Communications Billing And Revenue Management

communications_billing_and_revenue_management

Vendor: Oracle • 66 CVEs

CVEs (66)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-8285 9Apple DebianFedoraproject+6 more 22Clustered Data Ontap Communications Billing And Revenue ManagementCommunications Cloud Native Core Policy+19 more Apr 16, 2026 Dec 14, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing.
CVE-2020-8284 9Apple DebianFedoraproject+6 more 22Clustered Data Ontap Communications Billing And Revenue ManagementCommunications Cloud Native Core Policy+19 more Apr 16, 2026 Dec 14, 2020 N/A· v4 3.7 LOW· v3 4.3 MEDIUM· v2 A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherw...Show more A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions.Show less
CVE-2020-25649 6Apache FasterxmlFedoraproject+3 more 39Agile Plm Agile Product Lifecycle Management Integration PackBanking Apis+36 more Nov 21, 2024 Dec 3, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is...Show more A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.Show less
CVE-2020-7017 2Elasticsearch Oracle 4Communications Billing And Revenue Management Communications Cloud Native Core Network Function Cloud Native EnvironmentKibana+1 more Nov 21, 2024 Jul 27, 2020 N/A· v4 6.7 MEDIUM· v3 4.6 MEDIUM· v2 In Kibana versions before 6.8.11 and 7.8.1 the region map visualization in contains a stored XSS flaw. An attacker who is able to edit or create a region map visualization could obtain sensitive information or perform de...Show more In Kibana versions before 6.8.11 and 7.8.1 the region map visualization in contains a stored XSS flaw. An attacker who is able to edit or create a region map visualization could obtain sensitive information or perform destructive actions on behalf of Kibana users who view the region map visualization.Show less
CVE-2020-7016 2Elasticsearch Oracle 4Communications Billing And Revenue Management Communications Cloud Native Core Network Function Cloud Native EnvironmentKibana+1 more Nov 21, 2024 Jul 27, 2020 N/A· v4 4.8 MEDIUM· v3 2.1 LOW· v2 Kibana versions before 6.8.11 and 7.8.1 contain a denial of service (DoS) flaw in Timelion. An attacker can construct a URL that when viewed by a Kibana user can lead to the Kibana process consuming large amounts of CPU...Show more Kibana versions before 6.8.11 and 7.8.1 contain a denial of service (DoS) flaw in Timelion. An attacker can construct a URL that when viewed by a Kibana user can lead to the Kibana process consuming large amounts of CPU and becoming unresponsive.Show less
CVE-2020-8203 2Lodash Oracle 18Banking Corporate Lending Process Management Banking Credit Facilities Process ManagementBanking Extensibility Workbench+15 more Nov 21, 2024 Jul 15, 2020 N/A· v4 7.4 HIGH· v3 5.8 MEDIUM· v2 Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20.
CVE-2020-12723 5Fedoraproject NetappOpensuse+2 more 16Communications Billing And Revenue Management Communications Diameter Signaling RouterCommunications Eagle Application Processor+13 more Nov 21, 2024 Jun 5, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls.
CVE-2020-10878 5Fedoraproject NetappOpensuse+2 more 17Communications Billing And Revenue Management Communications Diameter Signaling RouterCommunications Eagle Application Processor+14 more Nov 21, 2024 Jun 5, 2020 N/A· v4 8.6 HIGH· v3 7.5 HIGH· v2 Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection.
CVE-2020-10543 4Fedoraproject OpensuseOracle+1 more 15Communications Billing And Revenue Management Communications Diameter Signaling RouterCommunications Eagle Application Processor+12 more Nov 21, 2024 Jun 5, 2020 N/A· v4 8.2 HIGH· v3 6.4 MEDIUM· v2 Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow.
CVE-2020-11022 8Debian DrupalFedoraproject+5 more 70Agile Product Lifecycle Management For Process Agile Product Supplier Collaboration For ProcessApplication Testing Suite+67 more Apr 13, 2026 Apr 29, 2020 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 In jQuery starting with 1.12.0 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted co...Show more In jQuery starting with 1.12.0 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.Show less
CVE-2020-9488 4Apache DebianOracle+1 more 46Communications Application Session Controller Communications Billing And Revenue ManagementCommunications Eagle Ftp Table Base Retrieval+43 more May 29, 2026 Apr 27, 2020 N/A· v4 3.7 LOW· v3 4.3 MEDIUM· v2 Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through tha...Show more Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. Fixed in Apache Log4j 2.12.3 and 2.13.1Show less
CVE-2019-20330 4Debian FasterxmlNetapp+1 more 30Active Iq Unified Manager Banking PlatformCommunications Billing And Revenue Management+27 more Nov 21, 2024 Jan 3, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.ehcache blocking.
CVE-2019-10219 3Netapp OracleRedhat 188Access Manager Active Iq Unified ManagerAgile Engineering Data Management+185 more Jul 7, 2025 Nov 8, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can r...Show more A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.Show less
CVE-2019-17531 5Debian FasterxmlNetapp+2 more 22Banking Platform Communications Billing And Revenue ManagementCommunications Calendar Server+19 more Nov 21, 2024 Oct 12, 2019 N/A· v4 9.8 CRITICAL· v3 6.8 MEDIUM· v2 A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the se...Show more A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload.Show less
CVE-2019-16943 6Debian FasterxmlFedoraproject+3 more 26Active Iq Unified Manager Banking PlatformCommunications Billing And Revenue Management+23 more Nov 21, 2024 Oct 1, 2019 N/A· v4 9.8 CRITICAL· v3 6.8 MEDIUM· v2 A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the se...Show more A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.Show less
CVE-2019-16942 6Debian FasterxmlFedoraproject+3 more 28Active Iq Unified Manager Banking PlatformCommunications Billing And Revenue Management+25 more Nov 21, 2024 Oct 1, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the se...Show more A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.Show less
CVE-2019-10086 6Apache DebianFedoraproject+3 more 60Agile Plm Agile Product Lifecycle Management Integration PackApplication Testing Suite+57 more Nov 21, 2024 Aug 20, 2019 N/A· v4 7.3 HIGH· v3 7.5 HIGH· v2 In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, howev...Show more In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean.Show less
CVE-2019-11358 11Backdropcms DebianDrupal+8 more 105Agile Product Lifecycle Management For Process Application ExpressApplication Service Level Management+102 more Nov 21, 2024 Apr 20, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ p...Show more jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.Show less
CVE-2018-14721 4Debian FasterxmlOracle+1 more 12Banking Platform Communications Billing And Revenue ManagementDebian Linux+9 more Nov 21, 2024 Jan 2, 2019 N/A· v4 10.0 CRITICAL· v3 7.5 HIGH· v2 FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery (SSRF) attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization.
CVE-2018-14720 4Debian FasterxmlOracle+1 more 12Banking Platform Communications Billing And Revenue ManagementDebian Linux+9 more Nov 21, 2024 Jan 2, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity (XXE) attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization.

Previous 1 234 Next