Vulnerabilities > Oracle > Micros Retail Xbri Loss Prevention

DATE CVE VULNERABILITY TITLE RISK
2017-10-04 CVE-2017-12617 Unrestricted Upload of File with Dangerous Type vulnerability in multiple products
When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g.
network
high complexity
apache canonical oracle debian netapp redhat CWE-434
8.1
8.1
2017-04-06 CVE-2016-8735 Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12 if JmxRemoteLifecycleListener is used and an attacker can reach JMX ports.
network
low complexity
apache canonical netapp debian redhat oracle
critical
 9.8
9.8