Oracle Retail Back Office 13.4

CPE Details

Oracle Retail Back Office 13.4
oracle
retail_back_office
13.4
2019-10-31
15h29 +00:00
2019-10-31
15h29 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:oracle:retail_back_office:13.4:*:*:*:*:*:*:*

Informations

Vendor

oracle

Product

retail_back_office

Version

13.4

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2018-8013 2018-05-24 16h00 +00:00 In Apache Batik 1.x before 1.10, when deserializing subclass of `AbstractDocument`, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class. Fix was to check the class type before calling newInstance in deserialization.
9.8
Critical
CVE-2017-10423 2017-10-19 15h00 +00:00 Vulnerability in the Oracle Retail Back Office component of Oracle Retail Applications (subcomponent: Security). Supported versions that are affected are 13.2, 13.3, 13.4, 14.0 and 14.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Retail Back Office. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Retail Back Office, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Retail Back Office accessible data as well as unauthorized read access to a subset of Oracle Retail Back Office accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).
5.4
Medium