Retail Merchandising System Security Vulnerabilities and Issues — Retail Merchandising System CVE List

Lucene search

OracleRetail Merchandising System

7 matches found

CVE•added 2019/08/20 9:15 p.m.•879 views

CVE-2019-10086

In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean.

7.5CVSS7.3AI score0.00262EPSS

CVE•added 2021/09/19 6:15 p.m.•644 views

CVE-2021-40690

All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. This allows an attacker to abuse an XPath Transform to extract any loca...

7.5CVSS7.4AI score0.00325EPSS

In wild

CVE•added 2019/03/21 4:0 p.m.•348 views

CVE-2018-12023

An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Oracle JDBC jar in the classpath, and an attacker can provide an LDAP service to access, it is possible to ma...

7.5CVSS8.4AI score0.049EPSS

CVE•added 2022/01/24 3:15 p.m.•338 views

CVE-2022-23437

There's a vulnerability within the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. This causes, the XercesJ XML parser to wait in an infinite loop, which may sometimes consume system resources for prolonged duration. This vulnerability is present withi...

7.1CVSS6.6AI score0.0009EPSS

CVE•added 2020/10/01 8:15 p.m.•283 views

CVE-2020-11979

As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without said protection, effectively nullifying the effor...

7.5CVSS6.9AI score0.00827EPSS

CVE•added 2021/05/27 3:15 p.m.•250 views

CVE-2021-22118

In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by (re)creating the temporary storage directory, a locally authenticated malicious user can read or modify files that have been uploaded to the WebFl...

7.8CVSS7.5AI score0.00253EPSS

CVE•added 2019/03/21 4:0 p.m.•159 views

CVE-2018-12022

An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Jodd-db jar (for database access for the Jodd framework) in the classpath, and an attacker can provide an LDA...

7.5CVSS8.4AI score0.02934EPSS