Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
oracle retail integration bus 14.1 vulnerabilities and exploits
(subscribe to this query)
10
CVSSv2
CVE-2016-3444
Unspecified vulnerability in the Oracle Retail Integration Bus component in Oracle Retail Applications 13.0, 13.1, 13.2, 14.0, 14.1, and 15.0 allows remote malicious users to affect confidentiality, integrity, and availability via vectors related to Install.
Oracle Retail Integration Bus 15.0
Oracle Retail Integration Bus 14.0
Oracle Retail Integration Bus 14.1
Oracle Retail Integration Bus 13.1
Oracle Retail Integration Bus 13.2
Oracle Retail Integration Bus 13.0
9
CVSSv2
CVE-2016-0635
Unspecified vulnerability in the Enterprise Manager Ops Center component in Oracle Enterprise Manager Grid Control 12.1.4, 12.2.2, and 12.3.2; the Oracle Health Sciences Information Manager component in Oracle Health Sciences Applications 1.2.8.3, 2.0.2.3, and 3.0.1.0; the Oracle...
Oracle Insurance Policy Administration J2ee 9.7.1
Oracle Insurance Policy Administration J2ee 10.0.1
Oracle Insurance Rules Palette 10.2.0
Oracle Insurance Rules Palette 10.2.2
Oracle Retail Integration Bus 15.0
Oracle Insurance Policy Administration J2ee 9.6.1
Oracle Insurance Rules Palette 10.0.1
Oracle Insurance Rules Palette 10.1.2
Oracle Primavera P6 Enterprise Project Portfolio Management 15.2
Oracle Primavera P6 Enterprise Project Portfolio Management 16.1
Oracle Health Sciences Information Manager 3.0.1.0
Oracle Enterprise Manager Ops Center 12.1.4
Oracle Retail Order Broker Cloud Service 15.0
Oracle Documaker
Oracle Insurance Policy Administration J2ee 10.2.2
Oracle Insurance Rules Palette 9.6.1
Oracle Insurance Rules Palette 9.7.1
Oracle Primavera P6 Enterprise Project Portfolio Management 8.4
Oracle Primavera P6 Enterprise Project Portfolio Management 15.1
Oracle Health Sciences Information Manager 1.2.8.3
Oracle Health Sciences Information Manager 2.0.2.3
Oracle Retail Order Broker Cloud Service 5.1
7.6
CVSSv2
CVE-2020-5398
In Spring Framework, versions 5.2.x before 5.2.3, versions 5.1.x before 5.1.13, and versions 5.0.x before 5.0.16, an application is vulnerable to a reflected file download (RFD) attack when it sets a "Content-Disposition" header in the response where the filename attrib...
Vmware Spring Framework
Oracle Flexcube Private Banking 12.1.0
Oracle Insurance Policy Administration J2ee 10.2.0
Oracle Flexcube Private Banking 12.0.0
Oracle Insurance Rules Palette 10.2.0
Oracle Retail Service Backbone 15.0
Oracle Retail Back Office 14.1
Oracle Weblogic Server 12.2.1.3.0
Oracle Application Testing Suite 13.3.0.1
Oracle Retail Order Broker 15.0
Oracle Retail Order Broker 16.0
Oracle Retail Returns Management 14.1
Oracle Retail Central Office 14.1
Oracle Retail Assortment Planning 15.0
Oracle Retail Point-of-service 14.1
Oracle Retail Predictive Application Server 15.0.3
Oracle Retail Assortment Planning 16.0
Oracle Retail Financial Integration 15.0
Oracle Retail Financial Integration 16.0
Oracle Communications Policy Management 12.5.0
Oracle Weblogic Server 12.2.1.4.0
Oracle Mysql
2 Github repositories
7.5
CVSSv2
CVE-2019-10086
In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an malicious user to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of th...
Apache Commons Beanutils
Apache Nifi 1.14.0
Apache Nifi 1.15.0
Debian Debian Linux 8.0
Opensuse Leap 15.0
Opensuse Leap 15.1
Fedoraproject Fedora 30
Fedoraproject Fedora 31
Redhat Enterprise Linux Desktop 7.0
Redhat Enterprise Linux Workstation 7.0
Redhat Enterprise Linux Server 7.0
Redhat Enterprise Linux Server Aus 7.7
Redhat Enterprise Linux Server Tus 7.7
Redhat Enterprise Linux Eus 7.7
Redhat Jboss Enterprise Application Platform 7.2.0
Oracle Retail Xstore Point Of Service 15.0
Oracle Flexcube Private Banking 12.1.0
Oracle Banking Platform 2.4.0
Oracle Retail Xstore Point Of Service 7.1
Oracle Flexcube Private Banking 12.0.0
Oracle Service Bus 11.1.1.9.0
Oracle Fusion Middleware 11.1.1.9
7.5
CVSSv2
CVE-2019-13990
initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler up to and including 2.3.0 allows XXE attacks via a job description.
Softwareag Quartz
Oracle Flexcube Investor Servicing 12.3.0
Oracle Flexcube Investor Servicing 12.1.0
Oracle Retail Xstore Point Of Service 15.0
Oracle Flexcube Private Banking 12.1.0
Oracle Primavera Unifier 16.2
Oracle Flexcube Private Banking 12.0.0
Oracle Primavera Unifier 16.1
Oracle Retail Integration Bus 15.0
Oracle Retail Back Office 14.1
Oracle Flexcube Investor Servicing 12.4.0
Oracle Webcenter Sites 12.2.1.3.0
Oracle Retail Xstore Point Of Service 16.0
Oracle Fusion Middleware Mapviewer 12.2.1.3.0
Oracle Retail Order Broker 15.0
Oracle Retail Order Broker 16.0
Oracle Retail Integration Bus 16.0
Oracle Retail Returns Management 14.1
Oracle Retail Central Office 14.1
Oracle Primavera Unifier 18.8
Oracle Retail Point-of-service 14.1
Oracle Primavera Unifier
2 Github repositories
7.5
CVSSv2
CVE-2018-8013
In Apache Batik 1.x prior to 1.10, when deserializing subclass of `AbstractDocument`, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class. Fix was to check the class type before calling newInstance in deser...
Apache Batik
Debian Debian Linux 8.0
Debian Debian Linux 7.0
Debian Debian Linux 9.0
Canonical Ubuntu Linux 14.04
Oracle Jd Edwards Enterpriseone Tools 9.2
Oracle Fusion Middleware Mapviewer 12.2.1.2
Oracle Enterprise Repository 12.1.3.0.0
Oracle Business Intelligence 11.1.1.9.0
Oracle Enterprise Repository 11.1.1.7.0
Oracle Business Intelligence 11.1.1.7.0
Oracle Retail Back Office 13.4
Oracle Retail Back Office 14.1
Oracle Retail Back Office 13.3
Oracle Business Intelligence 12.2.1.3.0
Oracle Communications Diameter Signaling Router
Oracle Retail Order Broker 5.1
Oracle Retail Order Broker 5.2
Oracle Retail Order Broker 15.0
Oracle Retail Order Broker 16.0
Oracle Insurance Calculation Engine 10.2.1
Oracle Insurance Calculation Engine 10.1.1
1 Article
6.5
CVSSv2
CVE-2018-1258
Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted.
Pivotal Software Spring Security
Vmware Spring Framework 5.0.5
Oracle Agile Plm 9.3.3
Oracle Agile Plm 9.3.4
Oracle Agile Plm 9.3.5
Oracle Agile Plm 9.3.6
Oracle Application Testing Suite 10.1
Oracle Application Testing Suite 12.5.0.3
Oracle Application Testing Suite 13.1.0.1
Oracle Application Testing Suite 13.2.0.1
Oracle Application Testing Suite 13.3.0.1
Oracle Big Data Discovery 1.6.0
Oracle Communications Converged Application Server
Oracle Communications Diameter Signaling Router
Oracle Communications Network Integrity
Oracle Communications Performance Intelligence Center
Oracle Communications Services Gatekeeper
Oracle Endeca Information Discovery Integrator 3.1.0
Oracle Endeca Information Discovery Integrator 3.2.0
Oracle Enterprise Manager For Mysql Database 13.2
Oracle Enterprise Manager Ops Center 12.2.2
Oracle Enterprise Manager Ops Center 12.3.3
6.5
CVSSv2
CVE-2016-5476
Unspecified vulnerability in the Oracle Retail Integration Bus component in Oracle Retail Applications 13.0, 13.1, 13.2, 14.0, 14.1, and 15.0 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to Install.
Oracle Retail Integration Bus 14.0
Oracle Retail Integration Bus 14.1
Oracle Retail Integration Bus 13.1
Oracle Retail Integration Bus 13.2
Oracle Retail Integration Bus 13.0
Oracle Retail Integration Bus 15.0
5.1
CVSSv2
CVE-2021-2351
Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Advanced N...
Oracle Flexcube Investor Servicing 12.3.0
Oracle Flexcube Investor Servicing 12.1.0
Oracle Flexcube Private Banking 12.1.0
Oracle Flexcube Private Banking 12.0.0
Oracle Flexcube Investor Servicing 12.0.4
Oracle Retail Store Inventory Management 14.1
Oracle Ilearning 6.2
Oracle Hospitality Suite8 8.10.2
Oracle Retail Back Office 14.1
Oracle Weblogic Server 12.2.1.3.0
Oracle Utilities Framework 4.2.0.3.0
Oracle Flexcube Investor Servicing 12.4.0
Oracle Peoplesoft Enterprise Peopletools 8.57
Oracle Hospitality Reporting And Analytics 9.1.0
Oracle Application Testing Suite 13.3.0.1
Oracle Retail Order Broker 16.0
Oracle Retail Returns Management 14.1
Oracle Retail Central Office 14.1
Oracle Banking Platform 2.6.2
Oracle Primavera Unifier 18.8
Oracle Retail Point-of-service 14.1
Oracle Retail Predictive Application Server 15.0.3
5
CVSSv2
CVE-2019-17566
Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the "xlink:href" attributes. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET reques...
Apache Batik
Oracle Api Gateway 11.1.2.4.0
Oracle Hyperion Financial Reporting 11.1.2.4
Oracle Enterprise Repository 11.1.1.7.0
Oracle Business Intelligence 12.2.1.3.0
Oracle Retail Order Broker 15.0
Oracle Retail Order Broker 16.0
Oracle Retail Returns Management 14.1
Oracle Retail Point-of-service 14.1
Oracle Business Intelligence 12.2.1.4.0
Oracle Business Intelligence 5.5.0.0.0
Oracle Financial Services Analytical Applications Infrastructure
Oracle Fusion Middleware Mapviewer 12.2.1.4.0
Oracle Instantis Enterprisetrack
Oracle Communications Offline Mediation Controller 12.0.0.3.0
Oracle Retail Integration Bus 15.0.3
Oracle Communications Application Session Controller 3.9m0p2
Oracle Hospitality Opera 5 5.5
Oracle Hospitality Opera 5 5.6
Oracle Business Intelligence 5.9.0.0.0
Oracle Retail Order Management System Cloud Service 19.5
Oracle Jd Edwards Enterpriseone Tools
1 Github repository
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48654
CVE-2024-2757
authentication bypass
CVE-2024-3194
CVE-2024-33640
CVE-2024-21111
dos
insecure direct object reference
CVE-2024-21345
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »