What is CVE-2018-19360?

CVE-2018-19360 is a vulnerability in FasterXML jackson-databind 2.x before 2.9.8 that might allow attackers to have an unspecified impact.

What is the severity of CVE-2018-19360?

The severity of CVE-2018-19360 is high with a severity score of 5.3.

How can I fix CVE-2018-19360?

To fix CVE-2018-19360, update FasterXML jackson-databind to version 2.9.8 or later.

Where can I find more information about CVE-2018-19360?

You can find more information about CVE-2018-19360 on the following references: [link1], [link2], [link3].

Vulnerability/
CVE-2018-19360

critical

9.8

CWE

502

2/1/2019

12/1/2021

CVE-2018-19360

Q: How does CVE-2018-19360 work?

CVE-2018-19360 leverages the failure to block the axis2-transport-jms class from polymorphic deserialization.

First published: Wed Jan 02 2019(Updated: )

An unspecified error with failure to block the axis2-transport-jms class from polymorphic deserialization in FasterXML jackson-databind has an unknown impact and attack vector.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
FasterXML jackson-databind	>=2.6.0<=2.6.7.2
FasterXML jackson-databind	>=2.7.0<2.7.9.5
FasterXML jackson-databind	>=2.8.0<2.8.11.3
FasterXML jackson-databind	>=2.9.0<2.9.8
Debian Debian Linux	=8.0
Oracle Business Process Management Suite	=12.1.3.0.0
Oracle Business Process Management Suite	=12.2.1.3.0
Oracle Primavera P6 Enterprise Project Portfolio Management	>=17.7<=17.12
Oracle Primavera P6 Enterprise Project Portfolio Management	=15.1
Oracle Primavera P6 Enterprise Project Portfolio Management	=15.2
Oracle Primavera P6 Enterprise Project Portfolio Management	=16.1
Oracle Primavera P6 Enterprise Project Portfolio Management	=16.2
Oracle Primavera P6 Enterprise Project Portfolio Management	=18.8
Oracle Primavera Unifier	>=17.7<=17.12
Oracle Primavera Unifier	=16.1
Oracle Primavera Unifier	=16.2
Oracle Primavera Unifier	=18.8
Oracle Retail Workforce Management Software	=1.60.9.0.0
Oracle WebCenter Portal	=12.2.1.3.0
Redhat Automation Manager	=7.3.1
Redhat Decision Manager	=7.3.1
Redhat Jboss Bpm Suite	=6.4.11
Redhat Jboss Brms	=6.4.10
Redhat Openshift Container Platform	=3.11
IBM GDE	<=3.0.0.2
debian/jackson-databind		2.9.8-3+deb10u3 2.9.8-3+deb10u5 2.12.1-1+deb11u1 2.14.0-1

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

IBM-6403331

Frequently Asked Questions

What is CVE-2018-19360?
CVE-2018-19360 is a vulnerability in FasterXML jackson-databind 2.x before 2.9.8 that might allow attackers to have an unspecified impact.
How does CVE-2018-19360 work?
CVE-2018-19360 leverages the failure to block the axis2-transport-jms class from polymorphic deserialization.
What is the severity of CVE-2018-19360?
The severity of CVE-2018-19360 is high with a severity score of 5.3.
How can I fix CVE-2018-19360?
To fix CVE-2018-19360, update FasterXML jackson-databind to version 2.9.8 or later.
Where can I find more information about CVE-2018-19360?
You can find more information about CVE-2018-19360 on the following references: [link1], [link2], [link3].

agent/author
agent/description
agent/event
agent/first-publish-date
agent/last-modified-date
agent/references
agent/remedy
agent/severity
agent/softwarecombine
agent/tags
agent/type
agent/weakness
collector/ibm-support
collector/nvd-index
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2018-19360
agent/software-canonical-lookup
collector/security-tracker-debian
vendor/ibm
canonical/ibm gde
version/ibm gde/3.0.0.2
vendor/fasterxml
canonical/fasterxml jackson-databind
version/fasterxml jackson-databind/2.6.0
version/fasterxml jackson-databind/2.6.7.2
version/fasterxml jackson-databind/2.7.0
version/fasterxml jackson-databind/2.8.0
version/fasterxml jackson-databind/2.9.0
vendor/debian
canonical/debian debian linux
version/debian debian linux/8.0
vendor/oracle
canonical/oracle business process management suite
version/oracle business process management suite/12.1.3.0.0
version/oracle business process management suite/12.2.1.3.0
canonical/oracle primavera p6 enterprise project portfolio management
version/oracle primavera p6 enterprise project portfolio management/17.7
version/oracle primavera p6 enterprise project portfolio management/17.12
version/oracle primavera p6 enterprise project portfolio management/15.1
version/oracle primavera p6 enterprise project portfolio management/15.2
version/oracle primavera p6 enterprise project portfolio management/16.1
version/oracle primavera p6 enterprise project portfolio management/16.2
version/oracle primavera p6 enterprise project portfolio management/18.8
canonical/oracle primavera unifier
version/oracle primavera unifier/17.7
version/oracle primavera unifier/17.12
version/oracle primavera unifier/16.1
version/oracle primavera unifier/16.2
version/oracle primavera unifier/18.8
canonical/oracle retail workforce management software
version/oracle retail workforce management software/1.60.9.0.0
canonical/oracle webcenter portal
version/oracle webcenter portal/12.2.1.3.0
vendor/redhat
canonical/redhat automation manager
version/redhat automation manager/7.3.1
canonical/redhat decision manager
version/redhat decision manager/7.3.1
canonical/redhat jboss bpm suite
version/redhat jboss bpm suite/6.4.11
canonical/redhat jboss brms
version/redhat jboss brms/6.4.10
canonical/redhat openshift container platform
version/redhat openshift container platform/3.11
package-manager/redhat
package-manager/debian

CVE-2018-19360

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

Frequently Asked Questions

What is CVE-2018-19360?

How does CVE-2018-19360 work?

What is the severity of CVE-2018-19360?

How can I fix CVE-2018-19360?

Where can I find more information about CVE-2018-19360?

Company

Resources

Contact