Retail Order Broker Cloud Service Oracle Retail Order Broker Cloud Service

Do you want an email whenever new security vulnerabilities are reported in Oracle Retail Order Broker Cloud Service?

By the Year

In 2022 there have been 0 vulnerabilities in Oracle Retail Order Broker Cloud Service . Retail Order Broker Cloud Service did not have any published security vulnerabilities last year.

Year Vulnerabilities Average Score
2022 0 0.00
2021 0 0.00
2020 2 4.90
2019 0 0.00
2018 0 0.00

It may take a day or so for new Retail Order Broker Cloud Service vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Oracle Retail Order Broker Cloud Service Security Vulnerabilities

By default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses

CVE-2020-13954 6.1 - Medium - November 12, 2020

By default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses. This webpage is vulnerable to a reflected Cross-Site Scripting (XSS) attack via the styleSheetPath, which allows a malicious actor to inject javascript into the web page. This vulnerability affects all versions of Apache CXF prior to 3.4.1 and 3.3.8. Please note that this is a separate issue to CVE-2019-17573.

XSS

Improper validation of certificate with host mismatch in Apache Log4j SMTP appender

CVE-2020-9488 3.7 - Low - April 27, 2020

Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. Fixed in Apache Log4j 2.12.3 and 2.13.1

Improper Certificate Validation

The MethodClosure class in runtime/MethodClosure.java in Apache Groovy 1.7.0 through 2.4.3

CVE-2015-3253 9.8 - Critical - August 13, 2015

The MethodClosure class in runtime/MethodClosure.java in Apache Groovy 1.7.0 through 2.4.3 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted serialized object.

Injection

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Oracle Webcenter Sites or by Oracle? Click the Watch button to subscribe.

Oracle
Vendor

subscribe