Oracle Retail_back_office
22 CVEs affecting Oracle Retail_back_office. Latest disclosed: 2021-12-18. Critical: 3, High: 7.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2019-13990 | Critical | 9.8 | 2019-07-26 | initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description. |
CVE-2018-8013 | Critical | 9.8 | 2018-05-24 | In Apache Batik 1.x before 1.10, when deserializing subclass of `AbstractDocument`, the class takes a string from the inputStream as the class name which then… |
CVE-2018-1270 | Critical | 9.8 | 2018-04-06 | Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocke… |
CVE-2018-1258 | High | 8.8 | 2018-05-11 | Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An un… |
CVE-2021-2351 | High | 8.3 | 2021-07-21 | Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Diffi… |
CVE-2020-11987 | High | 8.2 | 2021-02-24 | Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argume… |
CVE-2017-12617 | High | 8.1 | 2017-10-04 | When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via setting the re… |
CVE-2020-5398 | High | 7.5 | 2020-01-17 | In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is vulnerable to a refle… |
CVE-2018-1272 | High | 7.5 | 2018-04-06 | Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, provide client-side support for multipart reques… |
CVE-2019-10086 | High | 7.3 | 2019-08-20 | In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader vi… |
CVE-2020-11022 | Medium | 6.9 | 2020-04-29 | In jQuery starting with 1.12.0 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (… |
CVE-2018-2861 | Medium | 6.5 | 2018-04-19 | Vulnerability in the Oracle Retail Back Office component of Oracle Retail Applications (subcomponent: Security). Supported versions that are affected are 13.4… |
CVE-2020-1945 | Medium | 6.3 | 2020-05-14 | Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and… |
CVE-2021-35043 | Medium | 6.1 | 2021-07-19 | OWASP AntiSamy before 1.6.4 allows XSS via HTML attributes when using the HTML output serializer (XHTML is not affected). This was demonstrated by a javascript… |
CVE-2019-10219 | Medium | 6.1 | 2019-11-08 | A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious cod… |
CVE-2019-11358 | Medium | 6.1 | 2019-04-20 | jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an… |
CVE-2021-45105 | Medium | 5.9 | 2021-12-18 | Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This a… |
CVE-2018-1271 | Medium | 5.9 | 2018-04-06 | Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to se… |
CVE-2021-36374 | Medium | 5.5 | 2021-07-14 | When reading a specially crafted ZIP archive, or a derived formats, an Apache Ant build can be made to allocate large amounts of memory that leads to an out of… |
CVE-2021-36373 | Medium | 5.5 | 2021-07-14 | When reading a specially crafted TAR archive an Apache Ant build can be made to allocate large amounts of memory that finally leads to an out of memory error… |