CVE-2018-12022 vulnerability in FasterXML and Other Products
Published on March 21, 2019

An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Jodd-db jar (for database access for the Jodd framework) in the classpath, and an attacker can provide an LDAP service to access, it is possible to make the service execute a malicious payload.

Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory NVD

Products Associated with CVE-2018-12022

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2018-12022 are published in these products:

FasterXML Jackson Databind

Oracle Jd Edwards Enterpriseone Tools

Oracle Retail Merchandising System

Red Hat Automation Manager

Red Hat Decision Manager

Red Hat Jboss Brms

Red Hat Jboss Enterprise Application Platform

Red Hat Openshift Container Platform

Red Hat Single Sign On

Debian Linux

Fedora Project Fedora

Exploit Probability

EPSS

3.04%

Percentile

86.51%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2018-12022 vulnerability in FasterXML and Other ProductsPublished on March 21, 2019

Products Associated with CVE-2018-12022

Exploit Probability

CVE-2018-12022 vulnerability in FasterXML and Other Products
Published on March 21, 2019