Primavera unifier

This hub aggregates every CVE we track for Primavera unifier, a product in the enterprise software space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Primavera unifier.

• CVE-2023-52428In Connect2id Nimbus JOSE+JWT before 9.37.2, an attacker can cause a denial of service (resource consumption) via a large JWE p2c header value (aka iteration count) for the PasswordBasedDecrypter (...7.5Feb 11, 2024
• CVE-2020-10650A deserialization flaw was discovered in jackson-databind through 2.9.10.4. It could allow an unauthenticated user to perform code execution via ignite-jta or quartz-core: org.apache.ignite.cache.j...8.1Dec 26, 2022
• CVE-2022-30126Apache Tika Regular Expression Denial of Service in Standards Extractor5.5May 16, 2022
• CVE-2022-25169Apache Tika BPGParser Memory Usage DoS5.5May 16, 2022
• CVE-2020-36518jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.7.5Mar 11, 2022
• CVE-2021-44832Apache Log4j2 vulnerable to RCE via JDBC Appender when attacker controls configuration6.6Dec 28, 2021
• CVE-2021-45105Apache Log4j2 does not always protect from infinite recursion in lookup evaluation5.9Dec 18, 2021
• CVE-2021-23450Prototype Pollution7.5Dec 17, 2021
• CVE-2021-41184XSS in the `of` option of the `.position()` util6.5Oct 26, 2021
• CVE-2021-41182XSS in the `altField` option of the Datepicker widget6.5Oct 26, 2021
• CVE-2021-42575The OWASP Java HTML Sanitizer before 20211018.1 does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements.9.8Oct 18, 2021
• CVE-2021-38153Timing Attack Vulnerability for Apache Kafka Connect and Clients5.9Sep 22, 2021
• CVE-2021-37714Crafted input may cause the jsoup HTML and XML parser to get stuck, timeout, or throw unchecked exceptions7.5Aug 18, 2021
• CVE-2021-2351Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Difficult to exploit vulnerability allows u...8.3Jul 20, 2021
• CVE-2021-36374Apache Ant ZIP, and ZIP based, archive denial of service vulerability5.5Jul 14, 2021