CVE-2020-9546 in Retail Sales Auditinfo

Summary

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Reservation

03/02/2020

Status

Confirmed

Entries

VulDB provides additional information and datapoints for this CVE:

IDVulnerabilityCWEExpCouCVE
168407Oracle Retail Sales Audit Rule Wizards deserialization502Not definedOfficial fixCVE-2020-9546
168406Oracle Retail Merchandising System Foundation deserialization502Not definedOfficial fixCVE-2020-9546
163329Oracle Retail Service Backbone RSB kernel deserialization502Not definedOfficial fixCVE-2020-9546
163239Oracle Insurance Policy Administration J2EE Architecture deserialization502Not definedOfficial fixCVE-2020-9546
163124Oracle Financial Services Retail Customer Analytics User deserialization502Not definedOfficial fixCVE-2020-9546
163122Oracle Financial Services Price Creation and Discovery User deserialization502Not definedOfficial fixCVE-2020-9546
163121Oracle Financial Services Institutional Performance Analytics User deserialization502Not definedOfficial fixCVE-2020-9546
163120Oracle Financial Services Analytical Applications Infrastructure deserialization502Not definedOfficial fixCVE-2020-9546
158420Oracle Retail Xstore Point of Service Xenvironment deserialization502Not definedOfficial fixCVE-2020-9546
158355Oracle JD Edwards EnterpriseOne Tools Web Runtime deserialization502Not definedOfficial fixCVE-2020-9546
158354Oracle JD Edwards EnterpriseOne Tools Monitoring/Diagnostics deserialization502Not definedOfficial fixCVE-2020-9546
158353Oracle JD Edwards EnterpriseOne Tools EnterpriseOne Mobility Sec deserialization502Not definedOfficial fixCVE-2020-9546
158352Oracle JD Edwards EnterpriseOne Orchestrator E1 IOT Orchestrator Security deserialization502Not definedOfficial fixCVE-2020-9546
158272Oracle WebLogic Server Centralized Thirdparty Jars deserialization502Not definedOfficial fixCVE-2020-9546
158229Oracle Banking Platform Framework deserialization502Not definedOfficial fixCVE-2020-9546
158214Oracle Enterprise Manager Base Platform Enterprise Manager Install deserialization502Not definedOfficial fixCVE-2020-9546
158166Oracle Primavera Unifier Platform deserialization502Not definedOfficial fixCVE-2020-9546
158122Oracle Communications Network Charging/Control Installer deserialization502Not definedOfficial fixCVE-2020-9546
158113Oracle Communications Instant Messaging Server Presence API deserialization502Not definedOfficial fixCVE-2020-9546
158111Oracle Communications Evolved Communications Application Server Session Design Center/Universal Data Recorder deserialization502Not definedOfficial fixCVE-2020-9546
158109Oracle Communications Contacts Server Core deserialization502Not definedOfficial fixCVE-2020-9546
158095Oracle Global Lifecycle Management/OPatch Patch Installer deserialization502Not definedOfficial fixCVE-2020-9546
150782FasterXML jackson-databind Serialized deserialization502Not definedOfficial fixCVE-2020-9546

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

Sources

PreviousOverviewNext

Want to know what is going to be exploited?

We predict KEV entries!