CVE-2018-14720 vulnerability in FasterXML and Other Products
Published on January 2, 2019

FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity (XXE) attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization.

Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory NVD

Products Associated with CVE-2018-14720

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2018-14720 are published in these products:

FasterXML Jackson Databind

Oracle Banking Platform

Oracle Communications Billing Revenue Management

Oracle Enterprise Manager Virtualization

Oracle Financial Services Analytical Applications Infrastructure

Oracle Jdeveloper

Oracle Primavera Unifier

Oracle Retail Merchandising System

Oracle Webcenter Portal

Red Hat Jboss Enterprise Application Platform

Red Hat Openshift Container Platform

Debian Linux

Exploit Probability

EPSS

2.52%

Percentile

85.13%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2018-14720 vulnerability in FasterXML and Other ProductsPublished on January 2, 2019

Products Associated with CVE-2018-14720

Exploit Probability

CVE-2018-14720 vulnerability in FasterXML and Other Products
Published on January 2, 2019