Is CVE-2020-25649 actively exploited?

CVE-2020-25649 has no public evidence of in-the-wild exploitation as of 2024-11-21.

What is the CVSS score for CVE-2020-25649?

CVE-2020-25649 has a CVSS score of 7.5 (HIGH severity). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N.

How do I patch CVE-2020-25649?

Patch guidance is available from fasterxml security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2020-25649.

Fix CVE-2020-25649 - HIGH fasterxml jackson-databind

Q: Which products are affected by CVE-2020-25649?

73 products: fasterxml jackson-databind, fasterxml jackson-databind, fasterxml jackson-databind, netapp oncommand api services, netapp oncommand workflow automation, and 68 more.

Description

A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.

CVSS Metrics

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Attack Vector: network
Complexity: low
Privileges: none
User Action: none
Scope: unchanged
Confidentiality: none
Integrity: high
Availability: none
Weaknesses: CWE-611 · XML External Entity (XXE)CWE-611 · XML External Entity (XXE)

Metadata

Primary Vendor: FASTERXML
Published: 12/3/2020
Last Modified: 11/21/2024
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

fasterxml : jackson-databindfasterxml : jackson-databindfasterxml : jackson-databindnetapp : oncommand_api_servicesnetapp : oncommand_workflow_automationnetapp : service_level_managerfedoraproject : fedoraquarkus : quarkusapache : iotdboracle : agile_plmoracle : agile_product_lifecycle_management_integration_packoracle : banking_apisoracle : banking_apisoracle : banking_apisoracle : banking_apisoracle : banking_apisoracle : banking_platformoracle : banking_platformoracle : banking_platformoracle : banking_platformoracle : banking_platformoracle : banking_platformoracle : banking_treasury_managementoracle : blockchain_platformoracle : coherenceoracle : coherenceoracle : commerce_platformoracle : commerce_platformoracle : communications_billing_and_revenue_managementoracle : communications_billing_and_revenue_managementoracle : communications_cloud_native_core_unified_data_repositoryoracle : communications_convergent_charging_controlleroracle : communications_evolved_communications_application_serveroracle : communications_instant_messaging_serveroracle : communications_interactive_session_recorderoracle : communications_interactive_session_recorderoracle : communications_network_charging_and_controloracle : communications_offline_mediation_controlleroracle : communications_pricing_design_centeroracle : communications_services_gatekeeperoracle : communications_unified_inventory_managementoracle : goldengate_application_adaptersoracle : health_sciences_empirica_signaloracle : health_sciences_empirica_signaloracle : insurance_policy_administrationoracle : insurance_policy_administrationoracle : insurance_rules_paletteoracle : insurance_rules_paletteoracle : jd_edwards_enterpriseone_orchestratororacle : jd_edwards_enterpriseone_toolsoracle : primavera_gatewayoracle : primavera_gatewayoracle : primavera_gatewayoracle : primavera_gatewayoracle : primavera_gatewayoracle : retail_service_backboneoracle : retail_service_backboneoracle : retail_service_backboneoracle : retail_xstore_point_of_serviceoracle : retail_xstore_point_of_serviceoracle : retail_xstore_point_of_serviceoracle : retail_xstore_point_of_serviceoracle : retail_xstore_point_of_serviceoracle : sd-wan_edgeoracle : utilities_frameworkoracle : utilities_frameworkoracle : utilities_frameworkoracle : utilities_frameworkoracle : utilities_frameworkoracle : webcenter_portaloracle : webcenter_portaloracle : communications_messaging_serveroracle : communications_messaging_server

Remediation Guidance

Executive Summary

View on NIST NVD