The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

computer vulnerability announce CVE-2018-14721

jackson-databind: information disclosure via axis2-jaxws SSRF

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via axis2-jaxws SSRF of jackson-databind, in order to obtain sensitive information.
Impacted systems: Debian, Fedora, Oracle Communications, Oracle Fusion Middleware, Tuxedo, WebLogic, RHEL, JBoss EAP by Red Hat, Red Hat SSO.
Severity of this alert: 2/4.
Consequences of an intrusion: data reading.
Pirate's origin: document.
Creation date: 19/02/2019.
Références of this alert: cpuapr2019, cpujan2019, CVE-2018-14721, DLA-1703-1, DSA-4452-1, FEDORA-2019-df57551f6d, RHSA-2019:0782-01, RHSA-2019:1106-01, RHSA-2019:1107-01, RHSA-2019:1108-01, RHSA-2019:1140-01, VIGILANCE-VUL-28547.

Description of the vulnerability

An attacker can bypass access restrictions to data via axis2-jaxws SSRF of jackson-databind, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

Computer vulnerabilities tracking service

Vigil@nce provides an application vulnerability announce. Each administrator can customize the list of products for which he wants to receive vulnerability alerts. The technology watch team tracks security threats targeting the computer system. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications.