Bloomreach Experience Manager (PaaS/Self-Hosted) - The Fast and Flexible Headless CMS

Vulnerability in MyBatis before 3.5.6

08-12-2020 affects versions : 14.3, 13.4, 12.6

Elasticsearch REST client vulnerability

08-12-2020 affects versions : 14.3, 13.4, 12.6

Vulnerabilities in jQuery library before version 3.5.0

08-12-2020 affects versions : 14.3, 13.4, 12.6

Apache Groovy Information Disclosure

08-12-2020 affects versions : 14.3, 13.4, 12.6

Vulnerability in Spring Core 5

29-10-2020 affects versions : 14.2, 13.4, 12.6

Reported vulnerability in hippo-addon-2fa-duosecurity related to embedded jquery

27-10-2020 affects versions : 14.2, 13.4, 12.6

Spring security core v.5.3 null initialization vector

27-10-2020 affects versions : 14.2, 13.4, 12.6

Vulnerability in embedded resteasy-jaxrs for Camunda

27-10-2020 affects versions : 14.2, 13.4, 12.6

Multiple vulnerabilities in Apache Solr dependency

27-10-2020 affects versions : 14.2, 13.4, 12.6

DoS attack vulnerabilities in Apache Sanselan

27-10-2020 affects versions : 13.4, 12.6

The text editor contains a Stored Cross-Site Scripting vulnerability

27-10-2020 affects versions : 14.2

Reflected Cross-Site Scripting found in the “loginmessage” parameter.

27-10-2020 affects versions : 14.2

Cross-site scripting found in the translations folder menu

27-10-2020 affects versions : 14.2, 13.4, 12.6

Error Handling - Do not include error details in the default jsp error pages

27-10-2020 affects versions : 14.2, 13.4, 12.6

Reflected Cross-Site Scripting found in the “loginmessage” parameter.

27-10-2020 affects versions : 14.2, 13.4, 12.6

CMS login captcha can be bypassed by deleting cookies

07-04-2020 affects versions : 14.0, 13.4, 12.6, 11.2

Vulnerabilities reported for snakeyaml 1.18

07-04-2020 affects versions : 14.0, 13.4, 12.6

Vulnerability reported in spring-security-core-5.1.5.RELEASE.jar

07-04-2020 affects versions : 14.0, 13.4

Vulnerabilities reported in bundled jQuery library

17-01-2020 affects versions : 13.4, 13.3, 12.5

Vulnerabilities in Jackson Databind library -2.9.9.3

15-01-2020 affects versions : 13.4, 13.3, 12.5, 11.2

Open Redirection Allowed

15-01-2020 affects versions : 13.4, 13.3, 12.5, 11.2

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10.

15-01-2020 affects versions : 13.4, 13.3, 12.5, 11.2

A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1

15-01-2020 affects versions : 13.4, 13.3, 12.5, 11.2

initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description.

15-01-2020 affects versions : 13.4, 13.3, 12.5, 11.2

Vulnerabilities reported for Apache CXF before 3.3.4 and 3.2.11

15-01-2020 affects versions : 13.4, 13.3, 12.5, 11.2

Content Application

Channels

Projects

Relevance

Architecture

Concepts

Platform Configuration

Frontend Integration

Backend Development

Commerce Accelerator

Cloud Deployment (PaaS)

On-Premise Deployment

Security

Release Management

Platform Development

Bloomreach Documentation version

Security Updates