Vulnerabilities > Oracle > Communications Cloud Native Core Automated Test Suite

DATE CVE VULNERABILITY TITLE RISK
2022-04-01 CVE-2022-22963 Expression Language Injection vulnerability in multiple products
In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources.
network
low complexity
vmware oracle CWE-917
critical
9.8
2022-04-01 CVE-2022-22965 Code Injection vulnerability in multiple products
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding.
network
low complexity
vmware cisco oracle siemens veritas CWE-94
critical
9.8
2022-02-01 CVE-2021-43859 Resource Exhaustion vulnerability in multiple products
XStream is an open source java library to serialize objects to XML and back again.
7.5
2022-01-12 CVE-2022-20612 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
A cross-site request forgery (CSRF) vulnerability in Jenkins 2.329 and earlier, LTS 2.319.1 and earlier allows attackers to trigger build of job without parameters when no security realm is set.
network
low complexity
jenkins oracle CWE-352
4.3
2022-01-12 CVE-2022-20613 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
A cross-site request forgery (CSRF) vulnerability in Jenkins Mailer Plugin 391.ve4a_38c1b_cf4b_ and earlier allows attackers to use the DNS used by the Jenkins instance to resolve an attacker-specified hostname.
network
low complexity
jenkins oracle CWE-352
4.3
2022-01-12 CVE-2022-20614 Missing Authorization vulnerability in multiple products
A missing permission check in Jenkins Mailer Plugin 391.ve4a_38c1b_cf4b_ and earlier allows attackers with Overall/Read access to use the DNS used by the Jenkins instance to resolve an attacker-specified hostname.
network
low complexity
jenkins oracle CWE-862
4.3
2022-01-12 CVE-2022-20615 Cross-site Scripting vulnerability in multiple products
Jenkins Matrix Project Plugin 1.19 and earlier does not escape HTML metacharacters in node and label names, and label descriptions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Agent/Configure permission.
network
low complexity
jenkins oracle CWE-79
5.4
2021-08-23 CVE-2021-39140 Infinite Loop vulnerability in multiple products
XStream is a simple library to serialize objects to XML and back again.
6.3
2021-08-23 CVE-2021-39150 Deserialization of Untrusted Data vulnerability in multiple products
XStream is a simple library to serialize objects to XML and back again.
8.5
2021-08-23 CVE-2021-39152 Deserialization of Untrusted Data vulnerability in multiple products
XStream is a simple library to serialize objects to XML and back again.
8.5