CVE-2019-10202

moderate-risk

Published 2019-10-01

A series of deserialization vulnerabilities have been discovered in Codehaus 1.9.x implemented in EAP 7. This CVE fixes CVE-2017-17485, CVE-2017-7525, CVE-2017-15095, CVE-2018-5968, CVE-2018-7489, CVE-2018-1000873, CVE-2019-12086 reported for FasterXML jackson-databind by implementing a whitelist approach that will mitigate these vulnerabilities and future ones alike.

Do I need to act?

7.2% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 9.8/10 Critical

NETWORK / LOW complexity

Affected Products (1)

Jboss Enterprise Application Platform

Affected Vendors

Redhat

References (18)

Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10202

https://lists.apache.org/thread.html/r0fbf2c60967bc9f73d7f5a62ad3b955789f9a14b95...

https://lists.apache.org/thread.html/r1edabcfacdad42d3c830464e9cf07a9a489059a7b7...

https://lists.apache.org/thread.html/r356592d9874ab4bc9da4754592f8aa6edc894c95e1...

https://lists.apache.org/thread.html/r500867b74f42230a3d65b8aec31fc93ac390eeae73...

https://lists.apache.org/thread.html/r5f16a1bd31a7e94ca78eda686179930781aa3a4a99...

https://lists.apache.org/thread.html/r6dea2a887f5eb1d68f124d64b14cd1a04f682f06de...

https://lists.apache.org/thread.html/rce00a1c60f7df4b10e72fa87827c102f55b074bb91...

https://lists.apache.org/thread.html/refea6018a2c4e9eb7838cab567ed219c3f726dcd83...