Oracle ≫ Retail Order Broker Cloud Service

By default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses. This webpage is vulnerable to a reflected Cross-Site Scripting (XSS) attack via the styleSheetPath, which allows a malicious actor to ...

Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. Fixed in Apache Lo...

Unspecified vulnerability in the Oracle Retail Order Broker component in Oracle Retail Applications 15.0 allows remote attackers to affect confidentiality and integrity via vectors related to System Administration.

Unspecified vulnerability in the Enterprise Manager Ops Center component in Oracle Enterprise Manager Grid Control 12.1.4, 12.2.2, and 12.3.2; the Oracle Health Sciences Information Manager component in Oracle Health Sciences Applications 1.2.8.3, 2....

Unspecified vulnerability in the Oracle Retail Order Broker Cloud Service component in Oracle Retail Applications 4.0 and 4.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to System Adminis...

The MethodClosure class in runtime/MethodClosure.java in Apache Groovy 1.7.0 through 2.4.3 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted serialized object.