Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Retail Order Broker Security Vulnerabilities - CVSS Score 9 - 10

cve
cve

CVE-2018-1270

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to...

9.8CVSS

9.4AI Score

0.764EPSS

2018-04-06 01:29 PM
177
2
cve
cve

CVE-2018-1275

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.16 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to...

9.8CVSS

9.3AI Score

0.764EPSS

2018-04-11 01:29 PM
141
cve
cve

CVE-2018-8013

In Apache Batik 1.x before 1.10, when deserializing subclass of AbstractDocument, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class. Fix was to check the class type before calling newInstance in deserialization.

9.8CVSS

8.6AI Score

0.004EPSS

2018-05-24 04:29 PM
132
cve
cve

CVE-2019-12419

Apache CXF before 3.3.4 and 3.2.11 provides all of the components that are required to build a fully fledged OpenId Connect service. There is a vulnerability in the access token services, where it does not validate that the authenticated principal is equal to that of the supplied clientId parameter...

9.8CVSS

9.1AI Score

0.015EPSS

2019-11-06 09:15 PM
183
11
cve
cve

CVE-2019-13990

initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description.

9.8CVSS

9AI Score

0.008EPSS

2019-07-26 07:15 PM
471
2
cve
cve

CVE-2020-10683

dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j.

9.8CVSS

9.2AI Score

0.007EPSS

2020-05-01 07:15 PM
398
4
cve
cve

CVE-2020-9409

The administrative UI component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server for AWS Marketplace, and TIBCO JasperReports Server for ActiveMatrix BPM contains a vulnerability that theoretically allows an unauthenticated attacker to obtain the permissions of a Jasp...

9.8CVSS

9.3AI Score

0.002EPSS

2020-05-20 01:15 PM
70
2