Vulnerabilities > Oracle > Communications Messaging Server

DATE CVE VULNERABILITY TITLE RISK
2022-01-18 CVE-2022-23302 Deserialization of Untrusted Data vulnerability in multiple products
JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the configuration references an LDAP service the attacker has access to.
network
low complexity
apache netapp broadcom qos oracle CWE-502
8.8
8.8
2022-01-18 CVE-2022-23305 SQL Injection vulnerability in multiple products
By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout.
network
low complexity
apache netapp broadcom qos oracle CWE-89
critical
 9.8
9.8
2022-01-18 CVE-2022-23307 Deserialization of Untrusted Data vulnerability in multiple products
CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw.
network
low complexity
apache qos oracle CWE-502
8.8
8.8
2021-12-18 CVE-2021-45105 Uncontrolled Recursion vulnerability in multiple products
Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups.
network
high complexity
apache netapp debian sonicwall oracle CWE-674
5.9
5.9
2021-12-14 CVE-2021-4104 Deserialization of Untrusted Data vulnerability in multiple products
JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration.
network
high complexity
apache fedoraproject redhat oracle CWE-502
7.5
7.5
2021-09-19 CVE-2021-40690 Information Exposure vulnerability in multiple products
All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element.
network
low complexity
apache debian oracle CWE-200
7.5
7.5
2021-08-18 CVE-2021-37714 Infinite Loop vulnerability in multiple products
jsoup is a Java library for working with HTML.
network
low complexity
jsoup quarkus oracle netapp CWE-835
7.5
7.5
2021-07-13 CVE-2021-35515 Infinite Loop vulnerability in multiple products
When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop.
network
low complexity
apache netapp oracle CWE-835
7.5
7.5
2021-07-13 CVE-2021-35516 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
When reading a specially crafted 7Z archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs.
network
low complexity
apache netapp oracle CWE-770
7.5
7.5
2021-07-13 CVE-2021-35517 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
When reading a specially crafted TAR archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs.
network
low complexity
apache netapp oracle CWE-770
7.5
7.5