Oracle Communications Brm - Elastic Charging Engine 12.0
Approved changes feed: RSS · Atom
cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:12.0:*:*:*:*:*:*:*
part: a version: 12.0 update: *
| Vendor | Oracle (3509f9eb-d8a0-57da-b153-b8021021b133) |
|---|---|
| Product | Communications Brm Elastic Charging Engine (ad5e1ed6-0886-5606-8de6-558e50d982ff) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2021-29505 |
vulnerable | 2026-06-03 14:44:20.225994 |
XStream is vulnerable to a Remote Command Execution attack
HIGH (7.5)
XStream is software for serializing Java objects to XML and back again. A vulnerability in XStream versions prior to 1.4.17 may allow a remote attacker has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types is affected. The vulnerability is patched in version 1.4.17.
Published: 2021-05-28T21:00:19.000Z
Updated: 2025-05-29T23:30:31.977Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-5397 |
vulnerable | 2026-06-03 14:42:56.342165 |
CSRF Attack via CORS Preflight Requests with Spring MVC or Spring WebFlux
MEDIUM (5.3)
Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring MVC (spring-webmvc module) or Spring WebFlux (spring-webflux module) endpoints. Only non-authenticated endpoints are vulnerable because preflight requests should not include credentials and therefore requests should fail authentication. However a notable exception to this are Chrome based browsers when using client certificates for authentication since Chrome sends TLS client certificates in CORS preflight requests in violation of spec requirements. No HTTP body can be sent or received as a result of this attack.
Published: 2020-01-17T18:50:12.742Z
Updated: 2024-09-17T01:45:35.621Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-15756 |
vulnerable | 2026-06-03 14:38:19.327760 |
DoS Attack via Range Requests
HIGH (7.5)
Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annotated controller returns an org.springframework.core.io.Resource. A malicious user (or attacker) can add a range header with a high number of ranges, or with wide ranges that overlap, or both, for a denial of service attack. This vulnerability affects applications that depend on either spring-webmvc or spring-webflux. Such applications must also have a registration for serving static resources (e.g. JS, CSS, images, and others), or have an annotated controller that returns an org.springframework.core.io.Resource. Spring Boot applications that depend on spring-boot-starter-web or spring-boot-starter-webflux are ready to serve static resources out of the box and are therefore vulnerable.
Published: 2018-10-18T22:00:00.000Z
Updated: 2024-09-16T16:59:11.041Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.