QwikSec

Security Database

CVE

CWE

Training

CVE-2019-10202

Published: Oct 1, 2019

Modified: Aug 4, 2024

PUBLISHED

CVSS v3.0

8.1

HIGH

Description

A series of deserialization vulnerabilities have been discovered in Codehaus 1.9.x implemented in EAP 7. This CVE fixes CVE-2017-17485, CVE-2017-7525, CVE-2017-15095, CVE-2018-5968, CVE-2018-7489, CVE-2018-1000873, CVE-2019-12086 reported for FasterXML jackson-databind by implementing a whitelist approach that will mitigate these vulnerabilities and future ones alike.

Vendor	Product	Versions
RedHat	codehaus	affected `Codehaus 1.9.x`

Weaknesses (CWE)

CVSS v3.0 Details

CVSS v3.0 Vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10202

x_refsource_CONFIRM

[flume-issues] 20200221 [jira] [Created] (FLUME-3356) Probable security issue in Flume

mailing-list

x_refsource_MLIST

[hive-issues] 20210318 [jira] [Updated] (HIVE-24904) CVE-2019-10172,CVE-2019-10202 vulnerabilities in jackson-mapper-asl-1.9.13.jar

mailing-list

x_refsource_MLIST

[hive-issues] 20210318 [jira] [Assigned] (HIVE-24904) CVE-2019-10172,CVE-2019-10202 vulnerabilities in jackson-mapper-asl-1.9.13.jar

mailing-list

x_refsource_MLIST

[hive-dev] 20210318 [jira] [Created] (HIVE-24904) CVE-2019-10172,CVE-2019-10202 vulnerabilities in jackson-mapper-asl-1.9.13.jar

mailing-list

x_refsource_MLIST

[hive-issues] 20210318 [jira] [Commented] (HIVE-24904) CVE-2019-10172,CVE-2019-10202 vulnerabilities in jackson-mapper-asl-1.9.13.jar

mailing-list

x_refsource_MLIST

[hive-dev] 20210318 CVE-2019-10172,CVE-2019-10202 vulnerabilities in jackson-mapper-asl-1.9.13.jar

mailing-list

x_refsource_MLIST

[hive-issues] 20210318 [jira] [Comment Edited] (HIVE-24904) CVE-2019-10172,CVE-2019-10202 vulnerabilities in jackson-mapper-asl-1.9.13.jar

mailing-list

x_refsource_MLIST

[hive-issues] 20210729 [jira] [Resolved] (HIVE-24904) CVE-2019-10172,CVE-2019-10202 vulnerabilities in jackson-mapper-asl-1.9.13.jar

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.