Bloomreach Experience Manager (PaaS/Self-Hosted) - The Fast and Flexible Headless CMS

Multiple Spring Vulnerabilities, June 2022

29-06-2022 affects versions : 15.0, 14.7, 13.4

Spring Security Vulnerability CVE-2022-22978

29-06-2022 affects versions : 15.0, 14.7, 13.4

Google OAuth Client Vulnerability CVE-2021-22573

29-06-2022 affects versions : 15.0, 14.7, 13.4

Apache Tika Vulnerabilities CVE-2022-25169 and CVE-2022-30126

29-06-2022 affects versions : 15.0, 14.7, 13.4

CKEditor: Clipboard plugin vulnerability CVE-2021-32809

29-06-2022 affects versions : 15.0, 14.7, 13.4

CKEditor: HTML processing module CVE-2022-24728

29-06-2022 affects versions : 15.0, 14.7, 13.4

CKEditor: Clipboard plugin vulnerability CVE-2021-32808

29-06-2022 affects versions : 15.0, 14.7, 13.4

CKEditor: HTML processing module CVE-2022-24729

29-06-2022 affects versions : 15.0, 14.7, 13.4

CKeditor: XSS vulnerabilities in the core module

29-06-2022 affects versions : 15.0, 14.7, 13.4

Content Security Policy allows unsafe-inline

12-04-2022 affects versions : 14.7, 13.4, 12.6

Vulnerability in H2 database

04-04-2022 affects versions :

Eforms: Freemarker template execution injection

04-04-2022 affects versions : 14.7, 13.4, 12.6

Vulnerability disclosed in Apache James

04-04-2022 affects versions : 14.7, 13.4, 12.6

Vulnerability disclosed in Spring Framework

04-04-2022 affects versions : 14.7, 13.4

XSS vulnerability in CMS context-menu and the repository StatusServlet

04-04-2022 affects versions : 14.7, 13.4

Vulnerability disclosed in Netty

04-04-2022 affects versions : 14.7, 13.4, 12.6

DOS vulnerability in log4j < 2.17.0

20-12-2021 affects versions : 14.7, 13.4, 12.6

DOS vulnerability in log4j < 2.16.0

15-12-2021 affects versions : 14.7, 14.6, 13.4, 12.6

Vulnerability disclosed in Spring Framework

13-12-2021 affects versions : 14.6, 13.4

jackson-dataformat-cbor-2.10.1.jar vulnerability

13-12-2021 affects versions : 14.6, 13.4

Stored cross-site scripting found in edit author page

13-12-2021 affects versions : 14.6

Insecure file upload - Stored cross-site scripting

13-12-2021 affects versions : 14.6, 13.4, 12.6

Bootstrap sass vulnerability

13-12-2021 affects versions : 14.6

Bootstrap sass vulnerability

13-12-2021 affects versions : 13.4

jsoup-1.11.2.jar vulnerablity

13-12-2021 affects versions : 14.6

Content Application

Channels

Projects

Relevance

Architecture

Concepts

Platform Configuration

Frontend Integration

Backend Development

Commerce Accelerator

Cloud Deployment (PaaS)

On-Premise Deployment

Security

Release Management

Platform Development

Bloomreach Documentation version

Security Updates