Details of VAR-202012-1529

ID

VAR-202012-1529

CVE

CVE-2020-25649

TITLE

Fasterxml Jackson Code problem vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202010-622

DESCRIPTION

A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity. FasterXML Jackson is a data processing tool for Java developed by American FasterXML Company. There is a security vulnerability in FasterXML Jackson Databind, which can be exploited by an attacker to transmit malicious XML data to FasterXML Jackson Databind to read files, scan sites, or trigger a denial of service. The purpose of this text-only errata is to inform you about the security issues fixed in this release. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat JBoss Enterprise Application Platform 7.3.4 security update Advisory ID: RHSA-2020:5341-01 Product: Red Hat JBoss Enterprise Application Platform Advisory URL: https://access.redhat.com/errata/RHSA-2020:5341 Issue date: 2020-12-03 CVE Names: CVE-2020-25638 CVE-2020-25644 CVE-2020-25649 ==================================================================== 1. Summary: An update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat JBoss EAP 7.3 for RHEL 7 Server - noarch 3. Description: Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.3.4 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.3, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.4 Release Notes for information about the most significant bug fixes and enhancements included in this release. * jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (CVE-2020-25649) * hibernate-core: SQL injection vulnerability when both hibernate.use_sql_comments and JPQL String literals are used (CVE-2020-25638) * wildfly-openssl: memory leak per HTTP session creation in WildFly OpenSSL (CVE-2020-25644) For more details about the security issue(s), including the impact, a CVSS score, and other related information, see the CVE page(s) listed in the References section. 4. Solution: Before applying this update, ensure all previously released errata relevant to your system have been applied. For details about how to apply this update, see: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1881353 - CVE-2020-25638 hibernate-core: SQL injection vulnerability when both hibernate.use_sql_comments and JPQL String literals are used 1885485 - CVE-2020-25644 wildfly-openssl: memory leak per HTTP session creation in WildFly OpenSSL 1887664 - CVE-2020-25649 jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (XXE) 6. JIRA issues fixed (https://issues.jboss.org/): JBEAP-20029 - [GSS](7.3.z) Upgrade Artemis from 2.9.0.redhat-00011 to 2.9.0.redhat-00016 JBEAP-20089 - [GSS] (7.3.z) Upgrade undertow from 2.0.31.SP1-redhat-00001 to 2.0.32.SP1-redhat JBEAP-20119 - [GSS](7.3.z) Upgrade JBoss Remoting from 5.0.18.Final-redhat-00001 to 5.0.19.Final-redhat-00001 JBEAP-20161 - [GSS](7.3.z) Upgrade XNIO from 3.7.9.Final to 3.7.11.Final JBEAP-20222 - Tracker bug for the EAP 7.3.4 release for RHEL-7 JBEAP-20239 - [GSS](7.3.z) Upgrade Hibernate Validator from 6.0.20.Final to 6.0.21.Final JBEAP-20246 - [GSS](7.3.z) Upgrade JBoss Marshalling from 2.0.9.Final to 2.0.10.Final JBEAP-20285 - [GSS](7.3.z) Upgrade HAL from 3.2.10.Final-redhat-00001 to 3.2.11.Final JBEAP-20300 - (7.3.z) Upgrade jasypt from 1.9.3-redhat-00001 to 1.9.3-redhat-00002 JBEAP-20325 - (7.3.z) Upgrade WildFly Arquillian to 3.0.1.Final for the ts.bootable profile JBEAP-20364 - (7.3.z) Upgrade com.github.fge.msg-simple to 1.1.0.redhat-00007 and com.github.fge.btf to 1.2.0.redhat-00007 JBEAP-20368 - (7.3.z) Upgrade Bootable JAR Maven plugin to 2.0.1.Final 7. Package List: Red Hat JBoss EAP 7.3 for RHEL 7 Server: Source: eap7-activemq-artemis-2.9.0-6.redhat_00016.1.el7eap.src.rpm eap7-fge-btf-1.2.0-1.redhat_00007.1.el7eap.src.rpm eap7-fge-msg-simple-1.1.0-1.redhat_00007.1.el7eap.src.rpm eap7-hal-console-3.2.11-1.Final_redhat_00001.1.el7eap.src.rpm eap7-hibernate-validator-6.0.21-1.Final_redhat_00001.1.el7eap.src.rpm eap7-jackson-annotations-2.10.4-1.redhat_00002.1.el7eap.src.rpm eap7-jackson-core-2.10.4-1.redhat_00002.1.el7eap.src.rpm eap7-jackson-coreutils-1.6.0-1.redhat_00006.1.el7eap.src.rpm eap7-jackson-jaxrs-providers-2.10.4-1.redhat_00002.1.el7eap.src.rpm eap7-jackson-modules-base-2.10.4-3.redhat_00002.1.el7eap.src.rpm eap7-jackson-modules-java8-2.10.4-1.redhat_00002.1.el7eap.src.rpm eap7-jasypt-1.9.3-1.redhat_00002.1.el7eap.src.rpm eap7-jboss-marshalling-2.0.10-1.Final_redhat_00001.1.el7eap.src.rpm eap7-jboss-remoting-5.0.19-1.Final_redhat_00001.1.el7eap.src.rpm eap7-jboss-server-migration-1.7.2-3.Final_redhat_00004.1.el7eap.src.rpm eap7-jboss-xnio-base-3.7.11-1.Final_redhat_00001.1.el7eap.src.rpm eap7-undertow-2.0.32-1.SP1_redhat_00001.1.el7eap.src.rpm eap7-wildfly-7.3.4-3.GA_redhat_00003.1.el7eap.src.rpm eap7-wildfly-elytron-1.10.9-1.Final_redhat_00001.1.el7eap.src.rpm eap7-wildfly-openssl-1.0.12-1.Final_redhat_00001.1.el7eap.src.rpm noarch: eap7-activemq-artemis-2.9.0-6.redhat_00016.1.el7eap.noarch.rpm eap7-activemq-artemis-cli-2.9.0-6.redhat_00016.1.el7eap.noarch.rpm eap7-activemq-artemis-commons-2.9.0-6.redhat_00016.1.el7eap.noarch.rpm eap7-activemq-artemis-core-client-2.9.0-6.redhat_00016.1.el7eap.noarch.rpm eap7-activemq-artemis-dto-2.9.0-6.redhat_00016.1.el7eap.noarch.rpm eap7-activemq-artemis-hornetq-protocol-2.9.0-6.redhat_00016.1.el7eap.noarch.rpm eap7-activemq-artemis-hqclient-protocol-2.9.0-6.redhat_00016.1.el7eap.noarch.rpm eap7-activemq-artemis-jdbc-store-2.9.0-6.redhat_00016.1.el7eap.noarch.rpm eap7-activemq-artemis-jms-client-2.9.0-6.redhat_00016.1.el7eap.noarch.rpm eap7-activemq-artemis-jms-server-2.9.0-6.redhat_00016.1.el7eap.noarch.rpm eap7-activemq-artemis-journal-2.9.0-6.redhat_00016.1.el7eap.noarch.rpm eap7-activemq-artemis-ra-2.9.0-6.redhat_00016.1.el7eap.noarch.rpm eap7-activemq-artemis-selector-2.9.0-6.redhat_00016.1.el7eap.noarch.rpm eap7-activemq-artemis-server-2.9.0-6.redhat_00016.1.el7eap.noarch.rpm eap7-activemq-artemis-service-extensions-2.9.0-6.redhat_00016.1.el7eap.noarch.rpm eap7-activemq-artemis-tools-2.9.0-6.redhat_00016.1.el7eap.noarch.rpm eap7-fge-btf-1.2.0-1.redhat_00007.1.el7eap.noarch.rpm eap7-fge-msg-simple-1.1.0-1.redhat_00007.1.el7eap.noarch.rpm eap7-hal-console-3.2.11-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-hibernate-validator-6.0.21-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-hibernate-validator-cdi-6.0.21-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-jackson-annotations-2.10.4-1.redhat_00002.1.el7eap.noarch.rpm eap7-jackson-core-2.10.4-1.redhat_00002.1.el7eap.noarch.rpm eap7-jackson-coreutils-1.6.0-1.redhat_00006.1.el7eap.noarch.rpm eap7-jackson-datatype-jdk8-2.10.4-1.redhat_00002.1.el7eap.noarch.rpm eap7-jackson-datatype-jsr310-2.10.4-1.redhat_00002.1.el7eap.noarch.rpm eap7-jackson-jaxrs-base-2.10.4-1.redhat_00002.1.el7eap.noarch.rpm eap7-jackson-jaxrs-json-provider-2.10.4-1.redhat_00002.1.el7eap.noarch.rpm eap7-jackson-module-jaxb-annotations-2.10.4-3.redhat_00002.1.el7eap.noarch.rpm eap7-jackson-modules-base-2.10.4-3.redhat_00002.1.el7eap.noarch.rpm eap7-jackson-modules-java8-2.10.4-1.redhat_00002.1.el7eap.noarch.rpm eap7-jasypt-1.9.3-1.redhat_00002.1.el7eap.noarch.rpm eap7-jboss-marshalling-2.0.10-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-jboss-marshalling-river-2.0.10-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-jboss-remoting-5.0.19-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-jboss-server-migration-1.7.2-3.Final_redhat_00004.1.el7eap.noarch.rpm eap7-jboss-server-migration-cli-1.7.2-3.Final_redhat_00004.1.el7eap.noarch.rpm eap7-jboss-server-migration-core-1.7.2-3.Final_redhat_00004.1.el7eap.noarch.rpm eap7-jboss-server-migration-eap6.4-1.7.2-3.Final_redhat_00004.1.el7eap.noarch.rpm eap7-jboss-server-migration-eap6.4-to-eap7.3-1.7.2-3.Final_redhat_00004.1.el7eap.noarch.rpm eap7-jboss-server-migration-eap7.0-1.7.2-3.Final_redhat_00004.1.el7eap.noarch.rpm eap7-jboss-server-migration-eap7.1-1.7.2-3.Final_redhat_00004.1.el7eap.noarch.rpm eap7-jboss-server-migration-eap7.2-1.7.2-3.Final_redhat_00004.1.el7eap.noarch.rpm eap7-jboss-server-migration-eap7.2-to-eap7.3-1.7.2-3.Final_redhat_00004.1.el7eap.noarch.rpm eap7-jboss-server-migration-eap7.3-server-1.7.2-3.Final_redhat_00004.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly10.0-1.7.2-3.Final_redhat_00004.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly10.1-1.7.2-3.Final_redhat_00004.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly11.0-1.7.2-3.Final_redhat_00004.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly12.0-1.7.2-3.Final_redhat_00004.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly13.0-server-1.7.2-3.Final_redhat_00004.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly14.0-server-1.7.2-3.Final_redhat_00004.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly15.0-server-1.7.2-3.Final_redhat_00004.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly16.0-server-1.7.2-3.Final_redhat_00004.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly17.0-server-1.7.2-3.Final_redhat_00004.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly18.0-server-1.7.2-3.Final_redhat_00004.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly8.2-1.7.2-3.Final_redhat_00004.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly9.0-1.7.2-3.Final_redhat_00004.1.el7eap.noarch.rpm eap7-jboss-xnio-base-3.7.11-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-undertow-2.0.32-1.SP1_redhat_00001.1.el7eap.noarch.rpm eap7-wildfly-7.3.4-3.GA_redhat_00003.1.el7eap.noarch.rpm eap7-wildfly-elytron-1.10.9-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-wildfly-elytron-tool-1.10.9-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-wildfly-java-jdk11-7.3.4-3.GA_redhat_00003.1.el7eap.noarch.rpm eap7-wildfly-java-jdk8-7.3.4-3.GA_redhat_00003.1.el7eap.noarch.rpm eap7-wildfly-javadocs-7.3.4-3.GA_redhat_00003.1.el7eap.noarch.rpm eap7-wildfly-modules-7.3.4-3.GA_redhat_00003.1.el7eap.noarch.rpm eap7-wildfly-openssl-1.0.12-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-wildfly-openssl-java-1.0.12-1.Final_redhat_00001.1.el7eap.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 8. References: https://access.redhat.com/security/cve/CVE-2020-25638 https://access.redhat.com/security/cve/CVE-2020-25644 https://access.redhat.com/security/cve/CVE-2020-25649 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/ https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/ 9. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBX8k7QNzjgjWX9erEAQhK7A/+IOJV35OidqP9oQFGzus6KCjRtJ+iSmXh rzF1OLuGs94b7nC2282ekb+QR2KRTyTPMvp3I8vpeJMU+KgGtQz+m+p074tN2A/7 sZI4unfo7Z4ybpTyqKz+sPirrn3Xa+0Io8ALO6kjSuQAGzUg3wLVoKw0VLJgW+gm O+1VbcaRo9jCkf59OU/YAfFueRCgUANGmiaMFAZV9Prm6ALRqvyCyXNgV9DGaoCW QxQqOKuQnUVjOBpaRFBs+x8OWYeHDP8XU05E/CmenQ5v8DODxVwuJp5tXAcC2aVH OjNoax4N6lOT0U+rKv5ZwOxgsNeDGb1Fw+vfQicRv2zYvXMKiiqPkoVah17HO3qK tSxcaf3ffJc/6ri2fVeibzapl53L48UlYbIH2yKn++zhX6qDPofQBmz2VouDNDLh ssGl2opBaE+eaGc8RBWvFaOpYKyJOuFx2N34zN61i1EzNu2bvmKrORjstIuJ50oJ Lms4S7JgAUUVS+6ZBTrZsNvKJs5nVTImKE76t7TOri6OGF8lHwqRS2I5cnyUg9ds JChJfxZG1hypzZwuJ5snSJyzXQu+ltOCCvvPTNi3krQa7sGScyTVUpb0W0TeNFLK F9BIiDSLmsnzayKl2b36DFC+VwLODsKMGwfXQrN6Duo82Zo+DAnGQg0B2I7TdARI zUwe01ZNYQE=+CZ1 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . You must restart the JBoss server process for the update to take effect. Solution: Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. The References section of this erratum contains a download link for the update. You must be logged in to download the update

Trust: 1.62

sources: NVD: CVE-2020-25649 // VULHUB: VHN-179648 // VULMON: CVE-2020-25649 // PACKETSTORM: 162696 // PACKETSTORM: 160348 // PACKETSTORM: 159759 // PACKETSTORM: 159973 // PACKETSTORM: 160349 // PACKETSTORM: 161766

AFFECTED PRODUCTS

vendor:	oracle	model:	insurance rules palette	scope:	lte	version:	11.3.0	Trust: 1.0
vendor:	oracle	model:	banking platform	scope:	eq	version:	2.7.1	Trust: 1.0
vendor:	oracle	model:	primavera gateway	scope:	gte	version:	17.7	Trust: 1.0
vendor:	fasterxml	model:	jackson-databind	scope:	lt	version:	2.10.5.1	Trust: 1.0
vendor:	apache	model:	iotdb	scope:	lt	version:	0.12.0	Trust: 1.0
vendor:	oracle	model:	communications unified inventory management	scope:	eq	version:	7.4.1	Trust: 1.0
vendor:	oracle	model:	banking platform	scope:	eq	version:	2.9.0	Trust: 1.0
vendor:	oracle	model:	insurance policy administration	scope:	eq	version:	11.0.2	Trust: 1.0
vendor:	fasterxml	model:	jackson-databind	scope:	lt	version:	2.9.10.7	Trust: 1.0
vendor:	oracle	model:	retail service backbone	scope:	eq	version:	14.1.3.2	Trust: 1.0
vendor:	oracle	model:	retail service backbone	scope:	eq	version:	15.0.3.1	Trust: 1.0
vendor:	oracle	model:	retail xstore point of service	scope:	eq	version:	16.0.6	Trust: 1.0
vendor:	oracle	model:	communications billing and revenue management	scope:	eq	version:	12.0.0.3.0	Trust: 1.0
vendor:	oracle	model:	webcenter portal	scope:	eq	version:	12.2.1.3.0	Trust: 1.0
vendor:	oracle	model:	webcenter portal	scope:	eq	version:	12.2.1.4.0	Trust: 1.0
vendor:	oracle	model:	communications evolved communications application server	scope:	eq	version:	7.1	Trust: 1.0
vendor:	oracle	model:	agile product lifecycle management integration pack	scope:	eq	version:	3.6	Trust: 1.0
vendor:	oracle	model:	primavera gateway	scope:	gte	version:	19.12.0	Trust: 1.0
vendor:	oracle	model:	jd edwards enterpriseone tools	scope:	lt	version:	9.2.5.3	Trust: 1.0
vendor:	oracle	model:	coherence	scope:	eq	version:	14.1.1.0.0	Trust: 1.0
vendor:	netapp	model:	oncommand workflow automation	scope:	eq	version:	-	Trust: 1.0
vendor:	oracle	model:	coherence	scope:	eq	version:	12.2.1.4.0	Trust: 1.0
vendor:	oracle	model:	blockchain platform	scope:	lt	version:	21.1.2	Trust: 1.0
vendor:	oracle	model:	communications interactive session recorder	scope:	eq	version:	6.4	Trust: 1.0
vendor:	oracle	model:	agile plm	scope:	eq	version:	9.3.6	Trust: 1.0
vendor:	oracle	model:	primavera gateway	scope:	gte	version:	17.12.0	Trust: 1.0
vendor:	oracle	model:	primavera gateway	scope:	eq	version:	20.12.0	Trust: 1.0
vendor:	oracle	model:	communications messaging server	scope:	eq	version:	8.0.2	Trust: 1.0
vendor:	fasterxml	model:	jackson-databind	scope:	lt	version:	2.6.7.4	Trust: 1.0
vendor:	oracle	model:	insurance rules palette	scope:	eq	version:	11.0.2	Trust: 1.0
vendor:	oracle	model:	banking platform	scope:	eq	version:	2.10.0	Trust: 1.0
vendor:	oracle	model:	commerce platform	scope:	lte	version:	11.3.2	Trust: 1.0
vendor:	netapp	model:	service level manager	scope:	eq	version:	-	Trust: 1.0
vendor:	oracle	model:	retail xstore point of service	scope:	eq	version:	18.0.3	Trust: 1.0
vendor:	oracle	model:	banking platform	scope:	eq	version:	2.6.2	Trust: 1.0
vendor:	oracle	model:	communications pricing design center	scope:	eq	version:	12.0.0.4.0	Trust: 1.0
vendor:	oracle	model:	banking apis	scope:	eq	version:	19.1	Trust: 1.0
vendor:	oracle	model:	utilities framework	scope:	eq	version:	4.4.0.0.0	Trust: 1.0
vendor:	oracle	model:	retail xstore point of service	scope:	eq	version:	20.0.1	Trust: 1.0
vendor:	fasterxml	model:	jackson-databind	scope:	gte	version:	2.9.0	Trust: 1.0
vendor:	netapp	model:	oncommand api services	scope:	eq	version:	-	Trust: 1.0
vendor:	oracle	model:	communications offline mediation controller	scope:	eq	version:	12.0.0.3	Trust: 1.0
vendor:	oracle	model:	banking apis	scope:	gte	version:	18.1	Trust: 1.0
vendor:	oracle	model:	health sciences empirica signal	scope:	eq	version:	9.0	Trust: 1.0
vendor:	oracle	model:	health sciences empirica signal	scope:	eq	version:	9.1	Trust: 1.0
vendor:	oracle	model:	retail xstore point of service	scope:	eq	version:	19.0.2	Trust: 1.0
vendor:	oracle	model:	jd edwards enterpriseone orchestrator	scope:	lt	version:	9.2.5.3	Trust: 1.0
vendor:	oracle	model:	insurance policy administration	scope:	gte	version:	11.1.0	Trust: 1.0
vendor:	oracle	model:	banking apis	scope:	lte	version:	18.3	Trust: 1.0
vendor:	oracle	model:	communications services gatekeeper	scope:	eq	version:	7.0	Trust: 1.0
vendor:	oracle	model:	primavera gateway	scope:	lte	version:	19.12.10	Trust: 1.0
vendor:	oracle	model:	retail xstore point of service	scope:	eq	version:	17.0.4	Trust: 1.0
vendor:	oracle	model:	banking platform	scope:	eq	version:	2.7.0	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	32	Trust: 1.0
vendor:	oracle	model:	banking apis	scope:	eq	version:	20.1	Trust: 1.0
vendor:	fasterxml	model:	jackson-databind	scope:	gte	version:	2.6.0	Trust: 1.0
vendor:	oracle	model:	banking treasury management	scope:	eq	version:	4.4	Trust: 1.0
vendor:	oracle	model:	commerce platform	scope:	gte	version:	11.3.0	Trust: 1.0
vendor:	fasterxml	model:	jackson-databind	scope:	gte	version:	2.10.0	Trust: 1.0
vendor:	oracle	model:	banking platform	scope:	eq	version:	2.8.0	Trust: 1.0
vendor:	oracle	model:	primavera gateway	scope:	lte	version:	17.12	Trust: 1.0
vendor:	oracle	model:	primavera gateway	scope:	lte	version:	17.12.11	Trust: 1.0
vendor:	oracle	model:	retail service backbone	scope:	eq	version:	16.0.3	Trust: 1.0
vendor:	oracle	model:	insurance policy administration	scope:	lte	version:	11.3.0	Trust: 1.0
vendor:	oracle	model:	utilities framework	scope:	eq	version:	4.4.0.2.0	Trust: 1.0
vendor:	oracle	model:	communications cloud native core unified data repository	scope:	eq	version:	1.4.0	Trust: 1.0
vendor:	oracle	model:	commerce platform	scope:	eq	version:	11.2.0	Trust: 1.0
vendor:	oracle	model:	utilities framework	scope:	eq	version:	4.3.0.5.0	Trust: 1.0
vendor:	oracle	model:	banking apis	scope:	eq	version:	19.2	Trust: 1.0
vendor:	oracle	model:	communications interactive session recorder	scope:	eq	version:	6.3	Trust: 1.0
vendor:	oracle	model:	banking apis	scope:	eq	version:	21.1	Trust: 1.0
vendor:	oracle	model:	communications convergent charging controller	scope:	eq	version:	12.0.4.0.0	Trust: 1.0
vendor:	oracle	model:	communications instant messaging server	scope:	eq	version:	10.0.1.5.0	Trust: 1.0
vendor:	oracle	model:	insurance rules palette	scope:	gte	version:	11.1.0	Trust: 1.0
vendor:	oracle	model:	communications network charging and control	scope:	eq	version:	12.0.4.0.0	Trust: 1.0
vendor:	oracle	model:	primavera gateway	scope:	lte	version:	18.8.11	Trust: 1.0
vendor:	oracle	model:	communications billing and revenue management	scope:	eq	version:	7.5.0.23.0	Trust: 1.0
vendor:	oracle	model:	primavera gateway	scope:	gte	version:	18.8.0	Trust: 1.0
vendor:	oracle	model:	utilities framework	scope:	eq	version:	4.4.0.3.0	Trust: 1.0
vendor:	oracle	model:	utilities framework	scope:	eq	version:	4.3.0.6.0	Trust: 1.0
vendor:	oracle	model:	sd-wan edge	scope:	eq	version:	9.0	Trust: 1.0
vendor:	oracle	model:	goldengate application adapters	scope:	eq	version:	19.1.0.0.0	Trust: 1.0
vendor:	quarkus	model:	quarkus	scope:	lte	version:	1.6.1	Trust: 1.0
vendor:	oracle	model:	communications messaging server	scope:	eq	version:	8.1	Trust: 1.0

sources: NVD: CVE-2020-25649

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-25649
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-202010-622
value:	HIGH
Trust: 0.6
VULHUB:	VHN-179648
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2020-25649
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-25649
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
VULHUB:	VHN-179648
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-25649
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0

sources: VULHUB: VHN-179648 // VULMON: CVE-2020-25649 // CNNVD: CNNVD-202010-622 // NVD: CVE-2020-25649

PROBLEMTYPE DATA

problemtype:

CWE-611

Trust: 1.1

sources: VULHUB: VHN-179648 // NVD: CVE-2020-25649

THREAT TYPE

remote

Trust: 0.9

sources: PACKETSTORM: 162696 // PACKETSTORM: 160348 // PACKETSTORM: 160349 // CNNVD: CNNVD-202010-622

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-202010-622

PATCH

title:	FasterXML Jackson Databind Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=130264	Trust: 0.6
title:	Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.3 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20204401 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat Data Grid 7.3.8 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20205410 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.3 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20204402 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat build of Eclipse Vert.x 3.9.4 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20204379 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: rh-maven35-jackson-databind security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20204312 - Security Advisory	Trust: 0.1
title:	Red Hat: Low: RHV-M(ovirt-engine) 4.4.z security, bug fix, enhancement update [ovirt-4.4.4]	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20210381 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.3.4 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20205341 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.3.4 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20205340 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.3.4 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20205342 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.3.4 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20205344 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat Single Sign-On 7.4.4 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20205533 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat build of Thorntail 2.7.2 security and bug fix update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20205361 - Security Advisory	Trust: 0.1
title:	IBM: Security Bulletin: IBM Network Performance Insight 1.3.1 was affected by vulnerability in jackson-databind (CVE-2020-25649)	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=5d8938176e857437de15675453ad2b9a	Trust: 0.1
title:	IBM: Security Bulletin: A vulnerability have been identified in FasterXML Jackson Databind shipped with IBM Tivoli Netcool/OMNIbus Transport Module Common Integration Library (CVE-2020-25649)	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=e73bd45b3af488f816a21700b2fd0ee8	Trust: 0.1
title:	IBM: Security Bulletin: IBM CloudPak foundational services (Events Operator) is affected by potential data integrity issue (CVE-2020-25649)	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=83af1574b941aa6afccbfb11a9d6dd60	Trust: 0.1
title:	IBM: Security Bulletin: Vulnerabilities in FasterXML Jackson Databind and Apache Xerces affect IBM Spectrum Protect Backup-Archive Client, IBM Spectrum Protect for Space Management, and IBM Spectrum Protect for Virtual Environments	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=0169ebe66d0191409c7149d7151593fb	Trust: 0.1
title:	Hitachi Security Advisories: Multiple Vulnerabilities in Hitachi Ops Center Analyzer viewpoint	url:	https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories&qid=hitachi-sec-2021-111	Trust: 0.1
title:	IBM: Security Bulletin: IBM Security Guardium is affected by a jackson-databind vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=d264422afa3e01b012ccac75b242e1cb	Trust: 0.1
title:	IBM: Security Bulletin: z/Transaction Processing Facility is affected by multiple vulnerabilities in the jackson-databind, jackson-dataformat-xml, jackson-core, slf4j-ext, and cxf-core packages	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=f974282a27702bae4111bf7716ee6cf6	Trust: 0.1
title:	IBM: Security Bulletin: Multiple vulnerabilities in Data-Binding for Jackson shipped with IBM Operations Analytics â€“ Log Analysis	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=1db4c8cb14383c63d0c04205c943ef8a	Trust: 0.1
title:	sbom-utility	url:	https://github.com/CycloneDX/sbom-utility	Trust: 0.1
title:	Apache JMeter	url:	https://github.com/mosaic-hgw/jMeter	Trust: 0.1
title:	-	url:	https://github.com/pctF/vulnerable-app	Trust: 0.1

sources: VULMON: CVE-2020-25649 // CNNVD: CNNVD-202010-622

EXTERNAL IDS

db:	NVD	id:	CVE-2020-25649	Trust: 2.4
db:	PACKETSTORM	id:	159973	Trust: 0.8
db:	PACKETSTORM	id:	162696	Trust: 0.8
db:	PACKETSTORM	id:	159759	Trust: 0.8
db:	PACKETSTORM	id:	161766	Trust: 0.8
db:	PACKETSTORM	id:	160346	Trust: 0.7
db:	PACKETSTORM	id:	162478	Trust: 0.7
db:	PACKETSTORM	id:	160489	Trust: 0.7
db:	PACKETSTORM	id:	163201	Trust: 0.7
db:	PACKETSTORM	id:	159680	Trust: 0.7
db:	PACKETSTORM	id:	161261	Trust: 0.7
db:	PACKETSTORM	id:	162240	Trust: 0.7
db:	PACKETSTORM	id:	160535	Trust: 0.7
db:	CNNVD	id:	CNNVD-202010-622	Trust: 0.7
db:	CS-HELP	id:	SB2021042112	Trust: 0.6
db:	CS-HELP	id:	SB2021110515	Trust: 0.6
db:	CS-HELP	id:	SB2022072094	Trust: 0.6
db:	CS-HELP	id:	SB2021072145	Trust: 0.6
db:	CS-HELP	id:	SB2022060909	Trust: 0.6
db:	CS-HELP	id:	SB2021051001	Trust: 0.6
db:	CS-HELP	id:	SB2022042284	Trust: 0.6
db:	CS-HELP	id:	SB2021042129	Trust: 0.6
db:	CS-HELP	id:	SB2021072780	Trust: 0.6
db:	CS-HELP	id:	SB2021042314	Trust: 0.6
db:	CS-HELP	id:	SB2021042551	Trust: 0.6
db:	CS-HELP	id:	SB2021101932	Trust: 0.6
db:	CS-HELP	id:	SB2021062145	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.2185	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.0334	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.4451	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.0379	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.3705	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.3943	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.1323	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.3537	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.1397	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.3446	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.3652	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.1558	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.0883	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.1759	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.4405	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.2558	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.4286	Trust: 0.6
db:	PACKETSTORM	id:	160349	Trust: 0.2
db:	PACKETSTORM	id:	160348	Trust: 0.2
db:	PACKETSTORM	id:	163205	Trust: 0.1
db:	PACKETSTORM	id:	160347	Trust: 0.1
db:	PACKETSTORM	id:	159767	Trust: 0.1
db:	PACKETSTORM	id:	160554	Trust: 0.1
db:	VULHUB	id:	VHN-179648	Trust: 0.1
db:	VULMON	id:	CVE-2020-25649	Trust: 0.1

sources: VULHUB: VHN-179648 // VULMON: CVE-2020-25649 // PACKETSTORM: 162696 // PACKETSTORM: 160348 // PACKETSTORM: 159759 // PACKETSTORM: 159973 // PACKETSTORM: 160349 // PACKETSTORM: 161766 // CNNVD: CNNVD-202010-622 // NVD: CVE-2020-25649

REFERENCES

url:	https://www.oracle.com/security-alerts/cpuapr2021.html	Trust: 2.3
url:	https://www.oracle.com/security-alerts/cpuapr2022.html	Trust: 2.3
url:	https://www.oracle.com/security-alerts/cpuoct2021.html	Trust: 2.3
url:	https://security.netapp.com/advisory/ntap-20210108-0007/	Trust: 1.7
url:	https://bugzilla.redhat.com/show_bug.cgi?id=1887664	Trust: 1.7
url:	https://github.com/fasterxml/jackson-databind/issues/2589	Trust: 1.7
url:	https://www.oracle.com//security-alerts/cpujul2021.html	Trust: 1.7
url:	https://www.oracle.com/security-alerts/cpujan2022.html	Trust: 1.7
url:	https://www.oracle.com/security-alerts/cpujul2022.html	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-25649	Trust: 1.2
url:	https://lists.apache.org/thread.html/raf13235de6df1d47a717199e1ecd700dff3236632f5c9a1488d9845b%40%3cjira.kafka.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/r6cbd599b80e787f02ff7a1391d9278a03f37d6a6f4f943f0f01a62fb%40%3creviews.iotdb.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/r90d1e97b0a743cf697d89a792a9b669909cc5a1692d1e0083a22e66c%40%3cissues.zookeeper.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/rf1809a1374041a969d77afab21fc38925de066bc97e86157d3ac3402%40%3ccommits.karaf.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/r605764e05e201db33b3e9c2e66ff620658f07ad74f296abe483f7042%40%3creviews.iotdb.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/rc959cdb57c4fe198316130ff4a5ecbf9d680e356032ff2e9f4f05d54%40%3cjira.kafka.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/r024b7bda9c43c5560d81238748775c5ecfe01b57280f90df1f773949%40%3cissues.hive.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/r6b11eca1d646f45eb0d35d174e6b1e47cfae5295b92000856bfb6304%40%3cdev.kafka.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/r6e3d4f7991542119a4ca6330271d7fbf7b9fb3abab24ada82ddf1ee4%40%3cnotifications.zookeeper.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/r6a6df5647583541e3cb71c75141008802f7025cee1c430d4ed78f4cc%40%3cissues.hive.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/r7cb5b4b3e4bd41a8042e5725b7285877a17bcbf07f4eb3f7b316af60%40%3creviews.iotdb.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/r8764bb835bcb8e311c882ff91dd3949c9824e905e880930be56f6ba3%40%3cuser.spark.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/rb674520b9f6c808c1bf263b1369e14048ec3243615f35cfd24e33604%40%3cissues.zookeeper.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/r5f8a1608d758936bd6bbc5eed980777437b611537bf6fff40663fc71%40%3cjira.kafka.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/r98bfe3b90ea9408f12c4b447edcb5638703d80bc782430aa0c210a54%40%3cissues.zookeeper.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/rc15e90bbef196a5c6c01659e015249d6c9a73581ca9afb8aeecf00d2%40%3cjira.kafka.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/r765283e145049df9b8998f14dcd444345555aae02b1610cfb3188bf8%40%3cnotifications.iotdb.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/r2882fc1f3032cd7be66e28787f04ec6f1874ac68d47e310e30ff7eb1%40%3cjira.kafka.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/r2f5c5479f99398ef344b7ebd4d90bc3316236c45d0f3bc42090efcd7%40%3cissues.hive.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/r73bef1bb601a9f093f915f8075eb49fcca51efade57b817afd5def07%40%3ccommits.iotdb.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/r63c87aab97155f3f3cbe11d030c4a184ea0de440ee714977db02e956%40%3cjira.kafka.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/r04529cedaca40c2ff90af4880493f9c88a8ebf4d1d6c861d23108a5a%40%3cnotifications.zookeeper.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/r2b6ddb3a4f4cd11d8f6305011e1b7438ba813511f2e3ab3180c7ffda%40%3ccommits.druid.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/rd6f6bf848c2d47fa4a85c27d011d948778b8f7e58ba495968435a0b3%40%3cissues.zookeeper.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/r0b8dc3acd4503e4ecb6fbd6ea7d95f59941168d8452ac0ab1d1d96bb%40%3cissues.zookeeper.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/rdca8711bb7aa5d47a44682606cd0ea3497e2e922f22b7ee83e81e6c1%40%3cissues.hive.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/r45e7350dfc92bb192f3f88e9971c11ab2be0953cc375be3dda5170bd%40%3cissues.flink.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3cdev.kafka.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/rd317f15a675d114dbf5b488d27eeb2467b4424356b16116eb18a652d%40%3cjira.kafka.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/re96dc7a13e13e56190a5d80f9e5440a0d0c83aeec6467b562fbf2dca%40%3cjira.kafka.apache.org%3e	Trust: 1.0
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6x2ut4x6m7dlqyboohmxbwgyj65rl2ct/	Trust: 1.0
url:	https://lists.apache.org/thread.html/r1b7ed0c4b6c4301d4dfd6fdbc5581b0a789d3240cab55d766f33c6c6%40%3cjira.kafka.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/r78d53a0a269c18394daf5940105dc8c7f9a2399503c2e78be20abe7e%40%3cjira.kafka.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/r8937a7160717fe8b2221767163c4de4f65bc5466405cb1c5310f9080%40%3cusers.kafka.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3cusers.kafka.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/r31f4ee7d561d56a0c2c2c6eb1d6ce3e05917ff9654fdbfec05dc2b83%40%3ccommits.servicecomb.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/r8937a7160717fe8b2221767163c4de4f65bc5466405cb1c5310f9080%40%3cdev.kafka.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/r6b11eca1d646f45eb0d35d174e6b1e47cfae5295b92000856bfb6304%40%3cusers.kafka.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/rd57c7582adc90e233f23f3727db3df9115b27a823b92374f11453f34%40%3cissues.hive.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/r3e6ae311842de4e64c5d560a475b7f9cc7e0a9a8649363c6cf7537eb%40%3ccommits.karaf.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3cusers.kafka.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/r5b130fe668503c4b7e2caf1b16f86b7f2070fd1b7ef8f26195a2ffbd%40%3cissues.hive.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/r91722ecfba688b0c565675f8bf380269fde8ec62b54d6161db544c22%40%3ccommits.karaf.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/r68d029ee74ab0f3b0569d0c05f5688cb45dd3abe96a6534735252805%40%3cnotifications.zookeeper.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/r011d1430e8f40dff9550c3bc5d0f48b14c01ba8aecabd91d5e495386%40%3ccommits.turbine.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/r94c7e86e546120f157264ba5ba61fd29b3a8d530ed325a9b4fa334d7%40%3ccommits.zookeeper.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/ra95faf968f3463acb3f31a6fbec31453fc5045325f99f396961886d3%40%3cissues.flink.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/r0881e23bd9034c8f51fdccdc8f4d085ba985dcd738f8520569ca5c3d%40%3cissues.hive.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/ra1157e57a01d25e36b0dc17959ace758fc21ba36746de29ba1d8b130%40%3cjira.kafka.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/ra409f798a1e5a6652b7097429b388650ccd65fd958cee0b6f69bba00%40%3cissues.hive.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/r6a4f3ef6edfed2e0884269d84798f766779bbbc1005f7884e0800d61%40%3cdev.knox.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/r900d4408c4189b376d1ec580ea7740ea6f8710dc2f0b7e9c9eeb5ae0%40%3cdev.zookeeper.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/rc88f2fa2b7bd6443921727aeee7704a1fb02433e722e2abf677e0d3d%40%3ccommits.zookeeper.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/re16f81d3ad49a93dd2f0cba9f8fc88e5fb89f30bf9a2ad7b6f3e69c1%40%3ccommits.karaf.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/r2eb66c182853c69ecfb52f63d3dec09495e9b65be829fd889a081ae1%40%3cdev.hive.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/r86c78bf7656fdb2dab69cbf17f3d7492300f771025f1a3a65d5e5ce5%40%3ccommits.zookeeper.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/r8ae961c80930e2717c75025414ce48a432cea1137c02f648b1fb9524%40%3cissues.hive.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3cdev.kafka.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/rc82ff47853289e9cd17f5cfbb053c04cafc75ee32e3d7223963f83bb%40%3cdev.knox.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/r407538adec3185dd35a05c9a26ae2f74425b15132470cf540f41d85b%40%3cissues.hive.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/r95a297eb5fd1f2d3a2281f15340e2413f952e9d5503296c3adc7201a%40%3ccommits.tomee.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/rdf9a34726482222c90d50ae1b9847881de67dde8cfde4999633d2cdc%40%3ccommits.zookeeper.apache.org%3e	Trust: 1.0
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6x2ut4x6m7dlqyboohmxbwgyj65rl2ct/	Trust: 0.7
url:	https://lists.apache.org/thread.html/r31f4ee7d561d56a0c2c2c6eb1d6ce3e05917ff9654fdbfec05dc2b83@%3ccommits.servicecomb.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/r2b6ddb3a4f4cd11d8f6305011e1b7438ba813511f2e3ab3180c7ffda@%3ccommits.druid.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/ra95faf968f3463acb3f31a6fbec31453fc5045325f99f396961886d3@%3cissues.flink.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/r45e7350dfc92bb192f3f88e9971c11ab2be0953cc375be3dda5170bd@%3cissues.flink.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/r2eb66c182853c69ecfb52f63d3dec09495e9b65be829fd889a081ae1@%3cdev.hive.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/r0881e23bd9034c8f51fdccdc8f4d085ba985dcd738f8520569ca5c3d@%3cissues.hive.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/r5b130fe668503c4b7e2caf1b16f86b7f2070fd1b7ef8f26195a2ffbd@%3cissues.hive.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/rd57c7582adc90e233f23f3727db3df9115b27a823b92374f11453f34@%3cissues.hive.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/r407538adec3185dd35a05c9a26ae2f74425b15132470cf540f41d85b@%3cissues.hive.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/r2f5c5479f99398ef344b7ebd4d90bc3316236c45d0f3bc42090efcd7@%3cissues.hive.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/ra409f798a1e5a6652b7097429b388650ccd65fd958cee0b6f69bba00@%3cissues.hive.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/rdca8711bb7aa5d47a44682606cd0ea3497e2e922f22b7ee83e81e6c1@%3cissues.hive.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/r8ae961c80930e2717c75025414ce48a432cea1137c02f648b1fb9524@%3cissues.hive.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/r6a6df5647583541e3cb71c75141008802f7025cee1c430d4ed78f4cc@%3cissues.hive.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/r024b7bda9c43c5560d81238748775c5ecfe01b57280f90df1f773949@%3cissues.hive.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/r73bef1bb601a9f093f915f8075eb49fcca51efade57b817afd5def07@%3ccommits.iotdb.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/r765283e145049df9b8998f14dcd444345555aae02b1610cfb3188bf8@%3cnotifications.iotdb.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/r7cb5b4b3e4bd41a8042e5725b7285877a17bcbf07f4eb3f7b316af60@%3creviews.iotdb.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/r605764e05e201db33b3e9c2e66ff620658f07ad74f296abe483f7042@%3creviews.iotdb.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/r6cbd599b80e787f02ff7a1391d9278a03f37d6a6f4f943f0f01a62fb@%3creviews.iotdb.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/r6b11eca1d646f45eb0d35d174e6b1e47cfae5295b92000856bfb6304@%3cdev.kafka.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/r8937a7160717fe8b2221767163c4de4f65bc5466405cb1c5310f9080@%3cdev.kafka.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3cdev.kafka.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3cdev.kafka.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/ra1157e57a01d25e36b0dc17959ace758fc21ba36746de29ba1d8b130@%3cjira.kafka.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/r2882fc1f3032cd7be66e28787f04ec6f1874ac68d47e310e30ff7eb1@%3cjira.kafka.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/re96dc7a13e13e56190a5d80f9e5440a0d0c83aeec6467b562fbf2dca@%3cjira.kafka.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/rd317f15a675d114dbf5b488d27eeb2467b4424356b16116eb18a652d@%3cjira.kafka.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/r1b7ed0c4b6c4301d4dfd6fdbc5581b0a789d3240cab55d766f33c6c6@%3cjira.kafka.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/rc959cdb57c4fe198316130ff4a5ecbf9d680e356032ff2e9f4f05d54@%3cjira.kafka.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/r63c87aab97155f3f3cbe11d030c4a184ea0de440ee714977db02e956@%3cjira.kafka.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/rc15e90bbef196a5c6c01659e015249d6c9a73581ca9afb8aeecf00d2@%3cjira.kafka.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/raf13235de6df1d47a717199e1ecd700dff3236632f5c9a1488d9845b@%3cjira.kafka.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/r78d53a0a269c18394daf5940105dc8c7f9a2399503c2e78be20abe7e@%3cjira.kafka.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/r5f8a1608d758936bd6bbc5eed980777437b611537bf6fff40663fc71@%3cjira.kafka.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/r6b11eca1d646f45eb0d35d174e6b1e47cfae5295b92000856bfb6304@%3cusers.kafka.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/r8937a7160717fe8b2221767163c4de4f65bc5466405cb1c5310f9080@%3cusers.kafka.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3cusers.kafka.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3cusers.kafka.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/rf1809a1374041a969d77afab21fc38925de066bc97e86157d3ac3402@%3ccommits.karaf.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/r3e6ae311842de4e64c5d560a475b7f9cc7e0a9a8649363c6cf7537eb@%3ccommits.karaf.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/re16f81d3ad49a93dd2f0cba9f8fc88e5fb89f30bf9a2ad7b6f3e69c1@%3ccommits.karaf.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/r91722ecfba688b0c565675f8bf380269fde8ec62b54d6161db544c22@%3ccommits.karaf.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/rc82ff47853289e9cd17f5cfbb053c04cafc75ee32e3d7223963f83bb@%3cdev.knox.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/r6a4f3ef6edfed2e0884269d84798f766779bbbc1005f7884e0800d61@%3cdev.knox.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/r8764bb835bcb8e311c882ff91dd3949c9824e905e880930be56f6ba3@%3cuser.spark.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/r95a297eb5fd1f2d3a2281f15340e2413f952e9d5503296c3adc7201a@%3ccommits.tomee.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/r011d1430e8f40dff9550c3bc5d0f48b14c01ba8aecabd91d5e495386@%3ccommits.turbine.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/rdf9a34726482222c90d50ae1b9847881de67dde8cfde4999633d2cdc@%3ccommits.zookeeper.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/rc88f2fa2b7bd6443921727aeee7704a1fb02433e722e2abf677e0d3d@%3ccommits.zookeeper.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/r94c7e86e546120f157264ba5ba61fd29b3a8d530ed325a9b4fa334d7@%3ccommits.zookeeper.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/r86c78bf7656fdb2dab69cbf17f3d7492300f771025f1a3a65d5e5ce5@%3ccommits.zookeeper.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/r900d4408c4189b376d1ec580ea7740ea6f8710dc2f0b7e9c9eeb5ae0@%3cdev.zookeeper.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/r98bfe3b90ea9408f12c4b447edcb5638703d80bc782430aa0c210a54@%3cissues.zookeeper.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/r90d1e97b0a743cf697d89a792a9b669909cc5a1692d1e0083a22e66c@%3cissues.zookeeper.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/r0b8dc3acd4503e4ecb6fbd6ea7d95f59941168d8452ac0ab1d1d96bb@%3cissues.zookeeper.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/rd6f6bf848c2d47fa4a85c27d011d948778b8f7e58ba495968435a0b3@%3cissues.zookeeper.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/rb674520b9f6c808c1bf263b1369e14048ec3243615f35cfd24e33604@%3cissues.zookeeper.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/r68d029ee74ab0f3b0569d0c05f5688cb45dd3abe96a6534735252805@%3cnotifications.zookeeper.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/r6e3d4f7991542119a4ca6330271d7fbf7b9fb3abab24ada82ddf1ee4@%3cnotifications.zookeeper.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/r04529cedaca40c2ff90af4880493f9c88a8ebf4d1d6c861d23108a5a@%3cnotifications.zookeeper.apache.org%3e	Trust: 0.7
url:	https://bugzilla.redhat.com/):	Trust: 0.6
url:	https://access.redhat.com/security/team/contact/	Trust: 0.6
url:	https://access.redhat.com/security/cve/cve-2020-25649	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.3943/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloudpak-foundational-services-events-operator-is-affected-by-potential-data-integrity-issue-cve-2020-25649/	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021072780	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021051001	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.3705/	Trust: 0.6
url:	https://packetstormsecurity.com/files/161766/red-hat-security-advisory-2021-0811-01.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/160346/red-hat-security-advisory-2020-5344-01.html	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021072145	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021062145	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.2185	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.0883	Trust: 0.6
url:	https://packetstormsecurity.com/files/162240/red-hat-security-advisory-2021-1260-01.html	Trust: 0.6
url:	https://www.oracle.com/security-alerts/cpujul2021.html	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-jackson-databind-vulnerability-6/	Trust: 0.6
url:	https://packetstormsecurity.com/files/160489/red-hat-security-advisory-2020-5410-01.html	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-potential-vulnerability-with-fasterxml-jackson-databind-3/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.3652/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-jackson-databind-library-shipped-with-ibm-global-mailbox-cve-2020-25649/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-ibm-disconnected-log-collector-is-vulnerable-to-using-components-with-known-vulnerabilities/	Trust: 0.6
url:	https://packetstormsecurity.com/files/162478/red-hat-security-advisory-2021-1429-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.0334/	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/6486051	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-ibm-event-streams-is-affected-by-potential-data-integrity-issue-cve-2020-25649/	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021110515	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.4451/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-fasterxml-jackson-databind-vulnerability-impacting-aspera-high-speed-transfer-server-aspera-high-speed-transfer-endpoint-aspera-desktop-client-4-0-and-earlier-cve-2020-25649/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.3446	Trust: 0.6
url:	https://vigilance.fr/vulnerability/fasterxml-jackson-databind-external-xml-entity-injection-33573	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.3537/	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022060909	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022042284	Trust: 0.6
url:	https://packetstormsecurity.com/files/161261/red-hat-security-advisory-2021-0381-01.html	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-is-vulnerable-to-using-components-with-known-vulnerabilities-9/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.0379/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.2558	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/6455267	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022072094	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-jackson-databind-affects-cloud-pak-system-cve-2020-25649/	Trust: 0.6
url:	https://packetstormsecurity.com/files/162696/red-hat-security-advisory-2021-2039-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.4286/	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021101932	Trust: 0.6
url:	https://packetstormsecurity.com/files/159680/red-hat-security-advisory-2020-4312-01.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/160535/red-hat-security-advisory-2020-5533-01.html	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-fasterxml-jackson-libraries-affect-ibm-cram-social-program-management-cve-2020-25649/	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021042314	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.1397	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/6525182	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-jackson-databind-vulnerability-8/	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021042551	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021042112	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/6461951	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-have-been-identified-in-fasterxml-jackson-databind-shipped-with-ibm-tivoli-netcool-omnibus-transport-module-common-integration-library-cve-2020-25649/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-ibm-network-performance-insight-1-3-1-was-affected-by-vulnerability-in-jackson-databind-cve-2020-25649/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.1558	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.1759	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/6528214	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-jackson-databind-affects-ibm-sterling-b2b-integrator/	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021042129	Trust: 0.6
url:	https://packetstormsecurity.com/files/159759/red-hat-security-advisory-2020-4402-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.4405/	Trust: 0.6
url:	http-jackson-databind-openssl-and-node-js-affect-ibm-spectrum-control/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-xstream-apache-	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-jackson-databind-affect-ibm-spectrum-symphony/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.1323	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-ibm-cloud-pak-for-data-affected-by-vulnerability-in-fasterxml-jackson-databind-9/	Trust: 0.6
url:	https://packetstormsecurity.com/files/163201/red-hat-security-advisory-2021-2475-01.html	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-jackson-databind-vulnerability-7/	Trust: 0.6
url:	https://packetstormsecurity.com/files/159973/red-hat-security-advisory-2020-4379-01.html	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-node-js-and-fasterxml-jackson-databind-affect-ibm-spectrum-protect-plus/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-ibm-planning-analytics-workspace-is-affected-by-security-vulnerabilities-6/	Trust: 0.6
url:	https://access.redhat.com/articles/11258	Trust: 0.4
url:	https://www.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.4
url:	https://access.redhat.com/security/updates/classification/#important	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2020-25638	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2020-25638	Trust: 0.3
url:	https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/	Trust: 0.3
url:	https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/	Trust: 0.3
url:	https://listman.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.2
url:	https://issues.jboss.org/):	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-25644	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-25644	Trust: 0.2
url:	https://access.redhat.com/security/team/key/	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-14040	Trust: 0.1
url:	https://access.redhat.com/security/updates/classification/#moderate	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-14040	Trust: 0.1
url:	https://catalog.redhat.com/software/operators/detail/5ef2818e7dc79430ca5f4fd2	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:2039	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2020:5341	Trust: 0.1
url:	https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=appplatform&downloadtype=securitypatches&version=7.3	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2020:4402	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2020:4379	Trust: 0.1
url:	https://access.redhat.com/documentation/en-us/red_hat_build_of_eclipse_vert.x/3.9/html/release_notes_for_eclipse_vert.x_3.9/index	Trust: 0.1
url:	https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions&product\xcatrhoar.eclipse.vertx&version=3.9.4	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2020:5342	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-13956	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-13956	Trust: 0.1
url:	https://access.redhat.com/security/updates/classification/#low	Trust: 0.1
url:	https://access.redhat.com/documentation/en-us/red_hat_integration/2021.q1/html-single/release_notes_for_red_hat_integration_2021.q1	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:0811	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-13946	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-13946	Trust: 0.1

sources: VULHUB: VHN-179648 // PACKETSTORM: 162696 // PACKETSTORM: 160348 // PACKETSTORM: 159759 // PACKETSTORM: 159973 // PACKETSTORM: 160349 // PACKETSTORM: 161766 // CNNVD: CNNVD-202010-622 // NVD: CVE-2020-25649

CREDITS

Red Hat

Trust: 1.2

sources: PACKETSTORM: 162696 // PACKETSTORM: 160348 // PACKETSTORM: 159759 // PACKETSTORM: 159973 // PACKETSTORM: 160349 // PACKETSTORM: 161766 // CNNVD: CNNVD-202010-622

SOURCES

db:	VULHUB	id:	VHN-179648
db:	VULMON	id:	CVE-2020-25649
db:	PACKETSTORM	id:	162696
db:	PACKETSTORM	id:	160348
db:	PACKETSTORM	id:	159759
db:	PACKETSTORM	id:	159973
db:	PACKETSTORM	id:	160349
db:	PACKETSTORM	id:	161766
db:	CNNVD	id:	CNNVD-202010-622
db:	NVD	id:	CVE-2020-25649

LAST UPDATE DATE

2025-11-28T21:56:56.484000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-179648	date:	2023-02-02T00:00:00
db:	VULMON	id:	CVE-2020-25649	date:	2023-11-07T00:00:00
db:	CNNVD	id:	CNNVD-202010-622	date:	2022-07-26T00:00:00
db:	NVD	id:	CVE-2020-25649	date:	2024-11-21T05:18:20.343

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-179648	date:	2020-12-03T00:00:00
db:	VULMON	id:	CVE-2020-25649	date:	2020-12-03T00:00:00
db:	PACKETSTORM	id:	162696	date:	2021-05-19T14:19:36
db:	PACKETSTORM	id:	160348	date:	2020-12-03T20:27:29
db:	PACKETSTORM	id:	159759	date:	2020-10-29T14:19:38
db:	PACKETSTORM	id:	159973	date:	2020-11-09T19:20:13
db:	PACKETSTORM	id:	160349	date:	2020-12-03T20:27:59
db:	PACKETSTORM	id:	161766	date:	2021-03-12T16:16:35
db:	CNNVD	id:	CNNVD-202010-622	date:	2020-10-14T00:00:00
db:	NVD	id:	CVE-2020-25649	date:	2020-12-03T17:15:12.503