Vulnerability Data

by Reconmap

CVE-2018-5968

FasterXML jackson-databind through 2.8.11 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 and CVE-2017-17485 deserialization flaws. This is exploitable via two different gadgets that bypass a blacklist.

Published at
2018-01-22T04:29Z
2297 days ago
Modified
2021-01-21T16:22Z
1202 days ago
CWE-184
Problem type

Impact

CVSS v3 vector string
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Severity Score Vector

8.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

References


URLType
github.com
https://github.com/FasterXML/jackson-databind/issues/1899		MISC
DSA-4114
https://www.debian.org/security/2018/dsa-4114		DEBIAN
RHSA-2018:0481
https://access.redhat.com/errata/RHSA-2018:0481		REDHAT
RHSA-2018:0480
https://access.redhat.com/errata/RHSA-2018:0480		REDHAT
RHSA-2018:0479
https://access.redhat.com/errata/RHSA-2018:0479		REDHAT
RHSA-2018:0478
https://access.redhat.com/errata/RHSA-2018:0478		REDHAT
security.netapp.com
https://security.netapp.com/advisory/ntap-20180423-0002/		CONFIRM
RHSA-2018:1525
https://access.redhat.com/errata/RHSA-2018:1525		REDHAT
support.hpe.com
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03902en_us		CONFIRM
RHSA-2019:2858
https://access.redhat.com/errata/RHSA-2019:2858		REDHAT
RHSA-2019:3149
https://access.redhat.com/errata/RHSA-2019:3149		REDHAT
www.oracle.com
https://www.oracle.com/security-alerts/cpuoct2020.html		MISC

GET https://vulnerabilitydata.com/api/details/CVE-2018-5968

{
	"id": "CVE-2018-5968",
	"published_date": "2018-01-22T04:29Z",
	"last_modified_date": "2021-01-21T16:22Z",
	"assigner": "cve@mitre.org",
	"description": "FasterXML jackson-databind through 2.8.11 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 and CVE-2017-17485 deserialization flaws. This is exploitable via two different gadgets that bypass a blacklist.",
	"references": [
		{
			"url": "https://github.com/FasterXML/jackson-databind/issues/1899",
			"name": "https://github.com/FasterXML/jackson-databind/issues/1899",
			"refsource": "MISC",
			"tags": [
				"Third Party Advisory"
			]
		},
		{
			"url": "https://www.debian.org/security/2018/dsa-4114",
			"name": "DSA-4114",
			"refsource": "DEBIAN",
			"tags": [
				"Third Party Advisory"
			]
		},
		{
			"url": "https://access.redhat.com/errata/RHSA-2018:0481",
			"name": "RHSA-2018:0481",
			"refsource": "REDHAT",
			"tags": [
				"Third Party Advisory"
			]
		},
		{
			"url": "https://access.redhat.com/errata/RHSA-2018:0480",
			"name": "RHSA-2018:0480",
			"refsource": "REDHAT",
			"tags": [
				"Third Party Advisory"
			]
		},
		{
			"url": "https://access.redhat.com/errata/RHSA-2018:0479",
			"name": "RHSA-2018:0479",
			"refsource": "REDHAT",
			"tags": [
				"Third Party Advisory"
			]
		},
		{
			"url": "https://access.redhat.com/errata/RHSA-2018:0478",
			"name": "RHSA-2018:0478",
			"refsource": "REDHAT",
			"tags": [
				"Third Party Advisory"
			]
		},
		{
			"url": "https://security.netapp.com/advisory/ntap-20180423-0002/",
			"name": "https://security.netapp.com/advisory/ntap-20180423-0002/",
			"refsource": "CONFIRM",
			"tags": [
				"Third Party Advisory"
			]
		},
		{
			"url": "https://access.redhat.com/errata/RHSA-2018:1525",
			"name": "RHSA-2018:1525",
			"refsource": "REDHAT",
			"tags": [
				"Third Party Advisory"
			]
		},
		{
			"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03902en_us",
			"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03902en_us",
			"refsource": "CONFIRM",
			"tags": [
				"Third Party Advisory"
			]
		},
		{
			"url": "https://access.redhat.com/errata/RHSA-2019:2858",
			"name": "RHSA-2019:2858",
			"refsource": "REDHAT",
			"tags": [
				"Third Party Advisory"
			]
		},
		{
			"url": "https://access.redhat.com/errata/RHSA-2019:3149",
			"name": "RHSA-2019:3149",
			"refsource": "REDHAT",
			"tags": [
				"Third Party Advisory"
			]
		},
		{
			"url": "https://www.oracle.com/security-alerts/cpuoct2020.html",
			"name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
			"refsource": "MISC",
			"tags": [
				"Third Party Advisory"
			]
		}
	],
	"impact": {
		"baseMetricV3": {
			"cvssV3": {
				"version": "3.1",
				"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
				"attackVector": "NETWORK",
				"attackComplexity": "HIGH",
				"privilegesRequired": "NONE",
				"userInteraction": "NONE",
				"scope": "UNCHANGED",
				"confidentialityImpact": "HIGH",
				"integrityImpact": "HIGH",
				"availabilityImpact": "HIGH",
				"baseScore": 8.1,
				"baseSeverity": "HIGH"
			},
			"exploitabilityScore": 2.2,
			"impactScore": 5.9
		},
		"baseMetricV2": {
			"cvssV2": {
				"version": "2.0",
				"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
				"accessVector": "NETWORK",
				"accessComplexity": "MEDIUM",
				"authentication": "NONE",
				"confidentialityImpact": "PARTIAL",
				"integrityImpact": "PARTIAL",
				"availabilityImpact": "PARTIAL",
				"baseScore": 6.8
			},
			"severity": "MEDIUM",
			"exploitabilityScore": 8.6,
			"impactScore": 6.4,
			"acInsufInfo": false,
			"obtainAllPrivilege": false,
			"obtainUserPrivilege": false,
			"obtainOtherPrivilege": false,
			"userInteractionRequired": false
		}
	},
	"problem_type": "CWE-184"
}