CVE-2018-7489 vulnerability in FasterXML and Other Products
Published on February 26, 2018

FasterXML jackson-databind before 2.7.9.3, 2.8.x before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the c3p0 libraries are available in the classpath.

Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory NVD

Products Associated with CVE-2018-7489

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2018-7489 are published in these products:

FasterXML Jackson Databind

Oracle Communications Billing Revenue Management

Oracle Communications Instant Messaging Server

Red Hat Jboss Enterprise Application Platform

Debian Linux

Exploit Probability

EPSS

36.21%

Percentile

97.00%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2018-7489 vulnerability in FasterXML and Other ProductsPublished on February 26, 2018

Products Associated with CVE-2018-7489

Exploit Probability

CVE-2018-7489 vulnerability in FasterXML and Other Products
Published on February 26, 2018