CVE-2020-35490 Detail Modified This CVE record has been updated after NVD enrichment efforts were completed. Enrichment data supplied by the NVD may require amendment due to these changes.
Description FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.
Metrics CVSS Version 4.0 CVSS Version 3.x CVSS Version 2.0
NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.
CVSS 4.0 Severity and Vector Strings: NVD assessment not yet provided.
CVSS 3.x Severity and Vector Strings: Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS 2.0 Severity and Vector Strings: Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P)
References to Advisories, Solutions, and Tools By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected]
URL Source(s) Tag(s) https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062 CVE, MITRE Exploit Technical Description Third Party Advisory https://github.com/FasterXML/jackson-databind/issues/2986 CVE, MITRE Third Party Advisory https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html CVE, MITRE Mailing List Third Party Advisory https://security.netapp.com/advisory/ntap-20210122-0005/ CVE, MITRE Third Party Advisory https://www.oracle.com//security-alerts/cpujul2021.html CVE, MITRE Patch Third Party Advisory https://www.oracle.com/security-alerts/cpuApr2021.html CVE, MITRE Patch Third Party Advisory https://www.oracle.com/security-alerts/cpuapr2022.html CVE, MITRE Patch Third Party Advisory https://www.oracle.com/security-alerts/cpujan2022.html CVE, MITRE Patch Third Party Advisory https://www.oracle.com/security-alerts/cpujul2022.html CVE, MITRE Patch Third Party Advisory https://www.oracle.com/security-alerts/cpuoct2021.html CVE, MITRE Patch Third Party Advisory
Weakness Enumeration CWE-ID CWE Name Source CWE-502 Deserialization of Untrusted Data NIST
Change History 16 change records found show changes CVE Modified by CVE 11/21/2024 12:27:24 AM Action Type Old Value New Value Added Reference https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062 Added Reference https://github.com/FasterXML/jackson-databind/issues/2986 Added Reference https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html Added Reference https://security.netapp.com/advisory/ntap-20210122-0005/ Added Reference https://www.oracle.com//security-alerts/cpujul2021.html Added Reference https://www.oracle.com/security-alerts/cpuApr2021.html Added Reference https://www.oracle.com/security-alerts/cpuapr2022.html Added Reference https://www.oracle.com/security-alerts/cpujan2022.html Added Reference https://www.oracle.com/security-alerts/cpujul2022.html Added Reference https://www.oracle.com/security-alerts/cpuoct2021.html
CVE Modified by MITRE 5/14/2024 3:03:36 AM Action Type Old Value New Value
Modified Analysis by NIST 9/08/2022 5:32:11 PM Action Type Old Value New Value Changed CPE Configuration Record truncated, showing 2048 of 2631 characters. View Entire Change Record OR *cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:* *cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:* *cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:* *cpe:2.3:a:oracle:banking_platform:2.7.0:*:*:*:*:*:*:* *cpe:2.3:a:oracle:banking_platform:2.7.1:*:*:*:*:*:*:* *cpe:2.3:a:oracle:banking_platform:2.8.0:*:*:*:*:*:*:* *cpe:2.3:a:oracle:banking_platform:2.9.0:*:*:*:*:*:*:* *cpe:2.3:a:oracle:banking_platform:2.10.0:*:*:*:*:*:*:* *cpe:2.3:a:oracle:banking_treasury_management:14.4:*:*:*:*:*:*:* *cpe:2.3:a:oracle:banking_virtual_account_management:14.2.0:*:*:*:*:*:*:* *cpe:2.3:a:oracle:banking_virtual_account_management:14.3.0:*:*:*:*:*:*:* *cpe:2.3:a:oracle:banking_virtual_account_management:14.5.0:*:*:*:*:*:*:* *cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:* versions up to (including) 21.1.2 *cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:* *cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.4.0:*:*:*:*:*:*:* *cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:* versions from (including) 8.0.0 up to (including) 8.5.0 *cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:* *cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.5.0:*:*:*:*:*:*:* *cpe:2.3:a:oracle:communications_interactive_session_recorder:6.3:*:*:*:*:*:*:* *cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:* *cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.3:*:*:*:*:*:*:* *cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.4.0:*:*:*:*:*:*:* *cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:* *cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:* *cpe:2.3:a:oracle:documaker:12.6.3:*:*:*:*:*:*:* *cpe:2.3:a:oracle:documaker:12.6.4:*:*:*:*:*:*:* Record truncated, showing 2048 of 2684 characters. View Entire Change Record OR *cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:* *cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:* *cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:* *cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:* *cpe:2.3:a:oracle:banking_platform:2.7.0:*:*:*:*:*:*:* *cpe:2.3:a:oracle:banking_platform:2.7.1:*:*:*:*:*:*:* *cpe:2.3:a:oracle:banking_platform:2.8.0:*:*:*:*:*:*:* *cpe:2.3:a:oracle:banking_platform:2.9.0:*:*:*:*:*:*:* *cpe:2.3:a:oracle:banking_platform:2.10.0:*:*:*:*:*:*:* *cpe:2.3:a:oracle:banking_treasury_management:14.4:*:*:*:*:*:*:* *cpe:2.3:a:oracle:banking_virtual_account_management:14.2.0:*:*:*:*:*:*:* *cpe:2.3:a:oracle:banking_virtual_account_management:14.3.0:*:*:*:*:*:*:* *cpe:2.3:a:oracle:banking_virtual_account_management:14.5.0:*:*:*:*:*:*:* *cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:* versions up to (including) 21.1.2 *cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:* *cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.4.0:*:*:*:*:*:*:* *cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:* versions from (including) 8.0.0 up to (including) 8.5.0 *cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:* *cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.5.0:*:*:*:*:*:*:* *cpe:2.3:a:oracle:communications_interactive_session_recorder:6.3:*:*:*:*:*:*:* *cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:* *cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.3:*:*:*:*:*:*:* *cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.4.0:*:*:*:*:*:*:* *cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:* *cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:* *cpe:2.3:a:oracle:documaker:12.6.3:*:*:*:*:*:*:* Changed Reference Type https://www.oracle.com/security-alerts/cpujul2022.html No Types Assigned https://www.oracle.com/security-alerts/cpujul2022.html Patch, Third Party Advisory
CVE Modified by MITRE 7/25/2022 2:15:25 PM Action Type Old Value New Value Added Reference https://www.oracle.com/security-alerts/cpujul2022.html [No Types Assigned]
Modified Analysis by NIST 5/13/2022 4:50:45 PM Action Type Old Value New Value Changed CPE Configuration Record truncated, showing 2048 of 2408 characters. View Entire Change Record OR *cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:* *cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:* *cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:* *cpe:2.3:a:oracle:banking_platform:2.7.0:*:*:*:*:*:*:* *cpe:2.3:a:oracle:banking_platform:2.7.1:*:*:*:*:*:*:* *cpe:2.3:a:oracle:banking_platform:2.8.0:*:*:*:*:*:*:* *cpe:2.3:a:oracle:banking_platform:2.9.0:*:*:*:*:*:*:* *cpe:2.3:a:oracle:banking_platform:2.10.0:*:*:*:*:*:*:* *cpe:2.3:a:oracle:banking_treasury_management:14.4:*:*:*:*:*:*:* *cpe:2.3:a:oracle:banking_virtual_account_management:14.2.0:*:*:*:*:*:*:* *cpe:2.3:a:oracle:banking_virtual_account_management:14.3.0:*:*:*:*:*:*:* *cpe:2.3:a:oracle:banking_virtual_account_management:14.5.0:*:*:*:*:*:*:* *cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:* *cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.4.0:*:*:*:*:*:*:* *cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:* versions from (including) 8.0.0 up to (including) 8.5.0 *cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:* *cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.5.0:*:*:*:*:*:*:* *cpe:2.3:a:oracle:communications_interactive_session_recorder:6.3:*:*:*:*:*:*:* *cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:* *cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.3:*:*:*:*:*:*:* *cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.4.0:*:*:*:*:*:*:* *cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:* *cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:* *cpe:2.3:a:oracle:documaker:12.6.3:*:*:*:*:*:*:* *cpe:2.3:a:oracle:documaker:12.6.4:*:*:*:*:*:*:* *cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.2.0:*:*:*:*:*:*:* *cpe:2 Record truncated, showing 2048 of 2631 characters. View Entire Change Record OR *cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:* *cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:* *cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:* *cpe:2.3:a:oracle:banking_platform:2.7.0:*:*:*:*:*:*:* *cpe:2.3:a:oracle:banking_platform:2.7.1:*:*:*:*:*:*:* *cpe:2.3:a:oracle:banking_platform:2.8.0:*:*:*:*:*:*:* *cpe:2.3:a:oracle:banking_platform:2.9.0:*:*:*:*:*:*:* *cpe:2.3:a:oracle:banking_platform:2.10.0:*:*:*:*:*:*:* *cpe:2.3:a:oracle:banking_treasury_management:14.4:*:*:*:*:*:*:* *cpe:2.3:a:oracle:banking_virtual_account_management:14.2.0:*:*:*:*:*:*:* *cpe:2.3:a:oracle:banking_virtual_account_management:14.3.0:*:*:*:*:*:*:* *cpe:2.3:a:oracle:banking_virtual_account_management:14.5.0:*:*:*:*:*:*:* *cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:* versions up to (including) 21.1.2 *cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:* *cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.4.0:*:*:*:*:*:*:* *cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:* versions from (including) 8.0.0 up to (including) 8.5.0 *cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:* *cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.5.0:*:*:*:*:*:*:* *cpe:2.3:a:oracle:communications_interactive_session_recorder:6.3:*:*:*:*:*:*:* *cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:* *cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.3:*:*:*:*:*:*:* *cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.4.0:*:*:*:*:*:*:* *cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:* *cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:* *cpe:2.3:a:oracle:documaker:12.6.3:*:*:*:*:*:*:* *cpe:2.3:a:oracle:documaker:12.6.4:*:*:*:*:*:*:* Changed Reference Type https://www.oracle.com/security-alerts/cpuapr2022.html No Types Assigned https://www.oracle.com/security-alerts/cpuapr2022.html Patch, Third Party Advisory
CVE Modified by MITRE 4/19/2022 8:15:31 PM Action Type Old Value New Value Added Reference https://www.oracle.com/security-alerts/cpuapr2022.html [No Types Assigned]
Modified Analysis by NIST 3/01/2022 11:55:51 AM Action Type Old Value New Value Changed CPE Configuration Record truncated, showing 2048 of 2061 characters. View Entire Change Record OR *cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:* *cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:* *cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:* *cpe:2.3:a:oracle:banking_platform:2.7.0:*:*:*:*:*:*:* *cpe:2.3:a:oracle:banking_platform:2.7.1:*:*:*:*:*:*:* *cpe:2.3:a:oracle:banking_platform:2.8.0:*:*:*:*:*:*:* *cpe:2.3:a:oracle:banking_platform:2.9.0:*:*:*:*:*:*:* *cpe:2.3:a:oracle:banking_platform:2.10.0:*:*:*:*:*:*:* *cpe:2.3:a:oracle:banking_treasury_management:14.4:*:*:*:*:*:*:* *cpe:2.3:a:oracle:banking_virtual_account_management:14.2.0:*:*:*:*:*:*:* *cpe:2.3:a:oracle:banking_virtual_account_management:14.3.0:*:*:*:*:*:*:* *cpe:2.3:a:oracle:banking_virtual_account_management:14.5.0:*:*:*:*:*:*:* *cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.4.0:*:*:*:*:*:*:* *cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:* versions from (including) 8.0.0 up to (including) 8.5.0 *cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:* *cpe:2.3:a:oracle:communications_interactive_session_recorder:6.3:*:*:*:*:*:*:* *cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:* *cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:* *cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:* *cpe:2.3:a:oracle:documaker:12.6.3:*:*:*:*:*:*:* *cpe:2.3:a:oracle:documaker:12.6.4:*:*:*:*:*:*:* *cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.2.0:*:*:*:*:*:*:* *cpe:2.3:a:oracle:retail_merchandising_system:15.0.3:*:*:*:*:*:*:* *cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.6:*:*:*:*:*:*:* *cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.4:*:*:*:*:*:*:* *cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.3:*:*:*:*:*:*:* *cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.2: Record truncated, showing 2048 of 2408 characters. View Entire Change Record OR *cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:* *cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:* *cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:* *cpe:2.3:a:oracle:banking_platform:2.7.0:*:*:*:*:*:*:* *cpe:2.3:a:oracle:banking_platform:2.7.1:*:*:*:*:*:*:* *cpe:2.3:a:oracle:banking_platform:2.8.0:*:*:*:*:*:*:* *cpe:2.3:a:oracle:banking_platform:2.9.0:*:*:*:*:*:*:* *cpe:2.3:a:oracle:banking_platform:2.10.0:*:*:*:*:*:*:* *cpe:2.3:a:oracle:banking_treasury_management:14.4:*:*:*:*:*:*:* *cpe:2.3:a:oracle:banking_virtual_account_management:14.2.0:*:*:*:*:*:*:* *cpe:2.3:a:oracle:banking_virtual_account_management:14.3.0:*:*:*:*:*:*:* *cpe:2.3:a:oracle:banking_virtual_account_management:14.5.0:*:*:*:*:*:*:* *cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:* *cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.4.0:*:*:*:*:*:*:* *cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:* versions from (including) 8.0.0 up to (including) 8.5.0 *cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:* *cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.5.0:*:*:*:*:*:*:* *cpe:2.3:a:oracle:communications_interactive_session_recorder:6.3:*:*:*:*:*:*:* *cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:* *cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.3:*:*:*:*:*:*:* *cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.4.0:*:*:*:*:*:*:* *cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:* *cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:* *cpe:2.3:a:oracle:documaker:12.6.3:*:*:*:*:*:*:* *cpe:2.3:a:oracle:documaker:12.6.4:*:*:*:*:*:*:* *cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.2.0:*:*:*:*:*:*:* *cpe:2 Changed Reference Type https://www.oracle.com/security-alerts/cpujan2022.html No Types Assigned https://www.oracle.com/security-alerts/cpujan2022.html Patch, Third Party Advisory
CVE Modified by MITRE 2/07/2022 11:15:22 AM Action Type Old Value New Value Added Reference https://www.oracle.com/security-alerts/cpujan2022.html [No Types Assigned]
Modified Analysis by NIST 12/08/2021 2:56:25 PM Action Type Old Value New Value Added CPE Configuration Record truncated, showing 2048 of 2061 characters. View Entire Change Record OR *cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:* *cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:* *cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:* *cpe:2.3:a:oracle:banking_platform:2.7.0:*:*:*:*:*:*:* *cpe:2.3:a:oracle:banking_platform:2.7.1:*:*:*:*:*:*:* *cpe:2.3:a:oracle:banking_platform:2.8.0:*:*:*:*:*:*:* *cpe:2.3:a:oracle:banking_platform:2.9.0:*:*:*:*:*:*:* *cpe:2.3:a:oracle:banking_platform:2.10.0:*:*:*:*:*:*:* *cpe:2.3:a:oracle:banking_treasury_management:14.4:*:*:*:*:*:*:* *cpe:2.3:a:oracle:banking_virtual_account_management:14.2.0:*:*:*:*:*:*:* *cpe:2.3:a:oracle:banking_virtual_account_management:14.3.0:*:*:*:*:*:*:* *cpe:2.3:a:oracle:banking_virtual_account_management:14.5.0:*:*:*:*:*:*:* *cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.4.0:*:*:*:*:*:*:* *cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:* versions from (including) 8.0.0 up to (including) 8.5.0 *cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:* *cpe:2.3:a:oracle:communications_interactive_session_recorder:6.3:*:*:*:*:*:*:* *cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:* *cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:* *cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:* *cpe:2.3:a:oracle:documaker:12.6.3:*:*:*:*:*:*:* *cpe:2.3:a:oracle:documaker:12.6.4:*:*:*:*:*:*:* *cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.2.0:*:*:*:*:*:*:* *cpe:2.3:a:oracle:retail_merchandising_system:15.0.3:*:*:*:*:*:*:* *cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.6:*:*:*:*:*:*:* *cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.4:*:*:*:*:*:*:* *cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.3:*:*:*:*:*:*:* *cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.2: Added CPE Configuration OR *cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* Changed Reference Type https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html No Types Assigned https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html Mailing List, Third Party Advisory Changed Reference Type https://www.oracle.com//security-alerts/cpujul2021.html No Types Assigned https://www.oracle.com//security-alerts/cpujul2021.html Patch, Third Party Advisory Changed Reference Type https://www.oracle.com/security-alerts/cpuApr2021.html No Types Assigned https://www.oracle.com/security-alerts/cpuApr2021.html Patch, Third Party Advisory Changed Reference Type https://www.oracle.com/security-alerts/cpuoct2021.html No Types Assigned https://www.oracle.com/security-alerts/cpuoct2021.html Patch, Third Party Advisory
CVE Modified by MITRE 10/20/2021 7:15:45 AM Action Type Old Value New Value Added Reference https://www.oracle.com/security-alerts/cpuoct2021.html [No Types Assigned]
CVE Modified by MITRE 7/20/2021 7:15:23 PM Action Type Old Value New Value Added Reference https://www.oracle.com//security-alerts/cpujul2021.html [No Types Assigned]
CVE Modified by MITRE 6/14/2021 2:15:31 PM Action Type Old Value New Value Added Reference https://www.oracle.com/security-alerts/cpuApr2021.html [No Types Assigned]
CVE Modified by MITRE 4/24/2021 7:15:08 PM Action Type Old Value New Value Added Reference https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html [No Types Assigned]
Modified Analysis by NIST 2/03/2021 11:40:17 AM Action Type Old Value New Value Added CPE Configuration OR *cpe:2.3:a:netapp:service_level_manager:-:*:*:*:*:*:*:* Changed Reference Type https://security.netapp.com/advisory/ntap-20210122-0005/ No Types Assigned https://security.netapp.com/advisory/ntap-20210122-0005/ Third Party Advisory
CVE Modified by MITRE 1/26/2021 1:15:54 PM Action Type Old Value New Value Added Reference https://security.netapp.com/advisory/ntap-20210122-0005/ [No Types Assigned]
Initial Analysis by NIST 12/18/2020 2:32:50 PM Action Type Old Value New Value Added CVSS V3.1 NIST AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Added CVSS V2 NIST (AV:N/AC:M/Au:N/C:P/I:P/A:P) Added CWE NIST CWE-502 Added CPE Configuration OR *cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:* versions from (including) 2.0.0 up to (excluding) 2.9.10.8 Changed Reference Type https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062 No Types Assigned https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062 Exploit, Technical Description, Third Party Advisory Changed Reference Type https://github.com/FasterXML/jackson-databind/issues/2986 No Types Assigned https://github.com/FasterXML/jackson-databind/issues/2986 Third Party Advisory
Quick Info CVE Dictionary Entry: CVE-2020-35490 NVD Published Date: 12/17/2020 NVD Last Modified: 11/21/2024 Source: MITRE 
) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites. 
