CVE-2019-14379

high-risk

Published 2019-07-29

SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code execution.

Do I need to act?

1.5% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 9.8/10 Critical

NETWORK / LOW complexity

Affected Products (20)

Jackson-Databind

Debian Linux

Active Iq Unified Manager

Oncommand Workflow Automation

Service Level Manager

Snapcenter

Fedora

Jboss Enterprise Application Platform

Openshift Container Platform

Single Sign-On

Openshift Container Platform

Banking Platform

Affected Vendors

Debian Redhat Apple Oracle Fedoraproject Netapp Fasterxml

References (118)

Mailing List http://seclists.org/fulldisclosure/2022/Mar/23

Third Party Advisory https://access.redhat.com/errata/RHBA-2019:2824

Third Party Advisory https://access.redhat.com/errata/RHSA-2019:2743

Third Party Advisory https://access.redhat.com/errata/RHSA-2019:2858

Third Party Advisory https://access.redhat.com/errata/RHSA-2019:2935

Third Party Advisory https://access.redhat.com/errata/RHSA-2019:2936

Third Party Advisory https://access.redhat.com/errata/RHSA-2019:2937

Third Party Advisory https://access.redhat.com/errata/RHSA-2019:2938

Third Party Advisory https://access.redhat.com/errata/RHSA-2019:2998

Third Party Advisory https://access.redhat.com/errata/RHSA-2019:3044

Third Party Advisory https://access.redhat.com/errata/RHSA-2019:3045

Third Party Advisory https://access.redhat.com/errata/RHSA-2019:3046

Third Party Advisory https://access.redhat.com/errata/RHSA-2019:3050

Third Party Advisory https://access.redhat.com/errata/RHSA-2019:3149

Third Party Advisory https://access.redhat.com/errata/RHSA-2019:3200

Third Party Advisory https://access.redhat.com/errata/RHSA-2019:3292

Third Party Advisory https://access.redhat.com/errata/RHSA-2019:3297

Third Party Advisory https://access.redhat.com/errata/RHSA-2019:3901

Third Party Advisory https://access.redhat.com/errata/RHSA-2020:0727

Patch https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.9.1.....

and 98 more references

/ 100

high-risk

Severity 32/34 · Critical

Exploitability 4/34 · Minimal

Exposure 25/34 · High