Commerce Platform@11.3.2 Security Vulnerabilities and Issues — Commerce Platform@11.3.2 CVE List

Lucene search

OracleCommerce Platform11.3.2

8 matches found

CVE•added 2022/04/01 11:15 p.m.•2207 views

CVE-2022-22965

A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is...

9.8CVSS8.7AI score0.9446EPSS

CVE•added 2021/09/19 6:15 p.m.•581 views

CVE-2021-40690

All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. This allows an attacker to abuse an XPath Transform to extract any loca...

7.5CVSS7.4AI score0.00335EPSS

CVE•added 2022/03/11 7:15 a.m.•567 views

CVE-2020-36518

jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.

7.5CVSS7.4AI score0.00477EPSS

CVE•added 2021/07/21 3:15 p.m.•211 views

CVE-2021-2351

Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Advanced Networking Option. S...

8.3CVSS8.5AI score0.04736EPSS

CVE•added 2022/01/19 12:15 p.m.•67 views

CVE-2022-21387

Vulnerability in the Oracle Commerce Platform product of Oracle Commerce (component: Dynamo Application Framework). Supported versions that are affected are 11.3.0, 11.3.1 and 11.3.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle ...

5.3CVSS4.8AI score0.00771EPSS

CVE•added 2022/07/19 10:15 p.m.•48 views

CVE-2022-21559

Vulnerability in the Oracle Commerce Platform product of Oracle Commerce (component: Dynamo Application Framework). Supported versions that are affected are 11.3.0, 11.3.1 and 11.3.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Comme...

5.5CVSS5.2AI score0.00186EPSS

CVE•added 2024/04/16 10:15 p.m.•47 views

CVE-2024-21100

Vulnerability in the Oracle Commerce Platform product of Oracle Commerce (component: Platform). Supported versions that are affected are 11.3.0, 11.3.1 and 11.3.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Platform....

4CVSS6.6AI score0.00257EPSS

CVE•added 2025/04/15 9:15 p.m.•43 views

CVE-2025-21576

Vulnerability in the Oracle Commerce Platform product of Oracle Commerce (component: Dynamo Personalization Server). Supported versions that are affected are 11.3.0, 11.3.1 and 11.3.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle ...

5.4CVSS4.8AI score0.00016EPSS