Vulnerabilities > Oracle > Communications BRM Elastic Charging Engine

DATE CVE VULNERABILITY TITLE RISK
2020-12-07 CVE-2020-17521 Apache Groovy provides extension methods to aid with creating temporary directories.
local
low complexity
apache netapp oracle
5.5
5.5
2020-04-07 CVE-2020-11612 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
The ZlibDecoders in Netty 4.1.x before 4.1.46 allow for unbounded memory allocation while decoding a ZlibEncoded byte stream.
network
low complexity
netty debian fedoraproject netapp oracle CWE-770
7.5
7.5
2020-01-17 CVE-2020-5397 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring MVC (spring-webmvc module) or Spring WebFlux (spring-webflux module) endpoints.
network
low complexity
vmware oracle CWE-352
5.3
5.3
2018-10-18 CVE-2018-15756 Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annotated controller returns an org.springframework.core.io.Resource.
network
low complexity
vmware oracle debian
7.5
7.5