Oracle Communications_convergence
11 CVEs affecting Oracle Communications_convergence. Latest disclosed: 2023-01-18. Critical: 1, High: 5.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2018-1000613 | Critical | 9.8 | 2018-07-09 | Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controll… |
CVE-2023-21848 | High | 8.8 | 2023-01-18 | Vulnerability in the Oracle Communications Convergence product of Oracle Communications Applications (component: Admin Configuration). The supported version… |
CVE-2020-28052 | High | 8.1 | 2020-12-18 | An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66. The OpenBSDBCrypt.checkPassword utility method compared incorrect data when check… |
CVE-2019-17359 | High | 7.5 | 2019-10-08 | The ASN.1 parser in Bouncy Castle Crypto (aka BC Java) 1.63 can trigger a large attempted memory allocation, and resultant OutOfMemoryError error, via crafted… |
CVE-2019-10086 | High | 7.3 | 2019-08-20 | In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader vi… |
CVE-2017-10031 | High | 7.2 | 2017-08-08 | Vulnerability in the Oracle Communications Convergence component of Oracle Communications Applications (subcomponent: Mail Proxy (dojo)). Supported versions th… |
CVE-2019-10219 | Medium | 6.1 | 2019-11-08 | A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious cod… |
CVE-2018-2936 | Medium | 6.1 | 2018-07-18 | Vulnerability in the Oracle Communications Messaging Server component of Oracle Communications Applications (subcomponent: Web Client). The supported version t… |
CVE-2021-45105 | Medium | 5.9 | 2021-12-18 | Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This a… |
CVE-2021-29425 | Medium | 4.8 | 2021-04-13 | In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result wou… |
CVE-2022-21338 | Medium | 4.6 | 2022-01-19 | Vulnerability in the Oracle Communications Convergence product of Oracle Communications Applications (component: General Framework). The supported version that… |