CVE-2019-17531 in Business Intelligence Enterprise Edition정보

요약 (영어)

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

예약하다

2019. 10. 12.

상태

확인됨

엔트리

VulDB provides additional information and datapoints for this CVE:

아이디취약성CWE악용 대책CVE
234846Oracle Business Intelligence Enterprise Edition Analytics Server 권한 상승502정의되지 않음공식 수정CVE-2019-17531
163180Oracle GoldenGate Application Adapters Build 권한 상승502정의되지 않음공식 수정CVE-2019-17531
158271Oracle WebCenter Portal Security 권한 상승20정의되지 않음공식 수정CVE-2019-17531
143428FasterXML jackson-databind JSON 권한 상승20정의되지 않음정의되지 않음CVE-2019-17531

설명

CPE

CWE

CVSS

익스플로잇

역사

차이

연결하다

위협 인텔리전스

API JSON

API XML

API CSV

출처

이전개요다음

Do you know our Splunk app?

Download it now for free!