Vulnerabilities > Oracle > Communications Session Report Manager > High

DATE CVE VULNERABILITY TITLE RISK
2020-03-31 CVE-2020-11111 Deserialization of Untrusted Data vulnerability in multiple products
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).
network
low complexity
fasterxml debian netapp oracle CWE-502
8.8
2020-03-26 CVE-2020-10969 Deserialization of Untrusted Data vulnerability in multiple products
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.
network
low complexity
fasterxml debian netapp oracle CWE-502
8.8
2020-03-26 CVE-2020-10968 Deserialization of Untrusted Data vulnerability in multiple products
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).
network
low complexity
fasterxml debian netapp oracle CWE-502
8.8
2020-03-18 CVE-2020-10673 FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).
network
low complexity
fasterxml debian netapp oracle
8.8
2020-03-18 CVE-2020-10672 FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).
network
low complexity
fasterxml debian netapp oracle
8.8
2020-01-17 CVE-2020-5398 Download of Code Without Integrity Check vulnerability in multiple products
In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is vulnerable to a reflected file download (RFD) attack when it sets a "Content-Disposition" header in the response where the filename attribute is derived from user supplied input.
network
high complexity
vmware oracle netapp CWE-494
7.5
2020-01-16 CVE-2019-12423 Insufficiently Protected Credentials vulnerability in multiple products
Apache CXF ships with a OpenId Connect JWK Keys service, which allows a client to obtain the public keys in JWK format, which can then be used to verify the signature of tokens issued by the service.
network
low complexity
apache oracle CWE-522
7.5
2019-09-26 CVE-2019-10097 NULL Pointer Dereference vulnerability in multiple products
In Apache HTTP Server 2.4.32-2.4.39, when mod_remoteip was configured to use a trusted intermediary proxy server using the "PROXY" protocol, a specially crafted PROXY header could trigger a stack buffer overflow or NULL pointer deference.
network
low complexity
apache oracle CWE-476
7.2
2019-08-30 CVE-2019-12402 Infinite Loop vulnerability in multiple products
The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get into an infinite loop when faced with specially crafted inputs.
network
low complexity
apache fedoraproject oracle CWE-835
7.5
2019-05-01 CVE-2019-0227 Server-Side Request Forgery (SSRF) vulnerability in multiple products
A Server Side Request Forgery (SSRF) vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006.
high complexity
apache oracle CWE-918
7.5