Oracle Retail_customer_management_and_segmentation_foundation
57 CVEs affecting Oracle Retail_customer_management_and_segmentation_foundation. Latest disclosed: 2022-04-01. Critical: 11, High: 21.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2022-22965 | Critical | 9.8 | 2022-04-01 | A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires t… |
CVE-2020-5413 | Critical | 9.8 | 2020-07-31 | Spring Integration framework provides Kryo Codec implementations as an alternative for Java (de)serialization. When Kryo is configured with default options, al… |
CVE-2020-10683 | Critical | 9.8 | 2020-05-01 | dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular exte… |
CVE-2020-2953 | Critical | 9.8 | 2020-04-15 | Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Promotions). The supported… |
CVE-2019-17267 | Critical | 9.8 | 2019-10-07 | A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to net.sf.ehcache.hibernate.EhcacheJtaTransactionManagerLo… |
CVE-2019-16335 | Critical | 9.8 | 2019-09-15 | A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariDataSource. This is a different… |
CVE-2019-14540 | Critical | 9.8 | 2019-09-15 | A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariConfig. |
CVE-2019-14379 | Critical | 9.8 | 2019-07-29 | SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manage… |
CVE-2018-11307 | Critical | 9.8 | 2019-07-09 | An issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.5. Use of Jackson default typing along with a gadget class from iBatis allows exfiltrat… |
CVE-2019-3772 | Critical | 9.8 | 2019-01-18 | Spring Integration (spring-integration-xml and spring-integration-ws modules), versions 4.3.18, 5.0.10, 5.1.1, and older unsupported versions, were susceptible… |
CVE-2018-14718 | Critical | 9.8 | 2019-01-02 | FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from poly… |
CVE-2018-3315 | High | 8.2 | 2019-07-23 | Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation component of Oracle Retail Applications (subcomponent: Customer). Supported… |
CVE-2020-36183 | High | 8.1 | 2021-01-07 | FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib… |
CVE-2020-36182 | High | 8.1 | 2021-01-07 | FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpd… |
CVE-2020-36180 | High | 8.1 | 2021-01-07 | FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsada… |
CVE-2020-36179 | High | 8.1 | 2021-01-07 | FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.commons.dbcp.cpd… |
CVE-2020-36189 | High | 8.1 | 2021-01-06 | FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.l… |
CVE-2020-36188 | High | 8.1 | 2021-01-06 | FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.l… |
CVE-2020-36187 | High | 8.1 | 2021-01-06 | FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.data… |
CVE-2020-36186 | High | 8.1 | 2021-01-06 | FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.data… |