Communications Unified Inventory Management

communications_unified_inventory_management

Vendor: Oracle • 72 CVEs

CVEs (72)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-36180 4Debian FasterxmlNetapp+1 more 45Agile Plm Application Testing SuiteAutovue For Agile Product Lifecycle Management+42 more Nov 21, 2024 Jan 7, 2021 N/A· v4 8.1 HIGH· v3 6.8 MEDIUM· v2 FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.
CVE-2020-36179 4Debian FasterxmlNetapp+1 more 43Agile Plm Application Testing SuiteAutovue For Agile Product Lifecycle Management+40 more Nov 21, 2024 Jan 7, 2021 N/A· v4 8.1 HIGH· v3 6.8 MEDIUM· v2 FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS.
CVE-2020-36189 4Debian FasterxmlNetapp+1 more 40Agile Plm Application Testing SuiteAutovue For Agile Product Lifecycle Management+37 more Nov 21, 2024 Jan 6, 2021 N/A· v4 8.1 HIGH· v3 6.8 MEDIUM· v2 FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource.
CVE-2020-36188 4Debian FasterxmlNetapp+1 more 45Agile Plm Application Testing SuiteAutovue For Agile Product Lifecycle Management+42 more Nov 21, 2024 Jan 6, 2021 N/A· v4 8.1 HIGH· v3 6.8 MEDIUM· v2 FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource.
CVE-2020-36187 4Debian FasterxmlNetapp+1 more 45Agile Plm Application Testing SuiteAutovue For Agile Product Lifecycle Management+42 more Nov 21, 2024 Jan 6, 2021 N/A· v4 8.1 HIGH· v3 6.8 MEDIUM· v2 FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.
CVE-2020-36186 4Debian FasterxmlNetapp+1 more 45Agile Plm Application Testing SuiteAutovue For Agile Product Lifecycle Management+42 more Nov 21, 2024 Jan 6, 2021 N/A· v4 8.1 HIGH· v3 6.8 MEDIUM· v2 FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource.
CVE-2020-36185 4Debian FasterxmlNetapp+1 more 45Agile Plm Application Testing SuiteAutovue For Agile Product Lifecycle Management+42 more Nov 21, 2024 Jan 6, 2021 N/A· v4 8.1 HIGH· v3 6.8 MEDIUM· v2 FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource.
CVE-2020-36184 4Debian FasterxmlNetapp+1 more 45Agile Plm Application Testing SuiteAutovue For Agile Product Lifecycle Management+42 more Nov 21, 2024 Jan 6, 2021 N/A· v4 8.1 HIGH· v3 6.8 MEDIUM· v2 FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.
CVE-2020-36181 4Debian FasterxmlNetapp+1 more 44Agile Plm Application Testing SuiteAutovue For Agile Product Lifecycle Management+41 more Nov 21, 2024 Jan 6, 2021 N/A· v4 8.1 HIGH· v3 6.8 MEDIUM· v2 FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS.
CVE-2020-35728 4Debian FasterxmlNetapp+1 more 40Agile Plm Application Testing SuiteAutovue+37 more Apr 29, 2026 Dec 27, 2020 N/A· v4 8.1 HIGH· v3 6.8 MEDIUM· v2 FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org....Show more FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).Show less
CVE-2020-35491 4Debian FasterxmlNetapp+1 more 26Agile Plm Application Testing SuiteAutovue For Agile Product Lifecycle Management+23 more Nov 21, 2024 Dec 17, 2020 N/A· v4 8.1 HIGH· v3 6.8 MEDIUM· v2 FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.
CVE-2020-35490 4Debian FasterxmlNetapp+1 more 25Agile Plm Application Testing SuiteAutovue For Agile Product Lifecycle Management+22 more Nov 21, 2024 Dec 17, 2020 N/A· v4 8.1 HIGH· v3 6.8 MEDIUM· v2 FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.
CVE-2020-25649 6Apache FasterxmlFedoraproject+3 more 39Agile Plm Agile Product Lifecycle Management Integration PackBanking Apis+36 more Nov 21, 2024 Dec 3, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is...Show more A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.Show less
CVE-2020-11979 4Apache FedoraprojectGradle+1 more 37Agile Engineering Data Management AntApi Gateway+34 more Nov 21, 2024 Oct 1, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file...Show more As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without said protection, effectively nullifying the effort. This would still allow an attacker to inject modified source files into the build process.Show less
CVE-2020-5421 3Netapp OracleVmware 38Commerce Guided Search Communications BrmCommunications Design Studio+35 more Nov 21, 2024 Sep 19, 2020 N/A· v4 6.5 MEDIUM· v3 3.6 LOW· v2 In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser...Show more In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter.Show less
CVE-2020-24750 3Debian FasterxmlOracle 26Agile Plm Application Testing SuiteAutovue For Agile Product Lifecycle Management+23 more Nov 21, 2024 Sep 17, 2020 N/A· v4 8.1 HIGH· v3 6.8 MEDIUM· v2 FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.
CVE-2020-24616 4Debian FasterxmlNetapp+1 more 25Active Iq Unified Manager Agile PlmApplication Testing Suite+22 more Nov 21, 2024 Aug 25, 2020 N/A· v4 8.1 HIGH· v3 6.8 MEDIUM· v2 FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).
CVE-2020-10683 5Canonical Dom4j ProjectNetapp+2 more 38Agile Plm Application Testing SuiteBanking Platform+35 more Nov 21, 2024 May 1, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe,...Show more dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j.Show less
CVE-2020-9488 4Apache DebianOracle+1 more 46Communications Application Session Controller Communications Billing And Revenue ManagementCommunications Eagle Ftp Table Base Retrieval+43 more May 29, 2026 Apr 27, 2020 N/A· v4 3.7 LOW· v3 4.3 MEDIUM· v2 Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through tha...Show more Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. Fixed in Apache Log4j 2.12.3 and 2.13.1Show less
CVE-2019-10219 3Netapp OracleRedhat 188Access Manager Active Iq Unified ManagerAgile Engineering Data Management+185 more Jul 7, 2025 Nov 8, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can r...Show more A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.Show less

Previous 1 234 Next