Latest oracle communications cloud native core console Vulnerabilities

CVE-2022-22965
Spring Framework JDK 9+ Remote Code Execution Vulnerability
VMware Spring Framework
VMware Spring Framework<5.2.20
VMware Spring Framework>=5.3.0<5.3.18
Cisco CX Cloud Agent<2.1.0
Oracle Communications Cloud Native Core Automated Test Suite=1.9.0
Oracle Communications Cloud Native Core Automated Test Suite=22.1.0
and 84 more
CVE-2022-22963
VMware Tanzu Spring Cloud Function Remote Code Execution Vulnerability
VMware Tanzu Spring Cloud
Vmware Spring Cloud Function<=3.1.6
Vmware Spring Cloud Function>=3.2.0<=3.2.2
Oracle Banking Branch=14.5
Oracle Banking Cash Management=14.5
Oracle Banking Corporate Lending Process Management=14.5
and 42 more
CVE-2022-22946
In spring cloud gateway versions prior to 3.1.1+ , applications that are configured to enable HTTP2 and no key store or trusted certificates are set will be configured to use an insecure TrustManager....
VMware Spring Cloud Gateway=3.1.0
Oracle Commerce Guided Search=11.3.2
Oracle Communications Cloud Native Core Binding Support Function=22.1.3
Oracle Communications Cloud Native Core Console=22.2.0
Oracle Communications Cloud Native Core Network Repository Function=22.1.2
Oracle Communications Cloud Native Core Network Repository Function=22.2.0
and 1 more
CVE-2022-22947
VMware Spring Cloud Gateway Code Injection Vulnerability
maven/org.springframework.cloud:spring-cloud-gateway>=3.1.0<3.1.1
maven/org.springframework.cloud:spring-cloud-gateway<3.0.7
VMware Spring Cloud Gateway
VMware Spring Cloud Gateway<3.0.7
VMware Spring Cloud Gateway=3.1.0
Oracle Commerce Guided Search=11.3.2
and 13 more
CVE-2022-24407
In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement.
redhat/cyrus-sasl<0:2.1.23-16.el6_10
redhat/cyrus-sasl<0:2.1.26-24.el7_9
redhat/cyrus-sasl<0:2.1.27-6.el8_5
redhat/cyrus-sasl<0:2.1.27-2.el8_1
redhat/cyrus-sasl<0:2.1.27-2.el8_2
redhat/cyrus-sasl<0:2.1.27-6.el8_4
and 15 more
CVE-2022-23221
H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a dif...
maven/com.h2database:h2<2.1.210
redhat/eap7-h2database<0:1.4.197-2.redhat_00004.1.el8ea
redhat/eap7-h2database<0:1.4.197-2.redhat_00004.1.el7ea
debian/h2database
redhat/h2<2.1.210
H2database H2>=1.1.100<2.0.206
and 4 more
CVE-2021-22060
In Spring Framework versions 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. This...
VMware Spring Framework>=5.2.0<=5.2.18
VMware Spring Framework>=5.3.0<=5.3.13
Oracle Communications Cloud Native Core Console=1.9.0
Oracle Communications Cloud Native Core Service Communication Proxy=1.15.0
CVE-2021-22569
A flaw was found in protobuf-java. Google Protocol Buffer (protobuf-java) allows the interleaving of com.google.protobuf.UnknownFieldSet fields. By persuading a victim to open specially-crafted conten...
IBM Security Verify Governance<=10.0
redhat/protobuf<3.16.1
redhat/protobuf<3.18.2
redhat/protobuf<3.19.2
Google Google-protobuf Ruby<3.19.2
Google Protobuf-java<3.16.1
and 10 more
CVE-2021-45105
Apache Log4j StrSubstitutor Uncontrolled Recursion Denial-of-Service Vulnerability
redhat/eap7-log4j<0:2.17.1-1.redhat_00001.1.el8ea
redhat/eap7-log4j<0:2.17.1-1.redhat_00001.1.el7ea
redhat/rh-sso7-keycloak<0:15.0.6-1.redhat_00001.1.el7
redhat/rh-sso7-keycloak<0:15.0.6-1.redhat_00001.1.el8
debian/apache-log4j2
debian/apache-log4j2<=2.16.0-1~deb10u1<=2.16.0-1<=2.16.0-1~deb11u1
and 217 more
CVE-2021-41973
In Apache MINA, a specifically crafted, malformed HTTP request may cause the HTTP Header decoder to loop indefinitely. The decoder assumed that the HTTP Header begins at the beginning of the buffer an...
Apache MINA<2.0.22
Apache MINA>=2.1.0<2.1.5
Oracle Banking Payments=14.5
Oracle Banking Trade Finance Process Management=14.5
Oracle Banking Treasury Management=14.5
Oracle Communications Cloud Native Core Console=1.9.0
and 8 more
CVE-2021-22096
In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries.
redhat/ovirt-dependencies<0:4.5.2-1.el8e
VMware Spring Framework>=5.2.0<=5.2.17
VMware Spring Framework>=5.3.0<=5.3.10
Netapp Active Iq Unified Manager Linux
Netapp Active Iq Unified Manager Vsphere
Netapp Active Iq Unified Manager Windows
and 6 more
CVE-2021-2471
Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.26 and prior. Difficult to exploit vulnerability allows high privil...
redhat/MySQL Connector/J<8.0.27
Oracle Communications Cloud Native Core Console=1.9.0
Oracle Communications Cloud Native Core Network Slice Selection Function=1.8.0
Oracle Communications Cloud Native Core Policy=1.15.0
Oracle Communications Cloud Native Core Security Edge Protection Proxy=1.7.0
Oracle Mysql Connectors>=8.0.0<=8.0.26
and 2 more
CVE-2021-22947
curl. Multiple issues were addressed by updating to curl version 7.79.1.
redhat/rh-dotnet31-curl<0:7.61.1-22.el7_9
redhat/curl<0:7.61.1-18.el8_4.2
redhat/curl<0:7.61.1-12.el8_2.4
debian/curl<=7.64.0-4+deb10u2
Apple macOS Monterey<12.3
redhat/curl<7.79.0
and 62 more
CVE-2021-22946
curl. Multiple issues were addressed by updating to curl version 7.79.1.
redhat/rh-dotnet31-curl<0:7.61.1-22.el7_9
redhat/curl<0:7.61.1-18.el8_4.2
redhat/curl<0:7.61.1-12.el8_2.4
debian/curl<=7.64.0-4+deb10u2
Apple macOS Monterey<12.3
IBM QRadar SIEM<=7.5.0 GA
and 68 more
CVE-2021-3712
OpenSSL could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read when processing ASN.1 strings. By sending specially crafted data, an attacker could exploit this ...
redhat/jbcs-httpd24-apr<0:1.6.3-107.el8
redhat/jbcs-httpd24-apr-util<0:1.6.1-84.el8
redhat/jbcs-httpd24-curl<0:7.78.0-2.el8
redhat/jbcs-httpd24-httpd<0:2.4.37-78.el8
redhat/jbcs-httpd24-nghttp2<0:1.39.2-39.el8
redhat/jbcs-httpd24-openssl<1:1.1.1g-8.el8
and 79 more
CVE-2021-30129
A vulnerability in sshd-core of Apache Mina SSHD allows an attacker to overflow the server causing an OutOfMemory error. This issue affects the SFTP and port forwarding features of Apache Mina SSHD ve...
redhat/eap7-apache-sshd<0:2.7.0-1.redhat_00001.1.el8ea
redhat/eap7-apache-sshd<0:2.7.0-1.redhat_00001.1.el7ea
redhat/mina-sshd<2.7.0
Apache Sshd>=2.0.0<2.7.0
Oracle Banking Payments=14.5
Oracle Banking Trade Finance=14.5
and 10 more
CVE-2021-21409
### Impact The content-length header is not correctly validated if the request only use a single Http2HeaderFrame with the endStream set to to true. This could lead to request smuggling if the request...
maven/io.netty:netty<4.0.0
maven/org.jboss.netty:netty<4.0.0
maven/io.netty:netty-codec-http2>=4.0.0<4.1.61.Final
redhat/qpid-proton<0:0.33.0-6.el7_9
redhat/qpid-proton<0:0.33.0-8.el8
redhat/eap7-elytron-web<0:1.6.3-1.Final_redhat_00001.1.el6ea
and 75 more
CVE-2021-20289
A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final. The endpoint class and method names are returned as part of the exception response when RESTEasy cannot convert one of the r...
redhat/eap7-apache-cxf<0:3.3.12-1.redhat_00001.1.el6ea
redhat/eap7-ironjacamar<0:1.5.3-1.Final_redhat_00001.1.el6ea
redhat/eap7-jakarta-el<0:3.0.3-3.redhat_00007.1.el6ea
redhat/eap7-jboss-ejb-client<0:4.0.43-1.Final_redhat_00001.1.el6ea
redhat/eap7-jboss-server-migration<0:1.7.2-10.Final_redhat_00011.1.el6ea
redhat/eap7-jsoup<0:1.14.2-1.redhat_00002.1.el6ea
and 44 more
CVE-2020-25638
A flaw was found in Hibernate ORM of all versions before and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is use...
redhat/eap7-hibernate<0:5.3.18-2.Final_redhat_00002.1.el6ea
redhat/eap7-activemq-artemis<0:2.9.0-6.redhat_00016.1.el6ea
redhat/eap7-fge-btf<0:1.2.0-1.redhat_00007.1.el6ea
redhat/eap7-fge-msg-simple<0:1.1.0-1.redhat_00007.1.el6ea
redhat/eap7-hal-console<0:3.2.11-1.Final_redhat_00001.1.el6ea
redhat/eap7-hibernate-validator<0:6.0.21-1.Final_redhat_00001.1.el6ea
and 74 more
CVE-2020-36518
A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects.
debian/jackson-databind<=2.9.8-3+deb10u3
redhat/jackson-databind<0:2.14.1-2.el9
redhat/eap7-jackson-databind<0:2.12.6.1-1.redhat_00003.1.el8ea
redhat/eap7-jackson-databind<0:2.12.6.1-1.redhat_00003.1.el7ea
redhat/rh-sso7-keycloak<0:15.0.8-1.redhat_00001.1.el7
redhat/rh-sso7-keycloak<0:15.0.8-1.redhat_00001.1.el8
and 88 more
CVE-2020-14340
A flaw was found in xnio. A file descriptor leak caused by growing amounts of NIO Selector file, handled between garbage collection cycles, may allow the attacker to cause a denial of service. The hig...
redhat/eap7-activemq-artemis<0:2.9.0-5.redhat_00011.1.el6ea
redhat/eap7-activemq-artemis-native<1:1.0.2-1.redhat_00001.1.el6ea
redhat/eap7-apache-commons-codec<0:1.14.0-1.redhat_00001.1.el6ea
redhat/eap7-apache-commons-lang<0:3.10.0-1.redhat_00001.1.el6ea
redhat/eap7-apache-cxf<0:3.3.7-1.redhat_00001.1.el6ea
redhat/eap7-artemis-native<1:1.0.2-3.redhat_1.el6ea
and 102 more
CVE-2019-10086
In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Jav...
redhat/apache-commons-beanutils<0:1.8.3-15.el7_7
redhat/eap7-activemq-artemis<0:2.9.0-2.redhat_00009.1.el6ea
redhat/eap7-apache-commons-beanutils<0:1.9.4-1.redhat_00002.1.el6ea
redhat/eap7-glassfish-el<0:3.0.1-4.b08_redhat_00003.1.el6ea
redhat/eap7-glassfish-jaxb<0:2.3.3-4.b02_redhat_00001.1.el6ea
redhat/eap7-glassfish-jsf<0:2.3.5-7.SP3_redhat_00005.1.el6ea
and 486 more
CVE-2019-10219
A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This...
redhat/eap7-apache-cxf<0:3.2.11-1.redhat_00001.1.el6ea
redhat/eap7-glassfish-jsf<0:2.3.5-6.SP3_redhat_00004.1.el6ea
redhat/eap7-hal-console<0:3.0.19-1.Final_redhat_00001.1.el6ea
redhat/eap7-hibernate<0:5.3.14-1.Final_redhat_00001.1.el6ea
redhat/eap7-hibernate-validator<0:6.0.18-1.Final_redhat_00001.1.el6ea
redhat/eap7-jackson-annotations<0:2.9.10-1.redhat_00003.1.el6ea
and 779 more

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203