Vulnerabilities > Oracle > Retail Customer Management AND Segmentation Foundation

DATE CVE VULNERABILITY TITLE RISK
2019-04-20 CVE-2019-11358 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. 6.1
2019-01-18 CVE-2019-3772 XXE vulnerability in multiple products
Spring Integration (spring-integration-xml and spring-integration-ws modules), versions 4.3.18, 5.0.10, 5.1.1, and older unsupported versions, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources.
network
low complexity
vmware oracle CWE-611
critical
9.8
2019-01-02 CVE-2018-14718 Deserialization of Untrusted Data vulnerability in multiple products
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization.
network
low complexity
fasterxml debian oracle netapp redhat CWE-502
critical
9.8
2018-07-18 CVE-2018-3053 Unspecified vulnerability in Oracle Retail Customer Management and Segmentation Foundation 16.0.1/16.0.2/17.0.1
Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation component of Oracle Retail Applications (subcomponent: Internal Operations).
network
low complexity
oracle
6.4