Vulnerabilities > Oracle > Communications Billing AND Revenue Management Elastic Charging Engine > 12.0.0.3.0

DATE	CVE	VULNERABILITY TITLE	RISK
2021-03-23	CVE-2021-21341	Deserialization of Untrusted Data vulnerability in multiple products XStream is a Java library to serialize objects to XML and back again. network low complexity xstream-project debian fedoraproject oracle CWE-502	7.5
2019-07-23	CVE-2019-10173	Code Injection vulnerability in multiple products It was found that xstream API version 1.4.10 before 1.4.11 introduced a regression for a previous deserialization flaw. network low complexity xstream-project oracle CWE-94 critical	9.8

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.