Vulnerabilities > Oracle > Communications Billing AND Revenue Management Elastic Charging Engine
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-23 | CVE-2021-21346 | XStream is a Java library to serialize objects to XML and back again. | 9.8 |
| 2021-03-23 | CVE-2021-21345 | OS Command Injection vulnerability in multiple products XStream is a Java library to serialize objects to XML and back again. | 9.9 |
| 2021-03-23 | CVE-2021-21344 | XStream is a Java library to serialize objects to XML and back again. | 9.8 |
| 2021-03-23 | CVE-2021-21343 | XStream is a Java library to serialize objects to XML and back again. | 7.5 |
| 2021-03-23 | CVE-2021-21341 | XStream is a Java library to serialize objects to XML and back again. | 7.5 |
| 2020-01-17 | CVE-2020-5398 | Download of Code Without Integrity Check vulnerability in multiple products In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is vulnerable to a reflected file download (RFD) attack when it sets a "Content-Disposition" header in the response where the filename attribute is derived from user supplied input. | 7.5 |
| 2019-11-08 | CVE-2019-10219 | A vulnerability was found in Hibernate-Validator. | 6.1 |
| 2019-08-20 | CVE-2019-10086 | Deserialization of Untrusted Data vulnerability in multiple products In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. | 7.3 |
| 2019-07-23 | CVE-2019-10173 | It was found that xstream API version 1.4.10 before 1.4.11 introduced a regression for a previous deserialization flaw. | 9.8 |