Oracle

Retail Service Backbone

45 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2020-25649

  • EPSS 0.01%
  • Veröffentlicht 03.12.2020 17:15:12
  • Zuletzt bearbeitet 21.11.2024 05:18:20

A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.

7.5

CVE-2020-11979

  • EPSS 0.61%
  • Veröffentlicht 01.10.2020 20:15:13
  • Zuletzt bearbeitet 21.11.2024 04:59:02

As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without ...

6.5

CVE-2020-5421

  • EPSS 63.83%
  • Veröffentlicht 19.09.2020 04:15:11
  • Zuletzt bearbeitet 21.11.2024 05:34:08

In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jses...

6.3

CVE-2020-1945

  • EPSS 0.02%
  • Veröffentlicht 14.05.2020 16:15:12
  • Zuletzt bearbeitet 21.11.2024 05:11:42

Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files fr...

8.8

CVE-2020-11113

  • EPSS 60.71%
  • Veröffentlicht 31.03.2020 05:15:13
  • Zuletzt bearbeitet 21.11.2024 04:56:49

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).

8.8

CVE-2020-11112

  • EPSS 11.42%
  • Veröffentlicht 31.03.2020 05:15:13
  • Zuletzt bearbeitet 21.11.2024 04:56:49

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).

8.8

CVE-2020-10969

  • EPSS 1.4%
  • Veröffentlicht 26.03.2020 13:15:13
  • Zuletzt bearbeitet 21.11.2024 04:56:28

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.

8.8

CVE-2020-10968

  • EPSS 6.63%
  • Veröffentlicht 26.03.2020 13:15:12
  • Zuletzt bearbeitet 21.11.2024 04:56:28

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).

8.8

CVE-2020-10673

  • EPSS 20.47%
  • Veröffentlicht 18.03.2020 22:15:12
  • Zuletzt bearbeitet 21.11.2024 04:55:49

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).

8.8

CVE-2020-10672

  • EPSS 40.07%
  • Veröffentlicht 18.03.2020 22:15:12
  • Zuletzt bearbeitet 21.11.2024 04:55:49

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).