Vulnerabilities > Oracle > Communications Cloud Native Core Security Edge Protection Proxy > 1.6.0

DATE CVE VULNERABILITY TITLE RISK
2021-05-27 CVE-2021-22118 Exposure of Resource to Wrong Sphere vulnerability in multiple products
In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by (re)creating the temporary storage directory, a locally authenticated malicious user can read or modify files that have been uploaded to the WebFlux application, or overwrite arbitrary files with multipart request data.
local
low complexity
vmware oracle netapp CWE-668
7.8
2021-03-01 CVE-2021-25329 The fix for CVE-2020-9484 was incomplete.
local
high complexity
apache debian oracle
7.0
2021-03-01 CVE-2021-25122 Information Exposure vulnerability in multiple products
When responding to new h2c connection requests, Apache Tomcat versions 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41 and 8.5.0 to 8.5.61 could duplicate request headers and a limited amount of request body from one request to another meaning user A and user B could both see the results of user A's request.
network
low complexity
apache debian oracle CWE-200
7.5
2019-11-08 CVE-2019-10219 A vulnerability was found in Hibernate-Validator.
network
low complexity
redhat netapp oracle
6.1