Vulnerabilities > Oracle > Communications Instant Messaging Server > High

DATE CVE VULNERABILITY TITLE RISK
2021-01-06 CVE-2020-36188 Deserialization of Untrusted Data vulnerability in multiple products
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource.
network
high complexity
fasterxml netapp debian oracle CWE-502
8.1
2021-01-06 CVE-2020-36187 Deserialization of Untrusted Data vulnerability in multiple products
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.
network
high complexity
fasterxml netapp debian oracle CWE-502
8.1
2021-01-06 CVE-2020-36186 Deserialization of Untrusted Data vulnerability in multiple products
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource.
network
high complexity
fasterxml netapp debian oracle CWE-502
8.1
2021-01-06 CVE-2020-36185 Deserialization of Untrusted Data vulnerability in multiple products
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource.
network
high complexity
fasterxml netapp debian oracle CWE-502
8.1
2021-01-06 CVE-2020-36184 Deserialization of Untrusted Data vulnerability in multiple products
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.
network
high complexity
netapp debian oracle fasterxml CWE-502
8.1
2021-01-06 CVE-2020-36181 Deserialization of Untrusted Data vulnerability in multiple products
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS.
network
high complexity
netapp debian oracle fasterxml CWE-502
8.1
2020-12-17 CVE-2020-35491 Deserialization of Untrusted Data vulnerability in multiple products
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.
network
high complexity
fasterxml netapp debian oracle CWE-502
8.1
2020-12-17 CVE-2020-35490 Deserialization of Untrusted Data vulnerability in multiple products
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.
network
high complexity
fasterxml netapp debian oracle CWE-502
8.1
2020-12-03 CVE-2020-17527 Information Exposure vulnerability in multiple products
While investigating bug 64830 it was discovered that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and 8.5.0 to 8.5.59 could re-use an HTTP request header value from the previous stream received on an HTTP/2 connection for the request associated with the subsequent stream.
network
low complexity
apache netapp debian oracle CWE-200
7.5
2020-12-03 CVE-2020-25649 XXE vulnerability in multiple products
A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly.
7.5