Oracle Retail Order Broker Cloud Service vulnerabilities

6 known vulnerabilities affecting oracle/retail_order_broker_cloud_service.

Total CVEs
6
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH2MEDIUM2LOW1

Vulnerabilities

Page 1 of 1
CVE-2020-13954MEDIUMCVSS 6.1v15.02020-11-12
CVE-2020-13954 [MEDIUM] CVE-2020-13954: By default, Apache CXF creates a /services page containing a listing of the available endpoint names By default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses. This webpage is vulnerable to a reflected Cross-Site Scripting (XSS) attack via the styleSheetPath, which allows a malicious actor to inject javascript into the web page. This vulnerability affects all versions of Apache CXF prior to 3.4.1 and
nvd
CVE-2020-9488LOWCVSS 3.7v16.0v18.0+4 more2020-04-27
CVE-2020-9488 [LOW] CWE-295 CVE-2020-9488: Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allo Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. Fixed in Apache Log4j 2.12.3 and 2.13.1
nvd
CVE-2016-0635HIGHCVSS 8.8v5.1v5.2+1 more2016-07-21
CVE-2016-0635 [HIGH] CVE-2016-0635: Unspecified vulnerability in the Enterprise Manager Ops Center component in Oracle Enterprise Manage Unspecified vulnerability in the Enterprise Manager Ops Center component in Oracle Enterprise Manager Grid Control 12.1.4, 12.2.2, and 12.3.2; the Oracle Health Sciences Information Manager component in Oracle Health Sciences Applications 1.2.8.3, 2.0.2.3, and 3.0.1.0; the Oracle Healthcare Master Person Index component in Oracle Health Sciences Applications 2.
nvd
CVE-2016-3611MEDIUMCVSS 5.4v15.02016-07-21
CVE-2016-3611 [MEDIUM] CVE-2016-3611: Unspecified vulnerability in the Oracle Retail Order Broker component in Oracle Retail Applications Unspecified vulnerability in the Oracle Retail Order Broker component in Oracle Retail Applications 15.0 allows remote attackers to affect confidentiality and integrity via vectors related to System Administration.
nvd
CVE-2016-0500HIGHCVSS 7.5v4.0v4.12016-01-21
CVE-2016-0500 [HIGH] CVE-2016-0500: Unspecified vulnerability in the Oracle Retail Order Broker Cloud Service component in Oracle Retail Unspecified vulnerability in the Oracle Retail Order Broker Cloud Service component in Oracle Retail Applications 4.0 and 4.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to System Administration.
nvd
CVE-2015-3253CRITICALCVSS 9.8v4.1v5.1+2 more2015-08-13
CVE-2015-3253 [CRITICAL] CWE-74 CVE-2015-3253: The MethodClosure class in runtime/MethodClosure.java in Apache Groovy 1.7.0 through 2.4.3 allows re The MethodClosure class in runtime/MethodClosure.java in Apache Groovy 1.7.0 through 2.4.3 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted serialized object.
nvd