Oracle

Commerce Platform

32 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2025-21576

  • EPSS 0.01%
  • Published 15.04.2025 20:30:53
  • Last modified 17.04.2025 21:35:12

Vulnerability in the Oracle Commerce Platform product of Oracle Commerce (component: Dynamo Personalization Server). Supported versions that are affected are 11.3.0, 11.3.1 and 11.3.2. Easily exploitable vulnerability allows low privileged attacker...

4

CVE-2024-21100

  • EPSS 0.26%
  • Published 16.04.2024 22:15:30
  • Last modified 06.12.2024 21:24:25

Vulnerability in the Oracle Commerce Platform product of Oracle Commerce (component: Platform). Supported versions that are affected are 11.3.0, 11.3.1 and 11.3.2. Difficult to exploit vulnerability allows unauthenticated attacker with network acce...

5.5

CVE-2022-21559

  • EPSS 0.09%
  • Published 19.07.2022 22:15:12
  • Last modified 21.11.2024 06:44:57

Vulnerability in the Oracle Commerce Platform product of Oracle Commerce (component: Dynamo Application Framework). Supported versions that are affected are 11.3.0, 11.3.1 and 11.3.2. Easily exploitable vulnerability allows low privileged attacker wi...

9.8

CVE-2022-22965

Warning Exploit
  • EPSS 94.44%
  • Published 01.04.2022 23:15:13
  • Last modified 10.04.2025 16:56:46

A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Sp...

7.5

CVE-2020-36518

Exploit
  • EPSS 0.6%
  • Published 11.03.2022 07:15:07
  • Last modified 27.08.2025 21:15:36

jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.

5

CVE-2022-21387

  • EPSS 0.77%
  • Published 19.01.2022 12:15:16
  • Last modified 21.11.2024 06:44:35

Vulnerability in the Oracle Commerce Platform product of Oracle Commerce (component: Dynamo Application Framework). Supported versions that are affected are 11.3.0, 11.3.1 and 11.3.2. Easily exploitable vulnerability allows unauthenticated attacker w...

7.5

CVE-2021-40690

  • EPSS 0.33%
  • Published 19.09.2021 18:15:07
  • Last modified 21.11.2024 06:24:34

All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. This allows an attacke...

5.1

CVE-2021-2351

Exploit
  • EPSS 3.54%
  • Published 21.07.2021 15:15:21
  • Last modified 21.11.2024 06:02:56

Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracl...

7.5

CVE-2021-2463

  • EPSS 1.91%
  • Published 21.07.2021 00:15:17
  • Last modified 21.11.2024 06:03:10

Vulnerability in the Oracle Commerce Platform product of Oracle Commerce (component: Dynamo Application Framework). Supported versions that are affected are 11.0.0, 11.1.0, 11.2.0 and 11.3.0-11.3.2. Easily exploitable vulnerability allows unauthentic...

8.1

CVE-2020-36183

Exploit
  • EPSS 2.72%
  • Published 07.01.2021 00:15:15
  • Last modified 21.11.2024 05:28:55

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.