9518	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10969	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-14061	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-11113	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-14062	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2020:3461	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2020:3642	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2020:3462	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2020:3639	Trust: 0.1
url:	https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.4/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10758	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-10758	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2020:3501	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-1728	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-1728	Trust: 0.1
url:	https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=core.service.rhsso&downloadtype=securitypatches&version=7.4	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2020:3638	Trust: 0.1

sources: VULHUB: VHN-163175 // PACKETSTORM: 158650 // PACKETSTORM: 158884 // PACKETSTORM: 159083 // PACKETSTORM: 158889 // PACKETSTORM: 159080 // PACKETSTORM: 158916 // PACKETSTORM: 159082 // CNNVD: CNNVD-202003-1151 // NVD: CVE-2020-10673

CREDITS

Red Hat

Trust: 1.3

sources: PACKETSTORM: 158650 // PACKETSTORM: 158884 // PACKETSTORM: 159083 // PACKETSTORM: 158889 // PACKETSTORM: 159080 // PACKETSTORM: 158916 // PACKETSTORM: 159082 // CNNVD: CNNVD-202003-1151

SOURCES

db:	VULHUB	id:	VHN-163175
db:	VULMON	id:	CVE-2020-10673
db:	PACKETSTORM	id:	158650
db:	PACKETSTORM	id:	158884
db:	PACKETSTORM	id:	159083
db:	PACKETSTORM	id:	158889
db:	PACKETSTORM	id:	159080
db:	PACKETSTORM	id:	158916
db:	PACKETSTORM	id:	159082
db:	CNNVD	id:	CNNVD-202003-1151
db:	NVD	id:	CVE-2020-10673

LAST UPDATE DATE

2025-08-12T22:48:18.778000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-163175	date:	2021-12-07T00:00:00
db:	VULMON	id:	CVE-2020-10673	date:	2023-11-07T00:00:00
db:	CNNVD	id:	CNNVD-202003-1151	date:	2022-06-10T00:00:00
db:	NVD	id:	CVE-2020-10673	date:	2024-11-21T04:55:49.360

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-163175	date:	2020-03-18T00:00:00
db:	VULMON	id:	CVE-2020-10673	date:	2020-03-18T00:00:00
db:	PACKETSTORM	id:	158650	date:	2020-07-29T17:52:58
db:	PACKETSTORM	id:	158884	date:	2020-08-17T17:34:41
db:	PACKETSTORM	id:	159083	date:	2020-09-07T16:39:48
db:	PACKETSTORM	id:	158889	date:	2020-08-17T17:43:07
db:	PACKETSTORM	id:	159080	date:	2020-09-07T16:37:51
db:	PACKETSTORM	id:	158916	date:	2020-08-19T16:44:13
db:	PACKETSTORM	id:	159082	date:	2020-09-07T16:39:28
db:	CNNVD	id:	CNNVD-202003-1151	date:	2020-03-18T00:00:00
db:	NVD	id:	CVE-2020-10673	date:	2020-03-18T22:15:12.407