Retail Integration Bus@16.0 Security Vulnerabilities and Issues — Retail Integration Bus@16.0 CVE List

Lucene search

OracleRetail Integration Bus16.0

16 matches found

CVE•added 2019/07/26 7:15 p.m.•529 views

CVE-2019-13990

initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description.

9.8CVSS9AI score0.10416EPSS

CVE•added 2018/04/26 9:29 p.m.•519 views

CVE-2018-10237

Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize attacker-provided data, because the AtomicDoubleArray class (when serialized with Java serialization) ...

5.9CVSS5.9AI score0.03259EPSS

CVE•added 2017/04/17 9:59 p.m.•517 views

CVE-2017-5645

In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.

9.8CVSS9.5AI score0.94013EPSS

CVE•added 2020/05/01 7:15 p.m.•442 views

CVE-2020-10683

dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j.

9.8CVSS9.2AI score0.02147EPSS

CVE•added 2020/05/14 4:15 p.m.•402 views

CVE-2020-1945

Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build tr...

6.3CVSS6.8AI score0.00021EPSS

CVE•added 2020/04/27 4:15 p.m.•399 views

CVE-2020-9488

Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. Fixed in Apache Log4j 2.12.3 and 2.13.1

4.3CVSS6AI score0.00016EPSS

CVE•added 2018/08/20 7:31 p.m.•384 views

CVE-2018-1000632

dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an attacker tampering with XML documents through XML injection. This attack appear to be exploitable via an attacker specifying attributes or e...

7.5CVSS7.8AI score0.00997EPSS

CVE•added 2019/09/18 11:15 p.m.•230 views

CVE-2019-3740

RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an Information Exposure Through Timing Discrepancy vulnerabilities during DSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover DSA keys.

6.5CVSS7.9AI score0.01239EPSS

CVE•added 2018/04/06 1:29 p.m.•226 views

CVE-2018-1270

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to...

9.8CVSS9.4AI score0.89353EPSS

CVE•added 2019/09/18 11:15 p.m.•221 views

CVE-2019-3738

RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to a Missing Required Cryptographic Step vulnerability. A malicious remote attacker could potentially exploit this vulnerability to coerce two parties into computing the same predictable shared key.

6.5CVSS7.5AI score0.00714EPSS

CVE•added 2019/09/18 11:15 p.m.•219 views

CVE-2019-3739

RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to Information Exposure Through Timing Discrepancy vulnerabilities during ECDSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover ECDSA keys.

6.5CVSS7.9AI score0.01239EPSS

CVE•added 2018/04/06 1:29 p.m.•198 views

CVE-2018-1271

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources (e.g. CSS, JS, images). When static resources are served from a file system on Windows (as opposed to the classpath, or...

5.9CVSS7.2AI score0.90926EPSS

CVE•added 2019/08/30 9:15 a.m.•191 views

CVE-2019-12402

The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get into an infinite loop when faced with specially crafted inputs. This can lead to a denial of service attack if an attacker can choose the file names inside of an archive created by Compress.

7.5CVSS7.1AI score0.00149EPSS

CVE•added 2018/10/18 10:29 p.m.•165 views

CVE-2018-15756

Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annotated controller ...

7.5CVSS7.3AI score0.13593EPSS

CVE•added 2018/04/06 1:29 p.m.•144 views

CVE-2018-1272

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, provide client-side support for multipart requests. When Spring MVC or Spring WebFlux server application (server A) receives input from a remote client, and then uses that input to make a ...

7.5CVSS8.3AI score0.02166EPSS

CVE•added 2019/10/02 2:15 p.m.•136 views

CVE-2019-17091

faces/context/PartialViewContextImpl.java in Eclipse Mojarra, as used in Mojarra for Eclipse EE4J before 2.3.10 and Mojarra JavaServer Faces before 2.2.20, allows Reflected XSS because a client window field is mishandled.

6.1CVSS6.4AI score0.0842EPSS