Retail Predictive Application Server@14.1 Security Vulnerabilities and Issues — Retail Predictive Application Server@14.1 CVE List

Lucene search

OracleRetail Predictive Application Server14.1

7 matches found

CVE•added 2020/10/01 8:15 p.m.•270 views

CVE-2020-11979

As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without said protection, effectively nullifying the effor...

7.5CVSS6.9AI score0.00591EPSS

CVE•added 2020/09/19 4:15 a.m.•253 views

CVE-2020-5421

In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter.

8.7CVSS7.2AI score0.59873EPSS

CVE•added 2018/04/06 1:29 p.m.•226 views

CVE-2018-1270

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to...

9.8CVSS9.4AI score0.89353EPSS

CVE•added 2018/04/06 1:29 p.m.•198 views

CVE-2018-1271

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources (e.g. CSS, JS, images). When static resources are served from a file system on Windows (as opposed to the classpath, or...

5.9CVSS7.2AI score0.90926EPSS

CVE•added 2018/04/11 1:29 p.m.•180 views

CVE-2018-1275

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.16 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to...

9.8CVSS9.3AI score0.89353EPSS

CVE•added 2018/04/06 1:29 p.m.•144 views

CVE-2018-1272

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, provide client-side support for multipart requests. When Spring MVC or Spring WebFlux server application (server A) receives input from a remote client, and then uses that input to make a ...

7.5CVSS8.3AI score0.02166EPSS

CVE•added 2018/05/11 8:29 p.m.•104 views

CVE-2018-1257

Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message ...

6.5CVSS7AI score0.0179EPSS