Oracle Communications Cloud Native Core Network Exposure Function 22.1.0

CPE Details

Oracle Communications Cloud Native Core Network Exposure Function 22.1.0
oracle
communications_cloud_native_core_network_exposure_function
22.1.0
2022-04-20
11h26 +00:00
2022-05-02
12h57 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.1.0:*:*:*:*:*:*:*

Informations

Vendor

oracle

Product

communications_cloud_native_core_network_exposure_function

Version

22.1.0

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2022-22965 2022-04-01 22h17 +00:00 A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.
9.8
Critique
CVE-2022-22963 2022-04-01 00h00 +00:00 In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources.
9.8
Critique
CVE-2022-22947 2022-03-03 00h00 +00:00 In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that could allow arbitrary remote execution on the remote host.
10
Critique
Les informations affichées sur CVE Find proviennent de plusieurs sources de référence rigoureusement sélectionnées. Les données CVE sont fournies par MITRE Corporation et la National Vulnerability Database (NVD). Le catalogue des vulnérabilités activement exploitées (KEV) provient de la Cybersecurity and Infrastructure Security Agency (CISA), tandis que les scores EPSS sont issus de FIRST.org. Enfin, les données relatives aux faiblesses logicielles (CWE) et aux schémas d'attaque courants (CAPEC) sont maintenues par MITRE Corporation, et les informations sur les configurations logicielles et matérielles (CPE) proviennent du NVD.