Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

oracle enterprise communications broker 3.2.0 vulnerabilities and exploits

(subscribe to this query)
6.6
CVSSv3
CVE-2021-44832
Apache Log4j2 versions 2.0-beta7 up to and including 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the tar...
Apache Log4j 2.0Apache Log4jOracle Weblogic Server 12.2.1.3.0Oracle Primavera Unifier 18.8Oracle Weblogic Server 12.2.1.4.0Oracle Primavera Unifier 19.12Oracle Weblogic Server 14.1.1.0.0Oracle Primavera Unifier 20.12Oracle Communications Interactive Session Recorder 6.3Oracle Communications Interactive Session Recorder 6.4Oracle Primavera GatewayOracle Retail Assortment Planning 16.0.3Oracle Primavera Unifier 21.12Oracle Primavera P6 Enterprise Project Portfolio Management 21.12.0.0Oracle Primavera P6 Enterprise Project Portfolio ManagementOracle Primavera Gateway 21.12.0Oracle Retail Fiscal Management 14.2Oracle Siebel Ui Framework 21.12Oracle Communications Diameter Signaling RouterCisco Cloudcenter 4.10.0.16Fedoraproject Fedora 34Fedoraproject Fedora 35
5.9
CVSSv3
CVE-2021-45105
Apache Log4j2 versions 2.0-alpha1 up to and including 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted strin...
Apache Log4jNetapp Cloud Manager -Debian Debian Linux 10.0Debian Debian Linux 11.0Sonicwall Network Security ManagerSonicwall Email SecuritySonicwall Web Application FirewallSonicwall 6bk1602-0aa12-0tp0 FirmwareSonicwall 6bk1602-0aa22-0tp0 FirmwareSonicwall 6bk1602-0aa32-0tp0 FirmwareSonicwall 6bk1602-0aa42-0tp0 FirmwareSonicwall 6bk1602-0aa52-0tp0 FirmwareOracle E-business Suite 12.2Oracle Retail Back Office 14.1Oracle Weblogic Server 12.2.1.3.0Oracle Webcenter Portal 12.2.1.3.0Oracle Webcenter Sites 12.2.1.3.0Oracle Managed File Transfer 12.2.1.3.0Oracle Retail Order Broker 16.0Oracle Retail Integration Bus 14.1.3Oracle Retail Returns Management 14.1Oracle Retail Central Office 14.1
9.8
CVSSv3
CVE-2021-3711
In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen" paramete...
Openssl OpensslDebian Debian Linux 10.0Debian Debian Linux 11.0Netapp Santricity Smi-s Provider -Netapp Snapcenter -Netapp Oncommand Workflow Automation -Netapp Oncommand Insight -Netapp Clustered Data Ontap -Netapp Clustered Data Ontap Antivirus Connector -Netapp Solidfire -Netapp Hci Management Node -Netapp Active Iq Unified Manager -Netapp Manageability Software Development Kit -Netapp Storage Encryption -Netapp E-series Santricity Os ControllerOracle Peoplesoft Enterprise Peopletools 8.57Oracle Jd Edwards World Security A9.4Oracle Peoplesoft Enterprise Peopletools 8.58Oracle Enterprise Session Border Controller 8.4Oracle Enterprise Communications Broker 3.2.0Oracle Zfs Storage Appliance Kit 8.8Oracle Peoplesoft Enterprise Peopletools 8.59
7.4
CVSSv3
CVE-2021-3712
ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated...
Openssl OpensslDebian Debian Linux 9.0Debian Debian Linux 10.0Debian Debian Linux 11.0Netapp Santricity Smi-s Provider -Netapp Clustered Data Ontap -Netapp Clustered Data Ontap Antivirus Connector -Netapp Solidfire -Netapp Hci Management Node -Netapp Manageability Software Development Kit -Netapp Storage Encryption -Netapp E-series Santricity Os ControllerMcafee Epolicy Orchestrator 5.10.0Mcafee Epolicy OrchestratorTenable Tenable.scTenable Nessus Network MonitorOracle Peoplesoft Enterprise Peopletools 8.57Oracle Peoplesoft Enterprise Peopletools 8.58Oracle Zfs Storage Appliance Kit 8.8Oracle Peoplesoft Enterprise Peopletools 8.59Oracle Mysql ServerOracle Mysql Workbench
7.2
CVSSv3
CVE-2021-23337
Lodash versions before 4.17.21 are vulnerable to Command Injection via the template function.
Lodash LodashOracle Primavera Unifier 18.8Oracle Primavera UnifierOracle Peoplesoft Enterprise Peopletools 8.58Oracle Primavera Unifier 19.12Oracle Retail Customer Management And Segmentation Foundation 19.0Oracle Communications Services Gatekeeper 7.0Oracle Enterprise Communications Broker 3.2.0Oracle Primavera Unifier 20.12Oracle Banking Extensibility Workbench 14.3.0Oracle Banking Trade Finance Process Management 14.3.0Oracle Banking Credit Facilities Process Management 14.3.0Oracle Banking Corporate Lending Process Management 14.3.0Oracle Peoplesoft Enterprise Peopletools 8.59Oracle Primavera GatewayOracle Communications Session Border Controller 8.4Oracle Communications Session Border Controller 9.0Oracle Banking Supply Chain Finance 14.2.0Oracle Banking Trade Finance Process Management 14.5.0Oracle Banking Credit Facilities Process Management 14.2.0Oracle Banking Credit Facilities Process Management 14.5.0Oracle Banking Corporate Lending Process Management 14.2.0
5.3
CVSSv3
CVE-2020-28500
Lodash versions before 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions.
Lodash LodashOracle Primavera Unifier 18.8Oracle Primavera UnifierOracle Peoplesoft Enterprise Peopletools 8.58Oracle Primavera Unifier 19.12Oracle Retail Customer Management And Segmentation Foundation 19.0Oracle Communications Services Gatekeeper 7.0Oracle Enterprise Communications Broker 3.2.0Oracle Primavera Unifier 20.12Oracle Banking Extensibility Workbench 14.3.0Oracle Banking Trade Finance Process Management 14.3.0Oracle Banking Credit Facilities Process Management 14.3.0Oracle Banking Corporate Lending Process Management 14.3.0Oracle Peoplesoft Enterprise Peopletools 8.59Oracle Primavera GatewayOracle Communications Session Border Controller 8.4Oracle Communications Session Border Controller 9.0Oracle Banking Supply Chain Finance 14.2.0Oracle Banking Trade Finance Process Management 14.5.0Oracle Banking Credit Facilities Process Management 14.2.0Oracle Banking Credit Facilities Process Management 14.5.0Oracle Banking Corporate Lending Process Management 14.2.0
6.5
CVSSv3
CVE-2020-5421
In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter.
Vmware Spring FrameworkOracle Flexcube Private Banking 12.1.0Oracle Flexcube Private Banking 12.0.0Oracle Weblogic Server 12.1.3.0.0Oracle Insurance Rules Palette 10.2.0Oracle Weblogic Server 10.3.6.0.0Oracle Weblogic Server 12.2.1.3.0Oracle Endeca Information Discovery Integrator 3.2.0Oracle Retail Predictive Application Server 14.1Oracle Retail Order Broker 15.0Oracle Retail Order Broker 16.0Oracle Retail Integration Bus 14.1.3Oracle Retail Returns Management 14.1Oracle Insurance Policy Administration 10.2Oracle Enterprise Data Quality 12.2.1.3.0Oracle Communications Unified Inventory Management 7.3.4Oracle Communications Unified Inventory Management 7.3.5Oracle Retail Invoice Matching 14.0Oracle Retail Invoice Matching 14.1Oracle Fusion Middleware 12.2.1.3.0Oracle Weblogic Server 12.2.1.4.0Oracle Fusion Middleware 12.2.1.4.0
5.8
CVSSv3
CVE-2020-14722
Vulnerability in the Oracle Enterprise Communications Broker product of Oracle Communications Applications (component: WebGUI). Supported versions that are affected are 3.0.0-3.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to...
Oracle Enterprise Communications Broker
6.3
CVSSv3
CVE-2020-14721
Vulnerability in the Oracle Enterprise Communications Broker product of Oracle Communications Applications (component: WebGUI). Supported versions that are affected are 3.0.0-3.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to co...
Oracle Enterprise Communications Broker
6.1
CVSSv3
CVE-2020-14563
Vulnerability in the Oracle Enterprise Communications Broker product of Oracle Communications Applications (component: WebGUI). Supported versions that are affected are 3.0.0-3.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to c...
Oracle Enterprise Communications Broker
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionCVE-2006-4304CVE-2023-26603CVE-2024-28327CVE-2023-50363CVE-2024-21905template injectionCVE-2024-3400cross-site request forgery
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook