Communications_offline_mediation_controller - Vulncode-DB

Note:

This project will be discontinued after December 13, 2021. [more]

Product:
Communications_offline_mediation_controller
(Oracle)

Repositories	Unknown: This might be proprietary software.
#Vulnerabilities	37

Date	Id	Summary	Products	Score	Patch	Annotated
2020-04-27	CVE-2020-9488	Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. Fixed in Apache Log4j 2.12.3 and 2.13.1	Log4j, Debian_linux, Communications_application_session_controller, Communications_billing_and_revenue_management, Communications_eagle_ftp_table_base_retrieval, Communications_offline_mediation_controller, Communications_services_gatekeeper, Communications_unified_inventory_management, Data_integrator, Enterprise_manager_for_peoplesoft, Financial_services_analytical_applications_infrastructure, Financial_services_institutional_performance_analytics, Financial_services_market_risk_measurement_and_management, Financial_services_price_creation_and_discovery, Financial_services_retail_customer_analytics, Flexcube_core_banking, Flexcube_private_banking, Health_sciences_information_manager, Insurance_insbridge_rating_and_underwriting, Insurance_policy_administration_j2ee, Insurance_rules_palette, Jd_edwards_world_security, Oracle_goldengate_application_adapters, Peoplesoft_enterprise_peopletools, Policy_automation, Policy_automation_connector_for_siebel, Policy_automation_for_mobile_devices, Primavera_unifier, Retail_advanced_inventory_planning, Retail_assortment_planning, Retail_bulk_data_integration, Retail_customer_management_and_segmentation_foundation, Retail_eftlink, Retail_insights_cloud_service_suite, Retail_integration_bus, Retail_order_broker_cloud_service, Retail_predictive_application_server, Retail_xstore_point_of_service, Siebel_apps_\-_marketing, Siebel_ui_framework, Spatial_and_graph, Storagetek_acsls, Storagetek_tape_analytics_sw_tool, Utilities_framework, Weblogic_server, Reload4j	3.7
2020-06-05	CVE-2020-12723	regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls.	Fedora, Oncommand_workflow_automation, Snap_creator_framework, Leap, Communications_billing_and_revenue_management, Communications_diameter_signaling_router, Communications_eagle_application_processor, Communications_eagle_lnp_application_processor, Communications_lsms, Communications_offline_mediation_controller, Communications_performance_intelligence_center, Configuration_manager, Enterprise_manager_base_platform, Sd\-Wan_edge, Tekelec_platform_distribution, Perl	7.5
2020-08-25	CVE-2020-24616	FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).	Debian_linux, Jackson\-Databind, Active_iq_unified_manager, Agile_plm, Application_testing_suite, Autovue_for_agile_product_lifecycle_management, Banking_liquidity_management, Banking_supply_chain_finance, Blockchain_platform, Communications_calendar_server, Communications_cloud_native_core_unified_data_repository, Communications_contacts_server, Communications_diameter_signaling_router, Communications_element_manager, Communications_evolved_communications_application_server, Communications_instant_messaging_server, Communications_messaging_server, Communications_offline_mediation_controller, Communications_policy_management, Communications_pricing_design_center, Communications_services_gatekeeper, Communications_session_report_manager, Communications_unified_inventory_management, Identity_manager_connector, Siebel_ui_framework	8.1
2020-09-17	CVE-2020-24750	FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.	Debian_linux, Jackson\-Databind, Agile_plm, Application_testing_suite, Autovue_for_agile_product_lifecycle_management, Banking_corporate_lending_process_management, Banking_credit_facilities_process_management, Banking_liquidity_management, Banking_supply_chain_finance, Blockchain_platform, Communications_calendar_server, Communications_contacts_server, Communications_diameter_signaling_router, Communications_element_manager, Communications_instant_messaging_server, Communications_messaging_server, Communications_offline_mediation_controller, Communications_policy_management, Communications_pricing_design_center, Communications_services_gatekeeper, Communications_session_report_manager, Communications_session_route_manager, Communications_unified_inventory_management, Identity_manager_connector, Siebel_core_\-_server_framework, Siebel_ui_framework	8.1
2020-10-20	CVE-2020-25648	A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3. This flaw allows a remote attacker to send multiple CCS messages, causing a denial of service for servers compiled with the NSS library. The highest threat from this vulnerability is to system availability. This flaw affects NSS versions before 3.58.	Fedora, Network_security_services, Communications_offline_mediation_controller, Communications_pricing_design_center, Jd_edwards_enterpriseone_tools, Enterprise_linux	7.5
2020-10-23	CVE-2020-27216	In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, on Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the...	Beam, Debian_linux, Jetty, Snap_creator_framework, Snapcenter, Storage_replication_adapter, Vasa_provider, Virtual_storage_console, Communications_application_session_controller, Communications_converged_application_server_\-_service_controller, Communications_element_manager, Communications_offline_mediation_controller, Communications_pricing_design_center, Communications_services_gatekeeper, Flexcube_core_banking, Flexcube_private_banking, Jd_edwards_enterpriseone_tools, Siebel_core_\-_automation	7.0
2020-11-06	CVE-2020-28196	MIT Kerberos 5 (aka krb5) before 1.17.2 and 1.18.x before 1.18.3 allows unbounded recursion via an ASN.1-encoded Kerberos message because the lib/krb5/asn.1/asn1_encode.c support for BER indefinite lengths lacks a recursion limit.	Fedora, Kerberos_5, Active_iq_unified_manager, Cloud_backup, Oncommand_insight, Oncommand_workflow_automation, Snapcenter, Communications_cloud_native_core_policy, Communications_offline_mediation_controller, Communications_pricing_design_center, Mysql_server	7.5
2020-11-28	CVE-2020-27218	In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 to 10.0.0.beta2, and 11.0.0.alpha0 to 11.0.0.beta2, if GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection, and if an attacker can send a request with a body that is received entirely but not consumed by the application, then a subsequent request on the same connection will see that body prepended to its body. The attacker will not see any data but may inject...	Kafka, Spark, Debian_linux, Jetty, Oncommand_system_manager, Snap_creator_framework, Blockchain_platform, Communications_converged_application_server_\-_service_controller, Communications_offline_mediation_controller, Communications_pricing_design_center, Communications_services_gatekeeper, Communications_session_route_manager, Flexcube_private_banking, Hyperion_infrastructure_technology, Rest_data_services, Retail_eftlink, Siebel_core_\-_automation	4.8
2020-12-03	CVE-2020-25649	A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.	Iotdb, Jackson\-Databind, Fedora, Oncommand_api_services, Oncommand_workflow_automation, Service_level_manager, Agile_plm, Agile_product_lifecycle_management_integration_pack, Banking_apis, Banking_platform, Banking_treasury_management, Blockchain_platform, Coherence, Commerce_platform, Communications_billing_and_revenue_management, Communications_cloud_native_core_unified_data_repository, Communications_convergent_charging_controller, Communications_evolved_communications_application_server, Communications_instant_messaging_server, Communications_interactive_session_recorder, Communications_messaging_server, Communications_network_charging_and_control, Communications_offline_mediation_controller, Communications_pricing_design_center, Communications_services_gatekeeper, Communications_unified_inventory_management, Goldengate_application_adapters, Health_sciences_empirica_signal, Insurance_policy_administration, Insurance_rules_palette, Jd_edwards_enterpriseone_orchestrator, Jd_edwards_enterpriseone_tools, Primavera_gateway, Retail_service_backbone, Retail_xstore_point_of_service, Sd\-Wan_edge, Utilities_framework, Webcenter_portal, Quarkus	7.5
2020-12-03	CVE-2020-27783	A XSS vulnerability was discovered in python-lxml's clean module. The module's parser didn't properly imitate browsers, which caused different behaviors between the sanitizer and the user's page. A remote attacker could exploit this flaw to run arbitrary HTML/JS code.	Debian_linux, Fedora, Lxml, Snapcenter, Communications_offline_mediation_controller, Zfs_storage_appliance_kit, Enterprise_linux, Software_collections	6.1