Communications_brm_\-_elastic_charging_engine - Vulncode-DB

Note:

This project will be discontinued after December 13, 2021. [more]

Product:
Communications_brm_\-_elastic_charging_engine
(Oracle)

Repositories	Unknown: This might be proprietary software.
#Vulnerabilities	14

Date	Id	Summary	Products	Score	Patch	Annotated
2021-12-28	CVE-2021-44832	Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2.	Log4j, Cloudcenter, Debian_linux, Fedora, Communications_brm_\-_elastic_charging_engine, Communications_diameter_signaling_router, Communications_interactive_session_recorder, Communications_offline_mediation_controller, Flexcube_private_banking, Health_sciences_data_management_workbench, Policy_automation, Policy_automation_for_mobile_devices, Primavera_gateway, Primavera_p6_enterprise_project_portfolio_management, Primavera_unifier, Product_lifecycle_analytics, Retail_assortment_planning, Retail_fiscal_management, Retail_order_broker, Retail_xstore_point_of_service, Siebel_ui_framework, Weblogic_server	6.6
2022-02-01	CVE-2021-43859	XStream is an open source java library to serialize objects to XML and back again. Versions prior to 1.4.19 may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulating the processed input stream. XStream 1.4.19 monitors and accumulates the time it takes to add elements to collections and throws an exception if a set threshold is exceeded. Users are advised to...	Debian_linux, Fedora, Commerce_guided_search, Communications_brm_\-_elastic_charging_engine, Communications_cloud_native_core_automated_test_suite, Communications_diameter_intelligence_hub, Communications_policy_management, Flexcube_private_banking, Retail_xstore_point_of_service, Xstream	7.5
2021-05-27	CVE-2021-22118	In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by (re)creating the temporary storage directory, a locally authenticated malicious user can read or modify files that have been uploaded to the WebFlux application, or overwrite arbitrary files with multipart request data.	Hci, Management_services_for_element_software, Commerce_guided_search, Communications_brm_\-_elastic_charging_engine, Communications_cloud_native_core_binding_support_function, Communications_cloud_native_core_policy, Communications_cloud_native_core_security_edge_protection_proxy, Communications_cloud_native_core_service_communication_proxy, Communications_cloud_native_core_unified_data_repository, Communications_diameter_intelligence_hub, Communications_element_manager, Communications_interactive_session_recorder, Communications_network_integrity, Communications_session_report_manager, Communications_session_route_manager, Communications_unified_inventory_management, Documaker, Enterprise_data_quality, Financial_services_analytical_applications_infrastructure, Healthcare_data_repository, Insurance_policy_administration, Insurance_rules_palette, Mysql_enterprise_monitor, Retail_assortment_planning, Retail_customer_management_and_segmentation_foundation, Retail_financial_integration, Retail_integration_bus, Retail_merchandising_system, Retail_order_broker, Retail_predictive_application_server, Utilities_testing_accelerator, Spring_framework	7.8
2020-01-17	CVE-2020-5397	Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring MVC (spring-webmvc module) or Spring WebFlux (spring-webflux module) endpoints. Only non-authenticated endpoints are vulnerable because preflight requests should not include credentials and therefore requests should fail authentication. However a notable exception to this are Chrome based browsers when using client certificates for authentication since Chrome...	Application_testing_suite, Communications_brm_\-_elastic_charging_engine, Communications_diameter_signaling_router, Communications_element_manager, Communications_policy_management, Communications_session_route_manager, Enterprise_manager_base_platform, Financial_services_regulatory_reporting_with_agilereporter, Flexcube_private_banking, Healthcare_master_person_index, Insurance_calculation_engine, Insurance_policy_administration_j2ee, Insurance_rules_palette, Mysql_enterprise_monitor, Rapid_planning, Retail_assortment_planning, Retail_back_office, Retail_central_office, Retail_financial_integration, Retail_integration_bus, Retail_order_broker, Retail_point\-Of\-Service, Retail_predictive_application_server, Retail_returns_management, Retail_service_backbone, Weblogic_server, Spring_framework	5.3