Retail central office

This hub aggregates every CVE we track for Retail central office, a product in the enterprise software space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Retail central office.

• CVE-2021-45105Apache Log4j2 does not always protect from infinite recursion in lookup evaluation5.9Dec 18, 2021
• CVE-2021-2351Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Difficult to exploit vulnerability allows u...8.3Jul 20, 2021
• CVE-2021-35043OWASP AntiSamy before 1.6.4 allows XSS via HTML attributes when using the HTML output serializer (XHTML is not affected). This was demonstrated by a javascript: URL with &#00058 as the replacement ...6.1Jul 19, 2021
• CVE-2021-36374Apache Ant ZIP, and ZIP based, archive denial of service vulerability5.5Jul 14, 2021
• CVE-2021-36373Apache Ant TAR archive denial of service vulnerability5.5Jul 14, 2021
• CVE-2020-11987Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vul...8.2Feb 24, 2021
• CVE-2020-1945Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. T...6.3May 14, 2020
• CVE-2020-11022jQuery has a potential XSS vulnerability6.9Apr 29, 2020
• CVE-2020-5397CSRF Attack via CORS Preflight Requests with Spring MVC or Spring WebFlux5.3Jan 17, 2020
• CVE-2020-5398RFD Attack via "Content-Disposition" Header Sourced from Request Input by Spring MVC or Spring WebFlux Application7.5Jan 16, 2020
• CVE-2019-10219A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. T...6.1Nov 8, 2019
• CVE-2019-10086In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all ...7.3Aug 20, 2019
• CVE-2019-13990initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description.9.8Jul 26, 2019
• CVE-2019-11358jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an...6.1Apr 19, 2019
• CVE-2018-8013In Apache Batik 1.x before 1.10, when deserializing subclass of `AbstractDocument`, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor ...9.8May 24, 2018