Oracle Commerce Guided Search And Experience Manager vulnerabilities

CVE-2021-20190 [HIGH] CWE-502 CVE-2021-20190: A flaw was found in jackson-databind before 2.9.10.7. FasterXML mishandles the interaction between s A flaw was found in jackson-databind before 2.9.10.7. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

CVE-2015-0495 [HIGH] CVE-2015-0495: Unspecified vulnerability in the Oracle Commerce Guided Search / Oracle Commerce Experience Manager Unspecified vulnerability in the Oracle Commerce Guided Search / Oracle Commerce Experience Manager component in Oracle Commerce Platform 3.x and 11.x allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Workbench.