Oracle Communications Order And Service Management — known CVE vulnerabilities
Every CVE whose affected-product data names Oracle Communications Order And Service Management, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (13)
CVE-2019-0227 — CVSS 7.5 (high): A Server Side Request Forgery (SSRF) vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Security and…
CVE-2018-2756 — CVSS 6.3 (medium): Vulnerability in the Oracle Communications Order and Service Management component of Oracle Communications Applications (subcomponent…
CVE-2025-21542 — CVSS 6.3 (medium): Vulnerability in the Oracle Communications Order and Service Management product of Oracle Communications Applications (component…
CVE-2020-1945 — CVSS 6.3 (medium): Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir…
CVE-2018-8032 — CVSS 6.1 (medium): Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the default servlet/services.
CVE-2018-2567 — CVSS 6.1 (medium): Vulnerability in the Oracle Communications Order and Service Management component of Oracle Communications Applications (subcomponent…
CVE-2025-30729 — CVSS 5.5 (medium): Vulnerability in the Oracle Communications Order and Service Management product of Oracle Communications Applications (component…
CVE-2021-36373 — CVSS 5.5 (medium): When reading a specially crafted TAR archive an Apache Ant build can be made to allocate large amounts of memory that finally leads to an…
CVE-2021-36374 — CVSS 5.5 (medium): When reading a specially crafted ZIP archive, or a derived formats, an Apache Ant build can be made to allocate large amounts of memory…
CVE-2025-21544 — CVSS 5.4 (medium): Vulnerability in the Oracle Communications Order and Service Management product of Oracle Communications Applications (component…
CVE-2025-21554 — CVSS 5.3 (medium): Vulnerability in the Oracle Communications Order and Service Management product of Oracle Communications Applications (component…
CVE-2021-29425 — CVSS 4.8 (medium): In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or…
CVE-2023-22088 — CVSS 4.3 (medium): Vulnerability in the Oracle Communications Order and Service Management product of Oracle Communications Applications (component: User…