Vulnerabilities > Oracle > Commerce Guided Search > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-09-19 CVE-2020-5421 In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter.
network
high complexity
vmware oracle netapp
6.5
2020-01-16 CVE-2019-17573 Cross-site Scripting vulnerability in multiple products
By default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses.
network
low complexity
apache oracle CWE-79
6.1
2019-11-08 CVE-2019-10219 A vulnerability was found in Hibernate-Validator.
network
low complexity
redhat netapp oracle
6.1
2019-11-06 CVE-2019-12406 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
Apache CXF before 3.3.4 and 3.2.11 does not restrict the number of message attachments present in a given message.
network
low complexity
apache oracle CWE-770
6.5