Search
Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-28052 | 3 Apache, Bouncycastle, Oracle | 19 Karaf, Legion-of-the-bouncy-castle-java-crytography-api, Banking Corporate Lending Process Management and 16 more | 2022-07-25 | 6.8 MEDIUM | 8.1 HIGH |
| An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66. The OpenBSDBCrypt.checkPassword utility method compared incorrect data when checking the password, allowing incorrect passwords to indicate they were matching with previously hashed ones that were different. | |||||
| CVE-2019-10086 | 6 Apache, Debian, Fedoraproject and 3 more | 60 Commons Beanutils, Nifi, Debian Linux and 57 more | 2022-07-25 | 7.5 HIGH | 7.3 HIGH |
| In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean. | |||||
| CVE-2017-10031 | 1 Oracle | 1 Communications Convergence | 2019-10-03 | 6.4 MEDIUM | 7.2 HIGH |
| Vulnerability in the Oracle Communications Convergence component of Oracle Communications Applications (subcomponent: Mail Proxy (dojo)). Supported versions that are affected are 3.0 and 3.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Convergence. While the vulnerability is in Oracle Communications Convergence, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Convergence accessible data as well as unauthorized read access to a subset of Oracle Communications Convergence accessible data. CVSS 3.0 Base Score 7.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N). | |||||