Oracle Communications Messaging Server vulnerabilities

CVE-2022-23305 [CRITICAL] CWE-89 CVE-2022-23305: By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter whe By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. The message converter, %m, is likely to always be included. This allows attackers to manipulate the SQL by entering crafted strings into input fields or headers of an application that ar

CVE-2022-23302 [HIGH] CVE-2022-23302: JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the att JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the configuration references an LDAP service the attacker has access to. The attacker can provide a TopicConnectionFactoryBindingName configuration causing JMSSink to perform JNDI requests that result in r

CVE-2022-23307 [HIGH] CVE-2022-23307: CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chain CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists.

CVE-2021-45105 [MEDIUM] CWE-20 CVE-2021-45105: Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from u Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1.

CVE-2021-4104 [HIGH] CWE-502 CVE-2021-4104: JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has wr JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-44228.

CVE-2021-40690 [HIGH] CWE-200 CVE-2021-40690: All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. This allows an attacker to abuse an XPath Transform to extract any local .xml files in a RetrievalMethod element.

CVE-2021-37714 [HIGH] CWE-248 CVE-2021-37714: jsoup is a Java library for working with HTML. Those using jsoup versions prior to 1.14.2 to parse u jsoup is a Java library for working with HTML. Those using jsoup versions prior to 1.14.2 to parse untrusted HTML or XML may be vulnerable to DOS attacks. If the parser is run on user supplied input, an attacker may supply content that causes the parser to get stuck (loop indefinitely until cancelled), to complete more slowly than usual, or to throw a

CVE-2021-35515 [HIGH] CWE-834 CVE-2021-35515: When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop. This could be used to mount a denial of service attack against services that use Compress' sevenz package.

CVE-2021-36090 [HIGH] CWE-130 CVE-2021-36090: When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memo When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' zip package.

CVE-2021-35517 [HIGH] CWE-130 CVE-2021-35517: When reading a specially crafted TAR archive, Compress can be made to allocate large amounts of memo When reading a specially crafted TAR archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' tar package.

CVE-2021-35516 [HIGH] CWE-130 CVE-2021-35516: When reading a specially crafted 7Z archive, Compress can be made to allocate large amounts of memor When reading a specially crafted 7Z archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' sevenz package.

CVE-2021-33813 [HIGH] CWE-611 CVE-2021-33813: An XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to cause a denial of service via a An XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to cause a denial of service via a crafted HTTP request.

CVE-2021-30468 [HIGH] CWE-400 CVE-2021-30468: A vulnerability in the JsonMapObjectReaderWriter of Apache CXF allows an attacker to submit malforme A vulnerability in the JsonMapObjectReaderWriter of Apache CXF allows an attacker to submit malformed JSON to a web service, which results in the thread getting stuck in an infinite loop, consuming CPU indefinitely. This issue affects Apache CXF versions prior to 3.4.4; Apache CXF versions prior to 3.3.11.

CVE-2021-31812 [MEDIUM] CWE-834 CVE-2021-31812: In Apache PDFBox, a carefully crafted PDF file can trigger an infinite loop while loading the file. In Apache PDFBox, a carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.

CVE-2021-31811 [MEDIUM] CWE-789 CVE-2021-31811: In Apache PDFBox, a carefully crafted PDF file can trigger an OutOfMemory-Exception while loading th In Apache PDFBox, a carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.

CVE-2021-28657 [MEDIUM] CWE-835 CVE-2021-28657: A carefully crafted or corrupt file may trigger an infinite loop in Tika's MP3Parser up to and inclu A carefully crafted or corrupt file may trigger an infinite loop in Tika's MP3Parser up to and including Tika 1.25. Apache Tika users should upgrade to 1.26 or later.

CVE-2021-21409 [MEDIUM] CWE-444 CVE-2021-21409: Netty is an open-source, asynchronous event-driven network application framework for rapid developme Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http2) before version 4.1.61.Final there is a vulnerability that enables request smuggling. The content-length header is not correctly validated if the requ

CVE-2021-27807 [MEDIUM] CWE-834 CVE-2021-27807: A carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects A carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions.

CVE-2021-27906 [MEDIUM] CWE-789 CVE-2021-27906: A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions.

CVE-2021-21290 [MEDIUM] CWE-378 CVE-2021-21290: Netty is an open-source, asynchronous event-driven network application framework for rapid developme Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty before version 4.1.59.Final there is a vulnerability on Unix-like systems involving an insecure temp file. When netty's multipart decoders are used local information disclosure c