Communications_offline_mediation_controller - Vulncode-DB

Note:

This project will be discontinued after December 13, 2021. [more]

Product:
Communications_offline_mediation_controller
(Oracle)

Repositories	Unknown: This might be proprietary software.
#Vulnerabilities	37

Date	Id	Summary	Products	Score	Patch	Annotated
2021-03-05	CVE-2021-28041	ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host.	Fedora, Cloud_backup, Hci_compute_node_firmware, Hci_management_node, Hci_storage_node_firmware, Solidfire, Openssh, Communications_offline_mediation_controller, Zfs_storage_appliance	7.1
2021-04-13	CVE-2021-29425	In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus "limited" path traversal), if the calling code would use the result to construct a path value.	Commons_io, Debian_linux, Active_iq_unified_manager, Access_manager, Agile_engineering_data_management, Agile_plm, Application_performance_management, Application_testing_suite, Banking_apis, Banking_digital_experience, Banking_enterprise_default_management, Banking_enterprise_default_managment, Banking_party_management, Banking_platform, Blockchain_platform, Commerce_guided_search, Communications_application_session_controller, Communications_billing_and_revenue_management_elastic_charging_engine, Communications_cloud_native_core_network_repository_function, Communications_cloud_native_core_policy, Communications_cloud_native_core_unified_data_repository, Communications_contacts_server, Communications_converged_application_server_\-_service_controller, Communications_convergence, Communications_design_studio, Communications_diameter_intelligence_hub, Communications_interactive_session_recorder, Communications_offline_mediation_controller, Communications_order_and_service_management, Communications_policy_management, Communications_pricing_design_center, Communications_service_broker, Enterprise_communications_broker, Enterprise_session_border_controller, Financial_services_analytical_applications_infrastructure, Financial_services_model_management_and_governance, Flexcube_core_banking, Fusion_middleware_mapviewer, Health_sciences_data_management_workbench, Health_sciences_information_manager, Healthcare_data_repository, Helidon, Insurance_policy_administration, Insurance_rules_palette, Oss_support_tools, Primavera_unifier, Real_user_experience_insight, Rest_data_services, Retail_assortment_planning, Retail_integration_bus, Retail_merchandising_system, Retail_order_broker, Retail_pricing, Retail_service_backbone, Retail_size_profile_optimization, Retail_xstore_point_of_service, Solaris_cluster, Utilities_testing_accelerator, Webcenter_portal, Weblogic_server	4.8
2021-12-14	CVE-2021-4104	JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-44228. Note this issue only affects Log4j 1.2 when specifically configured to use JMSAppender, which is not the default. Apache Log4j 1.2 reached...	Log4j, Fedora, Advanced_supply_chain_planning, Business_intelligence, Business_process_management_suite, Communications_eagle_ftp_table_base_retrieval, Communications_messaging_server, Communications_network_integrity, Communications_offline_mediation_controller, Communications_unified_inventory_management, E\-Business_suite_cloud_manager_and_cloud_backup_module, Enterprise_manager_base_platform, Financial_services_revenue_management_and_billing_analytics, Fusion_middleware_common_libraries_and_tools, Goldengate, Healthcare_data_repository, Hyperion_data_relationship_management, Hyperion_infrastructure_technology, Identity_management_suite, Jdeveloper, Mysql_enterprise_monitor, Retail_allocation, Retail_extract_transform_and_load, Stream_analytics, Timesten_grid, Tuxedo, Utilities_testing_accelerator, Weblogic_server, Codeready_studio, Enterprise_linux, Integration_camel_k, Integration_camel_quarkus, Jboss_a\-Mq, Jboss_a\-Mq_streaming, Jboss_data_grid, Jboss_data_virtualization, Jboss_enterprise_application_platform, Jboss_fuse, Jboss_fuse_service_works, Jboss_operations_network, Jboss_web_server, Openshift_application_runtimes, Openshift_container_platform, Process_automation, Single_sign\-On, Software_collections	7.5
2021-12-28	CVE-2021-44832	Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2.	Log4j, Cloudcenter, Debian_linux, Fedora, Communications_brm_\-_elastic_charging_engine, Communications_diameter_signaling_router, Communications_interactive_session_recorder, Communications_offline_mediation_controller, Flexcube_private_banking, Health_sciences_data_management_workbench, Policy_automation, Policy_automation_for_mobile_devices, Primavera_gateway, Primavera_p6_enterprise_project_portfolio_management, Primavera_unifier, Product_lifecycle_analytics, Retail_assortment_planning, Retail_fiscal_management, Retail_order_broker, Retail_xstore_point_of_service, Siebel_ui_framework, Weblogic_server	6.6
2022-01-18	CVE-2022-23305	By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. The message converter, %m, is likely to always be included. This allows attackers to manipulate the SQL by entering crafted strings into input fields or headers of an application that are logged allowing unintended SQL queries to be executed. Note this issue only affects Log4j 1.x when specifically configured to use the...	Log4j, Brocade_sannav, Snapmanager, Advanced_supply_chain_planning, Business_intelligence, Business_process_management_suite, Communications_eagle_ftp_table_base_retrieval, Communications_instant_messaging_server, Communications_messaging_server, Communications_network_integrity, Communications_offline_mediation_controller, Communications_unified_inventory_management, E\-Business_suite_cloud_manager_and_cloud_backup_module, E\-Business_suite_information_discovery, Enterprise_manager_base_platform, Financial_services_revenue_management_and_billing_analytics, Healthcare_foundation, Hyperion_data_relationship_management, Hyperion_infrastructure_technology, Identity_management_suite, Identity_manager_connector, Jdeveloper, Middleware_common_libraries_and_tools, Mysql_enterprise_monitor, Retail_extract_transform_and_load, Tuxedo, Weblogic_server, Reload4j	9.8
2022-01-18	CVE-2022-23307	CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists.	Chainsaw, Log4j, Advanced_supply_chain_planning, Business_intelligence, Business_process_management_suite, Communications_eagle_ftp_table_base_retrieval, Communications_instant_messaging_server, Communications_messaging_server, Communications_network_integrity, Communications_offline_mediation_controller, Communications_unified_inventory_management, E\-Business_suite_cloud_manager_and_cloud_backup_module, Enterprise_manager_base_platform, Financial_services_revenue_management_and_billing_analytics, Healthcare_foundation, Hyperion_data_relationship_management, Hyperion_infrastructure_technology, Identity_management_suite, Identity_manager_connector, Jdeveloper, Middleware_common_libraries_and_tools, Mysql_enterprise_monitor, Retail_extract_transform_and_load, Tuxedo, Weblogic_server, Reload4j	8.8
2021-02-24	CVE-2020-11987	Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.	Batik, Debian_linux, Fedora, Agile_engineering_data_management, Banking_apis, Banking_digital_experience, Communications_application_session_controller, Communications_metasolv_solution, Communications_offline_mediation_controller, Enterprise_repository, Flexcube_universal_banking, Fusion_middleware_mapviewer, Instantis_enterprisetrack, Insurance_policy_administration, Product_lifecycle_analytics, Retail_back_office, Retail_central_office, Retail_order_broker, Retail_order_management_system_cloud_service, Retail_point\-Of\-Service, Retail_returns_management, Weblogic_server	8.2
2020-11-12	CVE-2019-17566	Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the "xlink:href" attributes. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.	Batik, Api_gateway, Business_intelligence, Communications_application_session_controller, Communications_metasolv_solution, Communications_offline_mediation_controller, Enterprise_repository, Financial_services_analytical_applications_infrastructure, Fusion_middleware_mapviewer, Hospitality_opera_5, Hyperion_financial_reporting, Instantis_enterprisetrack, Jd_edwards_enterpriseone_tools, Retail_integration_bus, Retail_order_broker, Retail_order_management_system_cloud_service, Retail_point\-Of\-Service, Retail_returns_management	7.5
2020-06-05	CVE-2020-10543	Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow.	Fedora, Leap, Communications_billing_and_revenue_management, Communications_diameter_signaling_router, Communications_eagle_application_processor, Communications_eagle_lnp_application_processor, Communications_lsms, Communications_offline_mediation_controller, Communications_performance_intelligence_center, Communications_pricing_design_center, Configuration_manager, Enterprise_manager_base_platform, Sd\-Wan_edge, Tekelec_platform_distribution, Perl	8.2
2020-06-05	CVE-2020-10878	Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection.	Fedora, Oncommand_workflow_automation, Snap_creator_framework, Leap, Communications_billing_and_revenue_management, Communications_diameter_signaling_router, Communications_eagle_application_processor, Communications_eagle_lnp_application_processor, Communications_lsms, Communications_offline_mediation_controller, Communications_performance_intelligence_center, Communications_pricing_design_center, Configuration_manager, Enterprise_manager_base_platform, Sd\-Wan_aware, Tekelec_platform_distribution, Perl	8.6