CVE-2020-35728

high

Published 2020-12-27 · Modified 2024-02-18

CVSS v3

8.1

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2

6.8

VIR risk

8.1

Description

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).

Predictions

Exploit likelihood

88%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2020-35728

vendor Authored 2026-05-27

Vendor advisory: suse — https://www.suse.com/security/cve/CVE-2020-35728.html

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://www.oracle.com/security-alerts/cpuoct2021.html

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://www.oracle.com/security-alerts/cpujan2022.html

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://www.oracle.com/security-alerts/cpuapr2022.html

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://www.oracle.com//security-alerts/cpujul2021.html

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://github.com/FasterXML/jackson-databind/issues/2999

OS impact

OS	Version	Status	Fixed in
sles		affected
debian	bookworm	fixed	`2.12.1-1`
debian	bullseye	fixed	`2.12.1-1`
debian	forky	fixed	`2.12.1-1`
debian	sid	fixed	`2.12.1-1`
debian	trixie	fixed	`2.12.1-1`
debian	9.0	affected

Package impact

Ecosystem	Package	Vulnerable	Fixed
Maven	com.fasterxml.jackson.core:jackson-databind	`>=2.0.0,<2.9.10.8`	`2.9.10.8`

Application impact

Vendor	Product	Versions	Fixed
fasterxml	jackson-databind	`{"startIncluding":"2.0.0","endExcluding":"2.6.7.5"}`	`2.6.7.5`
netapp	service_level_manager	`-`
oracle	agile_plm	`9.3.6`
oracle	application_testing_suite	`13.3.0.1`
oracle	autovue	`21.0.2`
oracle	banking_corporate_lending_process_management	`14.2`
oracle	banking_corporate_lending_process_management	`14.3`
oracle	banking_corporate_lending_process_management	`14.5`
oracle	banking_credit_facilities_process_management	`14.2`
oracle	banking_credit_facilities_process_management	`14.3`
oracle	banking_credit_facilities_process_management	`14.5`
oracle	banking_extensibility_workbench	`14.2`
oracle	banking_extensibility_workbench	`14.3`
oracle	banking_extensibility_workbench	`14.5`
oracle	banking_supply_chain_finance	`14.2`
oracle	banking_supply_chain_finance	`14.3`
oracle	banking_supply_chain_finance	`14.5`
oracle	banking_treasury_management	`14.4`
oracle	banking_virtual_account_management	`14.2.0`
oracle	banking_virtual_account_management	`14.3.0`
oracle	banking_virtual_account_management	`14.5.0`
oracle	blockchain_platform	`{"endIncluding":"21.1.2"}`
oracle	commerce_platform	`{"startIncluding":"11.3.0","endIncluding":"11.3.2"}`
oracle	commerce_platform	`11.2.0`
oracle	communications_billing_and_revenue_management	`7.5.0.23.0`
oracle	communications_billing_and_revenue_management	`12.0.0.3.0`
oracle	communications_cloud_native_core_policy	`1.14.0`
oracle	communications_cloud_native_core_unified_data_repository	`1.4.0`
oracle	communications_convergent_charging_controller	`12.0.4.0.0`
oracle	communications_diameter_signaling_route	`{"startIncluding":"8.0.0.0","endIncluding":"8.5.0.0"}`
oracle	communications_element_manager	`{"startIncluding":"8.2.0.0","endIncluding":"8.2.4.0"}`
oracle	communications_evolved_communications_application_server	`7.1`
oracle	communications_network_charging_and_control	`12.0.4.0.0`
oracle	communications_policy_management	`12.5.0`
oracle	communications_services_gatekeeper	`7.0`
oracle	communications_session_report_manager	`{"startIncluding":"8.0.0.0","endIncluding":"8.2.2.1"}`
oracle	communications_session_route_manager	`{"startIncluding":"8.2.0.0","endIncluding":"8.2.2.1"}`
oracle	communications_unified_inventory_management	`7.4.1`
oracle	data_integrator	`12.2.1.4.0`
oracle	goldengate_application_adapters	`19.1.0.0.0`
oracle	insurance_policy_administration	`{"startIncluding":"11.1.0","endIncluding":"11.3.0"}`
oracle	insurance_policy_administration	`11.0.2`
oracle	insurance_rules_palette	`{"startIncluding":"11.1.0","endIncluding":"11.3.0"}`
oracle	insurance_rules_palette	`11.0.2`
oracle	jd_edwards_enterpriseone_orchestrator	`{"endExcluding":"9.2.5.3"}`	`9.2.5.3`
oracle	jd_edwards_enterpriseone_tools	`{"endExcluding":"9.2.5.3"}`	`9.2.5.3`
oracle	primavera_gateway	`{"startIncluding":"17.12.0","endIncluding":"17.12.11"}`
oracle	primavera_gateway	`20.12.0`
oracle	primavera_unifier	`{"startIncluding":"17.7","endIncluding":"17.12"}`
oracle	primavera_unifier	`20.12`
oracle	retail_customer_management_and_segmentation_foundation	`{"startIncluding":"16.0","endIncluding":"19.0"}`
oracle	retail_merchandising_system	`15.0.3`
oracle	retail_service_backbone	`14.1.3.2`
oracle	retail_service_backbone	`15.0.3.1`
oracle	retail_service_backbone	`16.0.3.0`
oracle	retail_xstore_point_of_service	`16.0.6`
oracle	retail_xstore_point_of_service	`17.0.4`
oracle	retail_xstore_point_of_service	`18.0.3`
oracle	retail_xstore_point_of_service	`19.0.2`
oracle	webcenter_portal	`12.2.1.3.0`
oracle	webcenter_portal	`12.2.1.4.0`

References

CWEs

CWE-502

Verify integrity in audit chain (admin only). AS-IS.