Vulnerabilities > Oracle > Commerce Guided Search > Critical

DATE CVE VULNERABILITY TITLE RISK
2022-03-03 CVE-2022-22947 Expression Language Injection vulnerability in multiple products
In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured.
network
low complexity
vmware oracle CWE-917
critical
10.0
2019-11-06 CVE-2019-12419 Incorrect Authorization vulnerability in multiple products
Apache CXF before 3.3.4 and 3.2.11 provides all of the components that are required to build a fully fledged OpenId Connect service.
network
low complexity
apache oracle CWE-863
critical
9.8