Vulnerabilities > Oracle > Communications Cloud Native Core Policy

DATE CVE VULNERABILITY TITLE RISK
2019-05-06 CVE-2019-3799 Path Traversal vulnerability in multiple products
Spring Cloud Config, versions 2.1.x prior to 2.1.2, versions 2.0.x prior to 2.0.4, and versions 1.4.x prior to 1.4.6, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module.
network
low complexity
vmware oracle CWE-22
6.5
2017-06-16 CVE-2017-9735 Information Exposure Through Discrepancy vulnerability in multiple products
Jetty through 9.4.x is prone to a timing channel in util/security/Password.java, which makes it easier for remote attackers to obtain access by observing elapsed times before rejection of incorrect passwords.
network
low complexity
eclipse debian oracle CWE-203
7.5