Vulnerabilities > Oracle > Retail Back Office > 13.4
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-05-24 | CVE-2018-8013 | Deserialization of Untrusted Data vulnerability in multiple products In Apache Batik 1.x before 1.10, when deserializing subclass of `AbstractDocument`, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class. | 9.8 |
| 2017-10-19 | CVE-2017-10423 | Unspecified vulnerability in Oracle Retail Back Office Vulnerability in the Oracle Retail Back Office component of Oracle Retail Applications (subcomponent: Security). | 5.4 |