Vulnerabilities > Oracle > Communications Pricing Design Center > 12.0.0.5.0

DATE CVE VULNERABILITY TITLE RISK
2021-04-13 CVE-2021-29425 Path Traversal vulnerability in multiple products
In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus "limited" path traversal), if the calling code would use the result to construct a path value.
network
high complexity
apache debian oracle netapp CWE-22
4.8
2021-01-25 CVE-2021-21275 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
The MediaWiki "Report" extension has a Cross-Site Request Forgery (CSRF) vulnerability.
network
low complexity
report-project oracle CWE-352
4.3
2020-12-10 CVE-2020-8908 Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava API com.google.common.io.Files.createTempDir().
local
low complexity
google quarkus oracle netapp CWE-732
3.3