CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-21994
https://notcve.org/view.php?id=CVE-2023-21994
Vulnerability in the Oracle Mobile Security Suite product of Oracle Fusion Middleware (component: Android Mobile Authenticator App). Supported versions that are affected are Prior to 11.1.2.3.1. Easily exploitable vulnerability allows unauthenticated attacker with access to the physical communication segment attached to the hardware where the Oracle Mobile Security Suite executes to compromise Oracle Mobile Security Suite. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Mobile Security Suite accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). • https://www.oracle.com/security-alerts/cpujul2023.html •
CVSS: 3.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-2598
https://notcve.org/view.php?id=CVE-2015-2598
Unspecified vulnerability in the mobile app in Oracle Business Intelligence Enterprise Edition in Oracle Fusion Middleware before 11.1.1.7.0 (11.6.39) allows remote authenticated users to affect integrity via unknown vectors related to Mobile - iPad. Vulnerabilidad no especificada en la aplicación móvil en Oracle Business Intelligence Enterprise Edition en Oracle Fusion Middleware en la versión anterior a 11.1.1.7.0 (11.6.39), permite a usuarios remotos autenticados afectar la integridad a través de vectores desconocidos relacionados con Móviles - iPad. • http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html •
CVSS: 2.6EPSS: 0%CPEs: 7EXPL: 0CVE-2015-4744
https://notcve.org/view.php?id=CVE-2015-4744
Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 2.1.1, 3.0.1, and 3.1.2; and the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, 12.1.1.0, 12.1.2.0, and 12.1.3.0 allows remote attackers to affect integrity via unknown vectors related to Java Server Faces. Vulnerabilidad no especificada en el componente Oracle GlassFish Server en Oracle Fusion Middleware 2.1.1, 3.0.1 y 3.1.2; y en el Oracle WebLogic Server en Oracle Fusion Middleware 10.3.6.0, 12.1.1.0, 12.1.2.0 y 12.1.3.0, permite a atacantes remotos afectar la integridad a través de vectores desconocidos relacionados con Java Server Faces. • http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html http://www.securitytracker.com/id/1032953 •
CVSS: 7.5EPSS: 92%CPEs: 5EXPL: 0CVE-2015-2602 – Oracle Endeca Information Discovery Integrator ETL Server UploadFileContent Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-2602
Unspecified vulnerability in the Oracle Endeca Information Discovery Studio component in Oracle Fusion Middleware 2.2.2, 2.3, 2.4, 3.0, and 3.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Integrator, a different vulnerability than CVE-2015-2603, CVE-2015-2604, CVE-2015-2605, CVE-2015-2606, and CVE-2015-4745. Vulnerabilidad no especificada en el componente Oracle Endeca Information Discovery Studio en Oracle Fusion Middleware de las versiones 2.2.2, 2.3, 2.4, 3.0 y 3.1, permite a atacantes remotos afectar la confidencialidad, integridad y disponibilidad a través de vectores desconocidos relacionados con Integrator, una vulnerabilidad diferente a CVE-2015-2603, CVE-2015-2604, CVE-2015-2605, CVE-2015-2606 y CVE-2015-4745. This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Oracle Endeca Information Discovery. Authentication is required to exploit this vulnerability but an authentication bypass is known. The specific flaw exists within the handling of file uploads using UploadFileContent. The issue lies in the failure to sanitize the path of files uploaded, allowing for them to be placed at an attacker controlled location. • http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html http://www.securityfocus.com/bid/75755 http://www.zerodayinitiative.com/advisories/ZDI-15-355 •
CVSS: 7.5EPSS: 92%CPEs: 5EXPL: 0CVE-2015-2603 – Oracle Endeca Information Discovery Integrator ETL Server Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2015-2603
Unspecified vulnerability in the Oracle Endeca Information Discovery Studio component in Oracle Fusion Middleware 2.2.2, 2.3, 2.4, 3.0, and 3.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Integrator, a different vulnerability than CVE-2015-2602, CVE-2015-2604, CVE-2015-2605, CVE-2015-2606, and CVE-2015-4745. Vulnerabilidad no especificada en el componente Oracle Endeca Information Discovery Studio en Oracle Fusion Middleware de las versiones 2.2.2, 2.3, 2.4, 3.0 y 3.1, permite a atacantes remotos afectar la confidencialidad, integridad, y disponibilidad a través de vectores desconocidos relacionados con Integrator, una vulnerabilidad diferente a CVE-2015-2602, CVE-2015-2604, CVE-2015-2605, CVE-2015-2606 y CVE-2015-4745. This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Oracle Endeca Information Discovery. Authentication is not required to exploit this vulnerability. The specific flaw exists within the generation and use of session hashes. The issue lies in the use of the fixed data when authenticating. • http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html http://www.securityfocus.com/bid/75754 http://www.zerodayinitiative.com/advisories/ZDI-15-356 •