Vulnerabilities > Oracle > Commerce Guided Search
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-12-02 | CVE-2020-13956 | Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution. | 5.3 |
2020-09-19 | CVE-2020-5421 | In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter. | 6.5 |
2020-08-30 | CVE-2020-7712 | OS Command Injection vulnerability in multiple products This affects the package json before 10.0.0. | 7.2 |
2020-07-15 | CVE-2020-14536 | Unspecified vulnerability in Oracle products Vulnerability in the Oracle Commerce Guided Search / Oracle Commerce Experience Manager product of Oracle Commerce (component: Workbench). network oracle | 5.8 |
2020-07-14 | CVE-2020-13935 | Infinite Loop vulnerability in multiple products The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. | 7.5 |
2020-01-16 | CVE-2019-17573 | Cross-site Scripting vulnerability in multiple products By default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses. | 6.1 |
2020-01-16 | CVE-2019-12423 | Insufficiently Protected Credentials vulnerability in multiple products Apache CXF ships with a OpenId Connect JWK Keys service, which allows a client to obtain the public keys in JWK format, which can then be used to verify the signature of tokens issued by the service. | 7.5 |
2020-01-15 | CVE-2020-2604 | Deserialization of Untrusted Data vulnerability in multiple products Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). | 8.1 |
2019-11-08 | CVE-2019-10219 | Cross-site Scripting vulnerability in multiple products A vulnerability was found in Hibernate-Validator. | 6.1 |
2019-11-06 | CVE-2019-12419 | Incorrect Authorization vulnerability in multiple products Apache CXF before 3.3.4 and 3.2.11 provides all of the components that are required to build a fully fledged OpenId Connect service. | 9.8 |