NVD - Results

Sort results by:

Search Results (Refine Search)

Search Parameters:

Results Type: Overview
Keyword (text search): cpe:2.3:a:redhat:jboss_brms:6.4.10:*:*:*:*:*:*:*

There are 5 matching records.

Displaying matches 1 through 5.

Vuln ID	Summary	CVSS Severity
CVE-2018-12023	An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Oracle JDBC jar in the classpath, and an attacker can provide an LDAP service to access, it is possible to make the service execute a malicious payload. Published: March 21, 2019; 12:00:12 PM -0400	V3.0: 7.5 HIGH V2.0: 5.1 MEDIUM
CVE-2018-12022	An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Jodd-db jar (for database access for the Jodd framework) in the classpath, and an attacker can provide an LDAP service to access, it is possible to make the service execute a malicious payload. Published: March 21, 2019; 12:00:12 PM -0400	V3.1: 7.5 HIGH V2.0: 5.1 MEDIUM
CVE-2018-19362	FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the jboss-common-core class from polymorphic deserialization. Published: January 02, 2019; 1:29:00 PM -0500	V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH
CVE-2018-19361	FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the openjpa class from polymorphic deserialization. Published: January 02, 2019; 1:29:00 PM -0500	V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH
CVE-2018-19360	FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the axis2-transport-jms class from polymorphic deserialization. Published: January 02, 2019; 1:29:00 PM -0500	V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH