Vulnerabilities (CVE)

Filtered by vendor Oracle Subscribe

Filtered by product Communications Communications Policy Management

Total 3 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2022-22963	2 Oracle, Vmware	28 Banking Branch, Banking Cash Management, Banking Corporate Lending Process Management and 25 more	2024-06-28	7.5 HIGH	9.8 CRITICAL
In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources.
CVE-2021-3449	12 Checkpoint, Debian, Fedoraproject and 9 more	167 Multi-domain Management, Multi-domain Management Firmware, Quantum Security Gateway and 164 more	2024-06-21	4.3 MEDIUM	5.9 MEDIUM
An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j).
CVE-2017-7525	5 Debian, Fasterxml, Netapp and 2 more	22 Debian Linux, Jackson-databind, Oncommand Balance and 19 more	2023-11-07	7.5 HIGH	9.8 CRITICAL
A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.