Communications Session Report Manager

communications_session_report_manager

Vendor: Oracle • 69 CVEs

CVEs (69)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-1941 2Apache Oracle 7Activemq Communications Diameter Signaling RouterCommunications Element Manager+4 more Nov 21, 2024 May 14, 2020 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 In Apache ActiveMQ 5.0.0 to 5.15.11, the webconsole admin GUI is open to XSS, in the view that lists the contents of a queue.
CVE-2020-11023 7Debian DrupalFedoraproject+4 more 52Active Iq Unified Manager Application ExpressApplication Testing Suite+49 more Nov 7, 2025 Apr 29, 2020 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(),...Show more In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.Show less
CVE-2020-11655 7Canonical DebianNetapp+4 more 18Communications Element Manager Communications Messaging ServerCommunications Network Charging And Control+15 more Nov 21, 2024 Apr 9, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled.
CVE-2020-1927 8Apache BroadcomCanonical+5 more 14Brocade Fabric Operating System Communications Element ManagerCommunications Session Report Manager+11 more Nov 21, 2024 Apr 2, 2020 N/A· v4 6.1 MEDIUM· v3 5.8 MEDIUM· v2 In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request U...Show more In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL.Show less
CVE-2020-1954 3Apache NetappOracle 10Communications Diameter Signaling Router Communications Diameter Signaling Router Idih\Communications Element Manager+7 more Nov 21, 2024 Apr 1, 2020 N/A· v4 5.3 MEDIUM· v3 2.9 LOW· v2 Apache CXF has the ability to integrate with JMX by registering an InstrumentationManager extension with the CXF bus. If the ‘createMBServerConnectorFactory‘ property of the default InstrumentationManagerImpl is not disa...Show more Apache CXF has the ability to integrate with JMX by registering an InstrumentationManager extension with the CXF bus. If the ‘createMBServerConnectorFactory‘ property of the default InstrumentationManagerImpl is not disabled, then it is vulnerable to a man-in-the-middle (MITM) style attack. An attacker on the same host can connect to the registry and rebind the entry to another server, thus acting as a proxy to the original. They are then able to gain access to all of the information that is sent and received over JMX.Show less
CVE-2020-1934 6Apache CanonicalDebian+3 more 11Communications Element Manager Communications Session Report ManagerCommunications Session Route Manager+8 more Nov 21, 2024 Apr 1, 2020 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp may use uninitialized memory when proxying to a malicious FTP server.
CVE-2020-11113 4Debian FasterxmlNetapp+1 more 32Agile Plm Autovue For Agile Product Lifecycle ManagementBanking Digital Experience+29 more Apr 29, 2026 Mar 31, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).
CVE-2020-11112 4Debian FasterxmlNetapp+1 more 31Agile Plm Autovue For Agile Product Lifecycle ManagementBanking Digital Experience+28 more Apr 29, 2026 Mar 31, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).
CVE-2020-11111 4Debian FasterxmlNetapp+1 more 25Agile Plm Autovue For Agile Product Lifecycle ManagementBanking Digital Experience+22 more Nov 21, 2024 Mar 31, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms)...Show more FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).Show less
CVE-2020-10969 4Debian FasterxmlNetapp+1 more 31Agile Plm Autovue For Agile Product Lifecycle ManagementBanking Digital Experience+28 more Nov 21, 2024 Mar 26, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.
CVE-2020-10968 4Debian FasterxmlNetapp+1 more 31Agile Plm Autovue For Agile Product Lifecycle ManagementBanking Digital Experience+28 more Nov 21, 2024 Mar 26, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).
CVE-2020-10673 4Debian FasterxmlNetapp+1 more 31Agile Plm Autovue For Agile Product Lifecycle ManagementBanking Digital Experience+28 more Nov 21, 2024 Mar 18, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).
CVE-2020-10672 4Debian FasterxmlNetapp+1 more 31Agile Plm Autovue For Agile Product Lifecycle ManagementBanking Digital Experience+28 more Nov 21, 2024 Mar 18, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jm...Show more FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).Show less
CVE-2020-9548 4Debian FasterxmlNetapp+1 more 25Active Iq Unified Manager Agile PlmAutovue For Agile Product Lifecycle Management+22 more Nov 21, 2024 Mar 2, 2020 N/A· v4 9.8 CRITICAL· v3 6.8 MEDIUM· v2 FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).
CVE-2020-9546 4Debian FasterxmlNetapp+1 more 31Active Iq Unified Manager Agile PlmAutovue For Agile Product Lifecycle Management+28 more Apr 29, 2026 Mar 2, 2020 N/A· v4 9.8 CRITICAL· v3 6.8 MEDIUM· v2 FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).
CVE-2020-5398 3Netapp OracleVmware 33Application Testing Suite Communications Billing And Revenue Management Elastic Charging EngineCommunications Cloud Native Core Policy+30 more Nov 21, 2024 Jan 17, 2020 N/A· v4 7.5 HIGH· v3 7.6 HIGH· v2 In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is vulnerable to a reflected file download (RFD) attack when it sets a "Content-Dispo...Show more In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is vulnerable to a reflected file download (RFD) attack when it sets a "Content-Disposition" header in the response where the filename attribute is derived from user supplied input.Show less
CVE-2019-17573 2Apache Oracle 7Commerce Guided Search Communications Element ManagerCommunications Session Report Manager+4 more Nov 21, 2024 Jan 16, 2020 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 By default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses. This webpage is vulnerable to a reflected Cross-Site Scripting (XSS) attack, which allows a malicious ac...Show more By default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses. This webpage is vulnerable to a reflected Cross-Site Scripting (XSS) attack, which allows a malicious actor to inject javascript into the web page. Please note that the attack exploits a feature which is not typically not present in modern browsers, who remove dot segments before sending the request. However, Mobile applications may be vulnerable.Show less
CVE-2019-12423 2Apache Oracle 8Commerce Guided Search Communications Diameter Signaling RouterCommunications Element Manager+5 more Nov 21, 2024 Jan 16, 2020 N/A· v4 7.5 HIGH· v3 4.3 MEDIUM· v2 Apache CXF ships with a OpenId Connect JWK Keys service, which allows a client to obtain the public keys in JWK format, which can then be used to verify the signature of tokens issued by the service. Typically, the servi...Show more Apache CXF ships with a OpenId Connect JWK Keys service, which allows a client to obtain the public keys in JWK format, which can then be used to verify the signature of tokens issued by the service. Typically, the service obtains the public key from a local keystore (JKS/PKCS12) by specifing the path of the keystore and the alias of the keystore entry. This case is not vulnerable. However it is also possible to obtain the keys from a JWK keystore file, by setting the configuration parameter "rs.security.keystore.type" to "jwk". For this case all keys are returned in this file "as is", including all private key and secret key credentials. This is an obvious security risk if the user has configured the signature keystore file with private or secret key credentials. From CXF 3.3.5 and 3.2.12, it is mandatory to specify an alias corresponding to the id of the key in the JWK file, and only this key is returned. In addition, any private key information is omitted by default. "oct" keys, which contain secret keys, are not returned at all.Show less
CVE-2019-10097 2Apache Oracle 8Communications Element Manager Communications Session Report ManagerCommunications Session Route Manager+5 more Nov 21, 2024 Sep 26, 2019 N/A· v4 7.2 HIGH· v3 6.0 MEDIUM· v2 In Apache HTTP Server 2.4.32-2.4.39, when mod_remoteip was configured to use a trusted intermediary proxy server using the "PROXY" protocol, a specially crafted PROXY header could trigger a stack buffer overflow or NULL...Show more In Apache HTTP Server 2.4.32-2.4.39, when mod_remoteip was configured to use a trusted intermediary proxy server using the "PROXY" protocol, a specially crafted PROXY header could trigger a stack buffer overflow or NULL pointer deference. This vulnerability could only be triggered by a trusted proxy and not by untrusted HTTP clients.Show less
CVE-2019-12402 3Apache FedoraprojectOracle 19Banking Payments Banking PlatformCommons Compress+16 more Nov 21, 2024 Aug 30, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get into an infinite loop when faced with specially crafted inputs. This can lead to a denial of service attack if an attacker...Show more The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get into an infinite loop when faced with specially crafted inputs. This can lead to a denial of service attack if an attacker can choose the file names inside of an archive created by Compress.Show less

Previous 1 234 Next