Oracle Retail Customer Management And Segmentation Foundation — known CVE vulnerabilities
Every CVE whose affected-product data names Oracle Retail Customer Management And Segmentation Foundation, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (57)
CVE-2019-17267 — CVSS 9.8 (critical): A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to net.sf.ehcache.hibernate.EhcacheJtaT…
CVE-2018-14718 — CVSS 9.8 (critical): FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the…
CVE-2019-3772 — CVSS 9.8 (critical): Spring Integration (spring-integration-xml and spring-integration-ws modules), versions 4.3.18, 5.0.10, 5.1.1, and older unsupported…
CVE-2020-5413 — CVSS 9.8 (critical): Spring Integration framework provides Kryo Codec implementations as an alternative for Java (de)serialization. When Kryo is configured with…
CVE-2018-11307 — CVSS 9.8 (critical): An issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.5. Use of Jackson default typing along with a gadget class from…
CVE-2020-2953 — CVSS 9.8 (critical): Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component…
CVE-2019-14379 — CVSS 9.8 (critical): SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of…
CVE-2020-10683 — CVSS 9.8 (critical): dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However…
CVE-2019-14540 — CVSS 9.8 (critical): A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariConfig.
CVE-2019-16335 — CVSS 9.8 (critical): A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariDataSource…
CVE-2018-3315 — CVSS 8.2 (high): Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation component of Oracle Retail Applications (subcomponent…
CVE-2020-36189 — CVSS 8.1 (high): FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to…
CVE-2020-35491 — CVSS 8.1 (high): FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to…
CVE-2020-35728 — CVSS 8.1 (high): FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to…
CVE-2020-36179 — CVSS 8.1 (high): FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to…
CVE-2020-36180 — CVSS 8.1 (high): FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to…
CVE-2020-36181 — CVSS 8.1 (high): FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to…
CVE-2020-36182 — CVSS 8.1 (high): FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to…
CVE-2020-36183 — CVSS 8.1 (high): FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to…
CVE-2020-36184 — CVSS 8.1 (high): FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to…
CVE-2020-36185 — CVSS 8.1 (high): FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to…
CVE-2020-36186 — CVSS 8.1 (high): FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to…
CVE-2020-36187 — CVSS 8.1 (high): FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to…
CVE-2020-36188 — CVSS 8.1 (high): FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to…
CVE-2021-22118 — CVSS 7.8 (high): In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege…
CVE-2018-3316 — CVSS 7.6 (high): Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation component of Oracle Retail Applications (subcomponent…
CVE-2021-37714 — CVSS 7.5 (high): jsoup is a Java library for working with HTML. Those using jsoup versions prior to 1.14.2 to parse untrusted HTML or XML may be vulnerable…
CVE-2019-14439 — CVSS 7.5 (high): A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2. This occurs when Default Typing is enabled…
CVE-2020-25638 — CVSS 7.4 (high): A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the JPA…
CVE-2021-23337 — CVSS 7.2 (high): Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.
CVE-2020-14709 — CVSS 7.1 (high): Vulnerability in the Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Card). Supported…
CVE-2020-11022 — CVSS 6.9 (medium): In jQuery starting with 1.12.0 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM…
CVE-2021-30129 — CVSS 6.5 (medium): A vulnerability in sshd-core of Apache Mina SSHD allows an attacker to overflow the server causing an OutOfMemory error. This issue affects…
CVE-2020-2650 — CVSS 6.5 (medium): Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component…
CVE-2020-5421 — CVSS 6.5 (medium): In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections…
CVE-2018-3053 — CVSS 6.4 (medium): Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation component of Oracle Retail Applications (subcomponent…
CVE-2021-2057 — CVSS 6.3 (medium): Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component…
CVE-2020-2648 — CVSS 6.2 (medium): Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component…
CVE-2019-10219 — CVSS 6.1 (medium): A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of…
CVE-2019-11358 — CVSS 6.1 (medium): jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of…
CVE-2019-2884 — CVSS 5.9 (medium): Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component…
CVE-2021-27807 — CVSS 5.5 (medium): A carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior…
CVE-2021-31812 — CVSS 5.5 (medium): In Apache PDFBox, a carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox…
CVE-2021-31811 — CVSS 5.5 (medium): In Apache PDFBox, a carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache…
CVE-2021-27906 — CVSS 5.5 (medium): A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.22…
CVE-2020-14710 — CVSS 5.4 (medium): Vulnerability in the Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Security). Supported…
CVE-2020-13956 — CVSS 5.3 (medium): Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the…
CVE-2020-28500 — CVSS 5.3 (medium): Lodash versions prior to 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd…
CVE-2020-2567 — CVSS 4.8 (medium): Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component…
CVE-2019-2883 — CVSS 4.6 (medium): Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component…
CVE-2020-14708 — CVSS 4.3 (medium): Vulnerability in the Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Segment). Supported…
CVE-2020-9488 — CVSS 3.7 (low): Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted…
CVE-2020-2649 — CVSS 3.3 (low): Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component…
CVE-2020-8908 — CVSS 3.3 (low): A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially…
CVE-2020-14731 — CVSS 3.1 (low): Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component…
CVE-2020-14732 — CVSS 3.1 (low): Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component…