CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-22087
https://notcve.org/view.php?id=CVE-2023-22087
Vulnerability in the Hospitality OPERA 5 Property Services product of Oracle Hospitality Applications (component: Opera). The supported version that is affected is 5.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Hospitality OPERA 5 Property Services. Successful attacks of this vulnerability can result in takeover of Hospitality OPERA 5 Property Services. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). • https://www.oracle.com/security-alerts/cpuoct2023.html • CWE-306: Missing Authentication for Critical Function •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-22085
https://notcve.org/view.php?id=CVE-2023-22085
Vulnerability in the Hospitality OPERA 5 Property Services product of Oracle Hospitality Applications (component: Opera). The supported version that is affected is 5.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Hospitality OPERA 5 Property Services. Successful attacks of this vulnerability can result in takeover of Hospitality OPERA 5 Property Services. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). • https://www.oracle.com/security-alerts/cpuoct2023.html •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2023-21932
https://notcve.org/view.php?id=CVE-2023-21932
Vulnerability in the Oracle Hospitality OPERA 5 Property Services product of Oracle Hospitality Applications (component: OXI). The supported version that is affected is 5.6. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Hospitality OPERA 5 Property Services. While the vulnerability is in Oracle Hospitality OPERA 5 Property Services, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality OPERA 5 Property Services accessible data as well as unauthorized update, insert or delete access to some of Oracle Hospitality OPERA 5 Property Services accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hospitality OPERA 5 Property Services. • https://www.oracle.com/security-alerts/cpuapr2023.html •
CVSS: 8.3EPSS: 1%CPEs: 248EXPL: 4CVE-2021-2351 – Oracle Database Weak NNE Integrity Key Derivation
https://notcve.org/view.php?id=CVE-2021-2351
Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Advanced Networking Option. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Advanced Networking Option, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Advanced Networking Option. • http://packetstormsecurity.com/files/165255/Oracle-Database-Protection-Mechanism-Bypass.html http://packetstormsecurity.com/files/165258/Oracle-Database-Weak-NNE-Integrity-Key-Derivation.html http://seclists.org/fulldisclosure/2021/Dec/19 http://seclists.org/fulldisclosure/2021/Dec/20 https://www.oracle.com/security-alerts/cpuapr2022.html https://www.oracle.com/security-alerts/cpujan2022.html https://www.oracle.com/security-alerts/cpujan2023.html https://www.oracle.com/security-alerts/cpujul2021.html https:&# • CWE-327: Use of a Broken or Risky Cryptographic Algorithm CWE-384: Session Fixation •
CVSS: 9.8EPSS: 97%CPEs: 13EXPL: 12CVE-2020-17530 – Apache Struts Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-17530
Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. Affected software : Apache Struts 2.0.0 - Struts 2.5.25. Una evaluación OGNL forzada, cuando se evalúa según la entrada del usuario sin procesar en los atributos de la etiqueta, puede conllevar a una ejecución de código remota. Software afectado: Apache Struts versión 2.0.0 - Struts versión 2.5.25 The Apache Struts framework, when forced, performs double evaluation of attribute values assigned to certain tags attributes such as id. It is therefore possible to pass in a value to Struts that will be evaluated again when a tag's attributes are rendered. • https://github.com/wuzuowei/CVE-2020-17530 https://github.com/ka1n4t/CVE-2020-17530 https://github.com/Al1ex/CVE-2020-17530 https://github.com/phil-fly/CVE-2020-17530 https://github.com/CyborgSecurity/CVE-2020-17530 https://github.com/fengziHK/CVE-2020-17530-strust2-061 https://github.com/uzzzval/CVE-2020-17530 https://github.com/nth347/CVE-2020-17530 https://github.com/secpool2000/CVE-2020-17530 https://github.com/keyuan15/CVE-2020-17530 https://github.com/kil • CWE-917: Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') •