Vulnerabilities > Oracle > Communications Session Report Manager

DATE CVE VULNERABILITY TITLE RISK
2020-03-26 CVE-2020-10968 Deserialization of Untrusted Data vulnerability in multiple products
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).
network
low complexity
fasterxml debian netapp oracle CWE-502
8.8
2020-03-18 CVE-2020-10673 FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).
network
low complexity
fasterxml debian netapp oracle
8.8
2020-03-18 CVE-2020-10672 FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).
network
low complexity
fasterxml debian netapp oracle
8.8
2020-03-02 CVE-2020-9548 Deserialization of Untrusted Data vulnerability in multiple products
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).
network
low complexity
fasterxml netapp debian oracle CWE-502
critical
9.8
2020-03-02 CVE-2020-9546 Deserialization of Untrusted Data vulnerability in multiple products
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).
network
low complexity
fasterxml netapp debian oracle CWE-502
critical
9.8
2020-01-17 CVE-2020-5398 Download of Code Without Integrity Check vulnerability in multiple products
In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is vulnerable to a reflected file download (RFD) attack when it sets a "Content-Disposition" header in the response where the filename attribute is derived from user supplied input.
network
high complexity
vmware oracle netapp CWE-494
7.5
2020-01-16 CVE-2019-17573 Cross-site Scripting vulnerability in multiple products
By default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses.
network
low complexity
apache oracle CWE-79
6.1
2020-01-16 CVE-2019-12423 Insufficiently Protected Credentials vulnerability in multiple products
Apache CXF ships with a OpenId Connect JWK Keys service, which allows a client to obtain the public keys in JWK format, which can then be used to verify the signature of tokens issued by the service.
network
low complexity
apache oracle CWE-522
7.5
2019-09-26 CVE-2019-10097 NULL Pointer Dereference vulnerability in multiple products
In Apache HTTP Server 2.4.32-2.4.39, when mod_remoteip was configured to use a trusted intermediary proxy server using the "PROXY" protocol, a specially crafted PROXY header could trigger a stack buffer overflow or NULL pointer deference.
network
low complexity
apache oracle CWE-476
7.2
2019-08-30 CVE-2019-12402 Infinite Loop vulnerability in multiple products
The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get into an infinite loop when faced with specially crafted inputs.
network
low complexity
apache fedoraproject oracle CWE-835
7.5