Oracle » Retail Order Management System Cloud Service : Security Vulnerabilities, CVEs,
Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.
Max CVSS
8.2
EPSS Score
0.88%
Published
2021-02-24
Updated
2024-02-01
Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the "xlink:href" attributes. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.
Max CVSS
7.5
EPSS Score
0.17%
Published
2020-11-12
Updated
2024-01-07
Unspecified vulnerability in the Oracle Retail Order Management System Cloud Service component in Oracle Retail Applications 3.5, 4.5, 4.7, 5.0, and 15.0 allows remote attackers to affect confidentiality via unknown vectors related to Order Entry.
Max CVSS
4.3
EPSS Score
0.25%
Published
2016-01-21
Updated
2016-06-08
3 vulnerabilities found