Communications session route manager
This hub aggregates every CVE we track for Communications session route manager, a product in the communications space. Use it to gauge the current risk picture and drill into individual advisories.
74
CVEs tracked
6
Critical
48
High
2
In CISA KEV
Severity distribution
HIGH48MEDIUM18CRITICAL6LOW2
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2024-072026-06
Latest CVEs
The 15 most recently published vulnerabilities affecting Communications session route manager.
- CVE-2022-23437Infinite loop within Apache XercesJ xml parser6.5
- CVE-2021-44224Possible NULL dereference or SSRF in forward proxy configurations in Apache HTTP Server 2.4.51 and earlier8.2
- CVE-2021-44790Possible buffer overflow when parsing multipart content in mod_lua of Apache HTTP Server 2.4.51 and earlier9.8
- CVE-2021-45105Apache Log4j2 does not always protect from infinite recursion in lookup evaluation5.9
- CVE-2021-2351Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Difficult to exploit vulnerability allows u...8.3
- CVE-2021-36090Apache Commons Compress 1.0 to 1.20 denial of service vulnerability7.5
- CVE-2021-35517Apache Commons Compress 1.1 to 1.20 denial of service vulnerability7.5
- CVE-2021-35516Apache Commons Compress 1.6 to 1.20 denial of service vulnerability7.5
- CVE-2021-35515Apache Commons Compress 1.6 to 1.20 denial of service vulnerability7.5
- CVE-2021-33037Incorrect Transfer-Encoding handling with HTTP/1.05.3
- CVE-2021-34428For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, if an exception is thrown from the SessionListener#sessionDestroyed() method, then the session ID is not invalidated in the session ID ma...2.9
- CVE-2021-22118In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by (re)creating the temporary storage directory...7.8
- CVE-2021-22696OAuth 2 authorization service vulnerable to DDos attacks7.5
- CVE-2021-28165In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame.7.5
- CVE-2021-28164In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF dir...5.3
Product normalization is registry-driven with AI assist and human review. How it works