Oracle Retail EFTLink 20.0.0

CPE Details

Oracle Retail EFTLink 20.0.0
20.0.0
2021-12-02
13h41 +00:00
2021-12-02
21h36 +00:00
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:oracle:retail_eftlink:20.0.0:*:*:*:*:*:*:*

Informations

Vendor

oracle

Product

retail_eftlink

Version

20.0.0

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2020-27218 2020-11-27 23h00 +00:00 In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 to 10.0.0.beta2, and 11.0.0.alpha0 to 11.0.0.beta2, if GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection, and if an attacker can send a request with a body that is received entirely but not consumed by the application, then a subsequent request on the same connection will see that body prepended to its body. The attacker will not see any data but may inject data into the body of the subsequent request.
4.8
Medium
CVE-2020-11979 2020-10-01 17h24 +00:00 As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without said protection, effectively nullifying the effort. This would still allow an attacker to inject modified source files into the build process.
7.5
High