LoginH3C Security Vulnerability-Faster XML Vulnerability - CVE-2017-7489
04-02-2021
【Summary】
FasterXML jackson-databind through 2.8.10 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 and CVE-2017-17485 deserialization flaw.
【Impact】
An attacker could bypass the blacklist by sending a maliciously crafted JSON input to the readValue method of ObjectMapper to gain unauthenticated remote code execution permissions.
【Software Versions and Fixes】
Product Name | Affected Version | Resolved Product and Version |
iMC | All | Upgrade to iMC PLAT 7.3-E0605P04 |
VDI | All | TBR before Sep 30, 2018 |
H3CloudOS | All | TBC |
H3CloudCMP | All | TBC |
VCFC | All | TBC |
【Temporary Fix】
None
【Revision History】
2018-08-30 V1.0 INITIAL
H3C advocates that every effort be made to safeguard the ultimate interests of product users, to abide by principles of responsible disclosure of security incidents, and to handle product security issues in accordance with security issues mechanisms. For information on H3C's security emergency response service and H3C product vulnerabilities, please visithttps://www.h3c.com/en/Support/Online_Help/psirt/.
