Product:

Communications_instant_messaging_server

(Oracle)
Repositories https://github.com/FasterXML/jackson-databind
#Vulnerabilities 57
Date Id Summary Products Score Patch Annotated
2022-01-18 CVE-2022-23305 By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. The message converter, %m, is likely to always be included. This allows attackers to manipulate the SQL by entering crafted strings into input fields or headers of an application that are logged allowing unintended SQL queries to be executed. Note this issue only affects Log4j 1.x when specifically configured to use the... Log4j, Brocade_sannav, Snapmanager, Advanced_supply_chain_planning, Business_intelligence, Business_process_management_suite, Communications_eagle_ftp_table_base_retrieval, Communications_instant_messaging_server, Communications_messaging_server, Communications_network_integrity, Communications_offline_mediation_controller, Communications_unified_inventory_management, E\-Business_suite_cloud_manager_and_cloud_backup_module, E\-Business_suite_information_discovery, Enterprise_manager_base_platform, Financial_services_revenue_management_and_billing_analytics, Healthcare_foundation, Hyperion_data_relationship_management, Hyperion_infrastructure_technology, Identity_management_suite, Identity_manager_connector, Jdeveloper, Middleware_common_libraries_and_tools, Mysql_enterprise_monitor, Retail_extract_transform_and_load, Tuxedo, Weblogic_server, Reload4j 9.8
2022-01-18 CVE-2022-23307 CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists. Chainsaw, Log4j, Advanced_supply_chain_planning, Business_intelligence, Business_process_management_suite, Communications_eagle_ftp_table_base_retrieval, Communications_instant_messaging_server, Communications_messaging_server, Communications_network_integrity, Communications_offline_mediation_controller, Communications_unified_inventory_management, E\-Business_suite_cloud_manager_and_cloud_backup_module, Enterprise_manager_base_platform, Financial_services_revenue_management_and_billing_analytics, Healthcare_foundation, Hyperion_data_relationship_management, Hyperion_infrastructure_technology, Identity_management_suite, Identity_manager_connector, Jdeveloper, Middleware_common_libraries_and_tools, Mysql_enterprise_monitor, Retail_extract_transform_and_load, Tuxedo, Weblogic_server, Reload4j 8.8
2017-10-04 CVE-2017-12617 When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default servlet to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server. Tomcat, Ubuntu_linux, Debian_linux, Active_iq_unified_manager, Element, Oncommand_balance, Oncommand_insight, Oncommand_shift, Oncommand_workflow_automation, Snapcenter, Agile_plm, Communications_instant_messaging_server, Endeca_information_discovery_integrator, Enterprise_manager_for_mysql_database, Financial_services_analytical_applications_infrastructure, Fmw_platform, Health_sciences_empirica_inspections, Hospitality_guest_access, Instantis_enterprisetrack, Management_pack, Micros_lucas, Micros_retail_xbri_loss_prevention, Mysql_enterprise_monitor, Retail_advanced_inventory_planning, Retail_back_office, Retail_central_office, Retail_convenience_and_fuel_pos_software, Retail_eftlink, Retail_insights, Retail_invoice_matching, Retail_order_broker, Retail_order_management_system, Retail_point\-Of\-Service, Retail_price_management, Retail_returns_management, Retail_store_inventory_management, Retail_xstore_point_of_service, Transportation_management, Tuxedo_system_and_applications_monitor, Webcenter_sites, Workload_manager, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_eus_compute_node, Enterprise_linux_for_ibm_z_systems, Enterprise_linux_for_ibm_z_systems_eus, Enterprise_linux_for_power_big_endian, Enterprise_linux_for_power_big_endian_eus, Enterprise_linux_for_power_little_endian, Enterprise_linux_for_power_little_endian_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Fuse, Jboss_enterprise_application_platform, Jboss_enterprise_web_server, Jboss_enterprise_web_server_text\-Only_advisories 8.1
2020-03-18 CVE-2020-10673 FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus). Debian_linux, Jackson\-Databind, Steelstore_cloud_integrated_storage, Agile_plm, Autovue_for_agile_product_lifecycle_management, Banking_digital_experience, Banking_platform, Communications_calendar_server, Communications_contacts_server, Communications_diameter_signaling_router, Communications_element_manager, Communications_evolved_communications_application_server, Communications_instant_messaging_server, Communications_network_charging_and_control, Communications_session_report_manager, Communications_session_route_manager, Enterprise_manager_base_platform, Financial_services_analytical_applications_infrastructure, Financial_services_institutional_performance_analytics, Financial_services_price_creation_and_discovery, Financial_services_retail_customer_analytics, Global_lifecycle_management_opatch, Insurance_policy_administration_j2ee, Jd_edwards_enterpriseone_orchestrator, Jd_edwards_enterpriseone_tools, Primavera_unifier, Retail_merchandising_system, Retail_sales_audit, Retail_service_backbone, Retail_xstore_point_of_service, Weblogic_server 8.8
2020-03-18 CVE-2020-10672 FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms). Debian_linux, Jackson\-Databind, Steelstore_cloud_integrated_storage, Agile_plm, Autovue_for_agile_product_lifecycle_management, Banking_digital_experience, Banking_platform, Communications_calendar_server, Communications_contacts_server, Communications_diameter_signaling_router, Communications_element_manager, Communications_evolved_communications_application_server, Communications_instant_messaging_server, Communications_network_charging_and_control, Communications_session_report_manager, Communications_session_route_manager, Enterprise_manager_base_platform, Financial_services_analytical_applications_infrastructure, Financial_services_institutional_performance_analytics, Financial_services_price_creation_and_discovery, Financial_services_retail_customer_analytics, Global_lifecycle_management_opatch, Insurance_policy_administration_j2ee, Jd_edwards_enterpriseone_orchestrator, Jd_edwards_enterpriseone_tools, Primavera_unifier, Retail_merchandising_system, Retail_sales_audit, Retail_service_backbone, Retail_xstore_point_of_service, Weblogic_server 8.8
2020-03-26 CVE-2020-10968 FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy). Debian_linux, Jackson\-Databind, Steelstore_cloud_integrated_storage, Agile_plm, Autovue_for_agile_product_lifecycle_management, Banking_digital_experience, Banking_platform, Communications_calendar_server, Communications_contacts_server, Communications_diameter_signaling_router, Communications_element_manager, Communications_evolved_communications_application_server, Communications_instant_messaging_server, Communications_network_charging_and_control, Communications_session_report_manager, Communications_session_route_manager, Enterprise_manager_base_platform, Financial_services_analytical_applications_infrastructure, Financial_services_institutional_performance_analytics, Financial_services_price_creation_and_discovery, Financial_services_retail_customer_analytics, Global_lifecycle_management_opatch, Insurance_policy_administration_j2ee, Jd_edwards_enterpriseone_orchestrator, Jd_edwards_enterpriseone_tools, Primavera_unifier, Retail_merchandising_system, Retail_sales_audit, Retail_service_backbone, Retail_xstore_point_of_service, Weblogic_server 8.8
2020-03-26 CVE-2020-10969 FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane. Debian_linux, Jackson\-Databind, Steelstore_cloud_integrated_storage, Agile_plm, Autovue_for_agile_product_lifecycle_management, Banking_digital_experience, Banking_platform, Communications_calendar_server, Communications_contacts_server, Communications_diameter_signaling_router, Communications_element_manager, Communications_evolved_communications_application_server, Communications_instant_messaging_server, Communications_network_charging_and_control, Communications_session_report_manager, Communications_session_route_manager, Enterprise_manager_base_platform, Financial_services_analytical_applications_infrastructure, Financial_services_institutional_performance_analytics, Financial_services_price_creation_and_discovery, Financial_services_retail_customer_analytics, Global_lifecycle_management_opatch, Insurance_policy_administration_j2ee, Jd_edwards_enterpriseone_orchestrator, Jd_edwards_enterpriseone_tools, Primavera_unifier, Retail_merchandising_system, Retail_sales_audit, Retail_service_backbone, Retail_xstore_point_of_service, Weblogic_server 8.8
2020-03-31 CVE-2020-11111 FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms). Debian_linux, Jackson\-Databind, Steelstore_cloud_integrated_storage, Agile_plm, Autovue_for_agile_product_lifecycle_management, Banking_digital_experience, Banking_platform, Communications_calendar_server, Communications_contacts_server, Communications_diameter_signaling_router, Communications_element_manager, Communications_evolved_communications_application_server, Communications_instant_messaging_server, Communications_network_charging_and_control, Communications_session_report_manager, Communications_session_route_manager, Enterprise_manager_base_platform, Global_lifecycle_management_opatch, Jd_edwards_enterpriseone_orchestrator, Jd_edwards_enterpriseone_tools, Primavera_unifier, Retail_merchandising_system, Retail_sales_audit, Retail_xstore_point_of_service, Weblogic_server 8.8
2020-03-31 CVE-2020-11112 FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy). Debian_linux, Jackson\-Databind, Steelstore_cloud_integrated_storage, Agile_plm, Autovue_for_agile_product_lifecycle_management, Banking_digital_experience, Banking_platform, Communications_calendar_server, Communications_contacts_server, Communications_diameter_signaling_router, Communications_element_manager, Communications_evolved_communications_application_server, Communications_instant_messaging_server, Communications_network_charging_and_control, Communications_session_report_manager, Communications_session_route_manager, Enterprise_manager_base_platform, Financial_services_analytical_applications_infrastructure, Financial_services_institutional_performance_analytics, Financial_services_price_creation_and_discovery, Financial_services_retail_customer_analytics, Global_lifecycle_management_opatch, Insurance_policy_administration_j2ee, Jd_edwards_enterpriseone_orchestrator, Jd_edwards_enterpriseone_tools, Primavera_unifier, Retail_merchandising_system, Retail_sales_audit, Retail_service_backbone, Retail_xstore_point_of_service, Weblogic_server 8.8
2020-03-31 CVE-2020-11113 FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa). Debian_linux, Jackson\-Databind, Steelstore_cloud_integrated_storage, Agile_plm, Autovue_for_agile_product_lifecycle_management, Banking_digital_experience, Banking_platform, Communications_calendar_server, Communications_contacts_server, Communications_diameter_signaling_router, Communications_element_manager, Communications_evolved_communications_application_server, Communications_instant_messaging_server, Communications_network_charging_and_control, Communications_session_report_manager, Communications_session_route_manager, Enterprise_manager_base_platform, Financial_services_analytical_applications_infrastructure, Financial_services_institutional_performance_analytics, Financial_services_price_creation_and_discovery, Financial_services_retail_customer_analytics, Global_lifecycle_management_opatch, Insurance_policy_administration_j2ee, Jd_edwards_enterpriseone_orchestrator, Jd_edwards_enterpriseone_tools, Primavera_unifier, Retail_merchandising_system, Retail_sales_audit, Retail_service_backbone, Retail_xstore_point_of_service, Webcenter_portal, Weblogic_server 8.8