What is CVE-2019-14439?

CVE-2019-14439 is a high-severity vulnerability in Apache Drill, classified under Deserialization of Untrusted Data. CVSS score: 7.5/10. Published 2019-07-30.

How severe is CVE-2019-14439?

High severity. CVSS v3 base score is 7.5 out of 10.

Is CVE-2019-14439 known to be exploited?

15 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Deserialization in Apache Drill

CVE-2019-14439

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2. This occurs when Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has…

Vulnerability class: Insecure Deserialization

EPSS: 0.108 (95.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N.

Affected products

Apache Drill — versions 1.16.0
Fasterxml Jackson-databind
Oracle Banking_platform — versions 2.4.0, 2.4.1, 2.5.0
Oracle Communications_diameter_signaling_router — versions 8.0.0, 8.1, 8.2
Oracle Communications_instant_messaging_server — versions 10.0.1.3.0
Oracle Financial_services_analytical_applications_infrastructure
Oracle Global_lifecycle_management_opatch — versions 11.2.0.3.23, 13.9.4.2.1
Oracle Goldengate_stream_analytics
Oracle Jd_edwards_enterpriseone_orchestrator — versions 9.2
Oracle Jd_edwards_enterpriseone_tools — versions 9.2

Weakness classification (CWE)

CWE-502 — Deserialization of Untrusted Data

Public proof-of-concept exploits

References

cve@mitre.org (mailing-list, x_refsource_MLIST, Third Party Advisory)
cve@mitre.org (mailing-list, x_refsource_MLIST)
cve@mitre.org (mailing-list, x_refsource_MLIST)
cve@mitre.org (mailing-list, x_refsource_MLIST)
cve@mitre.org (mailing-list, x_refsource_MLIST)
cve@mitre.org (mailing-list, x_refsource_MLIST)
cve@mitre.org (mailing-list, x_refsource_MLIST)
cve@mitre.org (mailing-list, x_refsource_MLIST)
cve@mitre.org (mailing-list, x_refsource_MLIST)
cve@mitre.org (mailing-list, x_refsource_MLIST)

Frequently asked questions

What is CVE-2019-14439?: CVE-2019-14439 is a high-severity vulnerability in Apache Drill, classified under Deserialization of Untrusted Data. CVSS score: 7.5/10. Published 2019-07-30.
How severe is CVE-2019-14439?: High severity. CVSS v3 base score is 7.5 out of 10.
Is CVE-2019-14439 known to be exploited?: 15 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.