Retail Predictive Application Server

DATE	CVE	VULNERABILITY TITLE	RISK
2018-04-06	CVE-2018-1270	Code Injection vulnerability in multiple products Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. network low complexity vmware oracle redhat debian CWE-94 critical	9.8
2017-11-13	CVE-2016-8610	Resource Exhaustion vulnerability in multiple products A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. network low complexity openssl debian redhat netapp paloaltonetworks oracle fujitsu CWE-400	7.5
2017-04-17	CVE-2017-5645	Deserialization of Untrusted Data vulnerability in multiple products In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code. network low complexity apache netapp redhat oracle CWE-502 critical	9.8