Vulnerabilities > Oracle > Retail Service Backbone > 19.0.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-24 | CVE-2022-23437 | Infinite Loop vulnerability in multiple products There's a vulnerability within the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. | 6.5 |
| 2021-12-18 | CVE-2021-45105 | Uncontrolled Recursion vulnerability in multiple products Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. | 5.9 |
| 2021-09-19 | CVE-2021-40690 | All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. | 7.5 |
| 2021-04-13 | CVE-2021-29425 | Path Traversal vulnerability in multiple products In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus "limited" path traversal), if the calling code would use the result to construct a path value. | 4.8 |
| 2021-03-10 | CVE-2020-13936 | An attacker that is able to modify Velocity templates may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. | 8.8 |
| 2019-11-08 | CVE-2019-10219 | A vulnerability was found in Hibernate-Validator. | 6.1 |