Retail_integration_bus - Vulncode-DB

Note:

This project will be discontinued after December 13, 2021. [more]

Product:
Retail_integration_bus
(Oracle)

Repositories	https://github.com/dom4j/dom4j
#Vulnerabilities	40

Date	Id	Summary	Products	Score	Patch	Annotated
2022-04-01	CVE-2022-22965	A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.	Cx_cloud_agent, Commerce_platform, Communications_cloud_native_core_automated_test_suite, Communications_cloud_native_core_binding_support_function, Communications_cloud_native_core_console, Communications_cloud_native_core_network_exposure_function, Communications_cloud_native_core_network_function_cloud_native_environment, Communications_cloud_native_core_network_repository_function, Communications_cloud_native_core_network_slice_selection_function, Communications_cloud_native_core_policy, Communications_cloud_native_core_security_edge_protection_proxy, Communications_cloud_native_core_unified_data_repository, Communications_policy_management, Communications_unified_inventory_management, Financial_services_analytical_applications_infrastructure, Financial_services_behavior_detection_platform, Financial_services_enterprise_case_management, Mysql_enterprise_monitor, Product_lifecycle_analytics, Retail_bulk_data_integration, Retail_customer_management_and_segmentation_foundation, Retail_financial_integration, Retail_integration_bus, Retail_merchandising_system, Retail_xstore_point_of_service, Sd\-Wan_edge, Weblogic_server, Operation_scheduler, Simatic_speech_assistant_for_machines, Sinec_network_management_system, Sipass_integrated, Siveillance_identity, Access_appliance, Flex_appliance, Netbackup_appliance, Netbackup_flex_scale_appliance, Netbackup_virtual_appliance, Spring_framework	9.8
2020-01-17	CVE-2020-5398	In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is vulnerable to a reflected file download (RFD) attack when it sets a "Content-Disposition" header in the response where the filename attribute is derived from user supplied input.	Data_availability_services, Snapcenter, Application_testing_suite, Communications_billing_and_revenue_management_elastic_charging_engine, Communications_cloud_native_core_policy, Communications_diameter_signaling_router, Communications_element_manager, Communications_policy_management, Communications_session_report_manager, Communications_session_route_manager, Enterprise_manager_base_platform, Financial_services_regulatory_reporting_with_agilereporter, Flexcube_private_banking, Healthcare_master_person_index, Insurance_calculation_engine, Insurance_policy_administration_j2ee, Insurance_rules_palette, Mysql, Rapid_planning, Retail_assortment_planning, Retail_back_office, Retail_bulk_data_integration, Retail_central_office, Retail_financial_integration, Retail_integration_bus, Retail_order_broker, Retail_point\-Of\-Service, Retail_predictive_application_server, Retail_returns_management, Retail_service_backbone, Siebel_engineering_\-_installer_\&_deployment, Weblogic_server, Spring_framework	7.5
2020-01-17	CVE-2020-5397	Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring MVC (spring-webmvc module) or Spring WebFlux (spring-webflux module) endpoints. Only non-authenticated endpoints are vulnerable because preflight requests should not include credentials and therefore requests should fail authentication. However a notable exception to this are Chrome based browsers when using client certificates for authentication since Chrome...	Application_testing_suite, Communications_brm_\-_elastic_charging_engine, Communications_diameter_signaling_router, Communications_element_manager, Communications_policy_management, Communications_session_route_manager, Enterprise_manager_base_platform, Financial_services_regulatory_reporting_with_agilereporter, Flexcube_private_banking, Healthcare_master_person_index, Insurance_calculation_engine, Insurance_policy_administration_j2ee, Insurance_rules_palette, Mysql_enterprise_monitor, Rapid_planning, Retail_assortment_planning, Retail_back_office, Retail_central_office, Retail_financial_integration, Retail_integration_bus, Retail_order_broker, Retail_point\-Of\-Service, Retail_predictive_application_server, Retail_returns_management, Retail_service_backbone, Weblogic_server, Spring_framework	5.3
2020-04-27	CVE-2020-9488	Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. Fixed in Apache Log4j 2.12.3 and 2.13.1	Log4j, Debian_linux, Communications_application_session_controller, Communications_billing_and_revenue_management, Communications_eagle_ftp_table_base_retrieval, Communications_offline_mediation_controller, Communications_services_gatekeeper, Communications_unified_inventory_management, Data_integrator, Enterprise_manager_for_peoplesoft, Financial_services_analytical_applications_infrastructure, Financial_services_institutional_performance_analytics, Financial_services_market_risk_measurement_and_management, Financial_services_price_creation_and_discovery, Financial_services_retail_customer_analytics, Flexcube_core_banking, Flexcube_private_banking, Health_sciences_information_manager, Insurance_insbridge_rating_and_underwriting, Insurance_policy_administration_j2ee, Insurance_rules_palette, Jd_edwards_world_security, Oracle_goldengate_application_adapters, Peoplesoft_enterprise_peopletools, Policy_automation, Policy_automation_connector_for_siebel, Policy_automation_for_mobile_devices, Primavera_unifier, Retail_advanced_inventory_planning, Retail_assortment_planning, Retail_bulk_data_integration, Retail_customer_management_and_segmentation_foundation, Retail_eftlink, Retail_insights_cloud_service_suite, Retail_integration_bus, Retail_order_broker_cloud_service, Retail_predictive_application_server, Retail_xstore_point_of_service, Siebel_apps_\-_marketing, Siebel_ui_framework, Spatial_and_graph, Storagetek_acsls, Storagetek_tape_analytics_sw_tool, Utilities_framework, Weblogic_server, Reload4j	3.7
2020-05-14	CVE-2020-1945	Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build tree allowing an attacker to inject modified source files into the build process.	Ant, Ubuntu_linux, Fedora, Leap, Agile_engineering_data_management, Banking_enterprise_collections, Banking_liquidity_management, Banking_platform, Business_process_management_suite, Category_management_planning_\&_optimization, Communications_asap, Communications_diameter_signaling_router, Communications_metasolv_solution, Communications_order_and_service_management, Data_integrator, Endeca_information_discovery_studio, Enterprise_manager_ops_center, Enterprise_repository, Financial_services_analytical_applications_infrastructure, Flexcube_investor_servicing, Flexcube_private_banking, Health_sciences_information_manager, Primavera_gateway, Primavera_unifier, Rapid_planning, Real\-Time_decision_server, Retail_advanced_inventory_planning, Retail_assortment_planning, Retail_back_office, Retail_bulk_data_integration, Retail_central_office, Retail_data_extractor_for_merchandising, Retail_extract_transform_and_load, Retail_financial_integration, Retail_integration_bus, Retail_item_planning, Retail_macro_space_optimization, Retail_merchandise_financial_planning, Retail_merchandising_system, Retail_point\-Of\-Service, Retail_predictive_application_server, Retail_regular_price_optimization, Retail_replenishment_optimization, Retail_returns_management, Retail_service_backbone, Retail_size_profile_optimization, Retail_store_inventory_management, Retail_xstore_point_of_service, Timesten_in\-Memory_database, Utilities_framework	6.3
2020-09-19	CVE-2020-5421	In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter.	Oncommand_insight, Snap_creator_framework, Snapcenter, Commerce_guided_search, Communications_brm, Communications_design_studio, Communications_session_report_manager, Communications_unified_inventory_management, Endeca_information_discovery_integrator, Enterprise_data_quality, Financial_services_analytical_applications_infrastructure, Flexcube_private_banking, Fusion_middleware, Goldengate_application_adapters, Healthcare_master_person_index, Hyperion_infrastructure_technology, Insurance_policy_administration, Insurance_rules_palette, Mysql_enterprise_monitor, Primavera_gateway, Primavera_p6_enterprise_project_portfolio_management, Retail_assortment_planning, Retail_bulk_data_integration, Retail_customer_engagement, Retail_customer_management_and_segmentation_foundation, Retail_financial_integration, Retail_integration_bus, Retail_invoice_matching, Retail_merchandising_system, Retail_order_broker, Retail_predictive_application_server, Retail_returns_management, Retail_service_backbone, Retail_xstore_point_of_service, Storagetek_acsls, Storagetek_tape_analytics_sw_tool, Weblogic_server, Spring_framework	6.5
2021-03-10	CVE-2020-13936	An attacker that is able to modify Velocity templates may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. This applies to applications that allow untrusted users to upload/modify velocity templates running Apache Velocity Engine versions up to 2.2.	Velocity_engine, Wss4j, Debian_linux, Banking_deposits_and_lines_of_credit_servicing, Banking_enterprise_default_management, Banking_loans_servicing, Banking_party_management, Banking_platform, Communications_cloud_native_core_policy, Communications_network_integrity, Hospitality_token_proxy_service, Retail_integration_bus, Retail_order_broker, Retail_service_backbone, Retail_xstore_office_cloud_service, Utilities_testing_accelerator	8.8
2021-04-13	CVE-2021-29425	In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus "limited" path traversal), if the calling code would use the result to construct a path value.	Commons_io, Debian_linux, Active_iq_unified_manager, Access_manager, Agile_engineering_data_management, Agile_plm, Application_performance_management, Application_testing_suite, Banking_apis, Banking_digital_experience, Banking_enterprise_default_management, Banking_enterprise_default_managment, Banking_party_management, Banking_platform, Blockchain_platform, Commerce_guided_search, Communications_application_session_controller, Communications_billing_and_revenue_management_elastic_charging_engine, Communications_cloud_native_core_network_repository_function, Communications_cloud_native_core_policy, Communications_cloud_native_core_unified_data_repository, Communications_contacts_server, Communications_converged_application_server_\-_service_controller, Communications_convergence, Communications_design_studio, Communications_diameter_intelligence_hub, Communications_interactive_session_recorder, Communications_offline_mediation_controller, Communications_order_and_service_management, Communications_policy_management, Communications_pricing_design_center, Communications_service_broker, Enterprise_communications_broker, Enterprise_session_border_controller, Financial_services_analytical_applications_infrastructure, Financial_services_model_management_and_governance, Flexcube_core_banking, Fusion_middleware_mapviewer, Health_sciences_data_management_workbench, Health_sciences_information_manager, Healthcare_data_repository, Helidon, Insurance_policy_administration, Insurance_rules_palette, Oss_support_tools, Primavera_unifier, Real_user_experience_insight, Rest_data_services, Retail_assortment_planning, Retail_integration_bus, Retail_merchandising_system, Retail_order_broker, Retail_pricing, Retail_service_backbone, Retail_size_profile_optimization, Retail_xstore_point_of_service, Solaris_cluster, Utilities_testing_accelerator, Webcenter_portal, Weblogic_server	4.8
2021-05-27	CVE-2021-22118	In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by (re)creating the temporary storage directory, a locally authenticated malicious user can read or modify files that have been uploaded to the WebFlux application, or overwrite arbitrary files with multipart request data.	Hci, Management_services_for_element_software, Commerce_guided_search, Communications_brm_\-_elastic_charging_engine, Communications_cloud_native_core_binding_support_function, Communications_cloud_native_core_policy, Communications_cloud_native_core_security_edge_protection_proxy, Communications_cloud_native_core_service_communication_proxy, Communications_cloud_native_core_unified_data_repository, Communications_diameter_intelligence_hub, Communications_element_manager, Communications_interactive_session_recorder, Communications_network_integrity, Communications_session_report_manager, Communications_session_route_manager, Communications_unified_inventory_management, Documaker, Enterprise_data_quality, Financial_services_analytical_applications_infrastructure, Healthcare_data_repository, Insurance_policy_administration, Insurance_rules_palette, Mysql_enterprise_monitor, Retail_assortment_planning, Retail_customer_management_and_segmentation_foundation, Retail_financial_integration, Retail_integration_bus, Retail_merchandising_system, Retail_order_broker, Retail_predictive_application_server, Utilities_testing_accelerator, Spring_framework	7.8
2021-07-14	CVE-2021-36373	When reading a specially crafted TAR archive an Apache Ant build can be made to allocate large amounts of memory that finally leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Apache Ant prior to 1.9.16 and 1.10.11 were affected.	Ant, Agile_plm, Banking_trade_finance, Banking_treasury_management, Communications_cloud_native_core_automated_test_suite, Communications_cloud_native_core_binding_support_function, Communications_order_and_service_management, Communications_unified_inventory_management, Enterprise_repository, Financial_services_analytical_applications_infrastructure, Insurance_policy_administration, Primavera_gateway, Primavera_unifier, Real\-Time_decision_server, Retail_advanced_inventory_planning, Retail_back_office, Retail_bulk_data_integration, Retail_central_office, Retail_eftlink, Retail_extract_transform_and_load, Retail_financial_integration, Retail_integration_bus, Retail_invoice_matching, Retail_merchandising_system, Retail_point\-Of\-Service, Retail_predictive_application_server, Retail_service_backbone, Retail_store_inventory_management, Retail_xstore_point_of_service, Timesten_in\-Memory_database, Utilities_framework, Utilities_testing_accelerator	5.5