Oracle

Communications Element Manager

68 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4

CVE-2021-28163

Exploit
  • EPSS 0.21%
  • Published 01.04.2021 15:15:14
  • Last modified 21.11.2024 05:59:12

In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0.beta2 to 11.0.1, if a user uses a webapps directory that is a symlink, the contents of the webapps directory is deployed as a static webapp, inadvertently serving the webapps thems...

9

CVE-2021-22112

  • EPSS 0.98%
  • Published 23.02.2021 19:15:13
  • Last modified 21.11.2024 05:49:31

Spring Security 5.4.x prior to 5.4.4, 5.3.x prior to 5.3.8.RELEASE, 5.2.x prior to 5.2.9.RELEASE, and older unsupported versions can fail to save the SecurityContext if it is changed more than once in a single request.A malicious user cannot cause th...

7.5

CVE-2021-26117

  • EPSS 16.3%
  • Published 27.01.2021 19:15:13
  • Last modified 21.11.2024 05:55:53

The optional ActiveMQ LDAP login module can be configured to use anonymous access to the LDAP server. In this case, for Apache ActiveMQ Artemis prior to version 2.16.0 and Apache ActiveMQ prior to versions 5.16.1 and 5.15.14, the anonymous context is...

8.1

CVE-2020-36183

Exploit
  • EPSS 2.72%
  • Published 07.01.2021 00:15:15
  • Last modified 21.11.2024 05:28:55

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.

8.1

CVE-2020-36179

Exploit
  • EPSS 61.3%
  • Published 07.01.2021 00:15:14
  • Last modified 21.11.2024 05:28:54

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS.

8.1

CVE-2020-36180

Exploit
  • EPSS 2.72%
  • Published 07.01.2021 00:15:14
  • Last modified 21.11.2024 05:28:54

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.

8.1

CVE-2020-36182

Exploit
  • EPSS 2.51%
  • Published 07.01.2021 00:15:14
  • Last modified 21.11.2024 05:28:55

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.

8.1

CVE-2020-36188

Exploit
  • EPSS 8.16%
  • Published 06.01.2021 23:15:13
  • Last modified 21.11.2024 05:28:57

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource.

8.1

CVE-2020-36187

Exploit
  • EPSS 2.41%
  • Published 06.01.2021 23:15:13
  • Last modified 21.11.2024 05:28:57

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.

8.1

CVE-2020-36186

Exploit
  • EPSS 2.62%
  • Published 06.01.2021 23:15:13
  • Last modified 21.11.2024 05:28:56

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource.