The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.


Synthesis of the vulnerability 


An attacker can bypass restrictions via XaPooledConnectionFactory of FasterXML jackson-databind, in order to escalate his privileges.
Vulnerable software: Debian.
Severity of this announce: 2/4.
Creation date: 23/03/2020.
Références of this computer vulnerability: CVE-2020-10672, DLA-2153-1, VIGILANCE-VUL-31849.

Description of the vulnerability 


An attacker can bypass restrictions via XaPooledConnectionFactory of FasterXML jackson-databind, in order to escalate his privileges.
Full bulletin, software filtering, emails, fixes, … (Request your free trial)

This cybersecurity bulletin impacts software or systems such as Debian.

Our Vigil@nce team determined that the severity of this cybersecurity weakness is medium.

The trust level is of type confirmed by the editor, with an origin of document.

An attacker with a expert ability can exploit this computer vulnerability bulletin.

Solutions for this threat 


Debian 8: new jackson-databind packages.
New packages are available:
  Debian 8: jackson-databind 2.4.2-2+deb8u13
Full bulletin, software filtering, emails, fixes, … (Request your free trial)

Computer vulnerabilities tracking service 


Vigil@nce provides a software vulnerabilities database. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system.





Source link

Write a comment:
*

Your email address will not be published.