Home/Product/oracle communications brm elastic charging engine
Product

oracle communications brm elastic charging engine

14 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2021-43859
< 12.0.0.4.6
XStream is an open source java library to serialize objects to XML and back again. Versions prior to 1.4.19 may allow a remote att
7.5HIGH
 CVE-2021-44832
< 12.0.0.4.6
Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code
6.6MEDIUM
 CVE-2021-37137
< 12.0.0.4.6
The Snappy frame decoder function doesn't restrict the chunk length which may lead to excessive memory usage. Beside this it also
7.5HIGH
 CVE-2021-37136
< 12.0.0.4.6
The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which affects th
7.5HIGH
 CVE-2021-38153
< 12.0.0.4.6
Some components in Apache Kafka use Arrays.equals to validate a password or key, which is vulnerable to timing attacks that make
5.9MEDIUM
 CVE-2021-29505
all versions
XStream is software for serializing Java objects to XML and back again. A vulnerability in XStream versions prior to 1.4.17 may al
7.5HIGH
 CVE-2021-22118
all versions
In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a pr
7.8HIGH
 CVE-2021-21409
all versions
Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high perfor
5.9MEDIUM
 CVE-2021-21342
all versions
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability w
5.3MEDIUM
 CVE-2021-21290
all versions
Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high perfor
6.2MEDIUM
 CVE-2020-17521
all versions
Apache Groovy provides extension methods to aid with creating temporary directories. Prior to this fix, Groovy's implementation of
5.5MEDIUM
 CVE-2020-11612
all versions
The ZlibDecoders in Netty 4.1.x before 4.1.46 allow for unbounded memory allocation while decoding a ZlibEncoded byte stream. An a
7.5HIGH
 CVE-2020-5397
all versions
Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring
5.3MEDIUM
 CVE-2018-15756
all versions
Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on t
7.5HIGH
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin