Oracle Communications Metasolv Solution
By the Year
In 2024 there have been 0 vulnerabilities in Oracle Communications Metasolv Solution . Communications Metasolv Solution did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 2 | 8.65 |
| 2021 | 3 | 7.10 |
| 2020 | 2 | 6.90 |
| 2019 | 2 | 6.70 |
| 2018 | 1 | 9.80 |
It may take a day or so for new Communications Metasolv Solution vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Oracle Communications Metasolv Solution Security Vulnerabilities
Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function.
CVE-2022-23990
7.5 - High
- January 26, 2022
Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function.
Integer Overflow or Wraparound
Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer
CVE-2022-23852
9.8 - Critical
- January 24, 2022
Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES.
Integer Overflow or Wraparound
Vulnerability in the Advanced Networking Option component of Oracle Database Server
CVE-2021-2351
8.3 - High
- July 21, 2021
Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Advanced Networking Option. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Advanced Networking Option, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Advanced Networking Option. Note: The July 2021 Critical Patch Update introduces a number of Native Network Encryption changes to deal with vulnerability CVE-2021-2351 and prevent the use of weaker ciphers. Customers should review: "Changes in Native Network Encryption with the July 2021 Critical Patch Update" (Doc ID 2791571.1). CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).
Use of a Broken or Risky Cryptographic Algorithm
In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//
CVE-2021-29425
4.8 - Medium
- April 13, 2021
In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus "limited" path traversal), if the calling code would use the result to construct a path value.
Directory traversal
Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel
CVE-2020-11987
8.2 - High
- February 24, 2021
Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.
Improper Input Validation
Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the "xlink:href" attributes
CVE-2019-17566
7.5 - High
- November 12, 2020
Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the "xlink:href" attributes. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.
XSPA
Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information
CVE-2020-1945
6.3 - Medium
- May 14, 2020
Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build tree allowing an attacker to inject modified source files into the build process.
Exposure of Resource to Wrong Sphere
A vulnerability was found in Hibernate-Validator
CVE-2019-10219
6.1 - Medium
- November 08, 2019
A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.
XSS
In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which
CVE-2019-10086
7.3 - High
- August 20, 2019
In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean.
Marshaling, Unmarshaling
In Apache Batik 1.x before 1.10, when deserializing subclass of `AbstractDocument`, the class takes a string
CVE-2018-8013
9.8 - Critical
- May 24, 2018
In Apache Batik 1.x before 1.10, when deserializing subclass of `AbstractDocument`, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class. Fix was to check the class type before calling newInstance in deserialization.
Marshaling, Unmarshaling
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Debian Linux or by Oracle? Click the Watch button to subscribe.
