Red Hat JBoss BRMS 6.4.10

CPE Details

Red Hat JBoss BRMS 6.4.10
redhat
jboss_brms
6.4.10
2019-12-13
17h28 +00:00
2019-12-13
17h28 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:redhat:jboss_brms:6.4.10:*:*:*:*:*:*:*

Informations

Vendor

redhat

Product

jboss_brms

Version

6.4.10

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2018-12022 2019-03-17 17h14 +00:00 An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Jodd-db jar (for database access for the Jodd framework) in the classpath, and an attacker can provide an LDAP service to access, it is possible to make the service execute a malicious payload.
7.5
High
CVE-2018-12023 2019-03-17 16h57 +00:00 An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Oracle JDBC jar in the classpath, and an attacker can provide an LDAP service to access, it is possible to make the service execute a malicious payload.
7.5
High
CVE-2018-19360 2019-01-02 17h00 +00:00 FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the axis2-transport-jms class from polymorphic deserialization.
9.8
Critical
CVE-2018-19361 2019-01-02 17h00 +00:00 FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the openjpa class from polymorphic deserialization.
9.8
Critical
CVE-2018-19362 2019-01-02 17h00 +00:00 FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the jboss-common-core class from polymorphic deserialization.
9.8
Critical