jackson-databind-2.8.11.3.jar|CVE-2018-14720
Created by: armorcodegithubpreprod[bot]
FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity (XXE) attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization. Vulnerable Software: cpe:2.3:a:fasterxml:jackson-databind:::::::: cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.2:::::::* cpe:2.3:a:oracle:primavera_unifier:::::::: cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.5:::::::* cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:::::::* cpe:2.3:a:oracle:enterprise_manager_for_virtualization:13.2.2:::::::* cpe:2.3:a:oracle:banking_platform:2.5.0:::::::* cpe:2.3:a:oracle:retail_merchandising_system:15.0:::::::* cpe:2.3:a:oracle:banking_platform:2.6.0:::::::* cpe:2.3:a:oracle:retail_merchandising_system:16.0:::::::* cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5:::::::* cpe:2.3:a:oracle:jdeveloper:12.1.3.0.0:::::::* cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0:::::::* cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.4:::::::* cpe:2.3:a:oracle:banking_platform:2.6.1:::::::* cpe:2.3:a:oracle:enterprise_manager_for_virtualization:13.3.1:::::::* cpe:2.3:a:oracle:primavera_unifier:18.8:::::::* cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.3:::::::* cpe:2.3:a:oracle:primavera_unifier:16.1:::::::* cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6:::::::* cpe:2.3:a:oracle:enterprise_manager_for_virtualization:13.2.3:::::::* cpe:2.3:a:oracle:banking_platform:2.6.2:::::::* cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:::::::* cpe:2.3:a:oracle:primavera_unifier:16.2:::::::* cpe:2.3:a:oracle:retail_workforce_management_software:1.60.9.0.0:::::::* cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.7:::::::*
File Path: \Profiles\ptrovatelli.m2\repository\com\fasterxml\jackson\core\jackson-databind\2.8.11.3\jackson-databind-2.8.11.3.jar