Oracle

Commerce Platform

32 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.1

CVE-2020-35728

  • EPSS 39.67%
  • Veröffentlicht 27.12.2020 05:15:11
  • Zuletzt bearbeitet 27.08.2025 21:15:36

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.js...

7.5

CVE-2020-25649

  • EPSS 0.01%
  • Veröffentlicht 03.12.2020 17:15:12
  • Zuletzt bearbeitet 21.11.2024 05:18:20

A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.

4.9

CVE-2020-14533

  • EPSS 0.19%
  • Veröffentlicht 15.07.2020 18:15:14
  • Zuletzt bearbeitet 21.11.2024 05:03:28

Vulnerability in the Oracle Commerce Platform product of Oracle Commerce (component: Dynamo Application Framework). Supported versions that are affected are 11.1, 11.2 and prior to 11.3.1. Easily exploitable vulnerability allows high privileged attac...

4.7

CVE-2020-14532

  • EPSS 0.71%
  • Veröffentlicht 15.07.2020 18:15:14
  • Zuletzt bearbeitet 21.11.2024 05:03:28

Vulnerability in the Oracle Commerce Platform product of Oracle Commerce (component: Dynamo Application Framework). Supported versions that are affected are 11.1, 11.2 and prior to 11.3.1. Easily exploitable vulnerability allows unauthenticated attac...

9.8

CVE-2020-2555

Warnung Exploit
  • EPSS 93.16%
  • Veröffentlicht 15.01.2020 17:15:17
  • Zuletzt bearbeitet 14.02.2025 16:47:18

Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Caching,CacheStore,Invocation). Supported versions that are affected are 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows una...

6.1

CVE-2019-10219

  • EPSS 1.67%
  • Veröffentlicht 08.11.2019 15:15:11
  • Zuletzt bearbeitet 07.07.2025 14:15:21

A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.

6.1

CVE-2019-2712

  • EPSS 0.8%
  • Veröffentlicht 23.04.2019 19:32:56
  • Zuletzt bearbeitet 21.11.2024 04:41:24

Vulnerability in the Oracle Commerce Platform component of Oracle Commerce (subcomponent: Dynamo Application Framework). Supported versions that are affected are 11.2.0.3 and 11.3.1. Easily exploitable vulnerability allows unauthenticated attacker wi...

6.1

CVE-2019-2659

  • EPSS 0.8%
  • Veröffentlicht 23.04.2019 19:32:54
  • Zuletzt bearbeitet 21.11.2024 04:41:18

Vulnerability in the Oracle Commerce Platform component of Oracle Commerce (subcomponent: Dynamo Application Framework). The supported version that is affected is 11.2.0.3. Easily exploitable vulnerability allows unauthenticated attacker with network...

4.3

CVE-2017-3296

  • EPSS 0.51%
  • Veröffentlicht 27.01.2017 22:59:04
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Vulnerability in the Oracle Commerce Platform component of Oracle Commerce (subcomponent: Dynamo Application Framework). Supported versions that are affected are 10.0.3.5, 10.2.0.5 and 11.2.0.2. Easily exploitable vulnerability allows unauthenticated...

6.4

CVE-2015-2653

  • EPSS 0.31%
  • Veröffentlicht 16.07.2015 11:00:12
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Unspecified vulnerability in the Oracle Commerce Guided Search / Oracle Commerce Experience Manager component in Oracle Commerce Platform 3.1.1, 3.1.2, 11.0, and 11.1 allows remote attackers to affect confidentiality and integrity via unknown vectors...