Oracle Communications_converged_application_server
12 CVEs affecting Oracle Communications_converged_application_server. Latest disclosed: 2023-01-18. Critical: 5, High: 4.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-21890 | Critical | 9.8 | 2023-01-18 | Vulnerability in the Oracle Communications Converged Application Server product of Oracle Communications (component: Core). Supported versions that are affect… |
CVE-2019-2725 | Critical | 9.8 | 2019-04-26 | Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are affected are 10.3.6… |
CVE-2018-1000613 | Critical | 9.8 | 2018-07-09 | Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controll… |
CVE-2018-1275 | Critical | 9.8 | 2018-04-11 | Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.16 and older unsupported versions, allow applications to expose STOMP over WebSocke… |
CVE-2018-1270 | Critical | 9.8 | 2018-04-06 | Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocke… |
CVE-2018-1258 | High | 8.8 | 2018-05-11 | Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An un… |
CVE-2018-3246 | High | 7.5 | 2018-10-17 | Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS - Web Services). Supported versions that are affected are… |
CVE-2018-1000180 | High | 7.5 | 2018-06-05 | Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 and earlier have a flaw in the Low-level interface to RSA key pair generator, specifically RSA Key Pai… |
CVE-2018-1272 | High | 7.5 | 2018-04-06 | Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, provide client-side support for multipart reques… |
CVE-2018-1257 | Medium | 6.5 | 2018-05-11 | Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSoc… |
CVE-2015-9251 | Medium | 6.1 | 2018-01-18 | jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text… |
CVE-2018-1271 | Medium | 5.9 | 2018-04-06 | Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to se… |