fasterxml jackson-databind CVE-2020-25649 vulnerability in FasterXML and Other Products
Published on December 3, 2020

product logo product logo product logo product logo product logo product logo
A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.

Vendor Advisory NVD

Weakness Type

What is a XXE Vulnerability?

The software processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

CVE-2020-25649 has been classified to as a XXE vulnerability or weakness.


Products Associated with CVE-2020-25649

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2020-25649 are published in these products:

FasterXML Jackson Databind
 
NetApp Oncommand Api Services
 
NetApp Oncommand Workflow Automation
 
NetApp Service Level Manager
 
Fedora Project Fedora
 
Quarkus
 
Apache Iotdb
 
Oracle Banking Platform
 
Oracle Banking Treasury Management
 
Oracle Coherence
 
Oracle Commerce Platform
 
Oracle Communications Billing Revenue Management
 
Oracle Communications Cloud Native Core Unified Data Repository
 
Oracle Communications Convergent Charging Controller
 
Oracle Communications Evolved Communications Application Server
 
Oracle Communications Interactive Session Recorder
 
Oracle Communications Network Charging Control
 
Oracle Communications Services Gatekeeper
 
Oracle Communications Unified Inventory Management
 
Oracle Goldengate Application Adapters
 
Oracle Health Sciences Empirica Signal
 
Oracle Insurance Policy Administration
 
Oracle Insurance Rules Palette
 
Oracle Jd Edwards Enterpriseone Orchestrator
 
Oracle Jd Edwards Enterpriseone Tools
 
Oracle Primavera Gateway
 
Oracle Retail Service Backbone
 
Oracle Retail Xstore Point Of Service
 
Oracle Sd Wan Edge
 
Oracle Utilities Framework
 
Oracle Communications Messaging Server
 
Oracle Agile Product Lifecycle Management Integration Pack
 
Oracle Banking Apis
 
Oracle Communications Instant Messaging Server
 
Oracle Communications Offline Mediation Controller
 
Oracle Communications Pricing Design Center
 
Oracle Webcenter Portal
 
Oracle Blockchain Platform
 
Oracle Agile Plm
 
Oracle
 

Exploit Probability

EPSS
0.02%
Percentile
4.18%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.