Oracle Retail Back Office vulnerabilities
22 known vulnerabilities affecting oracle/retail_back_office.
Total CVEs
22
CISA KEV
1
actively exploited
Public exploits
4
Exploited in wild
3
Severity breakdown
CRITICAL3HIGH7MEDIUM12
Vulnerabilities
Page 2 of 2
CVE-2017-10423MEDIUMCVSS 5.4v13.2v13.3+3 more2017-10-19
CVE-2017-10423 [MEDIUM] CVE-2017-10423: Vulnerability in the Oracle Retail Back Office component of Oracle Retail Applications (subcomponent
Vulnerability in the Oracle Retail Back Office component of Oracle Retail Applications (subcomponent: Security). Supported versions that are affected are 13.2, 13.3, 13.4, 14.0 and 14.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Retail Back Office. Successful attacks require human inter
nvd
CVE-2017-12617HIGHCVSS 8.1KEVPoCv14.0.4v14.1.32017-10-04
CVE-2017-12617 [HIGH] CWE-434 CVE-2017-12617: When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.
When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default servlet to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code
nvd
← Previous2 / 2