Vulnerabilities > Oracle > Retail Back Office > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-12-18 CVE-2021-45105 Uncontrolled Recursion vulnerability in multiple products
Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups.
network
high complexity
apache netapp debian sonicwall oracle CWE-674
5.9
2021-07-19 CVE-2021-35043 Cross-site Scripting vulnerability in multiple products
OWASP AntiSamy before 1.6.4 allows XSS via HTML attributes when using the HTML output serializer (XHTML is not affected).
network
low complexity
antisamy-project oracle netapp CWE-79
6.1
2021-07-14 CVE-2021-36373 When reading a specially crafted TAR archive an Apache Ant build can be made to allocate large amounts of memory that finally leads to an out of memory error, even for small inputs.
local
low complexity
apache oracle
5.5
2021-07-14 CVE-2021-36374 When reading a specially crafted ZIP archive, or a derived formats, an Apache Ant build can be made to allocate large amounts of memory that leads to an out of memory error, even for small inputs.
local
low complexity
apache oracle
5.5
2020-05-14 CVE-2020-1945 Exposure of Resource to Wrong Sphere vulnerability in multiple products
Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information.
6.3
2020-04-29 CVE-2020-11022 In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. 6.1
2020-01-17 CVE-2020-5397 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring MVC (spring-webmvc module) or Spring WebFlux (spring-webflux module) endpoints.
network
low complexity
vmware oracle CWE-352
5.3
2019-11-08 CVE-2019-10219 A vulnerability was found in Hibernate-Validator.
network
low complexity
redhat netapp oracle
6.1
2019-04-20 CVE-2019-11358 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. 6.1
2018-04-19 CVE-2018-2861 Unspecified vulnerability in Oracle Retail Back Office 13.4.9/14.0.4/14.1.3
Vulnerability in the Oracle Retail Back Office component of Oracle Retail Applications (subcomponent: Security).
network
low complexity
oracle
6.5