Vulnerabilities > Oracle > Communications Billing AND Revenue Management Elastic Charging Engine > 11.3
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-23 | CVE-2021-39149 | Unrestricted Upload of File with Dangerous Type vulnerability in multiple products XStream is a simple library to serialize objects to XML and back again. | 8.5 |
| 2021-08-23 | CVE-2021-39151 | Unrestricted Upload of File with Dangerous Type vulnerability in multiple products XStream is a simple library to serialize objects to XML and back again. | 8.5 |
| 2021-08-23 | CVE-2021-39153 | Unrestricted Upload of File with Dangerous Type vulnerability in multiple products XStream is a simple library to serialize objects to XML and back again. | 8.5 |
| 2021-08-23 | CVE-2021-39154 | Unrestricted Upload of File with Dangerous Type vulnerability in multiple products XStream is a simple library to serialize objects to XML and back again. | 8.5 |
| 2021-04-13 | CVE-2021-29425 | Path Traversal vulnerability in multiple products In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus "limited" path traversal), if the calling code would use the result to construct a path value. | 4.8 |
| 2020-01-17 | CVE-2020-5398 | Download of Code Without Integrity Check vulnerability in multiple products In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is vulnerable to a reflected file download (RFD) attack when it sets a "Content-Disposition" header in the response where the filename attribute is derived from user supplied input. | 7.5 |
| 2019-11-08 | CVE-2019-10219 | Cross-site Scripting vulnerability in multiple products A vulnerability was found in Hibernate-Validator. | 6.1 |