Vulnerabilities > Oracle > Communications Diameter Intelligence HUB > 8.2.3

DATE	CVE	VULNERABILITY TITLE	RISK
2021-04-02	CVE-2021-22696	Server-Side Request Forgery (SSRF) vulnerability in multiple products CXF supports (via JwtRequestCodeFilter) passing OAuth 2 parameters via a JWT token as opposed to query parameters (see: The OAuth 2.0 Authorization Framework: JWT Secured Authorization Request (JAR)). network low complexity apache oracle CWE-918	7.5
2020-12-11	CVE-2020-17530	Expression Language Injection vulnerability in multiple products Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. network low complexity apache oracle CWE-917	7.5
2020-12-08	CVE-2020-1971	NULL Pointer Dereference vulnerability in multiple products The X.509 GeneralName type is a generic type for representing different types of names. network high complexity openssl debian fedoraproject oracle netapp tenable siemens nodejs CWE-476	5.9
2020-05-14	CVE-2020-11971	Apache Camel's JMX is vulnerable to Rebind Flaw. network low complexity apache oracle	7.5

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.