Vulnerabilities > Oracle > Communications Billing AND Revenue Management Elastic Charging Engine > High

DATE CVE VULNERABILITY TITLE RISK
2021-08-23 CVE-2021-39151 XStream is a simple library to serialize objects to XML and back again. 8.5
2021-08-23 CVE-2021-39153 XStream is a simple library to serialize objects to XML and back again. 8.5
2021-08-23 CVE-2021-39154 XStream is a simple library to serialize objects to XML and back again. 8.5
2021-03-23 CVE-2021-21349 XStream is a Java library to serialize objects to XML and back again.
network
low complexity
xstream-project debian fedoraproject oracle
8.6
2021-03-23 CVE-2021-21348 Resource Exhaustion vulnerability in multiple products
XStream is a Java library to serialize objects to XML and back again.
7.5
2021-03-23 CVE-2021-21343 XStream is a Java library to serialize objects to XML and back again.
network
low complexity
xstream-project debian fedoraproject oracle
7.5
2021-03-23 CVE-2021-21341 XStream is a Java library to serialize objects to XML and back again.
network
low complexity
xstream-project debian fedoraproject oracle
7.5
2020-01-17 CVE-2020-5398 Download of Code Without Integrity Check vulnerability in multiple products
In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is vulnerable to a reflected file download (RFD) attack when it sets a "Content-Disposition" header in the response where the filename attribute is derived from user supplied input.
network
high complexity
vmware oracle netapp CWE-494
7.5
2019-08-20 CVE-2019-10086 Deserialization of Untrusted Data vulnerability in multiple products
In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects.
7.3