CVE-2018-7489 in WebLogic Server정보

요약 (영어)

FasterXML jackson-databind before 2.7.9.3, 2.8.x before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the c3p0 libraries are available in the classpath.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

예약하다

2018. 02. 26.

상태

확인됨

엔트리

VulDB provides additional information and datapoints for this CVE:

아이디취약성CWE악용 대책CVE
218713Oracle WebLogic Server Centralized Third Party Jars 권한 상승184정의되지 않음공식 수정CVE-2018-7489
137870Oracle Global Lifecycle Management OPatchAuto jackson-databind 권한 상승184정의되지 않음공식 수정CVE-2018-7489
133490Oracle Communications Instant Messaging Server jackson-databind 권한 상승184정의되지 않음공식 수정CVE-2018-7489
125620Oracle Retail Xstore Point of Service Xenvironment 권한 상승184정의되지 않음공식 수정CVE-2018-7489
125605Oracle Retail Sales Audit Operational Insights 권한 상승502정의되지 않음공식 수정CVE-2018-7489
125598Oracle Retail Invoice Matching jackson-databind 권한 상승184정의되지 않음공식 수정CVE-2018-7489
125595Oracle Retail Assortment Planning Application Core 권한 상승184정의되지 않음공식 수정CVE-2018-7489
125594Oracle Retail Allocation jackson-databind 권한 상승184정의되지 않음공식 수정CVE-2018-7489
125527Oracle JD Edwards EnterpriseOne Tools Web Runtime 권한 상승184정의되지 않음공식 수정CVE-2018-7489
125526Oracle JD Edwards EnterpriseOne Tools EnterpriseOne Mobility 권한 상승184정의되지 않음공식 수정CVE-2018-7489
125525Oracle JD Edwards EnterpriseOne Orchestrator IoT Orchestrator Security 권한 상승184정의되지 않음공식 수정CVE-2018-7489
125388Oracle Construction/Engineering Suite Primavera Gateway 권한 상승184정의되지 않음공식 수정CVE-2018-7489
125368Oracle Database Server Rapid Home Provisioning 권한 상승184정의되지 않음공식 수정CVE-2018-7489
121686Oracle WebLogic Server Console 권한 상승502정의되지 않음공식 수정CVE-2018-7489
121685Oracle WebCenter Portal Security 권한 상승502정의되지 않음공식 수정CVE-2018-7489
121616Oracle Enterprise Manager for Virtualization Plug-In Lifecycle 권한 상승502정의되지 않음공식 수정CVE-2018-7489
121569Oracle Global Lifecycle Management OPatchAuto 권한 상승502정의되지 않음공식 수정CVE-2018-7489
116629Oracle Financial Services Market Risk Measurement Infrastructure 권한 상승502정의되지 않음공식 수정CVE-2018-7489
116628Oracle Financial Services Hedge Management Hedge Definition 권한 상승502정의되지 않음공식 수정CVE-2018-7489
116627Oracle Financial Services Analytical Applications Infrastructure 권한 상승502정의되지 않음공식 수정CVE-2018-7489
113845FasterXML jackson-databind JSON readValue 권한 상승184정의되지 않음공식 수정CVE-2018-7489

설명

CPE

CWE

CVSS

익스플로잇

역사

차이

연결하다

위협 인텔리전스

API JSON

API XML

API CSV

출처

이전개요다음

Interested in the pricing of exploits?

See the underground prices here!