CVE-2019-20330

CRITICAL

Netapp Snapcenter < 2.7.9.7 - Insecure Deserialization

Title source: rule

Description

FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.ehcache blocking.

Exploits (2)

nomisec WORKING POC

by dawetmaster · poc

https://github.com/dawetmaster/CVE-2019-20330-jackson-databind-vulnerable

View Code ZIP pw:eip

nomisec WORKING POC

by andikahilmy · poc

https://github.com/andikahilmy/CVE-2019-20330-jackson-databind-vulnerable

View Code ZIP pw:eip

References (33)

[Patch, Third Party Advisory] https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.10.1...jackson-databind-2.9.10.2

[Patch, Third Party Advisory] https://github.com/FasterXML/jackson-databind/issues/2526

[Mailing List] https://lists.apache.org/thread.html/r107c8737db39ec9ec4f4e7147b249e29be79170b9ef4b80528105a2d%40%3Cdev.zookeeper.apache.org%3E

[Mailing List, Third Party Advisory] https://lists.debian.org/debian-lts-announce/2020/02/msg00020.html

[Third Party Advisory] https://security.netapp.com/advisory/ntap-20200127-0004/

[Patch, Third Party Advisory] https://www.oracle.com//security-alerts/cpujul2021.html

[Third Party Advisory] https://www.oracle.com/security-alerts/cpuapr2020.html

[Third Party Advisory] https://www.oracle.com/security-alerts/cpujul2020.html

[Patch, Third Party Advisory] https://www.oracle.com/security-alerts/cpuoct2020.html

[Mailing List] https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E

[Mailing List] https://lists.apache.org/thread.html/r2c77dd6ab8344285bd8e481b57cf3029965a4b0036eefccef74cdd44%40%3Cnotifications.zookeeper.apache.org%3E

[Mailing List] https://lists.apache.org/thread.html/r392099ed2757ff2e383b10440594e914d080511d7da1c8fed0612c1f%40%3Ccommits.druid.apache.org%3E

[Mailing List] https://lists.apache.org/thread.html/r3f8180d0d25a7c6473ebb9714b0c1d19a73f455ae70d0c5fefc17e6c%40%3Cissues.zookeeper.apache.org%3E

[Mailing List] https://lists.apache.org/thread.html/r428735963bee7cb99877b88d3228e28ec28af64646455c4f3e7a3c94%40%3Cissues.zookeeper.apache.org%3E

[Mailing List] https://lists.apache.org/thread.html/r50f513772f12e1babf65c7c2b9c16425bac2d945351879e2e267517f%40%3Cissues.zookeeper.apache.org%3E

[Mailing List] https://lists.apache.org/thread.html/r5c14fdcabdeaba258857bcb67198652e4dce1d33ddc590cd81d82393%40%3Cdev.zookeeper.apache.org%3E

[Mailing List] https://lists.apache.org/thread.html/r5c3644c97f0434d1ceb48ff48897a67bdbf3baf7efbe7d04625425b3%40%3Ccommits.druid.apache.org%3E

[Mailing List] https://lists.apache.org/thread.html/r5d3d10fdf28110da3f9ac1b7d08d7e252f98d7d37ce0a6bd139a2e4f%40%3Cissues.zookeeper.apache.org%3E

[Mailing List] https://lists.apache.org/thread.html/r67f4d4c48197454b83d62afbed8bebbda3764e6e3a6e26a848961764%40%3Ccommits.zookeeper.apache.org%3E

[Mailing List] https://lists.apache.org/thread.html/r707d23bb9ee245f50aa909add0da6e8d8f24719b1278ddd99d2428b2%40%3Cissues.zookeeper.apache.org%3E

... and 13 more

Scores

CVSS v3 9.8

EPSS 0.0200

EPSS Percentile 83.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-502

Status published

Affected Products (50)

netapp/snapcenter

fasterxml/jackson-databind < 2.7.9.7

oracle/banking_platform < 2.9.0

oracle/communications_billing_and_revenue_management

oracle/communications_cloud_native_core_network_slice_selection_function

oracle/communications_contacts_server

oracle/communications_evolved_communications_application_server

oracle/communications_instant_messaging_server

oracle/communications_network_charging_and_control < 12.0.3

oracle/communications_network_charging_and_control

oracle/customer_management_and_segmentation_foundation

oracle/enterprise_manager_base_platform

oracle/global_lifecycle_management_opatch < 11.2.0.3.23

... and 35 more

Timeline

Published Jan 03, 2020

Tracked Since Feb 18, 2026