Oracle Communications Services Gatekeeper vulnerabilities
45 known vulnerabilities affecting oracle/communications_services_gatekeeper.
Total CVEs
45
CISA KEV
1
actively exploited
Public exploits
5
Exploited in wild
3
Severity breakdown
CRITICAL3HIGH25MEDIUM14LOW3
Vulnerabilities
Page 3 of 3
CVE-2018-1275CRITICALCVSS 9.8fixed in 6.1.0.4.02018-04-11
CVE-2018-1275 [CRITICAL] CVE-2018-1275: Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.16 and older unsupported
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.16 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack.
nvd
CVE-2018-1270CRITICALCVSS 9.8fixed in 6.1.0.4.02018-04-06
CVE-2018-1270 [CRITICAL] CWE-94 CVE-2018-1270: Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution
nvd
CVE-2018-1272HIGHCVSS 7.5fixed in 6.1.0.4.02018-04-06
CVE-2018-1272 [HIGH] CVE-2018-1272: Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, provide client-side support for multipart requests. When Spring MVC or Spring WebFlux server application (server A) receives input from a remote client, and then uses that input to make a multipart request to another server (server B), it can be expose
nvd
CVE-2018-1271MEDIUMCVSS 5.9PoCfixed in 6.1.0.4.02018-04-06
CVE-2018-1271 [MEDIUM] CWE-22 CVE-2018-1271: Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources (e.g. CSS, JS, images). When static resources are served from a file system on Windows (as opposed to the classpath, or the ServletContext), a malicious user can send a reque
nvd
CVE-2015-9251MEDIUMCVSS 6.1fixed in 6.1.0.4.02018-01-18
CVE-2015-9251 [MEDIUM] CWE-79 CVE-2015-9251: jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax req
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
nvd
← Previous3 / 3