Communications instant messaging server
This hub aggregates every CVE we track for Communications instant messaging server, a product in the communications space. Use it to gauge the current risk picture and drill into individual advisories.
64
CVEs tracked
14
Critical
41
High
3
In CISA KEV
Severity distribution
HIGH41CRITICAL14MEDIUM8LOW1
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2024-072026-06
Latest CVEs
The 15 most recently published vulnerabilities affecting Communications instant messaging server.
- CVE-2020-10650A deserialization flaw was discovered in jackson-databind through 2.9.10.4. It could allow an unauthenticated user to perform code execution via ignite-jta or quartz-core: org.apache.ignite.cache.j...8.1
- CVE-2022-23307A deserialization flaw in the Chainsaw component of Log4j 1 can lead to malicious code execution.8.8
- CVE-2022-23305SQL injection in JDBC Appender in Apache Log4j V19.8
- CVE-2022-23302Deserialization of untrusted data in JMSSink in Apache Log4j 1.x8.8
- CVE-2021-43797HTTP fails to validate against control chars in header names which may lead to HTTP request smuggling6.5
- CVE-2021-37136The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which affects the allocation size used during decompression). All users of Bzip2Dec...7.5
- CVE-2021-42340DoS via memory leak with WebSocket connections7.5
- CVE-2021-33037Incorrect Transfer-Encoding handling with HTTP/1.05.3
- CVE-2021-25122Apache Tomcat h2c request mix-up7.5
- CVE-2021-25329Incomplete fix for CVE-2020-94847.0
- CVE-2020-36179FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS.8.1
- CVE-2020-36180FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.8.1
- CVE-2020-36182FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.8.1
- CVE-2020-36183FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.8.1
- CVE-2020-36184FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.8.1
Product normalization is registry-driven with AI assist and human review. How it works