Home/Product/oracle retail integration bus
Product

oracle retail integration bus

39 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2022-22965
all versions
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. Th
9.8CRITICAL
 CVE-2022-23437
all versions
There's a vulnerability within the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads.
6.5MEDIUM
 CVE-2021-45105
>= 16.0.1 and <= 16.0.3
Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from sel
5.9MEDIUM
 CVE-2021-40690
all versions
All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the "secureVali
7.5HIGH
 CVE-2021-2351
all versions
Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1
8.3HIGH
 CVE-2021-36374
all versions
When reading a specially crafted ZIP archive, or a derived formats, an Apache Ant build can be made to allocate large amounts of m
5.5MEDIUM
 CVE-2021-36373
all versions
When reading a specially crafted TAR archive an Apache Ant build can be made to allocate large amounts of memory that finally lead
5.5MEDIUM
 CVE-2021-22118
all versions
In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a pr
7.8HIGH
 CVE-2021-29425
>= 16.0.1 and <= 16.0.3
In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo",
4.8MEDIUM
 CVE-2020-13936
all versions
An attacker that is able to modify Velocity templates may execute arbitrary Java code or run arbitrary system commands with the sa
8.8HIGH
 CVE-2019-17566
all versions
Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the "xlink:href" attributes. By
7.5HIGH
 CVE-2020-11979
all versions
As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current u
7.5HIGH
 CVE-2020-5421
all versions
In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the pr
6.5MEDIUM
 CVE-2020-1945
all versions
Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.
6.3MEDIUM
 CVE-2020-10683
all versions
dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. H
9.8CRITICAL
 CVE-2020-9488
all versions
Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be in
3.7LOW
 CVE-2020-5397
all versions
Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring
5.3MEDIUM
 CVE-2020-5398
all versions
In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an applica
7.5HIGH
 CVE-2019-10219
>= 16.0.1 and <= 16.0.3
A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting
6.1MEDIUM
 CVE-2019-17091
all versions
faces/context/PartialViewContextImpl.java in Eclipse Mojarra, as used in Mojarra for Eclipse EE4J before 2.3.10 and Mojarra JavaSe
6.1MEDIUM
 CVE-2019-3740
all versions
RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an Information Exposure Through Timing Discrepancy vulnerabilities du
6.5MEDIUM
 CVE-2019-3739
all versions
RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to Information Exposure Through Timing Discrepancy vulnerabilities durin
6.5MEDIUM
 CVE-2019-3738
all versions
RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to a Missing Required Cryptographic Step vulnerability. A malicious remo
6.5MEDIUM
 CVE-2019-12402
all versions
The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get into an infinite loop when faced
7.5HIGH
 CVE-2019-13990
all versions
initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a jo
9.8CRITICAL
 CVE-2018-15756
all versions
Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on t
7.5HIGH
 CVE-2018-1000632
all versions
dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAtt
7.5HIGH
 CVE-2018-11039
all versions
Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applica
5.9MEDIUM
 CVE-2018-8013
all versions
In Apache Batik 1.x before 1.10, when deserializing subclass of AbstractDocument, the class takes a string from the inputStream
9.8CRITICAL
 CVE-2018-1258
all versions
Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when
8.8HIGH
 CVE-2018-10237
all versions
Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service a
5.9MEDIUM
 CVE-2018-2876
all versions
Vulnerability in the Oracle Retail Integration Bus component of Oracle Retail Applications (subcomponent: RIB Kernal(Apache Common
7.1HIGH
 CVE-2018-1272
all versions
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, provide client-side
7.5HIGH
 CVE-2018-1271
all versions
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications
5.9MEDIUM
 CVE-2018-1270
all versions
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications
9.8CRITICAL
 CVE-2017-5645
all versions
In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from anot
9.8CRITICAL
 CVE-2016-5476
all versions
Unspecified vulnerability in the Oracle Retail Integration Bus component in Oracle Retail Applications 13.0, 13.1, 13.2, 14.0, 14.
7.6HIGH
 CVE-2016-3444
all versions
Unspecified vulnerability in the Oracle Retail Integration Bus component in Oracle Retail Applications 13.0, 13.1, 13.2, 14.0, 14.
9.8CRITICAL
 CVE-2016-0635
all versions
Unspecified vulnerability in the Enterprise Manager Ops Center component in Oracle Enterprise Manager Grid Control 12.1.4, 12.2.2,
8.8HIGH
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin