fasterxml jackson-databind CVE-2019-16942 vulnerability in FasterXML and Other Products
Published on October 1, 2019

product logo product logo product logo product logo product logo product logo
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.

Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory NVD


Products Associated with CVE-2019-16942

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2019-16942 are published in these products:

FasterXML Jackson Databind
 
NetApp Active Iq Unified Manager
 
NetApp Oncommand Api Services
 
NetApp Oncommand Workflow Automation
 
NetApp Service Level Manager
 
NetApp Steelstore Cloud Integrated Storage
 
Oracle Banking Platform
 
Oracle Database Server
 
Oracle Jd Edwards Enterpriseone Tools
 
Oracle Primavera Unifier
 
Oracle Siebel Ui Framework
 
Oracle Webcenter Portal
 
Oracle Webcenter Sites
 
Oracle Weblogic Server
 
Debian Linux
 
Fedora Project Fedora
 
Oracle Communications Billing Revenue Management
 
Oracle Communications Calendar Server
 
Oracle Jd Edwards Enterpriseone Orchestrator
 
Oracle Siebel Engineering Installer Deployment
 
Oracle Retail Sales Audit
 
Oracle Retail Merchandising System
 
Oracle Global Lifecycle Management Nextgen Oui Framework
 
Oracle Primavera Gateway
 
Oracle Communications Evolved Communications Application Server
 
Oracle Goldengate Application Adapters
 
Oracle Communications Cloud Native Core Network Slice Selection Function
 

Exploit Probability

EPSS
0.42%
Percentile
61.18%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.