Vulnerabilities > Oracle > Communications Unified Inventory Management

DATE CVE VULNERABILITY TITLE RISK
2021-03-23 CVE-2021-21347 XStream is a Java library to serialize objects to XML and back again.
network
low complexity
xstream-project debian fedoraproject oracle
critical
9.8
2021-03-23 CVE-2021-21346 XStream is a Java library to serialize objects to XML and back again.
network
low complexity
xstream-project debian fedoraproject oracle
critical
9.8
2021-03-23 CVE-2021-21345 OS Command Injection vulnerability in multiple products
XStream is a Java library to serialize objects to XML and back again.
network
low complexity
xstream-project debian fedoraproject oracle CWE-78
critical
9.9
2021-03-23 CVE-2021-21344 XStream is a Java library to serialize objects to XML and back again.
network
low complexity
xstream-project debian fedoraproject oracle
critical
9.8
2021-03-23 CVE-2021-21343 XStream is a Java library to serialize objects to XML and back again.
network
low complexity
xstream-project debian fedoraproject oracle
7.5
2021-03-23 CVE-2021-21342 XStream is a Java library to serialize objects to XML and back again.
network
low complexity
xstream-project debian fedoraproject oracle
critical
9.1
2021-03-23 CVE-2021-21341 XStream is a Java library to serialize objects to XML and back again.
network
low complexity
xstream-project debian fedoraproject oracle
7.5
2021-02-23 CVE-2021-22112 Spring Security 5.4.x prior to 5.4.4, 5.3.x prior to 5.3.8.RELEASE, 5.2.x prior to 5.2.9.RELEASE, and older unsupported versions can fail to save the SecurityContext if it is changed more than once in a single request.A malicious user cannot cause the bug to happen (it must be programmed in).
network
low complexity
vmware pivotal-software oracle
8.8
2021-01-07 CVE-2020-36183 Deserialization of Untrusted Data vulnerability in multiple products
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.
network
high complexity
fasterxml netapp debian oracle CWE-502
8.1
2021-01-07 CVE-2020-36182 Deserialization of Untrusted Data vulnerability in multiple products
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.
network
high complexity
fasterxml netapp debian oracle CWE-502
8.1