Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
SEVERITY: Medium
ANALYSIS SUMMARY
CVE-2018-12022
2019-01-17: At the time of this advisory, a description was not available.
CVE-2018-14721
FasterXML jackson-databind 2.x before 2.9.7 can let remote attackers launch server-side request forgery (SSRF) attacks due to failure to block the axis2-jaxws class from polymorphic de-serialization.
CVE-2018-11307
2019-01-17: At the time of this advisory, a description was not available.
CVE-2018-12023
2019-01-17: At the time of this advisory, a description was not available.
CVE-2018-14718
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization.
CVE-2018-14719
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the blaze-ds-opt and blaze-ds-core classes from polymorphic deserialization.
CVE-2018-14720
FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity (XXE) attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization.
AFFECTED PRODUCTS
Oracle Enterprise Manager 13.x
IMPACT
Security Bypass
REMEDIATION
Apply update.