Attacker Value
Unknown
CVE-2020-35728
CVE-2020-35728
(Last updated November 08, 2023) ▾
MITRE ATT&CK
Log in to add MITRE ATT&CK tag
Add MITRE ATT&CK tactics and techniques that apply to this CVE.
Description
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).
Add Assessment
No one has assessed this topic. Be the first to add your voice to the community.
CVSS V3 Severity and Metrics
Data provided by the National Vulnerability Database (NVD)
Base Score:
8.1 High
Impact Score:
5.9
Exploitability Score:
2.2
Attack Vector (AV):
Network
Attack Complexity (AC):
High
Privileges Required (PR):
None
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
High
Integrity (I):
High
Availability (A):
High
General Information
Vendors
- debian,
- fasterxml,
- netapp,
- oracle
Products
- agile plm 9.3.6,
- application testing suite 13.3.0.1,
- autovue 21.0.2,
- banking corporate lending process management 14.2,
- banking corporate lending process management 14.3,
- banking corporate lending process management 14.5,
- banking credit facilities process management 14.2,
- banking credit facilities process management 14.3,
- banking credit facilities process management 14.5,
- banking extensibility workbench 14.2,
- banking extensibility workbench 14.3,
- banking extensibility workbench 14.5,
- banking supply chain finance 14.2,
- banking supply chain finance 14.3,
- banking supply chain finance 14.5,
- banking treasury management 14.4,
- banking virtual account management 14.2.0,
- banking virtual account management 14.3.0,
- banking virtual account management 14.5.0,
- blockchain platform,
- commerce platform,
- commerce platform 11.2.0,
- communications billing and revenue management 12.0.0.3.0,
- communications billing and revenue management 7.5.0.23.0,
- communications cloud native core policy 1.14.0,
- communications cloud native core unified data repository 1.4.0,
- communications convergent charging controller 12.0.4.0.0,
- communications diameter signaling route,
- communications element manager,
- communications evolved communications application server 7.1,
- communications network charging and control 12.0.4.0.0,
- communications policy management 12.5.0,
- communications services gatekeeper 7.0,
- communications session report manager,
- communications session route manager,
- communications unified inventory management 7.4.1,
- data integrator 12.2.1.4.0,
- debian linux 9.0,
- goldengate application adapters 19.1.0.0.0,
- insurance policy administration,
- insurance policy administration 11.0.2,
- insurance rules palette,
- insurance rules palette 11.0.2,
- jackson-databind,
- jd edwards enterpriseone orchestrator,
- jd edwards enterpriseone tools,
- primavera gateway,
- primavera gateway 20.12.0,
- primavera unifier,
- primavera unifier 20.12,
- retail customer management and segmentation foundation,
- retail merchandising system 15.0.3,
- retail service backbone 14.1.3.2,
- retail service backbone 15.0.3.1,
- retail service backbone 16.0.3.0,
- retail xstore point of service 16.0.6,
- retail xstore point of service 17.0.4,
- retail xstore point of service 18.0.3,
- retail xstore point of service 19.0.2,
- service level manager -,
- webcenter portal 12.2.1.3.0,
- webcenter portal 12.2.1.4.0
References
Miscellaneous
