Oracle Communications Performance Intelligence Center vulnerabilities
15 known vulnerabilities affecting oracle/communications_performance_intelligence_center.
Total CVEs
15
CISA KEV
1
actively exploited
Public exploits
2
Exploited in wild
1
Severity breakdown
CRITICAL3HIGH7MEDIUM5
Vulnerabilities
Page 1 of 1
CVE-2021-45105MEDIUMCVSS 5.9v10.4.0.32021-12-18
CVE-2021-45105 [MEDIUM] CWE-20 CVE-2021-45105: Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from u
Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1.
nvd
CVE-2021-3156HIGHCVSS 7.8KEVPoC≥ 10.3.0.0.0, ≤ 10.3.0.2.1≥ 10.4.0.1.0, ≤ 10.4.0.3.12021-01-26
CVE-2021-3156 [HIGH] CWE-193 CVE-2021-3156: Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, wh
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.
nvd
CVE-2020-12723HIGHCVSS 7.5≥ 10.3.0.0.0, ≤ 10.3.0.2.1≥ 10.4.0.1.0, ≤ 10.4.0.3.12020-06-05
CVE-2020-12723 [HIGH] CWE-120 CVE-2020-12723: regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of
regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls.
nvd
CVE-2020-10543HIGHCVSS 8.2≥ 10.3.0.0.0, ≤ 10.3.0.2.1≥ 10.4.0.1.0, ≤ 10.4.0.3.12020-06-05
CVE-2020-10543 [HIGH] CWE-190 CVE-2020-10543: Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular ex
Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow.
nvd
CVE-2020-10878HIGHCVSS 8.6≥ 10.3.0.0.0, ≤ 10.3.0.2.1≥ 10.4.0.1.0, ≤ 10.4.0.3.12020-06-05
CVE-2020-10878 [HIGH] CWE-190 CVE-2020-10878: Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING
Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection.
nvd
CVE-2020-10188CRITICALCVSS 9.8v10.4.0.22020-03-06
CVE-2020-10188 [CRITICAL] CWE-120 CVE-2020-10188: utility.c in telnetd in netkit telnet through 0.17 allows remote attackers to execute arbitrary code
utility.c in telnetd in netkit telnet through 0.17 allows remote attackers to execute arbitrary code via short writes or urgent data, because of a buffer overflow involving the netclear and nextitem functions.
nvd
CVE-2019-10086HIGHCVSS 7.3v10.4.0.32019-08-20
CVE-2019-10086 [HIGH] CWE-502 CVE-2019-10086: In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressi
In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean.
nvd
CVE-2019-1559MEDIUMCVSS 5.9v10.4.0.22019-02-27
CVE-2019-1559 [MEDIUM] CWE-203 CVE-2019-1559: If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to sen
If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behave
nvd
CVE-2018-11039MEDIUMCVSS 5.9fixed in 10.2.12018-06-25
CVE-2018-11039 [MEDIUM] CVE-2018-11039: Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupport
Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applications to change the HTTP request method to any HTTP method (including TRACE) using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-existing XSS vulnerability, a malicious user (or attacker) can use this filt
nvd
CVE-2018-1258HIGHCVSS 8.8fixed in 10.2.12018-05-11
CVE-2018-1258 [HIGH] CWE-863 CVE-2018-1258: Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contain
Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted.
nvd
CVE-2018-1257MEDIUMCVSS 6.5fixed in 10.2.12018-05-11
CVE-2018-1257 [MEDIUM] CVE-2018-1257: Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupport
Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a regular expression, denial of
nvd
CVE-2018-1275CRITICALCVSS 9.8fixed in 10.2.12018-04-11
CVE-2018-1275 [CRITICAL] CVE-2018-1275: Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.16 and older unsupported
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.16 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack.
nvd
CVE-2018-1270CRITICALCVSS 9.8fixed in 10.2.12018-04-06
CVE-2018-1270 [CRITICAL] CWE-94 CVE-2018-1270: Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution
nvd
CVE-2018-1272HIGHCVSS 7.5fixed in 10.2.12018-04-06
CVE-2018-1272 [HIGH] CVE-2018-1272: Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, provide client-side support for multipart requests. When Spring MVC or Spring WebFlux server application (server A) receives input from a remote client, and then uses that input to make a multipart request to another server (server B), it can be expose
nvd
CVE-2018-1271MEDIUMCVSS 5.9PoCfixed in 10.2.12018-04-06
CVE-2018-1271 [MEDIUM] CWE-22 CVE-2018-1271: Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources (e.g. CSS, JS, images). When static resources are served from a file system on Windows (as opposed to the classpath, or the ServletContext), a malicious user can send a reque
nvd