Known Vulnerabilities for Communications Instant Messaging Server by Oracle
Listed below are 10 of the newest known vulnerabilities associated with "Communications Instant Messaging Server" by "Oracle".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2022-23307 | CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a c... | 8.8 - HIGH | 2022-01-18 | 2023-02-24 |
| CVE-2022-23305 | By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inser... | 9.8 - CRITICAL | 2022-01-18 | 2023-02-24 |
| CVE-2022-23302 | JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to... | 8.8 - HIGH | 2022-01-18 | 2023-02-24 |
| CVE-2021-43797 | Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance pr... | 6.5 - MEDIUM | 2021-12-09 | 2023-02-24 |
| CVE-2021-37136 | The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which affec... | 7.5 - HIGH | 2021-10-19 | 2023-11-07 |
| CVE-2021-33037 | Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding ... | 5.3 - MEDIUM | 2021-07-12 | 2023-11-07 |
| CVE-2021-25329 | The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61 o... | 7 - HIGH | 2021-03-01 | 2023-11-07 |
| CVE-2021-25122 | When responding to new h2c connection requests, Apache Tomcat versions 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41 and 8.5.0 to 8... | 7.5 - HIGH | 2021-03-01 | 2023-11-07 |
| CVE-2020-1938 | When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat tr... | 9.8 - CRITICAL | 2020-02-24 | 2023-11-07 |
| CVE-2020-1935 | In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end... | 4.8 - MEDIUM | 2020-02-24 | 2023-11-07 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Oracle | Communications Instant Messaging Server | 9.0.2 | All | All | All |
| Application | Oracle | Communications Instant Messaging Server | 9.0.1 | All | All | All |
| Application | Oracle | Communications Instant Messaging Server | 8.0 | All | All | All |
| Application | Oracle | Communications Instant Messaging Server | 10.0.1.4.0 | All | All | All |
| Application | Oracle | Communications Instant Messaging Server | 10.0.1.2.0 | All | All | All |
| Application | Oracle | Communications Instant Messaging Server | 10.0.1 | All | All | All |
| Application | Oracle | Communications Instant Messaging Server | 10.0 | All | All | All |