CVEDB API

Vulnerability Details CVE-2017-7525

A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.774

EPSS Ranking 98.9%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 7.5

References

Products affected by CVE-2017-7525

Fasterxml » Jackson-Databind » Version: 2.0.0

cpe:2.3:a:fasterxml:jackson-databind:2.0.0
Fasterxml » Jackson-Databind » Version: 2.0.1

cpe:2.3:a:fasterxml:jackson-databind:2.0.1
Fasterxml » Jackson-Databind » Version: 2.0.2

cpe:2.3:a:fasterxml:jackson-databind:2.0.2
Fasterxml » Jackson-Databind » Version: 2.0.4

cpe:2.3:a:fasterxml:jackson-databind:2.0.4
Fasterxml » Jackson-Databind » Version: 2.0.5

cpe:2.3:a:fasterxml:jackson-databind:2.0.5
Fasterxml » Jackson-Databind » Version: 2.0.6

cpe:2.3:a:fasterxml:jackson-databind:2.0.6
Fasterxml » Jackson-Databind » Version: 2.1.0

cpe:2.3:a:fasterxml:jackson-databind:2.1.0
Fasterxml » Jackson-Databind » Version: 2.1.1

cpe:2.3:a:fasterxml:jackson-databind:2.1.1
Fasterxml » Jackson-Databind » Version: 2.1.2

cpe:2.3:a:fasterxml:jackson-databind:2.1.2
Fasterxml » Jackson-Databind » Version: 2.1.3

cpe:2.3:a:fasterxml:jackson-databind:2.1.3
Fasterxml » Jackson-Databind » Version: 2.1.4

cpe:2.3:a:fasterxml:jackson-databind:2.1.4
Fasterxml » Jackson-Databind » Version: 2.1.5

cpe:2.3:a:fasterxml:jackson-databind:2.1.5
Fasterxml » Jackson-Databind » Version: 2.2.0

cpe:2.3:a:fasterxml:jackson-databind:2.2.0
Fasterxml » Jackson-Databind » Version: 2.2.1

cpe:2.3:a:fasterxml:jackson-databind:2.2.1
Fasterxml » Jackson-Databind » Version: 2.2.2

cpe:2.3:a:fasterxml:jackson-databind:2.2.2
Fasterxml » Jackson-Databind » Version: 2.2.3

cpe:2.3:a:fasterxml:jackson-databind:2.2.3
Fasterxml » Jackson-Databind » Version: 2.2.4

cpe:2.3:a:fasterxml:jackson-databind:2.2.4
Fasterxml » Jackson-Databind » Version: 2.3.0

cpe:2.3:a:fasterxml:jackson-databind:2.3.0
Fasterxml » Jackson-Databind » Version: 2.3.1

cpe:2.3:a:fasterxml:jackson-databind:2.3.1
Fasterxml » Jackson-Databind » Version: 2.3.2

cpe:2.3:a:fasterxml:jackson-databind:2.3.2
Fasterxml » Jackson-Databind » Version: 2.3.3

cpe:2.3:a:fasterxml:jackson-databind:2.3.3
Fasterxml » Jackson-Databind » Version: 2.3.4

cpe:2.3:a:fasterxml:jackson-databind:2.3.4
Fasterxml » Jackson-Databind » Version: 2.3.5

cpe:2.3:a:fasterxml:jackson-databind:2.3.5
Fasterxml » Jackson-Databind » Version: 2.4.0

cpe:2.3:a:fasterxml:jackson-databind:2.4.0
Fasterxml » Jackson-Databind » Version: 2.4.1

cpe:2.3:a:fasterxml:jackson-databind:2.4.1
Fasterxml » Jackson-Databind » Version: 2.4.1.1

cpe:2.3:a:fasterxml:jackson-databind:2.4.1.1
Fasterxml » Jackson-Databind » Version: 2.4.1.2

cpe:2.3:a:fasterxml:jackson-databind:2.4.1.2
Fasterxml » Jackson-Databind » Version: 2.4.1.3

cpe:2.3:a:fasterxml:jackson-databind:2.4.1.3
Fasterxml » Jackson-Databind » Version: 2.4.2

cpe:2.3:a:fasterxml:jackson-databind:2.4.2
Fasterxml » Jackson-Databind » Version: 2.4.3

cpe:2.3:a:fasterxml:jackson-databind:2.4.3
Fasterxml » Jackson-Databind » Version: 2.4.4

cpe:2.3:a:fasterxml:jackson-databind:2.4.4
Fasterxml » Jackson-Databind » Version: 2.4.5

cpe:2.3:a:fasterxml:jackson-databind:2.4.5
Fasterxml » Jackson-Databind » Version: 2.4.5.1

cpe:2.3:a:fasterxml:jackson-databind:2.4.5.1
Fasterxml » Jackson-Databind » Version: 2.4.6

cpe:2.3:a:fasterxml:jackson-databind:2.4.6
Fasterxml » Jackson-Databind » Version: 2.4.6.1

cpe:2.3:a:fasterxml:jackson-databind:2.4.6.1
Fasterxml » Jackson-Databind » Version: 2.5.0

cpe:2.3:a:fasterxml:jackson-databind:2.5.0
Fasterxml » Jackson-Databind » Version: 2.5.1

cpe:2.3:a:fasterxml:jackson-databind:2.5.1
Fasterxml » Jackson-Databind » Version: 2.5.2

cpe:2.3:a:fasterxml:jackson-databind:2.5.2
Fasterxml » Jackson-Databind » Version: 2.5.3

cpe:2.3:a:fasterxml:jackson-databind:2.5.3
Fasterxml » Jackson-Databind » Version: 2.5.4

cpe:2.3:a:fasterxml:jackson-databind:2.5.4
Fasterxml » Jackson-Databind » Version: 2.5.5

cpe:2.3:a:fasterxml:jackson-databind:2.5.5
Fasterxml » Jackson-Databind » Version: 2.6.0

cpe:2.3:a:fasterxml:jackson-databind:2.6.0
Fasterxml » Jackson-Databind » Version: 2.6.1

cpe:2.3:a:fasterxml:jackson-databind:2.6.1
Fasterxml » Jackson-Databind » Version: 2.6.2

cpe:2.3:a:fasterxml:jackson-databind:2.6.2
Fasterxml » Jackson-Databind » Version: 2.6.3

cpe:2.3:a:fasterxml:jackson-databind:2.6.3
Fasterxml » Jackson-Databind » Version: 2.6.4

cpe:2.3:a:fasterxml:jackson-databind:2.6.4
Fasterxml » Jackson-Databind » Version: 2.6.5

cpe:2.3:a:fasterxml:jackson-databind:2.6.5
Fasterxml » Jackson-Databind » Version: 2.6.6

cpe:2.3:a:fasterxml:jackson-databind:2.6.6
Fasterxml » Jackson-Databind » Version: 2.6.7

cpe:2.3:a:fasterxml:jackson-databind:2.6.7
Fasterxml » Jackson-Databind » Version: 2.7.0

cpe:2.3:a:fasterxml:jackson-databind:2.7.0
Fasterxml » Jackson-Databind » Version: 2.7.1

cpe:2.3:a:fasterxml:jackson-databind:2.7.1
Fasterxml » Jackson-Databind » Version: 2.7.1-1

cpe:2.3:a:fasterxml:jackson-databind:2.7.1-1
Fasterxml » Jackson-Databind » Version: 2.7.2

cpe:2.3:a:fasterxml:jackson-databind:2.7.2
Fasterxml » Jackson-Databind » Version: 2.7.3

cpe:2.3:a:fasterxml:jackson-databind:2.7.3
Fasterxml » Jackson-Databind » Version: 2.7.4

cpe:2.3:a:fasterxml:jackson-databind:2.7.4
Fasterxml » Jackson-Databind » Version: 2.7.5

cpe:2.3:a:fasterxml:jackson-databind:2.7.5
Fasterxml » Jackson-Databind » Version: 2.7.6

cpe:2.3:a:fasterxml:jackson-databind:2.7.6
Fasterxml » Jackson-Databind » Version: 2.7.7

cpe:2.3:a:fasterxml:jackson-databind:2.7.7
Fasterxml » Jackson-Databind » Version: 2.7.8

cpe:2.3:a:fasterxml:jackson-databind:2.7.8
Fasterxml » Jackson-Databind » Version: 2.7.9

cpe:2.3:a:fasterxml:jackson-databind:2.7.9
Fasterxml » Jackson-Databind » Version: 2.8.0

cpe:2.3:a:fasterxml:jackson-databind:2.8.0
Fasterxml » Jackson-Databind » Version: 2.8.1

cpe:2.3:a:fasterxml:jackson-databind:2.8.1
Fasterxml » Jackson-Databind » Version: 2.8.2

cpe:2.3:a:fasterxml:jackson-databind:2.8.2
Fasterxml » Jackson-Databind » Version: 2.8.3

cpe:2.3:a:fasterxml:jackson-databind:2.8.3
Fasterxml » Jackson-Databind » Version: 2.8.4

cpe:2.3:a:fasterxml:jackson-databind:2.8.4
Fasterxml » Jackson-Databind » Version: 2.8.5

cpe:2.3:a:fasterxml:jackson-databind:2.8.5
Fasterxml » Jackson-Databind » Version: 2.8.6

cpe:2.3:a:fasterxml:jackson-databind:2.8.6
Fasterxml » Jackson-Databind » Version: 2.8.7

cpe:2.3:a:fasterxml:jackson-databind:2.8.7
Fasterxml » Jackson-Databind » Version: 2.8.8

cpe:2.3:a:fasterxml:jackson-databind:2.8.8
Fasterxml » Jackson-Databind » Version: 2.8.8.1

cpe:2.3:a:fasterxml:jackson-databind:2.8.8.1
Fasterxml » Jackson-Databind » Version: 2.9.0

cpe:2.3:a:fasterxml:jackson-databind:2.9.0
Netapp » Oncommand Balance » Version: N/A

cpe:2.3:a:netapp:oncommand_balance:-
Netapp » Oncommand Performance Manager » Version: N/A

cpe:2.3:a:netapp:oncommand_performance_manager:-
Netapp » Oncommand Shift » Version: N/A

cpe:2.3:a:netapp:oncommand_shift:-
Netapp » Snapcenter » Version: N/A

cpe:2.3:a:netapp:snapcenter:-
Oracle » Banking Platform » Version: 2.5.0

cpe:2.3:a:oracle:banking_platform:2.5.0
Oracle » Banking Platform » Version: 2.6.0

cpe:2.3:a:oracle:banking_platform:2.6.0
Oracle » Banking Platform » Version: 2.6.1

cpe:2.3:a:oracle:banking_platform:2.6.1
Oracle » Banking Platform » Version: 2.6.2

cpe:2.3:a:oracle:banking_platform:2.6.2
Oracle » Communications Billing And Revenue Management » Version: 12.0

cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0
Oracle » Communications Billing And Revenue Management » Version: 7.5

cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5
Oracle » Communications Communications Policy Management » Version: 12.0

cpe:2.3:a:oracle:communications_communications_policy_management:12.0
Oracle » Communications Communications Policy Management » Version: 12.5

cpe:2.3:a:oracle:communications_communications_policy_management:12.5
Oracle » Communications Communications Policy Management » Version: 12.5.1

cpe:2.3:a:oracle:communications_communications_policy_management:12.5.1
Oracle » Communications Communications Policy Management » Version: 12.5.2

cpe:2.3:a:oracle:communications_communications_policy_management:12.5.2
Oracle » Communications Diameter Signaling Route » Version: N/A

cpe:2.3:a:oracle:communications_diameter_signaling_route:-
Oracle » Communications Diameter Signaling Route » Version: 8.0.0.0

cpe:2.3:a:oracle:communications_diameter_signaling_route:8.0.0.0
Oracle » Communications Instant Messaging Server » Version: 10.0.1

cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1
Oracle » Communications Instant Messaging Server » Version: 10.0.1.2.0

cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.2.0
Oracle » Enterprise Manager For Virtualization » Version: 13.2.2

cpe:2.3:a:oracle:enterprise_manager_for_virtualization:13.2.2
Oracle » Enterprise Manager For Virtualization » Version: 13.2.3

cpe:2.3:a:oracle:enterprise_manager_for_virtualization:13.2.3
Oracle » Enterprise Manager For Virtualization » Version: 13.3.1

cpe:2.3:a:oracle:enterprise_manager_for_virtualization:13.3.1
Oracle » Financial Services Analytical Applications Infrastructure » Version: 8.0.2.0.0

cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.2.0.0
Oracle » Financial Services Analytical Applications Infrastructure » Version: 8.0.3.0.0

cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.3.0.0
Oracle » Financial Services Analytical Applications Infrastructure » Version: 8.0.4.0.0

cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.4.0.0
Oracle » Financial Services Analytical Applications Infrastructure » Version: 8.0.5.0.0

cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.5.0.0
Oracle » Financial Services Analytical Applications Infrastructure » Version: 8.0.6.0.0

cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6.0.0
Oracle » Financial Services Analytical Applications Infrastructure » Version: 8.0.7.0.0

cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.7.0.0
Oracle » Global Lifecycle Management Opatchauto » Version: N/A

cpe:2.3:a:oracle:global_lifecycle_management_opatchauto:-
Oracle » Primavera Unifier » Version: 16.1

cpe:2.3:a:oracle:primavera_unifier:16.1
Oracle » Primavera Unifier » Version: 16.2

cpe:2.3:a:oracle:primavera_unifier:16.2
Oracle » Primavera Unifier » Version: 17.1

cpe:2.3:a:oracle:primavera_unifier:17.1
Oracle » Primavera Unifier » Version: 17.10

cpe:2.3:a:oracle:primavera_unifier:17.10
Oracle » Primavera Unifier » Version: 17.11

cpe:2.3:a:oracle:primavera_unifier:17.11
Oracle » Primavera Unifier » Version: 17.12

cpe:2.3:a:oracle:primavera_unifier:17.12
Oracle » Primavera Unifier » Version: 17.2

cpe:2.3:a:oracle:primavera_unifier:17.2
Oracle » Primavera Unifier » Version: 17.3

cpe:2.3:a:oracle:primavera_unifier:17.3
Oracle » Primavera Unifier » Version: 17.4

cpe:2.3:a:oracle:primavera_unifier:17.4
Oracle » Primavera Unifier » Version: 17.5

cpe:2.3:a:oracle:primavera_unifier:17.5
Oracle » Primavera Unifier » Version: 17.6

cpe:2.3:a:oracle:primavera_unifier:17.6
Oracle » Primavera Unifier » Version: 17.7

cpe:2.3:a:oracle:primavera_unifier:17.7
Oracle » Primavera Unifier » Version: 17.8

cpe:2.3:a:oracle:primavera_unifier:17.8
Oracle » Primavera Unifier » Version: 17.9

cpe:2.3:a:oracle:primavera_unifier:17.9
Oracle » Primavera Unifier » Version: 18.8

cpe:2.3:a:oracle:primavera_unifier:18.8
Oracle » Utilities Advanced Spatial And Operational Analytics » Version: 2.7.0.1

cpe:2.3:a:oracle:utilities_advanced_spatial_and_operational_analytics:2.7.0.1
Oracle » Webcenter Portal » Version: 12.2.1.3.0

cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0
Redhat » Jboss Enterprise Application Platform » Version: 6.0.0

cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0
Redhat » Jboss Enterprise Application Platform » Version: 6.4.0

cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.4.0
Redhat » Jboss Enterprise Application Platform » Version: 7.0

cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0
Redhat » Jboss Enterprise Application Platform » Version: 7.1

cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.1
Redhat » Openshift Container Platform » Version: 3.11

cpe:2.3:a:redhat:openshift_container_platform:3.11
Redhat » Openshift Container Platform » Version: 4.1

cpe:2.3:a:redhat:openshift_container_platform:4.1
Redhat » Virtualization » Version: 4.0

cpe:2.3:a:redhat:virtualization:4.0
Redhat » Virtualization Host » Version: 4.0

cpe:2.3:a:redhat:virtualization_host:4.0
Debian » Debian Linux » Version: 8.0

cpe:2.3:o:debian:debian_linux:8.0
Debian » Debian Linux » Version: 9.0

cpe:2.3:o:debian:debian_linux:9.0
Redhat » Enterprise Linux Server » Version: 5.0

cpe:2.3:o:redhat:enterprise_linux_server:5.0
Redhat » Enterprise Linux Server » Version: 6.0

cpe:2.3:o:redhat:enterprise_linux_server:6.0
Redhat » Enterprise Linux Server » Version: 7.0

cpe:2.3:o:redhat:enterprise_linux_server:7.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2017-7525

Products

Pricing

Contact Us