14.5

DATE	CVE	VULNERABILITY TITLE	RISK
2022-04-01	CVE-2022-22963	Expression Language Injection vulnerability in multiple products In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources. network low complexity vmware oracle CWE-917 critical	9.8
2021-01-07	CVE-2020-36183	Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool. network high complexity fasterxml netapp debian oracle CWE-502	8.1
2021-01-07	CVE-2020-36182	Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS. network high complexity fasterxml netapp debian oracle CWE-502	8.1
2021-01-07	CVE-2020-36180	Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS. network high complexity netapp debian oracle fasterxml CWE-502	8.1
2021-01-07	CVE-2020-36179	Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS. network high complexity netapp debian oracle fasterxml CWE-502	8.1
2021-01-06	CVE-2020-36188	Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource. network high complexity fasterxml netapp debian oracle CWE-502	8.1
2021-01-06	CVE-2020-36187	Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource. network high complexity fasterxml netapp debian oracle CWE-502	8.1
2021-01-06	CVE-2020-36186	Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource. network high complexity fasterxml netapp debian oracle CWE-502	8.1
2021-01-06	CVE-2020-36185	Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource. network high complexity fasterxml netapp debian oracle CWE-502	8.1
2021-01-06	CVE-2020-36184	Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource. network high complexity netapp debian oracle fasterxml CWE-502	8.1