Retail Order Management System Cloud Service CVEs and Security Vulnerabilities

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2016-0506	1 Oracle	1 Retail Order Management System Cloud Service	2025-04-12	N/A
Unspecified vulnerability in the Oracle Retail Order Management System Cloud Service component in Oracle Retail Applications 3.5, 4.5, 4.7, 5.0, and 15.0 allows remote attackers to affect confidentiality via unknown vectors related to Order Entry.
CVE-2020-11987	5 Apache, Debian, Fedoraproject and 2 more	23 Batik, Debian Linux, Fedora and 20 more	2024-11-21	8.2 High
Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.
CVE-2019-17566	3 Apache, Oracle, Redhat	21 Batik, Api Gateway, Business Intelligence and 18 more	2024-11-21	7.5 High
Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the "xlink:href" attributes. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.

Page 1 of 1.