/

CVE-2019-17267 Report - Details, Severity, & Advisorie...

CVE-2019-17267 Report - Details, Severity, & Advisories

Twingate Team

Jun 28, 2024

What is CVE-2019-17267?

CVE-2019-17267 is a vulnerability affecting FasterXML jackson-databind versions before 2.9.10, which is related to a Polymorphic Typing issue. The severity of this vulnerability is considered moderate, and it impacts various software configurations and platforms, including those running on Debian Linux, Red Hat JBoss Enterprise Application Platform, Oracle Customer Management and Segmentation Foundation, and NetApp Active IQ Unified Manager.

Who is impacted by CVE-2019-17267?

The CVE-2019-17267 vulnerability affects users of FasterXML jackson-databind software versions from 2.0.0 up to 2.8.11.5 and from 2.9.0 up to 2.9.10. Additionally, users of Red Hat AMQ Streams 1.3.0 and 1.2.0 are also impacted. This issue, known as a Polymorphic Typing issue, can cause security concerns for those using the affected software versions.

What to do if CVE-2019-17267 affected you

If you're affected by the CVE-2019-17267 vulnerability, it's important to take action to secure your system. Follow these steps:

  1. Backup your existing installation, including applications, configuration files, databases, and settings.

  2. Update your FasterXML jackson-databind software to version 2.9.10 or later.

  3. If using Red Hat AMQ Streams, apply the update to version 1.3.0 as described in the Red Hat Security Advisory.

  4. Regularly check for security updates and apply them as needed.

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

CVE-2019-17267 is not listed in CISA's Known Exploited Vulnerabilities Catalog. The vulnerability, published on October 6, 2019, affects FasterXML jackson-databind software. No specific due date or required action is mentioned, but updating the software and following security advisories can help address the issue.

Weakness Enumeration

The weakness enumeration for this vulnerability is categorized as CWE-502, which involves deserialization of untrusted data.

Learn More

CVE-2019-17267 is a moderate-severity vulnerability that affects various software configurations and platforms. To better understand its description, severity, technical details, and known affected software configurations, visit the National Vulnerability Database page or refer to the sources below.

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

/

CVE-2019-17267 Report - Details, Severity, & Advisorie...

CVE-2019-17267 Report - Details, Severity, & Advisories

Twingate Team

Jun 28, 2024

What is CVE-2019-17267?

CVE-2019-17267 is a vulnerability affecting FasterXML jackson-databind versions before 2.9.10, which is related to a Polymorphic Typing issue. The severity of this vulnerability is considered moderate, and it impacts various software configurations and platforms, including those running on Debian Linux, Red Hat JBoss Enterprise Application Platform, Oracle Customer Management and Segmentation Foundation, and NetApp Active IQ Unified Manager.

Who is impacted by CVE-2019-17267?

The CVE-2019-17267 vulnerability affects users of FasterXML jackson-databind software versions from 2.0.0 up to 2.8.11.5 and from 2.9.0 up to 2.9.10. Additionally, users of Red Hat AMQ Streams 1.3.0 and 1.2.0 are also impacted. This issue, known as a Polymorphic Typing issue, can cause security concerns for those using the affected software versions.

What to do if CVE-2019-17267 affected you

If you're affected by the CVE-2019-17267 vulnerability, it's important to take action to secure your system. Follow these steps:

  1. Backup your existing installation, including applications, configuration files, databases, and settings.

  2. Update your FasterXML jackson-databind software to version 2.9.10 or later.

  3. If using Red Hat AMQ Streams, apply the update to version 1.3.0 as described in the Red Hat Security Advisory.

  4. Regularly check for security updates and apply them as needed.

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

CVE-2019-17267 is not listed in CISA's Known Exploited Vulnerabilities Catalog. The vulnerability, published on October 6, 2019, affects FasterXML jackson-databind software. No specific due date or required action is mentioned, but updating the software and following security advisories can help address the issue.

Weakness Enumeration

The weakness enumeration for this vulnerability is categorized as CWE-502, which involves deserialization of untrusted data.

Learn More

CVE-2019-17267 is a moderate-severity vulnerability that affects various software configurations and platforms. To better understand its description, severity, technical details, and known affected software configurations, visit the National Vulnerability Database page or refer to the sources below.

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

CVE-2019-17267 Report - Details, Severity, & Advisories

Twingate Team

Jun 28, 2024

What is CVE-2019-17267?

CVE-2019-17267 is a vulnerability affecting FasterXML jackson-databind versions before 2.9.10, which is related to a Polymorphic Typing issue. The severity of this vulnerability is considered moderate, and it impacts various software configurations and platforms, including those running on Debian Linux, Red Hat JBoss Enterprise Application Platform, Oracle Customer Management and Segmentation Foundation, and NetApp Active IQ Unified Manager.

Who is impacted by CVE-2019-17267?

The CVE-2019-17267 vulnerability affects users of FasterXML jackson-databind software versions from 2.0.0 up to 2.8.11.5 and from 2.9.0 up to 2.9.10. Additionally, users of Red Hat AMQ Streams 1.3.0 and 1.2.0 are also impacted. This issue, known as a Polymorphic Typing issue, can cause security concerns for those using the affected software versions.

What to do if CVE-2019-17267 affected you

If you're affected by the CVE-2019-17267 vulnerability, it's important to take action to secure your system. Follow these steps:

  1. Backup your existing installation, including applications, configuration files, databases, and settings.

  2. Update your FasterXML jackson-databind software to version 2.9.10 or later.

  3. If using Red Hat AMQ Streams, apply the update to version 1.3.0 as described in the Red Hat Security Advisory.

  4. Regularly check for security updates and apply them as needed.

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

CVE-2019-17267 is not listed in CISA's Known Exploited Vulnerabilities Catalog. The vulnerability, published on October 6, 2019, affects FasterXML jackson-databind software. No specific due date or required action is mentioned, but updating the software and following security advisories can help address the issue.

Weakness Enumeration

The weakness enumeration for this vulnerability is categorized as CWE-502, which involves deserialization of untrusted data.

Learn More

CVE-2019-17267 is a moderate-severity vulnerability that affects various software configurations and platforms. To better understand its description, severity, technical details, and known affected software configurations, visit the National Vulnerability Database page or refer to the sources below.