Oracle

Communications Unified Inventory Management

72 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2019-17091

Exploit
  • EPSS 8.42%
  • Published 02.10.2019 14:15:12
  • Last modified 21.11.2024 04:31:40

faces/context/PartialViewContextImpl.java in Eclipse Mojarra, as used in Mojarra for Eclipse EE4J before 2.3.10 and Mojarra JavaServer Faces before 2.2.20, allows Reflected XSS because a client window field is mishandled.

6.5

CVE-2019-3738

  • EPSS 0.97%
  • Published 18.09.2019 23:15:11
  • Last modified 21.11.2024 04:42:26

RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to a Missing Required Cryptographic Step vulnerability. A malicious remote attacker could potentially exploit this vulnerability to coerce two parties into computing the same predictable share...

6.5

CVE-2019-3740

  • EPSS 1.24%
  • Published 18.09.2019 23:15:11
  • Last modified 21.11.2024 04:42:26

RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an Information Exposure Through Timing Discrepancy vulnerabilities during DSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover DSA keys...

7.5

CVE-2019-10086

  • EPSS 0.26%
  • Published 20.08.2019 21:15:12
  • Last modified 21.11.2024 04:18:22

In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by defa...

9.8

CVE-2019-10173

  • EPSS 91.87%
  • Published 23.07.2019 13:15:13
  • Last modified 14.05.2025 20:02:54

It was found that xstream API version 1.4.10 before 1.4.11 introduced a regression for a previous deserialization flaw. If the security framework has not been initialized, it may allow a remote attacker to run arbitrary shell commands when unmarshall...

6.1

CVE-2019-11358

Exploit
  • EPSS 2.4%
  • Published 20.04.2019 00:29:00
  • Last modified 21.11.2024 04:20:56

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the n...

7.5

CVE-2018-15756

  • EPSS 13.38%
  • Published 18.10.2018 22:29:00
  • Last modified 21.11.2024 03:51:24

Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler,...

7.5

CVE-2018-11040

  • EPSS 8.25%
  • Published 25.06.2018 15:29:00
  • Last modified 21.11.2024 03:42:32

Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3.18 and older unsupported versions, allows web applications to enable cross-domain requests via JSONP (JSON with Padding) through AbstractJsonpResponseBodyAdvice for REST controlle...

5.9

CVE-2018-11039

  • EPSS 2.92%
  • Published 25.06.2018 15:29:00
  • Last modified 21.11.2024 03:42:32

Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applications to change the HTTP request method to any HTTP method (including TRACE) using the HiddenHttpMethodFilter in Spring ...

6.5

CVE-2018-1257

  • EPSS 1.79%
  • Published 11.05.2018 20:29:00
  • Last modified 21.11.2024 03:59:28

Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A ...