CVE-2018-12022

moderate-risk
Published 2019-03-21

An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Jodd-db jar (for database access for the Jodd framework) in the classpath, and an attacker can provide an LDAP service to access, it is possible to make the service execute a malicious payload.

Do I need to act?

~
3.0% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10 High
NETWORK / HIGH complexity

Affected Products (11)

Automation Manager
Jboss Brms

Affected Vendors

Debian Redhat Oracle Fedoraproject Fasterxml

References (72)

Third Party Advisory http://www.securityfocus.com/bid/107585
Third Party Advisory https://access.redhat.com/errata/RHBA-2019:0959
Third Party Advisory https://access.redhat.com/errata/RHSA-2019:0782
Third Party Advisory https://access.redhat.com/errata/RHSA-2019:0877
Third Party Advisory https://access.redhat.com/errata/RHSA-2019:1106
Third Party Advisory https://access.redhat.com/errata/RHSA-2019:1107
Third Party Advisory https://access.redhat.com/errata/RHSA-2019:1108
Third Party Advisory https://access.redhat.com/errata/RHSA-2019:1140
Third Party Advisory https://access.redhat.com/errata/RHSA-2019:1782
Third Party Advisory https://access.redhat.com/errata/RHSA-2019:1797
Third Party Advisory https://access.redhat.com/errata/RHSA-2019:1822
Third Party Advisory https://access.redhat.com/errata/RHSA-2019:1823
Third Party Advisory https://access.redhat.com/errata/RHSA-2019:2804
Third Party Advisory https://access.redhat.com/errata/RHSA-2019:2858
Third Party Advisory https://access.redhat.com/errata/RHSA-2019:3002
Third Party Advisory https://access.redhat.com/errata/RHSA-2019:3140
Third Party Advisory https://access.redhat.com/errata/RHSA-2019:3149
Third Party Advisory https://access.redhat.com/errata/RHSA-2019:3892
Third Party Advisory https://access.redhat.com/errata/RHSA-2019:4037
Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=1671098
and 52 more references
44
/ 100
moderate-risk
Severity 22/34 · High
Exploitability 6/34 · Minimal
Exposure 16/34 · Moderate