How does CVE-2018-19361 impact the system?

CVE-2018-19361 may allow attackers to have an unspecified impact by leveraging the failure to block the openjpa class from polymorphic deserialization.

What is the severity of CVE-2018-19361?

CVE-2018-19361 has a severity score of 5.3 (High).

Which software versions are affected by CVE-2018-19361?

CVE-2018-19361 affects FasterXML jackson-databind versions 2.9.7 and earlier.

How can CVE-2018-19361 be fixed?

To fix CVE-2018-19361, upgrade to FasterXML jackson-databind version 2.9.8 or later.

Vulnerability/
CVE-2018-19361

critical

9.8

CWE

502

2/1/2019

27/4/2021

CVE-2018-19361

Q: What is CVE-2018-19361?

CVE-2018-19361 is an unspecified error with failure to block the openjpa class from polymorphic deserialization in FasterXML jackson-databind before version 2.9.8.

First published: Wed Jan 02 2019(Updated: )

An unspecified error with failure to block the openjpa class from polymorphic deserialization in FasterXML jackson-databind has an unknown impact and attack vector.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
FasterXML jackson-databind	>=2.6.0<=2.6.7.2
FasterXML jackson-databind	>=2.7.0<2.7.9.5
FasterXML jackson-databind	>=2.8.0<2.8.11.3
FasterXML jackson-databind	>=2.9.0<2.9.8
Debian Debian Linux	=8.0
Debian Debian Linux	=9.0
Oracle Business Process Management Suite	=12.1.3.0.0
Oracle Business Process Management Suite	=12.2.1.3.0
Oracle Primavera P6 Enterprise Project Portfolio Management	>=17.7<=17.12
Oracle Primavera P6 Enterprise Project Portfolio Management	=15.1
Oracle Primavera P6 Enterprise Project Portfolio Management	=15.2
Oracle Primavera P6 Enterprise Project Portfolio Management	=16.1
Oracle Primavera P6 Enterprise Project Portfolio Management	=16.2
Oracle Primavera P6 Enterprise Project Portfolio Management	=18.8
Oracle Primavera Unifier	>=17.7<=17.12
Oracle Primavera Unifier	=16.1
Oracle Primavera Unifier	=16.2
Oracle Primavera Unifier	=18.8
Oracle Retail Workforce Management Software	=1.60.9.0.0
Oracle WebCenter Portal	=12.2.1.3.0
Redhat Automation Manager	=7.3.1
Redhat Decision Manager	=7.3.1
Redhat Jboss Bpm Suite	=6.4.11
Redhat Jboss Brms	=6.4.10
Redhat Openshift Container Platform	=3.11
redhat/jackson-databind	<2.9.8	2.9.8
redhat/jackson-databind	<2.7.9.5	2.7.9.5
redhat/jackson-databind	<2.8.11.3	2.8.11.3
IBM GDE	<=3.0.0.2
debian/jackson-databind		2.9.8-3+deb10u3 2.9.8-3+deb10u5 2.12.1-1+deb11u1 2.14.0-1

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

IBM-6403331

Frequently Asked Questions

What is CVE-2018-19361?
CVE-2018-19361 is an unspecified error with failure to block the openjpa class from polymorphic deserialization in FasterXML jackson-databind before version 2.9.8.
How does CVE-2018-19361 impact the system?
CVE-2018-19361 may allow attackers to have an unspecified impact by leveraging the failure to block the openjpa class from polymorphic deserialization.
What is the severity of CVE-2018-19361?
CVE-2018-19361 has a severity score of 5.3 (High).
Which software versions are affected by CVE-2018-19361?
CVE-2018-19361 affects FasterXML jackson-databind versions 2.9.7 and earlier.
How can CVE-2018-19361 be fixed?
To fix CVE-2018-19361, upgrade to FasterXML jackson-databind version 2.9.8 or later.

agent/author
agent/description
agent/event
agent/first-publish-date
agent/last-modified-date
agent/references
agent/remedy
agent/severity
agent/softwarecombine
agent/tags
agent/type
agent/weakness
collector/ibm-support
collector/nvd-index
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2018-19361
agent/software-canonical-lookup
collector/security-tracker-debian
vendor/ibm
canonical/ibm gde
version/ibm gde/3.0.0.2
vendor/fasterxml
canonical/fasterxml jackson-databind
version/fasterxml jackson-databind/2.6.0
version/fasterxml jackson-databind/2.6.7.2
version/fasterxml jackson-databind/2.7.0
version/fasterxml jackson-databind/2.8.0
version/fasterxml jackson-databind/2.9.0
vendor/debian
canonical/debian debian linux
version/debian debian linux/8.0
version/debian debian linux/9.0
vendor/oracle
canonical/oracle business process management suite
version/oracle business process management suite/12.1.3.0.0
version/oracle business process management suite/12.2.1.3.0
canonical/oracle primavera p6 enterprise project portfolio management
version/oracle primavera p6 enterprise project portfolio management/17.7
version/oracle primavera p6 enterprise project portfolio management/17.12
version/oracle primavera p6 enterprise project portfolio management/15.1
version/oracle primavera p6 enterprise project portfolio management/15.2
version/oracle primavera p6 enterprise project portfolio management/16.1
version/oracle primavera p6 enterprise project portfolio management/16.2
version/oracle primavera p6 enterprise project portfolio management/18.8
canonical/oracle primavera unifier
version/oracle primavera unifier/17.7
version/oracle primavera unifier/17.12
version/oracle primavera unifier/16.1
version/oracle primavera unifier/16.2
version/oracle primavera unifier/18.8
canonical/oracle retail workforce management software
version/oracle retail workforce management software/1.60.9.0.0
canonical/oracle webcenter portal
version/oracle webcenter portal/12.2.1.3.0
vendor/redhat
canonical/redhat automation manager
version/redhat automation manager/7.3.1
canonical/redhat decision manager
version/redhat decision manager/7.3.1
canonical/redhat jboss bpm suite
version/redhat jboss bpm suite/6.4.11
canonical/redhat jboss brms
version/redhat jboss brms/6.4.10
canonical/redhat openshift container platform
version/redhat openshift container platform/3.11
package-manager/redhat
package-manager/debian

CVE-2018-19361

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

Frequently Asked Questions

What is CVE-2018-19361?

How does CVE-2018-19361 impact the system?

What is the severity of CVE-2018-19361?

Which software versions are affected by CVE-2018-19361?

How can CVE-2018-19361 be fixed?

Company

Resources

Contact