Communications element manager

This hub aggregates every CVE we track for Communications element manager, a product in the communications space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Communications element manager.

• CVE-2022-23437Infinite loop within Apache XercesJ xml parser6.5Jan 24, 2022
• CVE-2021-44224Possible NULL dereference or SSRF in forward proxy configurations in Apache HTTP Server 2.4.51 and earlier8.2Dec 20, 2021
• CVE-2021-44790Possible buffer overflow when parsing multipart content in mod_lua of Apache HTTP Server 2.4.51 and earlier9.8Dec 20, 2021
• CVE-2021-45105Apache Log4j2 does not always protect from infinite recursion in lookup evaluation5.9Dec 18, 2021
• CVE-2021-36090Apache Commons Compress 1.0 to 1.20 denial of service vulnerability7.5Jul 13, 2021
• CVE-2021-34428For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, if an exception is thrown from the SessionListener#sessionDestroyed() method, then the session ID is not invalidated in the session ID ma...2.9Jun 22, 2021
• CVE-2021-30468Apache CXF Denial of service vulnerability in parsing JSON via JsonMapObjectReaderWriter7.5Jun 16, 2021
• CVE-2021-22118In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by (re)creating the temporary storage directory...7.8May 27, 2021
• CVE-2021-22696OAuth 2 authorization service vulnerable to DDos attacks7.5Apr 2, 2021
• CVE-2021-28165In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame.7.5Apr 1, 2021
• CVE-2021-28163In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0.beta2 to 11.0.1, if a user uses a webapps directory that is a symlink, the contents of the webapps directory is deployed as a s...2.7Apr 1, 2021
• CVE-2021-22112Spring Security 5.4.x prior to 5.4.4, 5.3.x prior to 5.3.8.RELEASE, 5.2.x prior to 5.2.9.RELEASE, and older unsupported versions can fail to save the SecurityContext if it is changed more than once...8.8Feb 23, 2021
• CVE-2021-26117ActiveMQ: LDAP-Authentication does not verify passwords on servers with anonymous bind7.5Jan 27, 2021
• CVE-2020-36179FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS.8.1Jan 6, 2021
• CVE-2020-36180FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.8.1Jan 6, 2021