Oracle Communications_instant_messaging_server

9 CVEs affecting Oracle Communications_instant_messaging_server. Latest disclosed: 2022-01-18. Critical: 3, High: 6.

Top CVEs affecting Oracle Communications_instant_messaging_server
CVESeverityScorePublishedSummary
CVE-2022-23305Critical9.82022-01-18By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLay…
CVE-2020-9546Critical9.82020-03-02FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zax…
CVE-2017-5645Critical9.82017-04-17In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially…
CVE-2022-23307High8.82022-01-18CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x whe…
CVE-2022-23302High8.82022-01-18JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the…
CVE-2020-11113High8.82020-03-31FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistr…
CVE-2020-11112High8.82020-03-31FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provide…
CVE-2020-36183High8.12021-01-07FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib…
CVE-2020-11619High8.12020-04-07FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.M…