Vulnerabilities > Oracle > Retail Customer Management AND Segmentation Foundation > 17.0

DATE	CVE	VULNERABILITY TITLE	RISK
2019-09-15	CVE-2019-14540	Deserialization of Untrusted Data vulnerability in multiple products A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. network low complexity fasterxml netapp fedoraproject debian redhat oracle CWE-502 critical	9.8
2019-07-30	CVE-2019-14439	Deserialization of Untrusted Data vulnerability in multiple products A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2. network low complexity fasterxml debian fedoraproject apache redhat oracle CWE-502	7.5
2019-07-29	CVE-2019-14379	SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code execution. network low complexity fasterxml debian netapp fedoraproject redhat oracle apple critical	9.8
2019-07-23	CVE-2018-3316	Unspecified vulnerability in Oracle Retail Customer Management and Segmentation Foundation 16.0/17.0 Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation component of Oracle Retail Applications (subcomponent: Segment). network low complexity oracle	7.6
2019-07-23	CVE-2018-3315	Unspecified vulnerability in Oracle Retail Customer Management and Segmentation Foundation 16.0/17.0 Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation component of Oracle Retail Applications (subcomponent: Customer). network high complexity oracle	8.2
2019-07-09	CVE-2018-11307	Deserialization of Untrusted Data vulnerability in multiple products An issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.5. network low complexity fasterxml redhat oracle CWE-502 critical	9.8
2019-01-18	CVE-2019-3772	XXE vulnerability in multiple products Spring Integration (spring-integration-xml and spring-integration-ws modules), versions 4.3.18, 5.0.10, 5.1.1, and older unsupported versions, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources. network low complexity vmware oracle CWE-611 critical	9.8
2019-01-02	CVE-2018-14718	Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization. network low complexity fasterxml debian oracle netapp redhat CWE-502 critical	9.8

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.