Oracle Retail Service Backbone vulnerabilities
45 known vulnerabilities affecting oracle/retail_service_backbone.
Total CVEs
45
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL4HIGH28MEDIUM13
Vulnerabilities
Page 3 of 3
CVE-2018-11040HIGHCVSS 7.5v16.0.12018-06-25
CVE-2018-11040 [HIGH] CWE-829 CVE-2018-11040: Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3.18 and older unsupported vers
Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3.18 and older unsupported versions, allows web applications to enable cross-domain requests via JSONP (JSON with Padding) through AbstractJsonpResponseBodyAdvice for REST controllers and MappingJackson2JsonView for browser requests. Both are not enabled by default in Spring Framewor
nvd
CVE-2017-5645CRITICALCVSS 9.8PoCv14.1v15.0+1 more2017-04-17
CVE-2017-5645 [CRITICAL] CWE-502 CVE-2017-5645: In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive s
In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.
nvd
CVE-2016-5475HIGHCVSS 7.6v14.0v14.1+1 more2016-07-21
CVE-2016-5475 [HIGH] CVE-2016-5475: Unspecified vulnerability in the Oracle Retail Service Backbone component in Oracle Retail Applicati
Unspecified vulnerability in the Oracle Retail Service Backbone component in Oracle Retail Applications 14.0, 14.1, and 15.0 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to Install.
nvd
CVE-2016-5474HIGHCVSS 8.8v14.0v14.1+1 more2016-07-21
CVE-2016-5474 [HIGH] CVE-2016-5474: Unspecified vulnerability in the Oracle Retail Service Backbone component in Oracle Retail Applicati
Unspecified vulnerability in the Oracle Retail Service Backbone component in Oracle Retail Applications 14.0, 14.1, and 15.0 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to RSB Kernel.
nvd
CVE-2015-3253CRITICALCVSS 9.8v13.0v13.1+4 more2015-08-13
CVE-2015-3253 [CRITICAL] CWE-74 CVE-2015-3253: The MethodClosure class in runtime/MethodClosure.java in Apache Groovy 1.7.0 through 2.4.3 allows re
The MethodClosure class in runtime/MethodClosure.java in Apache Groovy 1.7.0 through 2.4.3 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted serialized object.
nvd
← Previous3 / 3