Details of VAR-202003-1784

ID

VAR-202003-1784

CVE

CVE-2020-9546

TITLE

FasterXML jackson-databind Code problem vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202003-042

DESCRIPTION

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config). FasterXML Jackson is a data processing tool for Java developed by American FasterXML Company. jackson-databind is one of the components with data binding function. A security vulnerability exists in FasterXML jackson-databind 2.x versions prior to 2.9.10.4. An attacker could exploit this vulnerability with a specially crafted request to execute arbitrary code on the system. Description: Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Security Fix(es): * netty (CVE-2016-4970 CVE-2020-7238 CVE-2019-20444 CVE-2019-20445) * dom4j (CVE-2018-1000632) * elasticsearch (CVE-2018-3831) * pdfbox (CVE-2018-11797) * vertx (CVE-2018-12541) * spring-data-jpa (CVE-2019-3797) * mina-core (CVE-2019-0231) * jackson-databind (CVE-2019-12086 CVE-2019-16335 CVE-2019-14540 CVE-2019-17267 CVE-2019-14892 CVE-2019-14893 CVE-2019-16942 CVE-2019-16943 CVE-2019-17531 CVE-2019-20330 CVE-2020-10673 CVE-2020-10672 CVE-2020-8840 CVE-2020-9546 CVE-2020-9547 CVE-2020-9548 CVE-2020-10968 CVE-2020-10969 CVE-2020-11111 CVE-2020-11112 CVE-2020-11113 CVE-2020-11620 CVE-2020-11619 CVE-2020-14195 CVE-2020-14060 CVE-2020-14061 CVE-2020-14062) * jackson-mapper-asl (CVE-2019-10172) * hawtio (CVE-2019-9827) * undertow (CVE-2019-9511 CVE-2020-1757 CVE-2019-14888 CVE-2020-1745) * santuario (CVE-2019-12400) * apache-commons-beanutils (CVE-2019-10086) * cxf (CVE-2019-17573) * apache-commons-configuration (CVE-2020-1953) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Installation instructions are available from the Fuse 7.7.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.7/ 4. Bugs fixed (https://bugzilla.redhat.com/): 1343616 - CVE-2016-4970 netty: Infinite loop vulnerability when handling renegotiation using SslProvider.OpenSsl 1620529 - CVE-2018-1000632 dom4j: XML Injection in Class: Element. Methods: addElement, addAttribute which can impact the integrity of XML documents 1632452 - CVE-2018-3831 elasticsearch: Information exposure via _cluster/settings API 1637492 - CVE-2018-11797 pdfbox: unbounded computation in parser resulting in a denial of service 1638391 - CVE-2018-12541 vertx: WebSocket HTTP upgrade implementation holds the entire http request in memory before the handshake 1697598 - CVE-2019-3797 spring-data-jpa: Additional information exposure with Spring Data JPA derived queries 1700016 - CVE-2019-0231 mina-core: Retaining an open socket in close_notify SSL-TLS leading to Information disclosure. 1713468 - CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server. Description: Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat JBoss Enterprise Application Platform 7.3.1 Security update Advisory ID: RHSA-2020:2513-01 Product: Red Hat JBoss Enterprise Application Platform Advisory URL: https://access.redhat.com/errata/RHSA-2020:2513 Issue date: 2020-06-10 CVE Names: CVE-2018-14371 CVE-2019-0205 CVE-2019-0210 CVE-2019-10172 CVE-2019-12423 CVE-2019-14887 CVE-2019-17573 CVE-2020-1695 CVE-2020-1729 CVE-2020-1745 CVE-2020-1757 CVE-2020-6950 CVE-2020-7226 CVE-2020-8840 CVE-2020-9546 CVE-2020-9547 CVE-2020-9548 CVE-2020-10688 CVE-2020-10719 ==================================================================== 1. Summary: An update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat JBoss EAP 7.3 for BaseOS-8 - noarch 3. Description: Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.3.1 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.0, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.1 Release Notes for information about the most significant bug fixes and enhancements included in this release. Security Fix(es): * cxf: reflected XSS in the services listing page (CVE-2019-17573) * cxf-core: cxf: OpenId Connect token service does not properly validate the clientId (CVE-2019-12423) * jackson-mapper-asl: XML external entity similar to CVE-2016-3720 (CVE-2019-10172) * undertow: servletPath in normalized incorrectly leading to dangerous application mapping which could result in security bypass (CVE-2020-1757) * jackson-databind: XML external entity similar to CVE-2016-3720 (CVE-2019-10172) * jackson-mapper-asl: XML external entity similar to CVE-2016-3720 (CVE-2019-10172) * resteasy-jaxrs: resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class (CVE-2020-1695) * cryptacular: excessive memory allocation during a decode operation (CVE-2020-7226) * smallrye-config: SmallRye: SecuritySupport class is incorrectly public and contains a static method to access the current threads context class loader (CVE-2020-1729) * resteasy: RESTEASY003870 exception in RESTEasy can lead to a reflected XSS attack (CVE-2020-10688) * jackson-databind: Lacks certain xbean-reflect/JNDI blocking (CVE-2020-8840) * undertow: invalid HTTP request with large chunk size (CVE-2020-10719) * jackson-databind: Serialization gadgets in shaded-hikari-config (CVE-2020-9546) * jackson-databind: Serialization gadgets in ibatis-sqlmap (CVE-2020-9547) * jackson-databind: Serialization gadgets in anteros-core (CVE-2020-9548) * undertow: AJP File Read/Inclusion Vulnerability (CVE-2020-1745) * libthrift: thrift: Endless loop when feed with specific input data (CVE-2019-0205) * libthrift: thrift: Out-of-bounds read related to TJSONProtocol or TSimpleJSONProtocol (CVE-2019-0210) * wildfly: The 'enabled-protocols' value in legacy security is not respected if OpenSSL security provider is in use (CVE-2019-14887) * jsf-impl: Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371 (CVE-2020-6950) * jsf-impl: mojarra: Path traversal in ResourceManager.java:getLocalePrefix() via the loc parameter (CVE-2018-14371) For more details about the security issue(s), including the impact, a CVSS score, and other related information, see the CVE page(s) listed in the References section. 4. Solution: Before applying this update, ensure all previously released errata relevant to your system have been applied. For details about how to apply this update, see: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1607709 - CVE-2018-14371 mojarra: Path traversal in ResourceManager.java:getLocalePrefix() via the loc parameter 1715075 - CVE-2019-10172 jackson-mapper-asl: XML external entity similar to CVE-2016-3720 1730462 - CVE-2020-1695 resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class 1752770 - CVE-2020-1757 undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could result in security bypass 1764607 - CVE-2019-0210 thrift: Out-of-bounds read related to TJSONProtocol or TSimpleJSONProtocol 1764612 - CVE-2019-0205 thrift: Endless loop when feed with specific input data 1772008 - CVE-2019-14887 wildfly: The 'enabled-protocols' value in legacy security is not respected if OpenSSL security provider is in use 1797006 - CVE-2019-12423 cxf: OpenId Connect token service does not properly validate the clientId 1797011 - CVE-2019-17573 cxf: reflected XSS in the services listing page 1801380 - CVE-2020-7226 cryptacular: excessive memory allocation during a decode operation 1802444 - CVE-2020-1729 SmallRye: SecuritySupport class is incorrectly public and contains a static method to access the current threads context class loader 1805006 - CVE-2020-6950 Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371 1807305 - CVE-2020-1745 undertow: AJP File Read/Inclusion Vulnerability 1814974 - CVE-2020-10688 RESTEasy: RESTEASY003870 exception in RESTEasy can lead to a reflected XSS attack 1816330 - CVE-2020-8840 jackson-databind: Lacks certain xbean-reflect/JNDI blocking 1816332 - CVE-2020-9546 jackson-databind: Serialization gadgets in shaded-hikari-config 1816337 - CVE-2020-9547 jackson-databind: Serialization gadgets in ibatis-sqlmap 1816340 - CVE-2020-9548 jackson-databind: Serialization gadgets in anteros-core 1828459 - CVE-2020-10719 undertow: invalid HTTP request with large chunk size 6. JIRA issues fixed (https://issues.jboss.org/): JBEAP-16114 - (7.3.z) Upgrade jboss-vfs to 3.2.15.Final JBEAP-18060 - [GSS](7.3.z) Upgrade weld from 3.1.2.Final-redhat-00001 to 3.1.4.Final-redhat-00001 JBEAP-18163 - (7.3.z) Upgrade HAL from 3.2.3.Final-redhat-00001 to 3.2.8.Final-redhat-00001 JBEAP-18221 - (7.3.z) Upgrade PicketLink bindings from 2.5.5.SP12-redhat-00010 to 2.5.5.SP12-redhat-00012 JBEAP-18240 - (7.3.z) Update the Chinese translations in WildFly Core JBEAP-18241 - (7.3.z) Update the Japanese translations in WildFly Core JBEAP-18273 - (7.3.z) Upgrade IronJacamar from 1.4.19.Final to 1.4.20.Final JBEAP-18277 - [GSS](7.3.z) Upgrade JBoss JSF API from 3.0.0.SP01-redhat-00001 to 3.0.0.SP02-redhat-00001 JBEAP-18288 - [GSS](7.3.z) Upgrade FasterXML from 2.10.0 to 2.10.3 JBEAP-18294 - (7.3.z) Upgrade JAXB from 2.3.1 to 2.3.3-b02 and com.sun.istack from 3.0.7 to 3.0.10 JBEAP-18302 - [GSS](7.3.z) Upgrade wildfly-http-client from 1.0.18 to 1.0.20 JBEAP-18315 - [GSS](7.3.z) Upgrade Artemis from 2.9.0.redhat-00005 to 2.9.0.redhat-00010 JBEAP-18346 - [GSS](7.3.z) Upgrade jakarta.el from 3.0.2.redhat-00001 to 3.0.3.redhat-00002 JBEAP-18352 - [GSS](7.3.z) Upgrade JBoss Remoting from 5.0.16.Final-redhat-00001 to 5.0.18.Final-redhat-00001 JBEAP-18361 - [GSS](7.3.z) Upgrade Woodstox from 5.0.3 to 6.0.3 JBEAP-18367 - [GSS](7.3.z) Upgrade Hibernate ORM from 5.3.15 to 5.3.16 JBEAP-18393 - [GSS](7.3.z) Update $JBOSS_HOME/docs/schema to show https schema URL instead of http JBEAP-18399 - Tracker bug for the EAP 7.3.1 release for RHEL-8 JBEAP-18409 - [GSS](7.3.z) Upgrade Infinispan from 9.4.16.Final-redhat-00002 to 9.4.18.Final-redhat-00001 JBEAP-18527 - (7.3.z) Upgrade WildFly Naming Client from 1.0.10.Final to 1.0.12.Final JBEAP-18528 - (7.3.z) Upgrade jboss-ejb-client from 4.0.27.Final to 4.0.31.Final-redhat-00001 JBEAP-18596 - [GSS](7.3.z) Upgrade JBoss Modules from 1.9.1 to 1.10.0 JBEAP-18598 - [GSS](7.3.z) Upgrade Bouncycastle from 1.60.0-redhat-00001 to 1.60.0-redhat-00002 JBEAP-18640 - [Runtimes] (7.3.x) Upgrade slf4j-jboss-logmanager from 1.0.3.GA.redhat-2 to 1.0.4.GA.redhat-00001 JBEAP-18653 - (7.3.z) Upgrade Apache CXF from 3.3.4.redhat-00001 to 3.3.5.redhat-00001 JBEAP-18706 - (7.3.z) Upgrade elytron-web from 1.6.0.Final to 1.6.1.Final JBEAP-18770 - Upgrade Jandex to 2.1.2.Final-redhat-00001 JBEAP-18775 - (7.3.z) Upgrade WildFly Core to 10.1.4.Final-redhat-00001 JBEAP-18788 - (7.3.x) Upgrade wss4j from 2.2.4.redhat-00001 to 2.2.5.redhat-00001 JBEAP-18790 - (7.3.z) Upgrade cryptacular from 1.2.0.redhat-1 to 1.2.4.redhat-00001 JBEAP-18818 - (7.3.z) Upgrade PicketBox from 5.0.3.Final-redhat-00005 to 5.0.3.Final-redhat-00006 JBEAP-18836 - [GSS](7.3.z) Upgrade Remoting JMX from 3.0.3 to 3.0.4 JBEAP-18850 - (7.3.z) Upgrade smallrye-config from 1.4.1 to 1.6.2 JBEAP-18870 - Upgrade WildFly Common to 1.5.2.Final.redhat-00002 JBEAP-18875 - Upgrade MicroProfile Metrics API to 2.3 and smallrye-metrics to 2.4.0 JBEAP-18876 - Upgrade Smallrye Health to 2.2.0 and MP Health API to 2.2 JBEAP-18877 - (7.3.z) Upgrade Jaeger client to 0.34.3 JBEAP-18878 - Upgrade Smallrye Opentracing to 1.3.4 and MP Opentracing to 1.3.3 JBEAP-18879 - (7.3.z) Upgrade MicroProfile Config 1.4 JBEAP-18929 - (7.3.z) Upgrade WildFly Elytron from 1.10.5.Final-redhat-00001 to 1.10.6.Final JBEAP-18990 - (7.3.z) Upgrade jasypt from 1.9.2 to 1.9.3-redhat-00001 JBEAP-18991 - (7.3.z) Upgrade opensaml from 3.3.0.redhat-1 to 3.3.1-redhat-00002 JBEAP-19035 - In Building Custom Layers, update pom.xml content for 7.3.1 JBEAP-19054 - Upgrade MP REST Client to 1.4.0.redhat-00004 JBEAP-19066 - Upgrade snakeyaml from 1.18.0.redhat-2 to 1.24.0.redhat-00001 JBEAP-19117 - [GSS](7.3.z) Upgrade org.jboss.genericjms from 2.0.2.Final-redhat-00001 to 2.0.4.Final-redhat-00001 JBEAP-19133 - [GSS](7.3.z) Upgrade JSF based on Mojarra 2.3.9.SP08-redhat-00001 to 2.3.9.SP09-redhat-00001 JBEAP-19156 - (7.3.z) Upgrade RESTEasy from 3.11.1.Final.redhat-00001 to 3.11.2.Final.redhat-00001 JBEAP-19181 - (7.3.z) Upgrade WildFly Core to 10.1.5.Final-redhat-00001 JBEAP-19192 - (7.3.z) Update the Japanese translations JBEAP-19232 - (7.3.z) Upgrade WildFly Core from 10.1.5.Final-redhat-00001 to 10.1.7.Final-redhat-00001 JBEAP-19281 - (7.3.z) Upgrade undertow from 2.0.30.SP2-redhat-00001 to 2.0.30.SP3-redhat-00001 JBEAP-19456 - Upgrade wildfly-transaction-client to 1.1.11.Final 7. Package List: Red Hat JBoss EAP 7.3 for BaseOS-8: Source: eap7-activemq-artemis-2.9.0-4.redhat_00010.1.el8eap.src.rpm eap7-apache-cxf-3.3.5-1.redhat_00001.1.el8eap.src.rpm eap7-bouncycastle-1.60.0-2.redhat_00002.1.el8eap.src.rpm eap7-codehaus-jackson-1.9.13-10.redhat_00007.1.el8eap.src.rpm eap7-cryptacular-1.2.4-1.redhat_00001.1.el8eap.src.rpm eap7-elytron-web-1.6.1-1.Final_redhat_00001.1.el8eap.src.rpm eap7-glassfish-jaxb-2.3.3-4.b02_redhat_00001.1.el8eap.src.rpm eap7-glassfish-jsf-2.3.9-10.SP09_redhat_00001.1.el8eap.src.rpm eap7-hal-console-3.2.8-1.Final_redhat_00001.1.el8eap.src.rpm eap7-hibernate-5.3.16-1.Final_redhat_00001.1.el8eap.src.rpm eap7-infinispan-9.4.18-1.Final_redhat_00001.1.el8eap.src.rpm eap7-ironjacamar-1.4.20-1.Final_redhat_00001.1.el8eap.src.rpm eap7-jackson-annotations-2.10.3-1.redhat_00001.1.el8eap.src.rpm eap7-jackson-core-2.10.3-1.redhat_00001.1.el8eap.src.rpm eap7-jackson-databind-2.10.3-1.redhat_00001.1.el8eap.src.rpm eap7-jackson-jaxrs-providers-2.10.3-1.redhat_00001.1.el8eap.src.rpm eap7-jackson-modules-base-2.10.3-1.redhat_00001.1.el8eap.src.rpm eap7-jackson-modules-java8-2.10.3-1.redhat_00001.1.el8eap.src.rpm eap7-jaegertracing-jaeger-client-java-0.34.3-1.redhat_00001.1.el8eap.src.rpm eap7-jakarta-el-3.0.3-1.redhat_00002.1.el8eap.src.rpm eap7-jandex-2.1.2-1.Final_redhat_00001.1.el8eap.src.rpm eap7-jasypt-1.9.3-1.redhat_00001.1.el8eap.src.rpm eap7-jboss-ejb-client-4.0.31-1.Final_redhat_00001.1.el8eap.src.rpm eap7-jboss-genericjms-2.0.4-1.Final_redhat_00001.1.el8eap.src.rpm eap7-jboss-jsf-api_2.3_spec-3.0.0-3.SP02_redhat_00001.1.el8eap.src.rpm eap7-jboss-modules-1.10.0-1.Final_redhat_00001.1.el8eap.src.rpm eap7-jboss-remoting-5.0.18-1.Final_redhat_00001.1.el8eap.src.rpm eap7-jboss-remoting-jmx-3.0.4-1.Final_redhat_00001.1.el8eap.src.rpm eap7-jboss-server-migration-1.7.1-5.Final_redhat_00006.1.el8eap.src.rpm eap7-jboss-vfs-3.2.15-1.Final_redhat_00001.1.el8eap.src.rpm eap7-jboss-weld-3.1-api-3.1.0-6.SP2_redhat_00001.1.el8eap.src.rpm eap7-microprofile-config-1.4.0-1.redhat_00003.1.el8eap.src.rpm eap7-microprofile-health-2.2.0-1.redhat_00001.1.el8eap.src.rpm eap7-microprofile-metrics-2.3.0-1.redhat_00001.1.el8eap.src.rpm eap7-microprofile-opentracing-1.3.3-1.redhat_00001.1.el8eap.src.rpm eap7-microprofile-rest-client-1.4.0-1.redhat_00004.1.el8eap.src.rpm eap7-opensaml-3.3.1-1.redhat_00002.1.el8eap.src.rpm eap7-picketbox-5.0.3-7.Final_redhat_00006.1.el8eap.src.rpm eap7-picketlink-bindings-2.5.5-23.SP12_redhat_00012.1.el8eap.src.rpm eap7-resteasy-3.11.2-3.Final_redhat_00002.1.el8eap.src.rpm eap7-slf4j-jboss-logmanager-1.0.4-1.GA_redhat_00001.1.el8eap.src.rpm eap7-smallrye-config-1.6.2-3.redhat_00004.1.el8eap.src.rpm eap7-smallrye-health-2.2.0-1.redhat_00004.1.el8eap.src.rpm eap7-smallrye-metrics-2.4.0-1.redhat_00004.1.el8eap.src.rpm eap7-smallrye-opentracing-1.3.4-1.redhat_00004.1.el8eap.src.rpm eap7-snakeyaml-1.24.0-2.redhat_00001.1.el8eap.src.rpm eap7-stax2-api-4.2.0-1.redhat_00001.1.el8eap.src.rpm eap7-sun-istack-commons-3.0.10-1.redhat_00001.1.el8eap.src.rpm eap7-undertow-2.0.30-3.SP3_redhat_00001.1.el8eap.src.rpm eap7-weld-core-3.1.4-1.Final_redhat_00001.1.el8eap.src.rpm eap7-wildfly-7.3.1-5.GA_redhat_00003.1.el8eap.src.rpm eap7-wildfly-elytron-1.10.6-1.Final_redhat_00001.1.el8eap.src.rpm eap7-wildfly-http-client-1.0.20-1.Final_redhat_00001.1.el8eap.src.rpm eap7-wildfly-naming-client-1.0.12-1.Final_redhat_00001.1.el8eap.src.rpm eap7-wildfly-transaction-client-1.1.11-1.Final_redhat_00001.1.el8eap.src.rpm eap7-woodstox-core-6.0.3-1.redhat_00001.1.el8eap.src.rpm eap7-wss4j-2.2.5-1.redhat_00001.1.el8eap.src.rpm noarch: eap7-activemq-artemis-2.9.0-4.redhat_00010.1.el8eap.noarch.rpm eap7-activemq-artemis-cli-2.9.0-4.redhat_00010.1.el8eap.noarch.rpm eap7-activemq-artemis-commons-2.9.0-4.redhat_00010.1.el8eap.noarch.rpm eap7-activemq-artemis-core-client-2.9.0-4.redhat_00010.1.el8eap.noarch.rpm eap7-activemq-artemis-dto-2.9.0-4.redhat_00010.1.el8eap.noarch.rpm eap7-activemq-artemis-hornetq-protocol-2.9.0-4.redhat_00010.1.el8eap.noarch.rpm eap7-activemq-artemis-hqclient-protocol-2.9.0-4.redhat_00010.1.el8eap.noarch.rpm eap7-activemq-artemis-jdbc-store-2.9.0-4.redhat_00010.1.el8eap.noarch.rpm eap7-activemq-artemis-jms-client-2.9.0-4.redhat_00010.1.el8eap.noarch.rpm eap7-activemq-artemis-jms-server-2.9.0-4.redhat_00010.1.el8eap.noarch.rpm eap7-activemq-artemis-journal-2.9.0-4.redhat_00010.1.el8eap.noarch.rpm eap7-activemq-artemis-ra-2.9.0-4.redhat_00010.1.el8eap.noarch.rpm eap7-activemq-artemis-selector-2.9.0-4.redhat_00010.1.el8eap.noarch.rpm eap7-activemq-artemis-server-2.9.0-4.redhat_00010.1.el8eap.noarch.rpm eap7-activemq-artemis-service-extensions-2.9.0-4.redhat_00010.1.el8eap.noarch.rpm eap7-activemq-artemis-tools-2.9.0-4.redhat_00010.1.el8eap.noarch.rpm eap7-apache-cxf-3.3.5-1.redhat_00001.1.el8eap.noarch.rpm eap7-apache-cxf-rt-3.3.5-1.redhat_00001.1.el8eap.noarch.rpm eap7-apache-cxf-services-3.3.5-1.redhat_00001.1.el8eap.noarch.rpm eap7-apache-cxf-tools-3.3.5-1.redhat_00001.1.el8eap.noarch.rpm eap7-bouncycastle-1.60.0-2.redhat_00002.1.el8eap.noarch.rpm eap7-bouncycastle-mail-1.60.0-2.redhat_00002.1.el8eap.noarch.rpm eap7-bouncycastle-pkix-1.60.0-2.redhat_00002.1.el8eap.noarch.rpm eap7-bouncycastle-prov-1.60.0-2.redhat_00002.1.el8eap.noarch.rpm eap7-codehaus-jackson-1.9.13-10.redhat_00007.1.el8eap.noarch.rpm eap7-codehaus-jackson-core-asl-1.9.13-10.redhat_00007.1.el8eap.noarch.rpm eap7-codehaus-jackson-jaxrs-1.9.13-10.redhat_00007.1.el8eap.noarch.rpm eap7-codehaus-jackson-mapper-asl-1.9.13-10.redhat_00007.1.el8eap.noarch.rpm eap7-codehaus-jackson-xc-1.9.13-10.redhat_00007.1.el8eap.noarch.rpm eap7-codemodel-2.3.3-4.b02_redhat_00001.1.el8eap.noarch.rpm eap7-cryptacular-1.2.4-1.redhat_00001.1.el8eap.noarch.rpm eap7-glassfish-jaxb-2.3.3-4.b02_redhat_00001.1.el8eap.noarch.rpm eap7-glassfish-jsf-2.3.9-10.SP09_redhat_00001.1.el8eap.noarch.rpm eap7-hal-console-3.2.8-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-hibernate-5.3.16-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-hibernate-core-5.3.16-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-hibernate-entitymanager-5.3.16-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-hibernate-envers-5.3.16-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-hibernate-java8-5.3.16-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-infinispan-9.4.18-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-infinispan-cachestore-jdbc-9.4.18-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-infinispan-cachestore-remote-9.4.18-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-infinispan-client-hotrod-9.4.18-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-infinispan-commons-9.4.18-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-infinispan-core-9.4.18-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-infinispan-hibernate-cache-commons-9.4.18-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-infinispan-hibernate-cache-spi-9.4.18-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-infinispan-hibernate-cache-v53-9.4.18-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-ironjacamar-1.4.20-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-ironjacamar-common-api-1.4.20-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-ironjacamar-common-impl-1.4.20-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-ironjacamar-common-spi-1.4.20-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-ironjacamar-core-api-1.4.20-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-ironjacamar-core-impl-1.4.20-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-ironjacamar-deployers-common-1.4.20-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-ironjacamar-jdbc-1.4.20-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-ironjacamar-validator-1.4.20-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-istack-commons-runtime-3.0.10-1.redhat_00001.1.el8eap.noarch.rpm eap7-istack-commons-tools-3.0.10-1.redhat_00001.1.el8eap.noarch.rpm eap7-jackson-annotations-2.10.3-1.redhat_00001.1.el8eap.noarch.rpm eap7-jackson-core-2.10.3-1.redhat_00001.1.el8eap.noarch.rpm eap7-jackson-databind-2.10.3-1.redhat_00001.1.el8eap.noarch.rpm eap7-jackson-datatype-jdk8-2.10.3-1.redhat_00001.1.el8eap.noarch.rpm eap7-jackson-datatype-jsr310-2.10.3-1.redhat_00001.1.el8eap.noarch.rpm eap7-jackson-jaxrs-base-2.10.3-1.redhat_00001.1.el8eap.noarch.rpm eap7-jackson-jaxrs-json-provider-2.10.3-1.redhat_00001.1.el8eap.noarch.rpm eap7-jackson-module-jaxb-annotations-2.10.3-1.redhat_00001.1.el8eap.noarch.rpm eap7-jackson-modules-base-2.10.3-1.redhat_00001.1.el8eap.noarch.rpm eap7-jackson-modules-java8-2.10.3-1.redhat_00001.1.el8eap.noarch.rpm eap7-jaegertracing-jaeger-client-java-0.34.3-1.redhat_00001.1.el8eap.noarch.rpm eap7-jaegertracing-jaeger-client-java-core-0.34.3-1.redhat_00001.1.el8eap.noarch.rpm eap7-jaegertracing-jaeger-client-java-thrift-0.34.3-1.redhat_00001.1.el8eap.noarch.rpm eap7-jakarta-el-3.0.3-1.redhat_00002.1.el8eap.noarch.rpm eap7-jandex-2.1.2-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-jasypt-1.9.3-1.redhat_00001.1.el8eap.noarch.rpm eap7-jaxb-jxc-2.3.3-4.b02_redhat_00001.1.el8eap.noarch.rpm eap7-jaxb-runtime-2.3.3-4.b02_redhat_00001.1.el8eap.noarch.rpm eap7-jaxb-xjc-2.3.3-4.b02_redhat_00001.1.el8eap.noarch.rpm eap7-jboss-ejb-client-4.0.31-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-jboss-genericjms-2.0.4-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-jboss-jsf-api_2.3_spec-3.0.0-3.SP02_redhat_00001.1.el8eap.noarch.rpm eap7-jboss-modules-1.10.0-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-jboss-remoting-5.0.18-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-jboss-remoting-jmx-3.0.4-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-jboss-server-migration-1.7.1-5.Final_redhat_00006.1.el8eap.noarch.rpm eap7-jboss-server-migration-cli-1.7.1-5.Final_redhat_00006.1.el8eap.noarch.rpm eap7-jboss-server-migration-core-1.7.1-5.Final_redhat_00006.1.el8eap.noarch.rpm eap7-jboss-server-migration-eap6.4-1.7.1-5.Final_redhat_00006.1.el8eap.noarch.rpm eap7-jboss-server-migration-eap6.4-to-eap7.3-1.7.1-5.Final_redhat_00006.1.el8eap.noarch.rpm eap7-jboss-server-migration-eap7.0-1.7.1-5.Final_redhat_00006.1.el8eap.noarch.rpm eap7-jboss-server-migration-eap7.1-1.7.1-5.Final_redhat_00006.1.el8eap.noarch.rpm eap7-jboss-server-migration-eap7.2-1.7.1-5.Final_redhat_00006.1.el8eap.noarch.rpm eap7-jboss-server-migration-eap7.2-to-eap7.3-1.7.1-5.Final_redhat_00006.1.el8eap.noarch.rpm eap7-jboss-server-migration-eap7.3-server-1.7.1-5.Final_redhat_00006.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly10.0-1.7.1-5.Final_redhat_00006.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly10.1-1.7.1-5.Final_redhat_00006.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly11.0-1.7.1-5.Final_redhat_00006.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly12.0-1.7.1-5.Final_redhat_00006.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly13.0-server-1.7.1-5.Final_redhat_00006.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly14.0-server-1.7.1-5.Final_redhat_00006.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly15.0-server-1.7.1-5.Final_redhat_00006.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly16.0-server-1.7.1-5.Final_redhat_00006.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly17.0-server-1.7.1-5.Final_redhat_00006.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly18.0-server-1.7.1-5.Final_redhat_00006.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly8.2-1.7.1-5.Final_redhat_00006.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly9.0-1.7.1-5.Final_redhat_00006.1.el8eap.noarch.rpm eap7-jboss-vfs-3.2.15-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-jboss-weld-3.1-api-3.1.0-6.SP2_redhat_00001.1.el8eap.noarch.rpm eap7-jboss-weld-3.1-api-weld-api-3.1.0-6.SP2_redhat_00001.1.el8eap.noarch.rpm eap7-jboss-weld-3.1-api-weld-spi-3.1.0-6.SP2_redhat_00001.1.el8eap.noarch.rpm eap7-microprofile-config-1.4.0-1.redhat_00003.1.el8eap.noarch.rpm eap7-microprofile-config-api-1.4.0-1.redhat_00003.1.el8eap.noarch.rpm eap7-microprofile-health-2.2.0-1.redhat_00001.1.el8eap.noarch.rpm eap7-microprofile-metrics-2.3.0-1.redhat_00001.1.el8eap.noarch.rpm eap7-microprofile-metrics-api-2.3.0-1.redhat_00001.1.el8eap.noarch.rpm eap7-microprofile-opentracing-1.3.3-1.redhat_00001.1.el8eap.noarch.rpm eap7-microprofile-opentracing-api-1.3.3-1.redhat_00001.1.el8eap.noarch.rpm eap7-microprofile-rest-client-1.4.0-1.redhat_00004.1.el8eap.noarch.rpm eap7-microprofile-rest-client-api-1.4.0-1.redhat_00004.1.el8eap.noarch.rpm eap7-opensaml-3.3.1-1.redhat_00002.1.el8eap.noarch.rpm eap7-opensaml-core-3.3.1-1.redhat_00002.1.el8eap.noarch.rpm eap7-opensaml-profile-api-3.3.1-1.redhat_00002.1.el8eap.noarch.rpm eap7-opensaml-saml-api-3.3.1-1.redhat_00002.1.el8eap.noarch.rpm eap7-opensaml-saml-impl-3.3.1-1.redhat_00002.1.el8eap.noarch.rpm eap7-opensaml-security-api-3.3.1-1.redhat_00002.1.el8eap.noarch.rpm eap7-opensaml-security-impl-3.3.1-1.redhat_00002.1.el8eap.noarch.rpm eap7-opensaml-soap-api-3.3.1-1.redhat_00002.1.el8eap.noarch.rpm eap7-opensaml-xacml-api-3.3.1-1.redhat_00002.1.el8eap.noarch.rpm eap7-opensaml-xacml-impl-3.3.1-1.redhat_00002.1.el8eap.noarch.rpm eap7-opensaml-xacml-saml-api-3.3.1-1.redhat_00002.1.el8eap.noarch.rpm eap7-opensaml-xacml-saml-impl-3.3.1-1.redhat_00002.1.el8eap.noarch.rpm eap7-opensaml-xmlsec-api-3.3.1-1.redhat_00002.1.el8eap.noarch.rpm eap7-opensaml-xmlsec-impl-3.3.1-1.redhat_00002.1.el8eap.noarch.rpm eap7-picketbox-5.0.3-7.Final_redhat_00006.1.el8eap.noarch.rpm eap7-picketbox-infinispan-5.0.3-7.Final_redhat_00006.1.el8eap.noarch.rpm eap7-picketlink-bindings-2.5.5-23.SP12_redhat_00012.1.el8eap.noarch.rpm eap7-picketlink-wildfly8-2.5.5-23.SP12_redhat_00012.1.el8eap.noarch.rpm eap7-relaxng-datatype-2.3.3-4.b02_redhat_00001.1.el8eap.noarch.rpm eap7-resteasy-3.11.2-3.Final_redhat_00002.1.el8eap.noarch.rpm eap7-resteasy-atom-provider-3.11.2-3.Final_redhat_00002.1.el8eap.noarch.rpm eap7-resteasy-cdi-3.11.2-3.Final_redhat_00002.1.el8eap.noarch.rpm eap7-resteasy-client-3.11.2-3.Final_redhat_00002.1.el8eap.noarch.rpm eap7-resteasy-client-microprofile-3.11.2-3.Final_redhat_00002.1.el8eap.noarch.rpm eap7-resteasy-crypto-3.11.2-3.Final_redhat_00002.1.el8eap.noarch.rpm eap7-resteasy-jackson-provider-3.11.2-3.Final_redhat_00002.1.el8eap.noarch.rpm eap7-resteasy-jackson2-provider-3.11.2-3.Final_redhat_00002.1.el8eap.noarch.rpm eap7-resteasy-jaxb-provider-3.11.2-3.Final_redhat_00002.1.el8eap.noarch.rpm eap7-resteasy-jaxrs-3.11.2-3.Final_redhat_00002.1.el8eap.noarch.rpm eap7-resteasy-jettison-provider-3.11.2-3.Final_redhat_00002.1.el8eap.noarch.rpm eap7-resteasy-jose-jwt-3.11.2-3.Final_redhat_00002.1.el8eap.noarch.rpm eap7-resteasy-jsapi-3.11.2-3.Final_redhat_00002.1.el8eap.noarch.rpm eap7-resteasy-json-binding-provider-3.11.2-3.Final_redhat_00002.1.el8eap.noarch.rpm eap7-resteasy-json-p-provider-3.11.2-3.Final_redhat_00002.1.el8eap.noarch.rpm eap7-resteasy-multipart-provider-3.11.2-3.Final_redhat_00002.1.el8eap.noarch.rpm eap7-resteasy-rxjava2-3.11.2-3.Final_redhat_00002.1.el8eap.noarch.rpm eap7-resteasy-spring-3.11.2-3.Final_redhat_00002.1.el8eap.noarch.rpm eap7-resteasy-validator-provider-11-3.11.2-3.Final_redhat_00002.1.el8eap.noarch.rpm eap7-resteasy-yaml-provider-3.11.2-3.Final_redhat_00002.1.el8eap.noarch.rpm eap7-rngom-2.3.3-4.b02_redhat_00001.1.el8eap.noarch.rpm eap7-slf4j-jboss-logmanager-1.0.4-1.GA_redhat_00001.1.el8eap.noarch.rpm eap7-smallrye-config-1.6.2-3.redhat_00004.1.el8eap.noarch.rpm eap7-smallrye-health-2.2.0-1.redhat_00004.1.el8eap.noarch.rpm eap7-smallrye-metrics-2.4.0-1.redhat_00004.1.el8eap.noarch.rpm eap7-smallrye-opentracing-1.3.4-1.redhat_00004.1.el8eap.noarch.rpm eap7-snakeyaml-1.24.0-2.redhat_00001.1.el8eap.noarch.rpm eap7-stax2-api-4.2.0-1.redhat_00001.1.el8eap.noarch.rpm eap7-sun-istack-commons-3.0.10-1.redhat_00001.1.el8eap.noarch.rpm eap7-txw2-2.3.3-4.b02_redhat_00001.1.el8eap.noarch.rpm eap7-undertow-2.0.30-3.SP3_redhat_00001.1.el8eap.noarch.rpm eap7-undertow-server-1.6.1-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-weld-core-3.1.4-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-weld-core-impl-3.1.4-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-weld-core-jsf-3.1.4-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-weld-ejb-3.1.4-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-weld-jta-3.1.4-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-weld-probe-core-3.1.4-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-weld-web-3.1.4-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-wildfly-7.3.1-5.GA_redhat_00003.1.el8eap.noarch.rpm eap7-wildfly-elytron-1.10.6-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-wildfly-elytron-tool-1.10.6-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-wildfly-http-client-common-1.0.20-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-wildfly-http-ejb-client-1.0.20-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-wildfly-http-naming-client-1.0.20-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-wildfly-http-transaction-client-1.0.20-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-wildfly-javadocs-7.3.1-5.GA_redhat_00003.1.el8eap.noarch.rpm eap7-wildfly-modules-7.3.1-5.GA_redhat_00003.1.el8eap.noarch.rpm eap7-wildfly-naming-client-1.0.12-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-wildfly-transaction-client-1.1.11-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-woodstox-core-6.0.3-1.redhat_00001.1.el8eap.noarch.rpm eap7-wss4j-2.2.5-1.redhat_00001.1.el8eap.noarch.rpm eap7-wss4j-bindings-2.2.5-1.redhat_00001.1.el8eap.noarch.rpm eap7-wss4j-policy-2.2.5-1.redhat_00001.1.el8eap.noarch.rpm eap7-wss4j-ws-security-common-2.2.5-1.redhat_00001.1.el8eap.noarch.rpm eap7-wss4j-ws-security-dom-2.2.5-1.redhat_00001.1.el8eap.noarch.rpm eap7-wss4j-ws-security-policy-stax-2.2.5-1.redhat_00001.1.el8eap.noarch.rpm eap7-wss4j-ws-security-stax-2.2.5-1.redhat_00001.1.el8eap.noarch.rpm eap7-xsom-2.3.3-4.b02_redhat_00001.1.el8eap.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 8. References: https://access.redhat.com/security/cve/CVE-2018-14371 https://access.redhat.com/security/cve/CVE-2019-0205 https://access.redhat.com/security/cve/CVE-2019-0210 https://access.redhat.com/security/cve/CVE-2019-10172 https://access.redhat.com/security/cve/CVE-2019-12423 https://access.redhat.com/security/cve/CVE-2019-14887 https://access.redhat.com/security/cve/CVE-2019-17573 https://access.redhat.com/security/cve/CVE-2020-1695 https://access.redhat.com/security/cve/CVE-2020-1729 https://access.redhat.com/security/cve/CVE-2020-1745 https://access.redhat.com/security/cve/CVE-2020-1757 https://access.redhat.com/security/cve/CVE-2020-6950 https://access.redhat.com/security/cve/CVE-2020-7226 https://access.redhat.com/security/cve/CVE-2020-8840 https://access.redhat.com/security/cve/CVE-2020-9546 https://access.redhat.com/security/cve/CVE-2020-9547 https://access.redhat.com/security/cve/CVE-2020-9548 https://access.redhat.com/security/cve/CVE-2020-10688 https://access.redhat.com/security/cve/CVE-2020-10719 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/ https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/ 9. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXuHcm9zjgjWX9erEAQit5g/+Jij4iahhnl06NfDOAoQbVvKobewyO7J4 NPDWt7Di146R1L23xMFXEBtuyCWg8RYLcpqS0VU3UKPkoStIOTJbgsNxQFRhbMEG 2HIPnQ5BOGM86WL2WnwpimfEgVwmSGwC23m8DTWZSDK5oMasfSmIqY/+wIOtGffn mjdLdcm4AlhVHgy7x2FYn9/wYb2tQTZBuw0mBx5jhYm4PGDYAd2P/Zo75i0182Cu t8guVtj8vuAAvLyZKVmCrW0I5oa95zp4O4tAqEPIfxK4A2ggoHx91OdcMjHrX9mg 7LwqTq2jf/hjhjktgeEeL2y4mDq4t/ZSaBdo7vNWiNXHfGwt3uSJeGPoGQBca6iC sYuYhiH0F+HolBkC29IGXvh5NG6aHiWcUau868ymL0OW/LSZwEqsIDkBQo7njbYr 40l2lZEhf3evP5POi3Ifh5e3/syUu/aNpyZtvnhm3f/bMq82uDtl3qfQCiVdSbpo 3J65X218GQYThWEtz1WXqfo8sFb0CNGUm5bC11nMD9uWsUZqdl1T1wseQJU2/ns/ KV2GJhGz1HDOMxAtjMshg1Bu/ITNMIU2Wrat7q7HAH+iA5I9mpxmPk5cM6yK8RFL Cv5GymrLNgxyJQ5LPO8Nae9mKnHzl3OXAcTEwTUcCcxqXZlYBSiESY/OoE1ClEQp w6qY9yQ5bcI=3pbm -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . The References section of this erratum contains a download link (you must log in to download the update). The JBoss server process must be restarted for the update to take effect

Trust: 1.89

sources: NVD: CVE-2020-9546 // VULHUB: VHN-187671 // VULMON: CVE-2020-9546 // PACKETSTORM: 158048 // PACKETSTORM: 158651 // PACKETSTORM: 159083 // PACKETSTORM: 158636 // PACKETSTORM: 158282 // PACKETSTORM: 159080 // PACKETSTORM: 158047 // PACKETSTORM: 158038 // PACKETSTORM: 159082

AFFECTED PRODUCTS

vendor:	oracle	model:	communications network charging and control	scope:	gte	version:	12.0.0	Trust: 1.0
vendor:	oracle	model:	retail merchandising system	scope:	eq	version:	15.0	Trust: 1.0
vendor:	oracle	model:	retail xstore point of service	scope:	eq	version:	16.0	Trust: 1.0
vendor:	oracle	model:	financial services institutional performance analytics	scope:	eq	version:	8.0.7	Trust: 1.0
vendor:	oracle	model:	insurance policy administration j2ee	scope:	eq	version:	11.0.2.25	Trust: 1.0
vendor:	netapp	model:	active iq unified manager	scope:	gte	version:	9.5	Trust: 1.0
vendor:	oracle	model:	agile plm	scope:	eq	version:	9.3.6	Trust: 1.0
vendor:	oracle	model:	communications contacts server	scope:	eq	version:	8.0.0.4.0	Trust: 1.0
vendor:	oracle	model:	communications element manager	scope:	gte	version:	8.2.0	Trust: 1.0
vendor:	fasterxml	model:	jackson-databind	scope:	gte	version:	2.9.0	Trust: 1.0
vendor:	fasterxml	model:	jackson-databind	scope:	gte	version:	2.0.0	Trust: 1.0
vendor:	oracle	model:	communications element manager	scope:	lte	version:	8.2.2	Trust: 1.0
vendor:	oracle	model:	communications network charging and control	scope:	eq	version:	6.0.1	Trust: 1.0
vendor:	oracle	model:	banking digital experience	scope:	eq	version:	19.1	Trust: 1.0
vendor:	oracle	model:	banking platform	scope:	lte	version:	2.9.0	Trust: 1.0
vendor:	oracle	model:	communications evolved communications application server	scope:	eq	version:	7.1	Trust: 1.0
vendor:	oracle	model:	communications session route manager	scope:	gte	version:	8.2.0	Trust: 1.0
vendor:	oracle	model:	financial services analytical applications infrastructure	scope:	lte	version:	8.1.0	Trust: 1.0
vendor:	oracle	model:	communications session route manager	scope:	lte	version:	8.2.2	Trust: 1.0
vendor:	oracle	model:	banking digital experience	scope:	eq	version:	18.2	Trust: 1.0
vendor:	oracle	model:	retail service backbone	scope:	eq	version:	15.0	Trust: 1.0
vendor:	oracle	model:	financial services retail customer analytics	scope:	eq	version:	8.0.6	Trust: 1.0
vendor:	oracle	model:	financial services analytical applications infrastructure	scope:	gte	version:	8.0.6	Trust: 1.0
vendor:	oracle	model:	retail service backbone	scope:	eq	version:	14.1	Trust: 1.0
vendor:	oracle	model:	banking digital experience	scope:	eq	version:	19.2	Trust: 1.0
vendor:	fasterxml	model:	jackson-databind	scope:	lt	version:	2.8.11.6	Trust: 1.0
vendor:	oracle	model:	primavera unifier	scope:	eq	version:	19.12	Trust: 1.0
vendor:	oracle	model:	primavera unifier	scope:	lte	version:	17.12	Trust: 1.0
vendor:	oracle	model:	financial services price creation and discovery	scope:	eq	version:	8.0.6	Trust: 1.0
vendor:	oracle	model:	primavera unifier	scope:	eq	version:	16.1	Trust: 1.0
vendor:	oracle	model:	financial services institutional performance analytics	scope:	eq	version:	8.1.0	Trust: 1.0
vendor:	oracle	model:	global lifecycle management opatch	scope:	lt	version:	12.2.0.1.20	Trust: 1.0
vendor:	oracle	model:	enterprise manager base platform	scope:	eq	version:	13.4.0.0	Trust: 1.0
vendor:	fasterxml	model:	jackson-databind	scope:	gte	version:	2.8.0	Trust: 1.0
vendor:	oracle	model:	retail xstore point of service	scope:	eq	version:	19.0	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	8.0	Trust: 1.0
vendor:	oracle	model:	communications network charging and control	scope:	lte	version:	12.0.3	Trust: 1.0
vendor:	oracle	model:	insurance policy administration j2ee	scope:	eq	version:	11.1.0.15	Trust: 1.0
vendor:	netapp	model:	active iq unified manager	scope:	gte	version:	7.3	Trust: 1.0
vendor:	fasterxml	model:	jackson-databind	scope:	lt	version:	2.7.9.7	Trust: 1.0
vendor:	oracle	model:	banking digital experience	scope:	eq	version:	18.1	Trust: 1.0
vendor:	oracle	model:	banking digital experience	scope:	eq	version:	20.1	Trust: 1.0
vendor:	oracle	model:	autovue for agile product lifecycle management	scope:	eq	version:	21.0.2	Trust: 1.0
vendor:	oracle	model:	financial services price creation and discovery	scope:	eq	version:	8.0.7	Trust: 1.0
vendor:	oracle	model:	communications session report manager	scope:	lte	version:	8.2.2	Trust: 1.0
vendor:	oracle	model:	communications session report manager	scope:	gte	version:	8.2.0	Trust: 1.0
vendor:	oracle	model:	primavera unifier	scope:	eq	version:	16.2	Trust: 1.0
vendor:	oracle	model:	enterprise manager base platform	scope:	eq	version:	13.3.0.0	Trust: 1.0
vendor:	oracle	model:	financial services institutional performance analytics	scope:	eq	version:	8.7.0	Trust: 1.0
vendor:	fasterxml	model:	jackson-databind	scope:	lt	version:	2.9.10.4	Trust: 1.0
vendor:	oracle	model:	primavera unifier	scope:	eq	version:	18.8	Trust: 1.0
vendor:	oracle	model:	retail xstore point of service	scope:	eq	version:	15.0	Trust: 1.0
vendor:	oracle	model:	communications calendar server	scope:	eq	version:	8.0.0.4.0	Trust: 1.0
vendor:	oracle	model:	retail sales audit	scope:	eq	version:	14.1	Trust: 1.0
vendor:	oracle	model:	retail service backbone	scope:	eq	version:	16.0	Trust: 1.0
vendor:	oracle	model:	financial services institutional performance analytics	scope:	eq	version:	8.0.6	Trust: 1.0
vendor:	oracle	model:	communications diameter signaling router	scope:	gte	version:	8.0.0	Trust: 1.0
vendor:	oracle	model:	communications instant messaging server	scope:	eq	version:	10.0.1.4.0	Trust: 1.0
vendor:	oracle	model:	communications diameter signaling router	scope:	lte	version:	8.2.2	Trust: 1.0
vendor:	oracle	model:	jd edwards enterpriseone orchestrator	scope:	lt	version:	9.2.4.2	Trust: 1.0
vendor:	oracle	model:	jd edwards enterpriseone tools	scope:	lt	version:	9.2.4.2	Trust: 1.0
vendor:	oracle	model:	communications contacts server	scope:	eq	version:	8.0.0.5.0	Trust: 1.0
vendor:	oracle	model:	retail xstore point of service	scope:	eq	version:	17.0	Trust: 1.0
vendor:	oracle	model:	weblogic server	scope:	eq	version:	12.2.1.4.0	Trust: 1.0
vendor:	oracle	model:	primavera unifier	scope:	gte	version:	17.7	Trust: 1.0
vendor:	oracle	model:	retail xstore point of service	scope:	eq	version:	18.0	Trust: 1.0
vendor:	oracle	model:	weblogic server	scope:	eq	version:	12.2.1.3.0	Trust: 1.0
vendor:	oracle	model:	banking digital experience	scope:	eq	version:	18.3	Trust: 1.0
vendor:	oracle	model:	banking platform	scope:	gte	version:	2.4.0	Trust: 1.0

sources: NVD: CVE-2020-9546

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-9546
value:	CRITICAL
Trust: 1.0
CNNVD:	CNNVD-202003-042
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-187671
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2020-9546
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-9546
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
VULHUB:	VHN-187671
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-9546
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: VULHUB: VHN-187671 // VULMON: CVE-2020-9546 // CNNVD: CNNVD-202003-042 // NVD: CVE-2020-9546

PROBLEMTYPE DATA

problemtype:

CWE-502

Trust: 1.1

sources: VULHUB: VHN-187671 // NVD: CVE-2020-9546

THREAT TYPE

remote

Trust: 0.9

sources: PACKETSTORM: 159083 // PACKETSTORM: 159080 // PACKETSTORM: 159082 // CNNVD: CNNVD-202003-042

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-202003-042

PATCH

title:	FasterXML jackson-databind Fixes for code issue vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=111243	Trust: 0.6
title:	Red Hat: Important: Red Hat Single Sign-On 7.4.1 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20202813 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.9 on RHEL 7 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20203638 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.3.1 Security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20202515 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.9 on RHEL 6 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20203637 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.9 on RHEL 8 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20203639 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.9 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20203642 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.3.1 Security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20202513 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.3.1 Security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20202512 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.3.1 Security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20202511 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat Data Grid 7.3.7 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20203779 - Security Advisory	Trust: 0.1
title:	IBM: Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in Jackson databind	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=88553214b693594d88e3b37f8bb2c078	Trust: 0.1
title:	Red Hat: Important: Satellite 6.8 release	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20204366 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat Decision Manager 7.8.0 Security Update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20203196 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat Process Automation Manager 7.8.0 Security Update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20203197 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat build of Thorntail 2.5.1 security and bug fix update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20202067 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat Fuse 7.7.0 release and security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20203192 - Security Advisory	Trust: 0.1
title:	Hitachi Security Advisories: Multiple Vulnerabilities in Hitachi Ops Center Analyzer viewpoint	url:	https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories&qid=hitachi-sec-2020-109	Trust: 0.1
title:	Hitachi Security Advisories: Multiple Vulnerabilities in Cosminexus	url:	https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories&qid=hitachi-sec-2021-109	Trust: 0.1
title:	IBM: Security Bulletin: z/Transaction Processing Facility is affected by multiple vulnerabilities in the jackson-databind, jackson-dataformat-xml, jackson-core, slf4j-ext, and cxf-core packages	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=f974282a27702bae4111bf7716ee6cf6	Trust: 0.1
title:	IBM: Security Bulletin: Multiple vulnerabilities in Data-Binding for Jackson shipped with IBM Operations Analytics – Log Analysis	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=1db4c8cb14383c63d0c04205c943ef8a	Trust: 0.1
title:	IBM: Security Bulletin: IBM Cognos Analytics has addressed multiple vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=2ec7385c474071281be069b54d841de6	Trust: 0.1
title:	Cubed	url:	https://github.com/yahoo/cubed	Trust: 0.1
title:	PHunter	url:	https://github.com/CGCL-codes/PHunter	Trust: 0.1
title:	PHunter	url:	https://github.com/Anonymous-Phunter/PHunter	Trust: 0.1
title:	Java-Deserialization-CVEs	url:	https://github.com/PalindromeLabs/Java-Deserialization-CVEs	Trust: 0.1
title:	Awesome CVE PoC	url:	https://github.com/lnick2023/nicenice	Trust: 0.1
title:	Awesome CVE PoC	url:	https://github.com/xbl3/awesome-cve-poc_qazbnm456	Trust: 0.1
title:	Awesome CVE PoC	url:	https://github.com/qazbnm456/awesome-cve-poc	Trust: 0.1

sources: VULMON: CVE-2020-9546 // CNNVD: CNNVD-202003-042

EXTERNAL IDS

db:	NVD	id:	CVE-2020-9546	Trust: 2.7
db:	PACKETSTORM	id:	159083	Trust: 0.8
db:	PACKETSTORM	id:	159208	Trust: 0.7
db:	PACKETSTORM	id:	159724	Trust: 0.7
db:	CNNVD	id:	CNNVD-202003-042	Trust: 0.7
db:	PACKETSTORM	id:	158048	Trust: 0.7
db:	PACKETSTORM	id:	158282	Trust: 0.7
db:	AUSCERT	id:	ESB-2020.3558	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.1766	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.2287	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.2588	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.1440	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.0828	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.2619	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.2050	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.3065	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.2042	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.3190	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.3703	Trust: 0.6
db:	CS-HELP	id:	SB2022060909	Trust: 0.6
db:	NSFOCUS	id:	48008	Trust: 0.6
db:	PACKETSTORM	id:	159080	Trust: 0.2
db:	PACKETSTORM	id:	159082	Trust: 0.2
db:	PACKETSTORM	id:	159081	Trust: 0.1
db:	CNVD	id:	CNVD-2020-16493	Trust: 0.1
db:	VULHUB	id:	VHN-187671	Trust: 0.1
db:	VULMON	id:	CVE-2020-9546	Trust: 0.1
db:	PACKETSTORM	id:	158651	Trust: 0.1
db:	PACKETSTORM	id:	158636	Trust: 0.1
db:	PACKETSTORM	id:	158047	Trust: 0.1
db:	PACKETSTORM	id:	158038	Trust: 0.1

sources: VULHUB: VHN-187671 // VULMON: CVE-2020-9546 // PACKETSTORM: 158048 // PACKETSTORM: 158651 // PACKETSTORM: 159083 // PACKETSTORM: 158636 // PACKETSTORM: 158282 // PACKETSTORM: 159080 // PACKETSTORM: 158047 // PACKETSTORM: 158038 // PACKETSTORM: 159082 // CNNVD: CNNVD-202003-042 // NVD: CVE-2020-9546

REFERENCES

url:	https://www.oracle.com/security-alerts/cpujan2021.html	Trust: 2.4
url:	https://www.oracle.com/security-alerts/cpujul2020.html	Trust: 2.4
url:	https://www.oracle.com/security-alerts/cpuoct2020.html	Trust: 2.4
url:	https://security.netapp.com/advisory/ntap-20200904-0006/	Trust: 1.8
url:	https://github.com/fasterxml/jackson-databind/issues/2631	Trust: 1.8
url:	https://www.oracle.com/security-alerts/cpuoct2021.html	Trust: 1.8
url:	https://lists.debian.org/debian-lts-announce/2020/03/msg00008.html	Trust: 1.8
url:	https://lists.apache.org/thread.html/rb6fecb5e96a6d61e175ff49f33f2713798dd05cf03067c169d195596%40%3cissues.zookeeper.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/r9464a40d25c3ba1a55622db72f113eb494a889656962d098c70c5bb1%40%3cdev.zookeeper.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/rdd49ab9565bec436a896bc00c4b9fc9dce1598e106c318524fbdfec6%40%3cissues.zookeeper.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/r35d30db00440ef63b791c4b7f7acb036e14d4a23afa2a249cb66c0fd%40%3cissues.zookeeper.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/r98c9b6e4c9e17792e2cd1ec3e4aa20b61a791939046d3f10888176bb%40%3cissues.zookeeper.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/rd5a4457be4623038c3989294429bc063eec433a2e55995d81591e2ca%40%3cissues.zookeeper.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/rdd4df698d5d8e635144d2994922bf0842e933809eae259521f3b5097%40%3cissues.zookeeper.apache.org%3e	Trust: 1.1
url:	https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062	Trust: 1.1
url:	https://lists.apache.org/thread.html/r893a0104e50c1c2559eb9a5812add28ae8c3e5f43712947a9847ec18%40%3cnotifications.zookeeper.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3cissues.geode.apache.org%3e	Trust: 1.1
url:	https://access.redhat.com/security/cve/cve-2020-9547	Trust: 0.9
url:	https://access.redhat.com/security/cve/cve-2020-9546	Trust: 0.9
url:	https://access.redhat.com/security/updates/classification/#important	Trust: 0.9
url:	https://access.redhat.com/security/cve/cve-2020-9548	Trust: 0.9
url:	https://access.redhat.com/security/team/contact/	Trust: 0.9
url:	https://www.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.9
url:	https://access.redhat.com/security/cve/cve-2020-8840	Trust: 0.9
url:	https://bugzilla.redhat.com/):	Trust: 0.9
url:	https://lists.apache.org/thread.html/r893a0104e50c1c2559eb9a5812add28ae8c3e5f43712947a9847ec18@%3cnotifications.zookeeper.apache.org%3e	Trust: 0.7
url:	https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062	Trust: 0.7
url:	https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3cissues.geode.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/r9464a40d25c3ba1a55622db72f113eb494a889656962d098c70c5bb1@%3cdev.zookeeper.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/rb6fecb5e96a6d61e175ff49f33f2713798dd05cf03067c169d195596@%3cissues.zookeeper.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/rdd49ab9565bec436a896bc00c4b9fc9dce1598e106c318524fbdfec6@%3cissues.zookeeper.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/r35d30db00440ef63b791c4b7f7acb036e14d4a23afa2a249cb66c0fd@%3cissues.zookeeper.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/r98c9b6e4c9e17792e2cd1ec3e4aa20b61a791939046d3f10888176bb@%3cissues.zookeeper.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/rd5a4457be4623038c3989294429bc063eec433a2e55995d81591e2ca@%3cissues.zookeeper.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/rdd4df698d5d8e635144d2994922bf0842e933809eae259521f3b5097@%3cissues.zookeeper.apache.org%3e	Trust: 0.7
url:	https://www.ibm.com/blogs/psirt/security-bulletin-ibm-infosphere-information-server-is-affected-by-multiple-vulnerabilities-in-jackson-databind/	Trust: 0.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9547	Trust: 0.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9548	Trust: 0.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9546	Trust: 0.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-8840	Trust: 0.7
url:	https://issues.jboss.org/):	Trust: 0.6
url:	https://access.redhat.com/security/cve/cve-2020-6950	Trust: 0.6
url:	https://access.redhat.com/security/cve/cve-2020-1695	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2020-1695	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6950	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-jackson-databind-affect-ibm-sterling-b2b-integrator/	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/48008	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-fasterxml-jackson-databind-affect-ibm-spectrum-protect-plus-cve-2020-9548-cve-2020-9546-cve-2020-9547-cve-2020-8840-cve-2019-20330/	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022060909	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-series-of-vulnerabilities-in-fasterxml-jackson-databind-affect-apache-solr-shipped-with-ibm-operations-analytics-log-analysis/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.3703/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cognos-business-intelligence-has-addressed-multiple-vulnerabilities-q12021/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.2287/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-ibm-cloud-pak-for-data-affected-by-vulnerability-in-fasterxml-jackson-databind-6/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.2588/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-jackson-databind-publicly-disclosed-vulnerability-found-in-network-performance-insight/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cognos-analytics-has-addressed-multiple-vulnerabilities-3/	Trust: 0.6
url:	https://vigilance.fr/vulnerability/fasterxml-jackson-databind-code-execution-via-hikari-config-31736	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.2619/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-jackson-databind-affect-ibm-platform-symphony-and-ibm-spectrum-symphony-3/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-ibm-data-risk-manager-is-affected-by-multiple-vulnerabilities/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.1766/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.3558/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.2050/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.0828/	Trust: 0.6
url:	https://packetstormsecurity.com/files/158048/red-hat-security-advisory-2020-2512-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.2042/	Trust: 0.6
url:	https://packetstormsecurity.com/files/158282/red-hat-security-advisory-2020-2813-01.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/159208/red-hat-security-advisory-2020-3779-01.html	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/6528214	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.3190/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-affects-ibm-jazz-foundation-and-ibm-engineering-products/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.1440/	Trust: 0.6
url:	https://packetstormsecurity.com/files/159724/red-hat-security-advisory-2020-4366-01.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/159083/red-hat-security-advisory-2020-3642-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.3065/	Trust: 0.6
url:	https://access.redhat.com/security/cve/cve-2019-17573	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2019-17573	Trust: 0.5
url:	https://access.redhat.com/security/cve/cve-2020-10672	Trust: 0.5
url:	https://access.redhat.com/security/cve/cve-2020-10673	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10672	Trust: 0.5
url:	https://access.redhat.com/security/cve/cve-2019-10172	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10719	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2019-10172	Trust: 0.4
url:	https://access.redhat.com/articles/11258	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2020-1757	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2019-12423	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2020-10719	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2019-12423	Trust: 0.4
url:	https://access.redhat.com/security/team/key/	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2020-1745	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10673	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2020-1745	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-14887	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10688	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-0210	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-0205	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2020-7226	Trust: 0.3
url:	https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2019-0210	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2020-1729	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2019-14887	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2020-10688	Trust: 0.3
url:	https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2020-1729	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2020-7226	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2018-14371	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2018-14371	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2019-0205	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2020-1757	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2020-1710	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10740	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2020-14297	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10693	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10687	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2020-10714	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2020-14297	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-14900	Trust: 0.3
url:	https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/html-single/installation_guide/	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10683	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10714	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2020-10683	Trust: 0.3
url:	https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2020-10693	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2020-10687	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2019-14900	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2020-14307	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2020-10740	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2020-14307	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2020-1710	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2020-10718	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10718	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2020-1748	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2020-1748	Trust: 0.3
url:	https://access.redhat.com/errata/rhsa-2020:2813	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-11112	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-11113	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-10968	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-20444	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-14060	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-20330	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-14061	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-11619	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2019-20445	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-10086	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2019-20444	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2019-10086	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-14062	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-10969	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-11620	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2019-20330	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-7238	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-11111	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-20445	Trust: 0.2
url:	https://cwe.mitre.org/data/definitions/502.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://github.com/yahoo/cubed	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2020:2512	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-14060	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-12406	Trust: 0.1
url:	https://access.redhat.com/documentation/en-us/red_hat_process_automation_manager/7.8/html/release_notes_for_red_hat_process_automation_manager_7.8/index	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-9514	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-1718	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-9515	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-13990	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-11620	Trust: 0.1
url:	https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions&product=rhpam&version=7.8.0	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-9512	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-12406	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-11612	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2020:3197	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-9514	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-9515	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-1718	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-9518	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-13990	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-16869	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-11619	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-11111	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-9512	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-11112	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-11612	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-16869	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10968	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-9518	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10969	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-14061	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-11113	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-14062	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2020:3642	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-16335	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-11797	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-16943	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-12086	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-1000632	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-1000632	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-9511	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-12400	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-3831	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-0231	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-11797	Trust: 0.1
url:	https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions&product=jboss.fuse&version=7.7.0	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-17531	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-16335	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-12541	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-3797	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-4970	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-17531	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-9827	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-14540	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-17267	Trust: 0.1
url:	https://access.redhat.com/documentation/en-us/red_hat_fuse/7.7/	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-9511	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-12086	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-16942	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-14892	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-4970	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-1953	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-16943	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-0231	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-17267	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-14893	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-9827	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-16942	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-14893	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-3831	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-14888	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-12400	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-14892	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-12541	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-14540	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2020:3192	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-14195	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-3797	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-14888	Trust: 0.1
url:	https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.4/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-11023	Trust: 0.1
url:	https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=securitypatches&product=core.service.rhsso&version=7.4	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-10748	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-11023	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-11022	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-1694	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10748	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-1714	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-1714	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-11022	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-1694	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2020:3639	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2020:2513	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2020:2515	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2020:3638	Trust: 0.1

CREDITS

Red Hat

Trust: 1.5

sources: PACKETSTORM: 158048 // PACKETSTORM: 158651 // PACKETSTORM: 159083 // PACKETSTORM: 158636 // PACKETSTORM: 158282 // PACKETSTORM: 159080 // PACKETSTORM: 158047 // PACKETSTORM: 158038 // PACKETSTORM: 159082 // CNNVD: CNNVD-202003-042

SOURCES

db:	VULHUB	id:	VHN-187671
db:	VULMON	id:	CVE-2020-9546
db:	PACKETSTORM	id:	158048
db:	PACKETSTORM	id:	158651
db:	PACKETSTORM	id:	159083
db:	PACKETSTORM	id:	158636
db:	PACKETSTORM	id:	158282
db:	PACKETSTORM	id:	159080
db:	PACKETSTORM	id:	158047
db:	PACKETSTORM	id:	158038
db:	PACKETSTORM	id:	159082
db:	CNNVD	id:	CNNVD-202003-042
db:	NVD	id:	CVE-2020-9546

LAST UPDATE DATE

2026-06-19T20:24:42.012000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-187671	date:	2021-12-02T00:00:00
db:	VULMON	id:	CVE-2020-9546	date:	2023-11-07T00:00:00
db:	CNNVD	id:	CNNVD-202003-042	date:	2022-06-10T00:00:00
db:	NVD	id:	CVE-2020-9546	date:	2026-06-17T03:28:07.543

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-187671	date:	2020-03-02T00:00:00
db:	VULMON	id:	CVE-2020-9546	date:	2020-03-02T00:00:00
db:	PACKETSTORM	id:	158048	date:	2020-06-11T16:36:20
db:	PACKETSTORM	id:	158651	date:	2020-07-29T17:53:05
db:	PACKETSTORM	id:	159083	date:	2020-09-07T16:39:48
db:	PACKETSTORM	id:	158636	date:	2020-07-29T00:05:59
db:	PACKETSTORM	id:	158282	date:	2020-07-02T15:43:25
db:	PACKETSTORM	id:	159080	date:	2020-09-07T16:37:51
db:	PACKETSTORM	id:	158047	date:	2020-06-11T16:36:11
db:	PACKETSTORM	id:	158038	date:	2020-06-11T16:34:25
db:	PACKETSTORM	id:	159082	date:	2020-09-07T16:39:28
db:	CNNVD	id:	CNNVD-202003-042	date:	2020-03-02T00:00:00
db:	NVD	id:	CVE-2020-9546	date:	2020-03-02T04:15:10.843