Oracle Retail Bulk Data Integration — known CVE vulnerabilities
Every CVE whose affected-product data names Oracle Retail Bulk Data Integration, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVE-2021-40690 — CVSS 7.5 (high): All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the "secureValidation"…
CVE-2020-5398 — CVSS 7.5 (high): In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is…
CVE-2022-23437 — CVSS 6.5 (medium): There's a vulnerability within the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. This…
CVE-2020-5421 — CVSS 6.5 (medium): In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections…
CVE-2020-1945 — CVSS 6.3 (medium): Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir…
CVE-2018-2891 — CVSS 6.1 (medium): Vulnerability in the Oracle Retail Bulk Data Integration component of Oracle Retail Applications (subcomponent: BDI Job Scheduler). The…
CVE-2019-17091 — CVSS 6.1 (medium): faces/context/PartialViewContextImpl.java in Eclipse Mojarra, as used in Mojarra for Eclipse EE4J before 2.3.10 and Mojarra JavaServer…
CVE-2021-36374 — CVSS 5.5 (medium): When reading a specially crafted ZIP archive, or a derived formats, an Apache Ant build can be made to allocate large amounts of memory…
CVE-2021-36373 — CVSS 5.5 (medium): When reading a specially crafted TAR archive an Apache Ant build can be made to allocate large amounts of memory that finally leads to an…
CVE-2020-17521 — CVSS 5.5 (medium): Apache Groovy provides extension methods to aid with creating temporary directories. Prior to this fix, Groovy's implementation of those…
CVE-2020-9488 — CVSS 3.7 (low): Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted…