Oracle Commerce Platform vulnerabilities

CVE-2020-35728 [HIGH] CWE-502 CVE-2020-35728: FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadg FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).

CVE-2020-25649 [HIGH] CWE-611 CVE-2020-25649: A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured prope A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.

CVE-2020-14532 [MEDIUM] CVE-2020-14532: Vulnerability in the Oracle Commerce Platform product of Oracle Commerce (component: Dynamo Applicat Vulnerability in the Oracle Commerce Platform product of Oracle Commerce (component: Dynamo Application Framework). Supported versions that are affected are 11.1, 11.2 and prior to 11.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Platform. Successful attacks require human int

CVE-2020-14533 [LOW] CVE-2020-14533: Vulnerability in the Oracle Commerce Platform product of Oracle Commerce (component: Dynamo Applicat Vulnerability in the Oracle Commerce Platform product of Oracle Commerce (component: Dynamo Application Framework). Supported versions that are affected are 11.1, 11.2 and prior to 11.3.1. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Commerce Platform. Successful attacks require human intera

CVE-2020-2555 [CRITICAL] CWE-502 CVE-2020-2555: Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Caching,CacheS Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Caching,CacheStore,Invocation). Supported versions that are affected are 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle Coherence. Successful attacks o

CVE-2019-10219 [MEDIUM] CWE-79 CVE-2019-10219: A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properl A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.

CVE-2019-2712 [MEDIUM] CVE-2019-2712: Vulnerability in the Oracle Commerce Platform component of Oracle Commerce (subcomponent: Dynamo App Vulnerability in the Oracle Commerce Platform component of Oracle Commerce (subcomponent: Dynamo Application Framework). Supported versions that are affected are 11.2.0.3 and 11.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Platform. Successful attacks require human interaction

CVE-2019-2659 [MEDIUM] CVE-2019-2659: Vulnerability in the Oracle Commerce Platform component of Oracle Commerce (subcomponent: Dynamo App Vulnerability in the Oracle Commerce Platform component of Oracle Commerce (subcomponent: Dynamo Application Framework). The supported version that is affected is 11.2.0.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Platform. Successful attacks require human interaction from a pe

CVE-2017-3296 [MEDIUM] CWE-200 CVE-2017-3296: Vulnerability in the Oracle Commerce Platform component of Oracle Commerce (subcomponent: Dynamo App Vulnerability in the Oracle Commerce Platform component of Oracle Commerce (subcomponent: Dynamo Application Framework). Supported versions that are affected are 10.0.3.5, 10.2.0.5 and 11.2.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Platform. Successful attacks requi

CVE-2015-2607 [MEDIUM] CVE-2015-2607: Unspecified vulnerability in the Oracle Commerce Guided Search / Oracle Commerce Experience Manager Unspecified vulnerability in the Oracle Commerce Guided Search / Oracle Commerce Experience Manager component in Oracle Commerce Platform 3.0.2, 3.1.1, 3.1.2, 11.0, and 11.1 allows remote attackers to affect confidentiality via unknown vectors related to Content Acquisition System.

CVE-2015-2653 [MEDIUM] CVE-2015-2653: Unspecified vulnerability in the Oracle Commerce Guided Search / Oracle Commerce Experience Manager Unspecified vulnerability in the Oracle Commerce Guided Search / Oracle Commerce Experience Manager component in Oracle Commerce Platform 3.1.1, 3.1.2, 11.0, and 11.1 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Content Acquisition System.

CVE-2015-0510 [MEDIUM] CVE-2015-0510: Unspecified vulnerability in the Oracle Commerce Platform component in Oracle Commerce Platform 9.4, Unspecified vulnerability in the Oracle Commerce Platform component in Oracle Commerce Platform 9.4, 10.0, and 10.2 allows remote attackers to affect integrity via vectors related to Dynamo Application Framework - HTML Admin User Interface.