Oracle Retail Order Broker Cloud Service
By the Year
In 2024 there have been 0 vulnerabilities in Oracle Retail Order Broker Cloud Service . Retail Order Broker Cloud Service did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 2 | 4.90 |
| 2019 | 0 | 0.00 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Retail Order Broker Cloud Service vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Oracle Retail Order Broker Cloud Service Security Vulnerabilities
By default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses
CVE-2020-13954
6.1 - Medium
- November 12, 2020
By default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses. This webpage is vulnerable to a reflected Cross-Site Scripting (XSS) attack via the styleSheetPath, which allows a malicious actor to inject javascript into the web page. This vulnerability affects all versions of Apache CXF prior to 3.4.1 and 3.3.8. Please note that this is a separate issue to CVE-2019-17573.
XSS
Improper validation of certificate with host mismatch in Apache Log4j SMTP appender
CVE-2020-9488
3.7 - Low
- April 27, 2020
Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. Fixed in Apache Log4j 2.12.3 and 2.13.1
Improper Certificate Validation
The MethodClosure class in runtime/MethodClosure.java in Apache Groovy 1.7.0 through 2.4.3
CVE-2015-3253
9.8 - Critical
- August 13, 2015
The MethodClosure class in runtime/MethodClosure.java in Apache Groovy 1.7.0 through 2.4.3 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted serialized object.
Injection
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Oracle Webcenter Sites or by Oracle? Click the Watch button to subscribe.
