Filtered by vendor Oracle
Subscribe
Filtered by product Communications Billing And Revenue Management
Subscribe
Search
Total
59 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-2351 | 1 Oracle | 110 Advanced Networking Option, Agile Engineering Data Management, Agile Plm and 107 more | 2023-08-08 | 5.1 MEDIUM | 8.3 HIGH |
| Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Advanced Networking Option. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Advanced Networking Option, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Advanced Networking Option. Note: The July 2021 Critical Patch Update introduces a number of Native Network Encryption changes to deal with vulnerability CVE-2021-2351 and prevent the use of weaker ciphers. Customers should review: "Changes in Native Network Encryption with the July 2021 Critical Patch Update" (Doc ID 2791571.1). CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). | |||||
| CVE-2022-21574 | 1 Oracle | 1 Communications Billing And Revenue Management | 2022-07-26 | N/A | 5.3 MEDIUM |
| Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Connection Manager). Supported versions that are affected are 12.0.0.4.0-12.0.0.6.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Billing and Revenue Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Billing and Revenue Management. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). | |||||
| CVE-2022-21573 | 1 Oracle | 1 Communications Billing And Revenue Management | 2022-07-26 | N/A | 6.5 MEDIUM |
| Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Billing Care). Supported versions that are affected are 12.0.0.4.0-12.0.0.6.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Billing and Revenue Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Billing and Revenue Management. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). | |||||
| CVE-2022-21572 | 1 Oracle | 1 Communications Billing And Revenue Management | 2022-07-26 | N/A | 5.4 MEDIUM |
| Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Billing Care). Supported versions that are affected are 12.0.0.4.0-12.0.0.6.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Billing and Revenue Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Communications Billing and Revenue Management, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Billing and Revenue Management accessible data as well as unauthorized read access to a subset of Oracle Communications Billing and Revenue Management accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). | |||||
| CVE-2020-36188 | 4 Debian, Fasterxml, Netapp and 1 more | 44 Debian Linux, Jackson-databind, Cloud Backup and 41 more | 2022-07-25 | 6.8 MEDIUM | 8.1 HIGH |
| FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource. | |||||
| CVE-2020-36187 | 4 Debian, Fasterxml, Netapp and 1 more | 44 Debian Linux, Jackson-databind, Cloud Backup and 41 more | 2022-07-25 | 6.8 MEDIUM | 8.1 HIGH |
| FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource. | |||||
| CVE-2020-36185 | 4 Debian, Fasterxml, Netapp and 1 more | 44 Debian Linux, Jackson-databind, Cloud Backup and 41 more | 2022-07-25 | 6.8 MEDIUM | 8.1 HIGH |
| FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource. | |||||
| CVE-2020-36184 | 4 Debian, Fasterxml, Netapp and 1 more | 44 Debian Linux, Jackson-databind, Cloud Backup and 41 more | 2022-07-25 | 6.8 MEDIUM | 8.1 HIGH |
| FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource. | |||||
| CVE-2020-35728 | 4 Debian, Fasterxml, Netapp and 1 more | 39 Debian Linux, Jackson-databind, Service Level Manager and 36 more | 2022-07-25 | 6.8 MEDIUM | 8.1 HIGH |
| FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl). | |||||
| CVE-2019-10086 | 6 Apache, Debian, Fedoraproject and 3 more | 60 Commons Beanutils, Nifi, Debian Linux and 57 more | 2022-07-25 | 7.5 HIGH | 7.3 HIGH |
| In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean. | |||||
| CVE-2020-11022 | 8 Debian, Drupal, Fedoraproject and 5 more | 78 Debian Linux, Drupal, Fedora and 75 more | 2022-07-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0. | |||||
| CVE-2020-36179 | 4 Debian, Fasterxml, Netapp and 1 more | 42 Debian Linux, Jackson-databind, Cloud Backup and 39 more | 2022-07-25 | 6.8 MEDIUM | 8.1 HIGH |
| FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS. | |||||
| CVE-2021-35516 | 3 Apache, Netapp, Oracle | 23 Commons Compress, Active Iq Unified Manager, Oncommand Insight and 20 more | 2022-07-25 | 5.0 MEDIUM | 7.5 HIGH |
| When reading a specially crafted 7Z archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' sevenz package. | |||||
| CVE-2020-36186 | 4 Debian, Fasterxml, Netapp and 1 more | 44 Debian Linux, Jackson-databind, Cloud Backup and 41 more | 2022-07-25 | 6.8 MEDIUM | 8.1 HIGH |
| FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource. | |||||
| CVE-2021-35515 | 3 Apache, Netapp, Oracle | 25 Commons Compress, Active Iq Unified Manager, Oncommand Insight and 22 more | 2022-07-25 | 5.0 MEDIUM | 7.5 HIGH |
| When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop. This could be used to mount a denial of service attack against services that use Compress' sevenz package. | |||||
| CVE-2020-36183 | 4 Debian, Fasterxml, Netapp and 1 more | 44 Debian Linux, Jackson-databind, Cloud Backup and 41 more | 2022-07-25 | 6.8 MEDIUM | 8.1 HIGH |
| FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool. | |||||
| CVE-2020-36182 | 4 Debian, Fasterxml, Netapp and 1 more | 44 Debian Linux, Jackson-databind, Cloud Backup and 41 more | 2022-07-25 | 6.8 MEDIUM | 8.1 HIGH |
| FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS. | |||||
| CVE-2020-36189 | 4 Debian, Fasterxml, Netapp and 1 more | 39 Debian Linux, Jackson-databind, Cloud Backup and 36 more | 2022-07-25 | 6.8 MEDIUM | 8.1 HIGH |
| FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource. | |||||
| CVE-2020-36181 | 4 Debian, Fasterxml, Netapp and 1 more | 43 Debian Linux, Jackson-databind, Service Level Manager and 40 more | 2022-07-25 | 6.8 MEDIUM | 8.1 HIGH |
| FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS. | |||||
| CVE-2020-36180 | 4 Debian, Fasterxml, Netapp and 1 more | 44 Debian Linux, Jackson-databind, Cloud Backup and 41 more | 2022-07-25 | 6.8 MEDIUM | 8.1 HIGH |
| FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS. | |||||
| CVE-2021-35517 | 3 Apache, Netapp, Oracle | 26 Commons Compress, Active Iq Unified Manager, Oncommand Insight and 23 more | 2022-07-25 | 5.0 MEDIUM | 7.5 HIGH |
| When reading a specially crafted TAR archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' tar package. | |||||
| CVE-2021-36090 | 3 Apache, Netapp, Oracle | 33 Commons Compress, Active Iq Unified Manager, Oncommand Insight and 30 more | 2022-07-25 | 5.0 MEDIUM | 7.5 HIGH |
| When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' zip package. | |||||
| CVE-2020-25649 | 6 Apache, Fasterxml, Fedoraproject and 3 more | 38 Iotdb, Jackson-databind, Fedora and 35 more | 2022-07-25 | 5.0 MEDIUM | 7.5 HIGH |
| A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity. | |||||
| CVE-2022-21429 | 1 Oracle | 1 Communications Billing And Revenue Management | 2022-07-23 | N/A | 8.1 HIGH |
| Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Billing Care). Supported versions that are affected are 12.0.0.4.0-12.0.0.6.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Billing and Revenue Management. Successful attacks of this vulnerability can result in takeover of Oracle Communications Billing and Revenue Management. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). | |||||
| CVE-2019-10219 | 3 Netapp, Oracle, Redhat | 194 Active Iq Unified Manager, Element, Management Services For Element Software And Netapp Hci and 191 more | 2022-05-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack. | |||||
| CVE-2020-8285 | 8 Apple, Debian, Fedoraproject and 5 more | 29 Mac Os X, Macos, Debian Linux and 26 more | 2022-05-13 | 5.0 MEDIUM | 7.5 HIGH |
| curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing. | |||||
| CVE-2020-8284 | 8 Apple, Debian, Fedoraproject and 5 more | 28 Mac Os X, Macos, Debian Linux and 25 more | 2022-05-13 | 4.3 MEDIUM | 3.7 LOW |
| A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions. | |||||
| CVE-2020-8286 | 7 Apple, Debian, Fedoraproject and 4 more | 19 Mac Os X, Macos, Debian Linux and 16 more | 2022-05-13 | 5.0 MEDIUM | 7.5 HIGH |
| curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response. | |||||
| CVE-2020-8203 | 2 Lodash, Oracle | 18 Lodash, Banking Corporate Lending Process Management, Banking Credit Facilities Process Management and 15 more | 2022-05-12 | 5.8 MEDIUM | 7.4 HIGH |
| Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20. | |||||
| CVE-2020-12723 | 5 Fedoraproject, Netapp, Opensuse and 2 more | 16 Fedora, Oncommand Workflow Automation, Snap Creator Framework and 13 more | 2022-05-12 | 5.0 MEDIUM | 7.5 HIGH |
| regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls. | |||||
| CVE-2020-10543 | 4 Fedoraproject, Opensuse, Oracle and 1 more | 15 Fedora, Leap, Communications Billing And Revenue Management and 12 more | 2022-05-12 | 6.4 MEDIUM | 8.2 HIGH |
| Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow. | |||||
| CVE-2020-10878 | 5 Fedoraproject, Netapp, Opensuse and 2 more | 17 Fedora, Oncommand Workflow Automation, Snap Creator Framework and 14 more | 2022-05-12 | 7.5 HIGH | 8.6 HIGH |
| Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection. | |||||
| CVE-2020-9488 | 4 Apache, Debian, Oracle and 1 more | 46 Log4j, Debian Linux, Communications Application Session Controller and 43 more | 2022-05-12 | 4.3 MEDIUM | 3.7 LOW |
| Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. Fixed in Apache Log4j 2.12.3 and 2.13.1 | |||||
| CVE-2022-21431 | 1 Oracle | 1 Communications Billing And Revenue Management | 2022-04-27 | 7.5 HIGH | 10.0 CRITICAL |
| Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Connection Manager). Supported versions that are affected are 12.0.0.4 and 12.0.0.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via TCP to compromise Oracle Communications Billing and Revenue Management. While the vulnerability is in Oracle Communications Billing and Revenue Management, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Communications Billing and Revenue Management. CVSS 3.1 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H). | |||||
| CVE-2022-21430 | 1 Oracle | 1 Communications Billing And Revenue Management | 2022-04-27 | 6.0 MEDIUM | 8.5 HIGH |
| Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Connection Manager). Supported versions that are affected are 12.0.0.4 and 12.0.0.5. Difficult to exploit vulnerability allows low privileged attacker with network access via TCP to compromise Oracle Communications Billing and Revenue Management. While the vulnerability is in Oracle Communications Billing and Revenue Management, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Communications Billing and Revenue Management. CVSS 3.1 Base Score 8.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H). | |||||
| CVE-2022-21424 | 1 Oracle | 1 Communications Billing And Revenue Management | 2022-04-27 | 6.5 MEDIUM | 8.3 HIGH |
| Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Connection Manager). The supported version that is affected is 12.0.0.4. Easily exploitable vulnerability allows low privileged attacker with network access via TCP to compromise Oracle Communications Billing and Revenue Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Billing and Revenue Management accessible data as well as unauthorized access to critical data or complete access to all Oracle Communications Billing and Revenue Management accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Billing and Revenue Management. CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L). | |||||
| CVE-2022-21422 | 1 Oracle | 1 Communications Billing And Revenue Management | 2022-04-27 | 6.0 MEDIUM | 7.5 HIGH |
| Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Connection Manager). Supported versions that are affected are 12.0.0.4 and 12.0.0.5. Difficult to exploit vulnerability allows low privileged attacker with network access via TCP to compromise Oracle Communications Billing and Revenue Management. Successful attacks of this vulnerability can result in takeover of Oracle Communications Billing and Revenue Management. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H). | |||||
| CVE-2021-3345 | 2 Gnupg, Oracle | 2 Libgcrypt, Communications Billing And Revenue Management | 2022-04-26 | 7.2 HIGH | 7.8 HIGH |
| _gcry_md_block_write in cipher/hash-common.c in Libgcrypt version 1.9.0 has a heap-based buffer overflow when the digest final function sets a large count value. It is recommended to upgrade to 1.9.1 or later. | |||||
| CVE-2019-11358 | 10 Backdropcms, Debian, Drupal and 7 more | 102 Backdrop, Debian Linux, Drupal and 99 more | 2022-02-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype. | |||||
| CVE-2022-21391 | 1 Oracle | 1 Communications Billing And Revenue Management | 2022-01-25 | 6.5 MEDIUM | 9.9 CRITICAL |
| Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Connection Manager). Supported versions that are affected are 12.0.0.3 and 12.0.0.4. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Billing and Revenue Management. While the vulnerability is in Oracle Communications Billing and Revenue Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Communications Billing and Revenue Management. CVSS 3.1 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). | |||||
| CVE-2022-21390 | 1 Oracle | 1 Communications Billing And Revenue Management | 2022-01-25 | 7.5 HIGH | 10.0 CRITICAL |
| Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Webservices Manager). Supported versions that are affected are 12.0.0.3 and 12.0.0.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Billing and Revenue Management. While the vulnerability is in Oracle Communications Billing and Revenue Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Communications Billing and Revenue Management. CVSS 3.1 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H). | |||||
| CVE-2022-21389 | 1 Oracle | 1 Communications Billing And Revenue Management | 2022-01-24 | 7.5 HIGH | 10.0 CRITICAL |
| Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Connection Manager). Supported versions that are affected are 12.0.0.3 and 12.0.0.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Billing and Revenue Management. While the vulnerability is in Oracle Communications Billing and Revenue Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Communications Billing and Revenue Management. CVSS 3.1 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H). | |||||
| CVE-2022-21268 | 1 Oracle | 1 Communications Billing And Revenue Management | 2022-01-22 | 2.1 LOW | 3.3 LOW |
| Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Pipeline Manager). Supported versions that are affected are 12.0.0.3 and 12.0.0.4. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Communications Billing and Revenue Management executes to compromise Oracle Communications Billing and Revenue Management. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Communications Billing and Revenue Management accessible data. CVSS 3.1 Base Score 3.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). | |||||
| CVE-2022-21267 | 1 Oracle | 1 Communications Billing And Revenue Management | 2022-01-22 | 2.1 LOW | 3.3 LOW |
| Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Pipeline Manager). Supported versions that are affected are 12.0.0.3 and 12.0.0.4. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Communications Billing and Revenue Management executes to compromise Oracle Communications Billing and Revenue Management. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Communications Billing and Revenue Management accessible data. CVSS 3.1 Base Score 3.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). | |||||
| CVE-2022-21266 | 1 Oracle | 1 Communications Billing And Revenue Management | 2022-01-22 | 5.0 MEDIUM | 7.5 HIGH |
| Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Pipeline Manager). Supported versions that are affected are 12.0.0.3 and 12.0.0.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Billing and Revenue Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Billing and Revenue Management accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). | |||||
| CVE-2022-21275 | 1 Oracle | 1 Communications Billing And Revenue Management | 2022-01-21 | 7.5 HIGH | 10.0 CRITICAL |
| Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Connection Manager). Supported versions that are affected are 12.0.0.3 and 12.0.0.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Billing and Revenue Management. While the vulnerability is in Oracle Communications Billing and Revenue Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Communications Billing and Revenue Management. CVSS 3.1 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H). | |||||
| CVE-2022-21276 | 1 Oracle | 1 Communications Billing And Revenue Management | 2022-01-21 | 6.5 MEDIUM | 9.9 CRITICAL |
| Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Connection Manager). Supported versions that are affected are 12.0.0.3 and 12.0.0.4. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Billing and Revenue Management. While the vulnerability is in Oracle Communications Billing and Revenue Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Communications Billing and Revenue Management. CVSS 3.1 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). | |||||
| CVE-2017-7525 | 6 Apache, Debian, Fasterxml and 3 more | 23 Struts, Debian Linux, Jackson-databind and 20 more | 2021-09-27 | 7.5 HIGH | 9.8 CRITICAL |
| A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. | |||||
| CVE-2019-16942 | 6 Debian, Fasterxml, Fedoraproject and 3 more | 28 Debian Linux, Jackson-databind, Fedora and 25 more | 2021-07-20 | 7.5 HIGH | 9.8 CRITICAL |
| A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling. | |||||
| CVE-2019-20330 | 4 Debian, Fasterxml, Netapp and 1 more | 29 Debian Linux, Jackson-databind, Active Iq Unified Manager and 26 more | 2021-07-20 | 7.5 HIGH | 9.8 CRITICAL |
| FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.ehcache blocking. | |||||