Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

oracle retail back office 13.2 vulnerabilities and exploits

(subscribe to this query)
5.4
CVSSv3
CVE-2017-10423
Vulnerability in the Oracle Retail Back Office component of Oracle Retail Applications (subcomponent: Security). Supported versions that are affected are 13.2, 13.3, 13.4, 14.0 and 14.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP ...
Oracle Retail Back Office 13.4Oracle Retail Back Office 14.1Oracle Retail Back Office 14.0Oracle Retail Back Office 13.3Oracle Retail Back Office 13.2
NA
CVE-2015-0466
Unspecified vulnerability in the Oracle Retail Back Office component in Oracle Retail Applications 12.0, 12.0IN, 13.0, 13.1, 13.2, 13.3, 13.4, 14.0, and 14.1 allows remote malicious users to affect integrity via unknown vectors.
Oracle Retail Applications 12.0inOracle Retail Applications 13.0Oracle Retail Applications 13.3Oracle Retail Applications 13.4Oracle Retail Applications 12.0Oracle Retail Applications 14.0Oracle Retail Applications 14.1Oracle Retail Applications 13.1Oracle Retail Applications 13.2
8.8
CVSSv3
CVE-2018-1258
Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted.
Pivotal Software Spring SecurityVmware Spring Framework 5.0.5Oracle Agile Plm 9.3.3Oracle Agile Plm 9.3.4Oracle Agile Plm 9.3.5Oracle Agile Plm 9.3.6Oracle Application Testing Suite 10.1Oracle Application Testing Suite 12.5.0.3Oracle Application Testing Suite 13.1.0.1Oracle Application Testing Suite 13.2.0.1Oracle Application Testing Suite 13.3.0.1Oracle Big Data Discovery 1.6.0Oracle Communications Converged Application ServerOracle Communications Diameter Signaling RouterOracle Communications Network IntegrityOracle Communications Performance Intelligence CenterOracle Communications Services GatekeeperOracle Endeca Information Discovery Integrator 3.1.0Oracle Endeca Information Discovery Integrator 3.2.0Oracle Enterprise Manager For Mysql Database 13.2Oracle Enterprise Manager Ops Center 12.2.2Oracle Enterprise Manager Ops Center 12.3.3
6.1
CVSSv3
CVE-2019-10219
A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.
Redhat Hibernate ValidatorRedhat Hibernate Validator 6.1.0Redhat Single Sign-on -Redhat Jboss Enterprise Application Platform -Redhat Jboss Data Grid -Redhat Openshift Application Runtimes -Redhat Fuse 1.0Redhat Jboss Enterprise Application Platform 7.2Redhat Jboss Enterprise Application Platform 7.3Netapp Active Iq Unified Manager -Netapp Element -Netapp Snapcenter Plug-in -Netapp Management Services For Element Software And Netapp Hci -Oracle Flexcube Investor Servicing 12.3.0Oracle Flexcube Investor Servicing 12.1.0Oracle Solaris 11Oracle Flexcube Private Banking 12.1.0Oracle Insurance Policy Administration J2ee 10.2.0Oracle Flexcube Private Banking 12.0.0Oracle Flexcube Investor Servicing 12.0.4Oracle Weblogic Server 12.1.3.0.0Oracle Retail Integration Bus 13.0
6.1
CVSSv3
CVE-2019-11358
jQuery prior to 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
Jquery JqueryDebian Debian Linux 8.0Debian Debian Linux 9.0Debian Debian Linux 10.0Drupal DrupalBackdropcms BackdropFedoraproject Fedora 28Fedoraproject Fedora 29Fedoraproject Fedora 30Opensuse Leap 15.1Opensuse Backports Sle 15.0Netapp Snapcenter -Netapp Oncommand System ManagerRedhat Cloudforms 4.7Redhat Virtualization Manager 4.3Oracle Service Bus 12.1.3.0.0Oracle Primavera Unifier 16.2Oracle Jd Edwards Enterpriseone Tools 9.2Oracle Weblogic Server 12.1.3.0.0Oracle Service Bus 11.1.1.9.0Oracle Jdeveloper 11.1.1.9.0Oracle Primavera Unifier 16.1
5.9
CVSSv3
CVE-2021-45105
Apache Log4j2 versions 2.0-alpha1 up to and including 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted strin...
Apache Log4jNetapp Cloud Manager -Debian Debian Linux 10.0Debian Debian Linux 11.0Sonicwall Network Security ManagerSonicwall Email SecuritySonicwall Web Application FirewallSonicwall 6bk1602-0aa12-0tp0 FirmwareSonicwall 6bk1602-0aa22-0tp0 FirmwareSonicwall 6bk1602-0aa32-0tp0 FirmwareSonicwall 6bk1602-0aa42-0tp0 FirmwareSonicwall 6bk1602-0aa52-0tp0 FirmwareOracle E-business Suite 12.2Oracle Retail Back Office 14.1Oracle Weblogic Server 12.2.1.3.0Oracle Webcenter Portal 12.2.1.3.0Oracle Webcenter Sites 12.2.1.3.0Oracle Managed File Transfer 12.2.1.3.0Oracle Retail Order Broker 16.0Oracle Retail Integration Bus 14.1.3Oracle Retail Returns Management 14.1Oracle Retail Central Office 14.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322CVE-2006-4304wirelessCVE-2023-23022local file inclusionCVE-2024-27058CVE-2024-33820open redirectCVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook