Oracle

Communications Unified Inventory Management

72 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.1

CVE-2020-35491

Exploit
  • EPSS 8.06%
  • Published 17.12.2020 19:15:14
  • Last modified 21.11.2024 05:27:24

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.

8.1

CVE-2020-35490

Exploit
  • EPSS 5.58%
  • Published 17.12.2020 19:15:14
  • Last modified 21.11.2024 05:27:24

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.

7.5

CVE-2020-25649

  • EPSS 0.01%
  • Published 03.12.2020 17:15:12
  • Last modified 21.11.2024 05:18:20

A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.

7.5

CVE-2020-11979

  • EPSS 0.61%
  • Published 01.10.2020 20:15:13
  • Last modified 21.11.2024 04:59:02

As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without ...

6.5

CVE-2020-5421

  • EPSS 63.83%
  • Published 19.09.2020 04:15:11
  • Last modified 21.11.2024 05:34:08

In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jses...

8.1

CVE-2020-24750

  • EPSS 2.11%
  • Published 17.09.2020 19:15:13
  • Last modified 21.11.2024 05:16:00

FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.

8.1

CVE-2020-24616

  • EPSS 3.78%
  • Published 25.08.2020 18:15:11
  • Last modified 21.11.2024 05:15:09

FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).

9.8

CVE-2020-10683

  • EPSS 1.96%
  • Published 01.05.2020 19:15:12
  • Last modified 21.11.2024 04:55:50

dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any a...

4.3

CVE-2020-9488

  • EPSS 0.01%
  • Published 27.04.2020 16:15:12
  • Last modified 21.11.2024 05:40:45

Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. Fixed in Apache Lo...

6.1

CVE-2019-10219

  • EPSS 1.67%
  • Published 08.11.2019 15:15:11
  • Last modified 07.07.2025 14:15:21

A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.