CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2020-14533
https://notcve.org/view.php?id=CVE-2020-14533
15 Jul 2020 — Vulnerability in the Oracle Commerce Platform product of Oracle Commerce (component: Dynamo Application Framework). Supported versions that are affected are 11.1, 11.2 and prior to 11.3.1. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Commerce Platform. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to so... • https://www.oracle.com/security-alerts/cpujul2020.html •
CVSS: 9.8EPSS: 93%CPEs: 21EXPL: 14CVE-2020-2555 – Oracle Multiple Products Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-2555
15 Jan 2020 — Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Caching,CacheStore,Invocation). Supported versions that are affected are 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle Coherence. Successful attacks of this vulnerability can result in takeover of Oracle Coherence. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). • https://packetstorm.news/files/id/157207 • CWE-502: Deserialization of Untrusted Data •
CVSS: 6.5EPSS: 1%CPEs: 429EXPL: 0CVE-2019-10219 – hibernate-validator: safeHTML validator allows XSS
https://notcve.org/view.php?id=CVE-2019-10219
08 Nov 2019 — A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack. Una vulnerabilidad fue encontrada en Hibernate-Validator. La anotación del validador SafeHtml no puede sanear apropiadamente las cargas útiles que consisten en código potencialmente malicioso en los comentarios e instrucciones HTML. • https://access.redhat.com/errata/RHSA-2020:0159 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2019-2712
https://notcve.org/view.php?id=CVE-2019-2712
23 Apr 2019 — Vulnerability in the Oracle Commerce Platform component of Oracle Commerce (subcomponent: Dynamo Application Framework). Supported versions that are affected are 11.2.0.3 and 11.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Platform. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Commerce Platform, attacks may significantly impact additional products... • http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-2659
https://notcve.org/view.php?id=CVE-2019-2659
23 Apr 2019 — Vulnerability in the Oracle Commerce Platform component of Oracle Commerce (subcomponent: Dynamo Application Framework). The supported version that is affected is 11.2.0.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Platform. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Commerce Platform, attacks may significantly impact additional products. Successf... • http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2017-3296
https://notcve.org/view.php?id=CVE-2017-3296
27 Jan 2017 — Vulnerability in the Oracle Commerce Platform component of Oracle Commerce (subcomponent: Dynamo Application Framework). Supported versions that are affected are 10.0.3.5, 10.2.0.5 and 11.2.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Platform. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Orac... • http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2015-2607
https://notcve.org/view.php?id=CVE-2015-2607
16 Jul 2015 — Unspecified vulnerability in the Oracle Commerce Guided Search / Oracle Commerce Experience Manager component in Oracle Commerce Platform 3.0.2, 3.1.1, 3.1.2, 11.0, and 11.1 allows remote attackers to affect confidentiality via unknown vectors related to Content Acquisition System. Vulnerabilidad no especificada en el componente Oracle Commerce Guided Search / Oracle Commerce Experience Manager en Oracle Commerce Platform 3.0.2, 3.1.1, 3.1.2, 11.0 y 11.1, permite a atacantes remotos afectar la confidenciali... • http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html •
CVSS: 8.2EPSS: 0%CPEs: 4EXPL: 0CVE-2015-2653
https://notcve.org/view.php?id=CVE-2015-2653
16 Jul 2015 — Unspecified vulnerability in the Oracle Commerce Guided Search / Oracle Commerce Experience Manager component in Oracle Commerce Platform 3.1.1, 3.1.2, 11.0, and 11.1 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Content Acquisition System. Vulnerabilidad no especificada en el componente Oracle Commerce Guided Search / Oracle Commerce Experience Manager en Oracle Commerce Platform 3.1.1, 3.1.2, 11.0 y 11.1, permite a atacantes remotos afectar la confidenciali... • http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html •