Product:

Communications_cloud_native_core_service_communication_proxy

(Oracle)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 26
Date Id Summary Products Score Patch Annotated
2022-03-03 CVE-2022-22947 In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that could allow arbitrary remote execution on the remote host. Commerce_guided_search, Communications_cloud_native_core_binding_support_function, Communications_cloud_native_core_console, Communications_cloud_native_core_network_exposure_function, Communications_cloud_native_core_network_function_cloud_native_environment, Communications_cloud_native_core_network_repository_function, Communications_cloud_native_core_network_slice_selection_function, Communications_cloud_native_core_security_edge_protection_proxy, Communications_cloud_native_core_service_communication_proxy, Spring_cloud_gateway 10.0
2020-12-02 CVE-2020-13956 Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution. Httpclient, Active_iq_unified_manager, Snapcenter, Commerce_guided_search, Communications_cloud_native_core_service_communication_proxy, Data_integrator, Jd_edwards_enterpriseone_orchestrator, Jd_edwards_enterpriseone_tools, Nosql_database, Peoplesoft_enterprise_peopletools, Peoplesoft_enterprise_pt_peopletools, Primavera_unifier, Retail_customer_management_and_segmentation_foundation, Spatial_studio, Sql_developer, Weblogic_server, Quarkus 5.3
2021-01-21 CVE-2020-8554 Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an attacker who is able to patch the status (which is considered a privileged operation and should not typically be granted to users) of a LoadBalancer service can set the status.loadBalancer.ingress.ip to similar effect. Kubernetes, Communications_cloud_native_core_network_slice_selection_function, Communications_cloud_native_core_policy, Communications_cloud_native_core_service_communication_proxy 5.0
2021-02-03 CVE-2020-29582 In JetBrains Kotlin before 1.4.21, a vulnerable Java API was used for temporary file and folder creation. An attacker was able to read data from such files and list directories due to insecure permissions. Kotlin, Communications_cloud_native_core_network_slice_selection_function, Communications_cloud_native_core_policy, Communications_cloud_native_core_service_communication_proxy 5.3
2021-02-26 CVE-2020-27618 The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, and IBM1399 encodings, fails to advance the input state, which could lead to an infinite loop in applications, resulting in a denial of service, a different vulnerability from CVE-2016-10228. Debian_linux, Glibc, 500f_firmware, A250_firmware, H300e_firmware, H300s_firmware, H410c_firmware, H410s_firmware, H500e_firmware, H500s_firmware, H700e_firmware, H700s_firmware, Ontap_select_deploy_administration_utility, Communications_cloud_native_core_service_communication_proxy 5.5
2021-05-27 CVE-2021-22118 In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by (re)creating the temporary storage directory, a locally authenticated malicious user can read or modify files that have been uploaded to the WebFlux application, or overwrite arbitrary files with multipart request data. Hci, Management_services_for_element_software, Commerce_guided_search, Communications_brm_\-_elastic_charging_engine, Communications_cloud_native_core_binding_support_function, Communications_cloud_native_core_policy, Communications_cloud_native_core_security_edge_protection_proxy, Communications_cloud_native_core_service_communication_proxy, Communications_cloud_native_core_unified_data_repository, Communications_diameter_intelligence_hub, Communications_element_manager, Communications_interactive_session_recorder, Communications_network_integrity, Communications_session_report_manager, Communications_session_route_manager, Communications_unified_inventory_management, Documaker, Enterprise_data_quality, Financial_services_analytical_applications_infrastructure, Healthcare_data_repository, Insurance_policy_administration, Insurance_rules_palette, Mysql_enterprise_monitor, Retail_assortment_planning, Retail_customer_management_and_segmentation_foundation, Retail_financial_integration, Retail_integration_bus, Retail_merchandising_system, Retail_order_broker, Retail_predictive_application_server, Utilities_testing_accelerator, Spring_framework 7.8
2021-06-02 CVE-2020-14340 A vulnerability was discovered in XNIO where file descriptor leak caused by growing amounts of NIO Selector file handles between garbage collection cycles. It may allow the attacker to cause a denial of service. It affects XNIO versions 3.6.0.Beta1 through 3.8.1.Final. Communications_cloud_native_core_console, Communications_cloud_native_core_network_repository_function, Communications_cloud_native_core_policy, Communications_cloud_native_core_security_edge_protection_proxy, Communications_cloud_native_core_service_communication_proxy, Communications_cloud_native_core_unified_data_repository, Jboss_brms, Jboss_data_grid, Jboss_data_virtualization, Jboss_enterprise_application_platform, Jboss_fuse, Jboss_operations_network, Jboss_soa_platform, Xnio 5.9
2021-06-06 CVE-2021-33880 The aaugustin websockets library before 9.1 for Python has an Observable Timing Discrepancy on servers when HTTP Basic Authentication is enabled with basic_auth_protocol_factory(credentials=...). An attacker may be able to guess a password via a timing attack. Communications_cloud_native_core_policy, Communications_cloud_native_core_security_edge_protection_proxy, Communications_cloud_native_core_service_communication_proxy, Communications_cloud_native_core_unified_data_repository, Websockets 5.9
2021-06-08 CVE-2021-33560 Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm, and the window size is not chosen appropriately. This, for example, affects use of ElGamal in OpenPGP. Debian_linux, Fedora, Libgcrypt, Communications_cloud_native_core_binding_support_function, Communications_cloud_native_core_network_function_cloud_native_environment, Communications_cloud_native_core_network_repository_function, Communications_cloud_native_core_network_slice_selection_function, Communications_cloud_native_core_service_communication_proxy 7.5
2021-06-11 CVE-2021-22897 curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPT_SSL_CIPHER_LIST when libcurl is built to use the Schannel TLS library. The selected cipher set was stored in a single "static" variable in the library, which has the surprising side-effect that if an application sets up multiple concurrent transfers, the last one that sets the ciphers will accidentally control the set used by all transfers. In a worst-case scenario, this... Curl, Cloud_backup, H300e_firmware, H300s_firmware, H410s_firmware, H500e_firmware, H500s_firmware, H700e_firmware, H700s_firmware, Hci_compute_node_firmware, Solidfire\,_enterprise_sds_\&_hci_storage_node, Solidfire_\&_hci_management_node, Solidfire_baseboard_management_controller_firmware, Communications_cloud_native_core_binding_support_function, Communications_cloud_native_core_network_function_cloud_native_environment, Communications_cloud_native_core_network_repository_function, Communications_cloud_native_core_network_slice_selection_function, Communications_cloud_native_core_service_communication_proxy, Essbase, Mysql_server, Sinec_infrastructure_network_services, Universal_forwarder 5.3