Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2018-04-06	CVE-2018-1271	Path Traversal vulnerability in multiple products Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources (e.g. network high complexity vmware oracle CWE-22	5.9
2017-10-19	CVE-2017-10423	Unspecified vulnerability in Oracle Retail Back Office Vulnerability in the Oracle Retail Back Office component of Oracle Retail Applications (subcomponent: Security). network low complexity oracle	5.4