Vulnerabilities > Oracle > Communications Unified Inventory Management > Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2018-06-25	CVE-2018-11039	Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applications to change the HTTP request method to any HTTP method (including TRACE) using the HiddenHttpMethodFilter in Spring MVC. network high complexity vmware oracle debian	5.9
2018-05-11	CVE-2018-1257	Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. network low complexity vmware redhat oracle	6.5
2018-01-18	CVE-2018-2571	Unspecified vulnerability in Oracle Communications Unified Inventory Management 7.2.4.2/7.3 Vulnerability in the Oracle Communications Unified Inventory Management component of Oracle Communications Applications (subcomponent: Portal). network low complexity oracle	5.4
2018-01-18	CVE-2018-2570	Unspecified vulnerability in Oracle Communications Unified Inventory Management 7.2.4.2/7.3 Vulnerability in the Oracle Communications Unified Inventory Management component of Oracle Communications Applications (subcomponent: Portal). network low complexity oracle	6.3

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.