Oracle Retail Workforce Management Software vulnerabilities

6 known vulnerabilities affecting oracle/retail_workforce_management_software.

Total CVEs
6
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL5MEDIUM1

Vulnerabilities

Page 1 of 1
CVE-2018-14718CRITICALCVSS 9.8v1.60.9.0.02019-01-02
CVE-2018-14718 [CRITICAL] CWE-502 CVE-2018-14718: FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code b FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization.
nvd
CVE-2018-14719CRITICALCVSS 9.8v1.60.9.0.02019-01-02
CVE-2018-14719 [CRITICAL] CWE-502 CVE-2018-14719: FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code b FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the blaze-ds-opt and blaze-ds-core classes from polymorphic deserialization.
nvd
CVE-2018-19360CRITICALCVSS 9.8v1.60.9.0.02019-01-02
CVE-2018-19360 [CRITICAL] CWE-502 CVE-2018-19360: FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leve FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the axis2-transport-jms class from polymorphic deserialization.
nvd
CVE-2018-19361CRITICALCVSS 9.8v1.60.9.0.02019-01-02
CVE-2018-19361 [CRITICAL] CWE-502 CVE-2018-19361: FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leve FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the openjpa class from polymorphic deserialization.
nvd
CVE-2018-19362CRITICALCVSS 9.8v1.60.9.0.02019-01-02
CVE-2018-19362 [CRITICAL] CWE-502 CVE-2018-19362: FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leve FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the jboss-common-core class from polymorphic deserialization.
nvd
CVE-2015-9251MEDIUMCVSS 6.1v1.60.9v1.64.02018-01-18
CVE-2015-9251 [MEDIUM] CWE-79 CVE-2015-9251: jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax req jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
nvd