Communications_unified_inventory_management - Vulncode-DB

Note:

This project will be discontinued after December 13, 2021. [more]

Product:
Communications_unified_inventory_management
(Oracle)

Repositories	Unknown: This might be proprietary software.
#Vulnerabilities	95

Date	Id	Summary	Products	Score	Patch	Annotated
2021-08-23	CVE-2021-39152	XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream with a Java runtime version 14 to 8. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the...	Debian_linux, Fedora, Snapmanager, Business_activity_monitoring, Commerce_guided_search, Communications_billing_and_revenue_management_elastic_charging_engine, Communications_cloud_native_core_automated_test_suite, Communications_cloud_native_core_binding_support_function, Communications_cloud_native_core_policy, Communications_unified_inventory_management, Retail_xstore_point_of_service, Utilities_framework, Utilities_testing_accelerator, Webcenter_portal, Xstream	8.5
2019-07-23	CVE-2019-10173	It was found that xstream API version 1.4.10 before 1.4.11 introduced a regression for a previous deserialization flaw. If the security framework has not been initialized, it may allow a remote attacker to run arbitrary shell commands when unmarshalling XML or any supported format. e.g. JSON. (regression of CVE-2013-7285)	Banking_platform, Business_activity_monitoring, Communications_billing_and_revenue_management_elastic_charging_engine, Communications_diameter_signaling_router, Communications_unified_inventory_management, Endeca_information_discovery_studio, Retail_xstore_point_of_service, Utilities_framework, Webcenter_portal, Xstream	9.8
2022-04-01	CVE-2022-22965	A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.	Cx_cloud_agent, Commerce_platform, Communications_cloud_native_core_automated_test_suite, Communications_cloud_native_core_binding_support_function, Communications_cloud_native_core_console, Communications_cloud_native_core_network_exposure_function, Communications_cloud_native_core_network_function_cloud_native_environment, Communications_cloud_native_core_network_repository_function, Communications_cloud_native_core_network_slice_selection_function, Communications_cloud_native_core_policy, Communications_cloud_native_core_security_edge_protection_proxy, Communications_cloud_native_core_unified_data_repository, Communications_policy_management, Communications_unified_inventory_management, Financial_services_analytical_applications_infrastructure, Financial_services_behavior_detection_platform, Financial_services_enterprise_case_management, Mysql_enterprise_monitor, Product_lifecycle_analytics, Retail_bulk_data_integration, Retail_customer_management_and_segmentation_foundation, Retail_financial_integration, Retail_integration_bus, Retail_merchandising_system, Retail_xstore_point_of_service, Sd\-Wan_edge, Weblogic_server, Operation_scheduler, Simatic_speech_assistant_for_machines, Sinec_network_management_system, Sipass_integrated, Siveillance_identity, Access_appliance, Flex_appliance, Netbackup_appliance, Netbackup_flex_scale_appliance, Netbackup_virtual_appliance, Spring_framework	9.8
2020-04-27	CVE-2020-9488	Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. Fixed in Apache Log4j 2.12.3 and 2.13.1	Log4j, Debian_linux, Communications_application_session_controller, Communications_billing_and_revenue_management, Communications_eagle_ftp_table_base_retrieval, Communications_offline_mediation_controller, Communications_services_gatekeeper, Communications_unified_inventory_management, Data_integrator, Enterprise_manager_for_peoplesoft, Financial_services_analytical_applications_infrastructure, Financial_services_institutional_performance_analytics, Financial_services_market_risk_measurement_and_management, Financial_services_price_creation_and_discovery, Financial_services_retail_customer_analytics, Flexcube_core_banking, Flexcube_private_banking, Health_sciences_information_manager, Insurance_insbridge_rating_and_underwriting, Insurance_policy_administration_j2ee, Insurance_rules_palette, Jd_edwards_world_security, Oracle_goldengate_application_adapters, Peoplesoft_enterprise_peopletools, Policy_automation, Policy_automation_connector_for_siebel, Policy_automation_for_mobile_devices, Primavera_unifier, Retail_advanced_inventory_planning, Retail_assortment_planning, Retail_bulk_data_integration, Retail_customer_management_and_segmentation_foundation, Retail_eftlink, Retail_insights_cloud_service_suite, Retail_integration_bus, Retail_order_broker_cloud_service, Retail_predictive_application_server, Retail_xstore_point_of_service, Siebel_apps_\-_marketing, Siebel_ui_framework, Spatial_and_graph, Storagetek_acsls, Storagetek_tape_analytics_sw_tool, Utilities_framework, Weblogic_server, Reload4j	3.7
2020-08-25	CVE-2020-24616	FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).	Debian_linux, Jackson\-Databind, Active_iq_unified_manager, Agile_plm, Application_testing_suite, Autovue_for_agile_product_lifecycle_management, Banking_liquidity_management, Banking_supply_chain_finance, Blockchain_platform, Communications_calendar_server, Communications_cloud_native_core_unified_data_repository, Communications_contacts_server, Communications_diameter_signaling_router, Communications_element_manager, Communications_evolved_communications_application_server, Communications_instant_messaging_server, Communications_messaging_server, Communications_offline_mediation_controller, Communications_policy_management, Communications_pricing_design_center, Communications_services_gatekeeper, Communications_session_report_manager, Communications_unified_inventory_management, Identity_manager_connector, Siebel_ui_framework	8.1
2020-09-17	CVE-2020-24750	FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.	Debian_linux, Jackson\-Databind, Agile_plm, Application_testing_suite, Autovue_for_agile_product_lifecycle_management, Banking_corporate_lending_process_management, Banking_credit_facilities_process_management, Banking_liquidity_management, Banking_supply_chain_finance, Blockchain_platform, Communications_calendar_server, Communications_contacts_server, Communications_diameter_signaling_router, Communications_element_manager, Communications_instant_messaging_server, Communications_messaging_server, Communications_offline_mediation_controller, Communications_policy_management, Communications_pricing_design_center, Communications_services_gatekeeper, Communications_session_report_manager, Communications_session_route_manager, Communications_unified_inventory_management, Identity_manager_connector, Siebel_core_\-_server_framework, Siebel_ui_framework	8.1
2020-09-19	CVE-2020-5421	In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter.	Oncommand_insight, Snap_creator_framework, Snapcenter, Commerce_guided_search, Communications_brm, Communications_design_studio, Communications_session_report_manager, Communications_unified_inventory_management, Endeca_information_discovery_integrator, Enterprise_data_quality, Financial_services_analytical_applications_infrastructure, Flexcube_private_banking, Fusion_middleware, Goldengate_application_adapters, Healthcare_master_person_index, Hyperion_infrastructure_technology, Insurance_policy_administration, Insurance_rules_palette, Mysql_enterprise_monitor, Primavera_gateway, Primavera_p6_enterprise_project_portfolio_management, Retail_assortment_planning, Retail_bulk_data_integration, Retail_customer_engagement, Retail_customer_management_and_segmentation_foundation, Retail_financial_integration, Retail_integration_bus, Retail_invoice_matching, Retail_merchandising_system, Retail_order_broker, Retail_predictive_application_server, Retail_returns_management, Retail_service_backbone, Retail_xstore_point_of_service, Storagetek_acsls, Storagetek_tape_analytics_sw_tool, Weblogic_server, Spring_framework	6.5
2020-12-03	CVE-2020-25649	A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.	Iotdb, Jackson\-Databind, Fedora, Oncommand_api_services, Oncommand_workflow_automation, Service_level_manager, Agile_plm, Agile_product_lifecycle_management_integration_pack, Banking_apis, Banking_platform, Banking_treasury_management, Blockchain_platform, Coherence, Commerce_platform, Communications_billing_and_revenue_management, Communications_cloud_native_core_unified_data_repository, Communications_convergent_charging_controller, Communications_evolved_communications_application_server, Communications_instant_messaging_server, Communications_interactive_session_recorder, Communications_messaging_server, Communications_network_charging_and_control, Communications_offline_mediation_controller, Communications_pricing_design_center, Communications_services_gatekeeper, Communications_unified_inventory_management, Goldengate_application_adapters, Health_sciences_empirica_signal, Insurance_policy_administration, Insurance_rules_palette, Jd_edwards_enterpriseone_orchestrator, Jd_edwards_enterpriseone_tools, Primavera_gateway, Retail_service_backbone, Retail_xstore_point_of_service, Sd\-Wan_edge, Utilities_framework, Webcenter_portal, Quarkus	7.5
2020-12-17	CVE-2020-35490	FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.	Debian_linux, Jackson\-Databind, Service_level_manager, Agile_plm, Application_testing_suite, Autovue_for_agile_product_lifecycle_management, Banking_platform, Banking_treasury_management, Banking_virtual_account_management, Blockchain_platform, Communications_cloud_native_core_policy, Communications_cloud_native_core_unified_data_repository, Communications_diameter_signaling_router, Communications_evolved_communications_application_server, Communications_instant_messaging_server, Communications_interactive_session_recorder, Communications_offline_mediation_controller, Communications_pricing_design_center, Communications_services_gatekeeper, Communications_unified_inventory_management, Documaker, Insurance_policy_administration_j2ee, Retail_merchandising_system, Retail_xstore_point_of_service, Webcenter_portal	8.1
2020-12-17	CVE-2020-35491	FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.	Debian_linux, Jackson\-Databind, Service_level_manager, Agile_plm, Application_testing_suite, Autovue_for_agile_product_lifecycle_management, Banking_platform, Banking_treasury_management, Banking_virtual_account_management, Blockchain_platform, Communications_cloud_native_core_policy, Communications_cloud_native_core_unified_data_repository, Communications_diameter_signaling_route, Communications_evolved_communications_application_server, Communications_instant_messaging_server, Communications_offline_mediation_controller, Communications_pricing_design_center, Communications_services_gatekeeper, Communications_unified_inventory_management, Documaker, Insurance_policy_administration_j2ee, Retail_customer_management_and_segmentation_foundation, Retail_merchandising_system, Retail_xstore_point_of_service, Sd\-Wan_edge, Webcenter_portal	8.1