Vulnerabilities > Oracle > Hospitality Cruise Shipboard Property Management System > 20.1.0

DATE CVE VULNERABILITY TITLE RISK
2021-10-14 CVE-2021-42340 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, 10.0.0-M1 to 10.0.11, 9.0.40 to 9.0.53 and 8.5.60 to 8.5.71 introduced a memory leak.
network
low complexity
apache netapp debian oracle CWE-772
7.5
2021-07-12 CVE-2021-30640 Improper Encoding or Escaping of Output vulnerability in multiple products
A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protection provided by the LockOut Realm.
network
high complexity
apache oracle debian CWE-116
6.5
2021-07-12 CVE-2021-33037 HTTP Request Smuggling vulnerability in multiple products
Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy.
network
low complexity
apache debian oracle mcafee CWE-444
5.3
2021-02-23 CVE-2021-22112 Spring Security 5.4.x prior to 5.4.4, 5.3.x prior to 5.3.8.RELEASE, 5.2.x prior to 5.2.9.RELEASE, and older unsupported versions can fail to save the SecurityContext if it is changed more than once in a single request.A malicious user cannot cause the bug to happen (it must be programmed in).
network
low complexity
vmware pivotal-software oracle
8.8
2019-11-08 CVE-2019-10219 A vulnerability was found in Hibernate-Validator.
network
low complexity
redhat netapp oracle
6.1