CVE-2023-20863 in Retail Xstore Point of Serviceinfo

Summary

In spring framework versions prior to 5.2.24 release+ ,5.3.27+ and 6.0.8+ , it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Reservation

11/01/2022

Disclosure

04/13/2023

Status

Confirmed

Entries

VulDB provides additional information and datapoints for this CVE:

ID	Vulnerability	CWE	Exp	Cou	CVE
242812	Oracle Retail Xstore Point of Service Xenvironment denial of service	404	Not defined	Official fix	CVE-2023-20863
242811	Oracle Retail Fiscal Management RTIL denial of service	404	Not defined	Official fix	CVE-2023-20863
242810	Oracle Retail Customer Management and Segmentation Foundation Security denial of service	404	Not defined	Official fix	CVE-2023-20863
242764	Oracle MySQL Enterprise Monitor Monitoring denial of service	404	Not defined	Official fix	CVE-2023-20863
242745	Oracle Healthcare Master Person Index Internal Operations denial of service	404	Not defined	Official fix	CVE-2023-20863
242715	Oracle Enterprise Data Quality General denial of service	404	Not defined	Official fix	CVE-2023-20863
242649	Oracle FLEXCUBE Universal Banking Infrastructure denial of service	404	Not defined	Official fix	CVE-2023-20863
242645	Oracle Financial Services Model Management and Governance Installer denial of service	404	Not defined	Official fix	CVE-2023-20863
242643	Oracle Banking Virtual Account Management Common Core denial of service	404	Not defined	Official fix	CVE-2023-20863
242641	Oracle Banking Trade Finance Process Management Dashboard denial of service	404	Not defined	Official fix	CVE-2023-20863
242639	Oracle Banking Supply Chain Finance Security denial of service	404	Not defined	Official fix	CVE-2023-20863
242636	Oracle Banking Origination Onboarding Batch Processes denial of service	404	Not defined	Official fix	CVE-2023-20863
242634	Oracle Banking Liquidity Management Common denial of service	404	Not defined	Official fix	CVE-2023-20863
242632	Oracle Banking Electronic Data Exchange for Corporates Reports denial of service	404	Not defined	Official fix	CVE-2023-20863
242630	Oracle Banking Digital Experience UI denial of service	404	Not defined	Official fix	CVE-2023-20863
242627	Oracle Banking Credit Facilities Process Management Common denial of service	404	Not defined	Official fix	CVE-2023-20863
242625	Oracle Banking Corporate Lending Core denial of service	404	Not defined	Official fix	CVE-2023-20863
242624	Oracle Banking Cash Management Accessibility denial of service	404	Not defined	Official fix	CVE-2023-20863
242622	Oracle Banking Branch Reports denial of service	404	Not defined	Official fix	CVE-2023-20863
242621	Oracle Banking APIs IDM Authentication denial of service	404	Not defined	Official fix	CVE-2023-20863
242550	Oracle SD-WAN Edge Management denial of service	404	Not defined	Official fix	CVE-2023-20863
242549	Oracle Communications Session Report Manager Security denial of service	404	Not defined	Official fix	CVE-2023-20863
242544	Oracle Communications Element Manager Security denial of service	404	Not defined	Official fix	CVE-2023-20863
242541	Oracle Communications Cloud Native Core Security Edge Protection Proxy Configuration denial of service	404	Not defined	Official fix	CVE-2023-20863
242538	Oracle Communications Cloud Native Core Policy Install/Upgrade denial of service	404	Not defined	Official fix	CVE-2023-20863
242530	Oracle Communications Cloud Native Core Binding Support Function Install/Upgrade denial of service	404	Not defined	Official fix	CVE-2023-20863
242462	Oracle Commerce Guided Search Workbench denial of service	404	Not defined	Official fix	CVE-2023-20863
234978	Oracle Utilities Testing Accelerator Tools denial of service	404	Not defined	Official fix	CVE-2023-20863
234942	Oracle Retail Predictive Application Server RPAS Server denial of service	404	Not defined	Official fix	CVE-2023-20863
234941	Oracle Retail Integration Bus RIB Kernal denial of service	404	Not defined	Official fix	CVE-2023-20863
234939	Oracle Retail Financial Integration PeopleSoft Integration Bugs denial of service	404	Not defined	Official fix	CVE-2023-20863
234884	Oracle Documaker Interactive Docupresentment Server denial of service	404	Not defined	Official fix	CVE-2023-20863
234826	Oracle WebLogic Server Core denial of service	404	Not defined	Official fix	CVE-2023-20863
234823	Oracle Identity Manager Connector Mainframe Connectors denial of service	404	Not defined	Official fix	CVE-2023-20863
234762	Oracle FLEXCUBE Investor Servicing Infrastructure Code denial of service	404	Not defined	Official fix	CVE-2023-20863
234760	Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition Platform denial of service	404	Not defined	Official fix	CVE-2023-20863
234759	Oracle Financial Services Enterprise Case Management ECM denial of service	404	Not defined	Official fix	CVE-2023-20863
234758	Oracle Financial Services Behavior Detection Platform denial of service	404	Not defined	Official fix	CVE-2023-20863
234757	Oracle Financial Services Analytical Applications Infrastructure Centralized Thirdparty Jars denial of service	404	Not defined	Official fix	CVE-2023-20863
234622	Oracle Primavera Gateway Admin denial of service	404	Not defined	Official fix	CVE-2023-20863
234597	Oracle Communications Cloud Native Core Network Repository Function Install/Upgrade denial of service	404	Not defined	Official fix	CVE-2023-20863
234535	Oracle Communications Unified Inventory Management Security denial of service	404	Not defined	Official fix	CVE-2023-20863
234531	Oracle Communications Network Integrity Other denial of service	404	Not defined	Official fix	CVE-2023-20863
234528	Oracle Communications BRM - Elastic Charging Engine Charging Server denial of service	404	Not defined	Official fix	CVE-2023-20863
225880	VMware Spring Framework SpEL Expression resource consumption	400	Not defined	Official fix	CVE-2023-20863

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

Sources

◂ PreviousOverviewNext ▸

Might our Artificial Intelligence support you?

Check our Alexa App!