Vulnerabilities > Oracle > Retail Customer Management AND Segmentation Foundation
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-04-20 | CVE-2019-11358 | jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. | 6.1 |
2019-01-18 | CVE-2019-3772 | XXE vulnerability in multiple products Spring Integration (spring-integration-xml and spring-integration-ws modules), versions 4.3.18, 5.0.10, 5.1.1, and older unsupported versions, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources. | 9.8 |
2019-01-02 | CVE-2018-14718 | Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization. | 9.8 |
2018-07-18 | CVE-2018-3053 | Unspecified vulnerability in Oracle Retail Customer Management and Segmentation Foundation 16.0.1/16.0.2/17.0.1 Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation component of Oracle Retail Applications (subcomponent: Internal Operations). | 6.4 |