Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

oracle retail xstore point of service 18.0.1 vulnerabilities and exploits

(subscribe to this query)
2.7
CVSSv3
CVE-2019-2872
Vulnerability in the Oracle Retail Xstore Point of Service product of Oracle Retail Applications (component: Point of Sale). Supported versions that are affected are 17.0.3, 18.0.1 and 19.0.0. Difficult to exploit vulnerability allows physical access to compromise Oracle Retail X...
Oracle Retail Xstore Point Of Service 18.0.1Oracle Retail Xstore Point Of Service 19.0.0Oracle Retail Xstore Point Of Service 17.0.3
3.7
CVSSv3
CVE-2020-9488
Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. Fixed in Apache Log4j 2.12.3 and 2.13.1
Apache Log4jOracle Flexcube Private Banking 12.1.0Oracle Retail Integration Bus 14.1Oracle Flexcube Private Banking 12.0.0Oracle Flexcube Core Banking 5.2.0Oracle Retail Integration Bus 15.0Oracle Peoplesoft Enterprise Peopletools 8.56Oracle Weblogic Server 10.3.6.0.0Oracle Utilities Framework 4.2.0.3.0Oracle Utilities Framework 4.2.0.2.0Oracle Utilities Framework 2.2.0.0.0Oracle Peoplesoft Enterprise Peopletools 8.57Oracle Retail Integration Bus 16.0Oracle Primavera Unifier 18.8Oracle Retail Customer Management And Segmentation Foundation 16.0Oracle Retail Customer Management And Segmentation Foundation 17.0Oracle Retail Customer Management And Segmentation Foundation 18.0Oracle Policy Automation Connector For Siebel 10.4.6Oracle Data Integrator 12.2.1.3.0Oracle Jd Edwards World Security A9.4Oracle Financial Services Market Risk Measurement And Management 8.0.6Oracle Utilities Framework 4.4.0.0.0
7.5
CVSSv3
CVE-2019-17359
The ASN.1 parser in Bouncy Castle Crypto (aka BC Java) 1.63 can trigger a large attempted memory allocation, and resultant OutOfMemoryError error, via crafted ASN.1 data. This is fixed in 1.64.
Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.63Apache Tomee 7.0.7Apache Tomee 7.1.2Apache Tomee 8.0.1Netapp Oncommand Workflow Automation -Netapp Service Level Manager -Netapp Oncommand Api Services -Netapp Active Iq Unified ManagerOracle Flexcube Private Banking 12.1.0Oracle Flexcube Private Banking 12.0.0Oracle Peoplesoft Enterprise Peopletools 8.56Oracle Hospitality Guest Access 4.2.0Oracle Weblogic Server 12.2.1.3.0Oracle Webcenter Portal 12.2.1.3.0Oracle Webcenter Portal 11.1.1.9.0Oracle Business Process Management Suite 12.2.1.3.0Oracle Soa Suite 12.2.1.3.0Oracle Peoplesoft Enterprise Peopletools 8.57Oracle Managed File Transfer 12.2.1.3.0Oracle Retail Xstore Point Of Service 18.0.1Oracle Weblogic Server 12.2.1.4.0Oracle Peoplesoft Enterprise Peopletools 8.58
6.1
CVSSv3
CVE-2019-10219
A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.
Redhat Hibernate ValidatorRedhat Hibernate Validator 6.1.0Redhat Single Sign-on -Redhat Jboss Enterprise Application Platform -Redhat Jboss Data Grid -Redhat Openshift Application Runtimes -Redhat Fuse 1.0Redhat Jboss Enterprise Application Platform 7.2Redhat Jboss Enterprise Application Platform 7.3Netapp Active Iq Unified Manager -Netapp Element -Netapp Snapcenter Plug-in -Netapp Management Services For Element Software And Netapp Hci -Oracle Flexcube Investor Servicing 12.3.0Oracle Flexcube Investor Servicing 12.1.0Oracle Solaris 11Oracle Flexcube Private Banking 12.1.0Oracle Insurance Policy Administration J2ee 10.2.0Oracle Flexcube Private Banking 12.0.0Oracle Flexcube Investor Servicing 12.0.4Oracle Weblogic Server 12.1.3.0.0Oracle Retail Integration Bus 13.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionCVE-2006-4304CVE-2023-26603CVE-2024-28327CVE-2023-50363CVE-2024-21905template injectionCVE-2024-3400cross-site request forgery
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook