Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
oracle communications session report manager vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2020-13947
An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console on the message.jsp page of Apache ActiveMQ versions 5.15.12 up to and including 5.16.0.
Apache Activemq
Oracle Communications Session Report Manager
Oracle Communications Session Route Manager
6.1
CVSSv3
CVE-2020-1941
In Apache ActiveMQ 5.0.0 to 5.15.11, the webconsole admin GUI is open to XSS, in the view that lists the contents of a queue.
Apache Activemq
Oracle Communications Diameter Signaling Router
Oracle Communications Element Manager 8.1.1
Oracle Communications Element Manager 8.2.0
Oracle Communications Element Manager 8.2.1
Oracle Communications Session Report Manager 8.1.1
Oracle Communications Session Report Manager 8.2.0
Oracle Communications Session Report Manager 8.2.1
Oracle Communications Session Route Manager 8.1.1
Oracle Communications Session Route Manager 8.2.0
Oracle Communications Session Route Manager 8.2.1
Oracle Enterprise Repository 11.1.1.7.0
6.1
CVSSv3
CVE-2019-17573
By default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses. This webpage is vulnerable to a reflected Cross-Site Scripting (XSS) attack, which allows a malicious actor to inject javascript into the web page. Please note that...
Apache Cxf
Oracle Commerce Guided Search 11.3.2
Oracle Communications Element Manager 8.1.1
Oracle Communications Element Manager 8.2.0
Oracle Communications Element Manager 8.2.1
Oracle Communications Session Report Manager 8.1.1
Oracle Communications Session Report Manager 8.2.0
Oracle Communications Session Report Manager 8.2.1
Oracle Communications Session Route Manager 8.1.1
Oracle Communications Session Route Manager 8.2.0
Oracle Communications Session Route Manager 8.2.1
Oracle Flexcube Private Banking 12.0.0
5.3
CVSSv3
CVE-2020-1934
In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp may use uninitialized memory when proxying to a malicious FTP server.
Apache Http Server
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 20.04
Opensuse Leap 15.1
Oracle Communications Element Manager 8.1.1
Oracle Communications Element Manager 8.2.0
Oracle Communications Element Manager 8.2.1
2 Github repositories
7.2
CVSSv3
CVE-2019-10097
In Apache HTTP Server 2.4.32-2.4.39, when mod_remoteip was configured to use a trusted intermediary proxy server using the "PROXY" protocol, a specially crafted PROXY header could trigger a stack buffer overflow or NULL pointer deference. This vulnerability could only b...
Apache Http Server 2.4.33
Apache Http Server 2.4.34
Apache Http Server 2.4.35
Apache Http Server 2.4.37
Apache Http Server 2.4.38
Oracle Communications Element Manager 8.0.0
Oracle Communications Element Manager 8.1.0
Oracle Communications Element Manager 8.1.1
Oracle Communications Element Manager 8.2.0
Oracle Communications Session Report Manager 8.1.1
Oracle Communications Session Report Manager 8.2.0
Oracle Communications Session Report Manager 8.2.1
4.2
CVSSv3
CVE-2019-0197
A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead to a misconfiguration ...
Apache Http Server
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.04
Fedoraproject Fedora 30
Opensuse Leap 15.0
Opensuse Leap 42.3
Redhat Jboss Core Services 1.0
Oracle Communications Session Report Manager 8.0.0
Oracle Communications Session Report Manager 8.1.0
Oracle Communications Session Report Manager 8.1.1
Oracle Communications Session Report Manager 8.2.0
6.1
CVSSv3
CVE-2020-1927
In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL.
Apache Http Server
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 20.04
Opensuse Leap 15.1
Netapp Oncommand Unified Manager Core Package -
Broadcom Brocade Fabric Operating System -
Oracle Communications Element Manager 8.1.1
1 Github repository
7.5
CVSSv3
CVE-2019-12423
Apache CXF ships with a OpenId Connect JWK Keys service, which allows a client to obtain the public keys in JWK format, which can then be used to verify the signature of tokens issued by the service. Typically, the service obtains the public key from a local keystore (JKS/PKCS12)...
Apache Cxf
Oracle Commerce Guided Search 11.3.2
Oracle Communications Diameter Signaling Router
Oracle Communications Element Manager
Oracle Communications Session Report Manager
Oracle Communications Session Route Manager 8.1.1
Oracle Communications Session Route Manager 8.2.0
Oracle Communications Session Route Manager 8.2.1
Oracle Flexcube Private Banking 12.0.0
Oracle Flexcube Private Banking 12.1.0
Oracle Retail Order Broker 15.0
9.8
CVSSv3
CVE-2020-11998
A regression has been introduced in the commit preventing JMX re-bind. By passing an empty environment map to RMIConnectorServer, instead of the map that contains the authentication credentials, it leaves ActiveMQ open to the following attack: https://docs.oracle.com/javase/8/doc...
Apache Activemq 5.15.12
Oracle Communications Diameter Signaling Router
Oracle Communications Element Manager
Oracle Communications Session Report Manager
Oracle Communications Session Route Manager
Oracle Enterprise Repository 11.1.1.7.0
Oracle Flexcube Private Banking 12.0.0
Oracle Flexcube Private Banking 12.1.0
7.5
CVSSv3
CVE-2021-22696
CXF supports (via JwtRequestCodeFilter) passing OAuth 2 parameters via a JWT token as opposed to query parameters (see: The OAuth 2.0 Authorization Framework: JWT Secured Authorization Request (JAR)). Instead of sending a JWT token as a "request" parameter, the spec als...
Apache Cxf
Oracle Business Intelligence 5.5.0.0.0
Oracle Business Intelligence 5.9.0.0.0
Oracle Business Intelligence 12.2.1.3.0
Oracle Business Intelligence 12.2.1.4.0
Oracle Communications Diameter Intelligence Hub
Oracle Communications Element Manager 8.2.2
Oracle Communications Session Report Manager
Oracle Communications Session Route Manager
Preferred Score:
CVSSv3
CVSSv2
CVSSv3
CVSSv4
EPSS
VMScore
Recommendations:
remote attackers
buffer overflow
CVE-2024-50603
CVE-2025-0282
CVE-2025-21382
CVE-2025-23041
XXE
CVE-2025-21374
CVE-2025-22996
Home
/
Search Results
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »