{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-13T14:28:39.524","vulnerabilities":[{"cve":{"id":"CVE-2019-14893","sourceIdentifier":"secalert@redhat.com","published":"2020-03-02T21:15:17.520","lastModified":"2024-11-21T04:27:37.670","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was discovered in FasterXML jackson-databind in all versions before 2.9.10 and 2.10.0, where it would permit polymorphic deserialization of malicious objects using the xalan JNDI gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code."},{"lang":"es","value":"Se detectó un fallo en FasterXML jackson-databind en todas las versiones anteriores a 2.9.10 y 2.10.0, donde permitiría la deserialización polimórfica de objetos maliciosos usando el gadget xalan JNDI cuando se utiliza en conjunto con métodos de manejo de tipos polimórficos como \"enableDefaultTyping()\" o cuando @JsonTypeInfo está usando \"Id.CLASS\" o \"Id.MINIMAL_CLASS\" o de cualquier otra manera en que ObjectMapper.readValue pueda crear instancias de objetos de fuentes no seguras. Un atacante podría usar este fallo para ejecutar código arbitrario."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV30":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-200"},{"lang":"en","value":"CWE-502"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-502"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*","versionStartIncluding":"2.8.0","versionEndExcluding":"2.8.11.5","matchCriteriaId":"BF323F3D-B2A4-41E7-94F9-5539C9B7025E"},{"vulnerable":true,"criteria":"cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*","versionStartIncluding":"2.9.0","versionEndExcluding":"2.9.10","matchCriteriaId":"FE5543DD-3F9D-45EF-8034-E1EF9657955A"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:oncommand_api_services:-:*:*:*:*:*:*:*","matchCriteriaId":"5EC98B22-FFAA-4B59-8E63-EBAA4336AD13"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*","matchCriteriaId":"E94F7F59-1785-493F-91A7-5F5EA5E87E4D"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:goldengate_stream_analytics:*:*:*:*:*:*:*:*","versionEndExcluding":"19.1.0.0.1","matchCriteriaId":"F4E7F2AA-B851-4D85-9895-2CDD6BE9FCB4"}]}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2020:0729","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14893","source":"secalert@redhat.com","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://github.com/FasterXML/jackson-databind/issues/2469","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E","source":"secalert@redhat.com"},{"url":"https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E","source":"secalert@redhat.com"},{"url":"https://security.netapp.com/advisory/ntap-20200327-0006/","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpujul2020.html","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpuoct2020.html","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2020:0729","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14893","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://github.com/FasterXML/jackson-databind/issues/2469","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.netapp.com/advisory/ntap-20200327-0006/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpujul2020.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpuoct2020.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}