Lucene search
+L
OracleCommunications Convergence

11 matches found

cve
cve
added 2021/12/18 11:55 a.m.1187 views

CVE-2021-45105

Summary of CVE-2021-45105 (Log4j2) : Affected Log4j 2.x versions 2.0-alpha1 through 2.16.0 (except 2.12.3 and 2.3.1) are vulnerable to denial of service via uncontrolled recursion triggered by self-referential lookups in Thread Context Map data. The root cause is improper handling of self-referen...

5.9CVSS7.7AI score0.99999EPSS
In wild
cve
cve
added 2019/08/20 8:10 p.m.954 views

CVE-2019-10086

CVE-2019-10086 affects Apache Commons BeanUtils 1.9.2, where a BeanIntrospector addition could suppress access to the classloader via the class property on Java objects. The issue stems from not applying the suppression by default in PropertyUtilsBean, enabling potential risk across affected depl...

7.5CVSS7.3AI score0.28839EPSS
cve
cve
added 2021/04/13 6:50 a.m.636 views

CVE-2021-29425

CVE-2021-29425 affects Apache Commons IO up to version 2.6, specifically FileNameUtils.normalize. With inputs such as "//../foo" or "\..\foo", normalization can yield a value that does not escape to higher directories, potentially enabling access to the parent directory if the resulting path is u...

5.8CVSS6.7AI score0.10608EPSS
In wild
cve
cve
added 2020/12/18 12:52 a.m.386 views

CVE-2020-28052

CVE-2020-28052 — BC Java OpenBSDBCrypt.password check issue : In Legion of the Bouncy Castle BC Java versions 1.65 and 1.66, the OpenBSDBCrypt.checkPassword method can compare data incorrectly during password verification, causing some incorrect passwords to be treated as a match for different, p...

8.1CVSS7.7AI score0.0714EPSS
cve
cve
added 2019/11/08 2:46 p.m.298 views

CVE-2019-10219

The CVE-2019-10219 entry affects Hibernate Validator: SafeHtml validator annotation fails to sanitize HTML comments/instructions, enabling XSS in affected code paths. Affected CP4S versions are 1.7.2.0, 1.8.0.0, and 1.8.1.0. Remediation is to upgrade to Cloud Pak for Security 1.9.0.0 per IBM guid...

6.5CVSS6AI score0.02167EPSS
cve
cve
added 2018/07/09 8:0 p.m.295 views

CVE-2018-1000613

CVE-2018-1000613 concerns Legion of the Bouncy Castle Java Cryptography APIs (BC) 1.58–1.59 up to, but not including, 1.60. It is a CWE-470 Unsafe Reflection vulnerability in XMSS/XMSS^MT private key deserialization, which can allow a remote attacker to execute arbitrary code by crafting a privat...

9.8CVSS8.6AI score0.04767EPSS
cve
cve
added 2019/10/08 1:39 p.m.198 views

CVE-2019-17359

The CVE-2019-17359 entry concerns Bouncy Castle Crypto (BC Java) 1.63. The vulnerability lies in the ASN.1 parser, which can trigger a large memory allocation leading to a memory exhaustion/OutOfMemoryError via crafted ASN.1 data. Affected product: BC Java 1.63; fixed in BC Java 1.64. The issue i...

7.5CVSS8.1AI score0.0895EPSS
cve
cve
added 2023/01/17 11:35 p.m.108 views

CVE-2023-21848

Oracle Communications Convergence (Admin Configuration) vulnerable in version 3.0.3.1.0 due to insufficient input validation. A remote, low-privilege attacker with network access over HTTP can potentially take over the system. Public details in PT-2023-1195 confirm the issue and note that a fix i...

8.8CVSS8.5AI score0.00631EPSS
cve
cve
added 2022/01/19 11:24 a.m.92 views

CVE-2022-21338

CVE-2022-21338 affects Oracle Communications Convergence (General Framework) with affected version 3.0.2.2.0. The vulnerability allows a low-privileged, network-authenticated attacker (HTTP) to compromise data, requiring user interaction for exploitation; potential impacts include unauthorized up...

4.9CVSS3.9AI score0.00524EPSS
cve
cve
added 2017/08/08 3:0 p.m.52 views

CVE-2017-10031

The CVE-2017-10031 issue affects the Oracle Communications Convergence component of Oracle Communications Applications (subcomponent: Mail Proxy (dojo) ). Affected versions are 3.0 and 3.0.1. An unauthenticated attacker with network access via HTTP can compromise Oracle Communications Convergence...

7.2CVSS6.4AI score0.01615EPSS
cve
cve
added 2018/07/18 1:0 p.m.43 views

CVE-2018-2936

CVE-2018-2936 affects Oracle Communications Messaging Server (subcomponent: Web Client) in Oracle Communications Applications, with version 3.x affected. The root cause is a vulnerability in the Web Client subcomponent that allows unauthenticated attackers over HTTP to compromising data confident...

6.1CVSS5.6AI score0.01416EPSS