FasterXML jackson-databind 2.x prior to 2.9.7 might allow remote malicious users to conduct server-side request forgery (SSRF) attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
fasterxml jackson-databind 2.7.0 |
||
fasterxml jackson-databind |
||
fasterxml jackson-databind 2.8.0 |
||
fasterxml jackson-databind 2.9.0 |
||
debian debian linux 8.0 |
||
debian debian linux 9.0 |
||
oracle primavera unifier 16.2 |
||
oracle banking platform 2.5.0 |
||
oracle primavera unifier 16.1 |
||
oracle jdeveloper 12.1.3.0.0 |
||
oracle retail merchandising system 16.0 |
||
oracle webcenter portal 12.2.1.3.0 |
||
oracle primavera unifier |
||
oracle communications billing and revenue management 7.5 |
||
oracle communications billing and revenue management 12.0 |
||
oracle financial services analytical applications infrastructure 8.0.2 |
||
oracle financial services analytical applications infrastructure 8.0.3 |
||
oracle financial services analytical applications infrastructure 8.0.4 |
||
oracle financial services analytical applications infrastructure 8.0.5 |
||
oracle financial services analytical applications infrastructure 8.0.6 |
||
oracle financial services analytical applications infrastructure 8.0.7 |
||
oracle banking platform 2.6.0 |
||
oracle banking platform 2.6.1 |
||
oracle banking platform 2.6.2 |
||
oracle enterprise manager for virtualization 13.2.2 |
||
oracle enterprise manager for virtualization 13.2.3 |
||
oracle enterprise manager for virtualization 13.3.1 |
||
oracle primavera unifier 18.8 |
||
oracle jdeveloper 12.2.1.3.0 |
||
oracle retail merchandising system 15.0 |
||
redhat openshift container platform 3.11 |
||
redhat jboss enterprise application platform 7.2.0 |