Retail customer management and segmentation foundation
This hub aggregates every CVE we track for Retail customer management and segmentation foundation, a product in the enterprise software space. Use it to gauge the current risk picture and drill into individual advisories.
67
CVEs tracked
15
Critical
25
High
1
In CISA KEV
Severity distribution
HIGH25MEDIUM22CRITICAL15LOW5
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2024-072026-06
Latest CVEs
The 15 most recently published vulnerabilities affecting Retail customer management and segmentation foundation.
- CVE-2022-22965A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a W...KEV9.8
- CVE-2021-37714Crafted input may cause the jsoup HTML and XML parser to get stuck, timeout, or throw unchecked exceptions7.5
- CVE-2021-30129DoS/OOM leak vulnerability in Apache Mina SSHD Server6.5
- CVE-2021-31812A carefully crafted PDF file can trigger an infinite loop while loading the file5.5
- CVE-2021-31811A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading a tiny file5.5
- CVE-2021-22118In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by (re)creating the temporary storage directory...7.8
- CVE-2021-27906A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file5.5
- CVE-2021-27807A carefully crafted PDF file can trigger an infinite loop while loading the file5.5
- CVE-2021-23337Command Injection7.2
- CVE-2020-28500Regular Expression Denial of Service (ReDoS)5.3
- CVE-2021-2057Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Internal Operations). The supported version that is affected is ...6.3
- CVE-2020-36179FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS.8.1
- CVE-2020-36180FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.8.1
- CVE-2020-36182FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.8.1
- CVE-2020-36183FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.8.1
Product normalization is registry-driven with AI assist and human review. How it works