Oracle communications unified inventory management

This hub aggregates every CVE we track for Oracle communications unified inventory management, a product in the enterprise software space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Oracle communications unified inventory management.

• CVE-2021-21348XStream is vulnerable to an attack using Regular Expression for a Denial of Service (ReDos)5.3Mar 22, 2021
• CVE-2021-21349A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host6.1Mar 22, 2021
• CVE-2021-21350XStream is vulnerable to an Arbitrary Code Execution attack5.3Mar 22, 2021
• CVE-2021-21351XStream is vulnerable to an Arbitrary Code Execution attack5.4Mar 22, 2021
• CVE-2021-21342A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host5.3Mar 22, 2021
• CVE-2021-21344XStream is vulnerable to an Arbitrary Code Execution attack5.3Mar 22, 2021
• CVE-2021-21345XStream is vulnerable to a Remote Command Execution attack5.8Mar 22, 2021
• CVE-2021-21346XStream is vulnerable to an Arbitrary Code Execution attack6.1Mar 22, 2021
• CVE-2021-21347XStream is vulnerable to an Arbitrary Code Execution attack6.1Mar 22, 2021
• CVE-2020-25649A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from...7.5Dec 3, 2020
• CVE-2020-5421RFD Protection Bypass via jsessionid6.5Sep 19, 2020
• CVE-2020-10683dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing ...9.8May 1, 2020
• CVE-2020-9488Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log me...3.7Apr 27, 2020
• CVE-2019-17091faces/context/PartialViewContextImpl.java in Eclipse Mojarra, as used in Mojarra for Eclipse EE4J before 2.3.10 and Mojarra JavaServer Faces before 2.2.20, allows Reflected XSS because a client win...6.1Oct 2, 2019
• CVE-2019-10173It was found that xstream API version 1.4.10 before 1.4.11 introduced a regression for a previous deserialization flaw. If the security framework has not been initialized, it may allow a remote att...9.8Jul 23, 2019