CVSS: 6.8EPSS: 2%CPEs: 1EXPL: 0CVE-2015-4759
https://notcve.org/view.php?id=CVE-2015-4759
Unspecified vulnerability in the Oracle Data Integrator component in Oracle Fusion Middleware 11.1.1.3.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Data Quality based on Trillium, a different vulnerability than CVE-2015-0443, CVE-2015-0444, CVE-2015-0445, CVE-2015-0446, CVE-2015-2634, CVE-2015-2635, CVE-2015-2636, and CVE-2015-4758. Vulnerabilidad no especificada en el componente Oracle Data Integrator en Oracle Fusion Middleware 11.1.1.3.0, permite a atacantes remotos afectar la confidencialidad, integridad y disponibilidad a través de vectores desconocidos relacionados con Data Quality basados en Trillium, una vulnerabilidad diferente a CVE-2015-0443, CVE-2015-0444, CVE-2015-0445, CVE-2015-0446, CVE-2015-2634, CVE-2015-2635, CVE-2015-2636 y CVE-2015-4758. • http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-2593
https://notcve.org/view.php?id=CVE-2015-2593
Unspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 11.1.2.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Configuration Service. Vulnerabilidad no especificada en el componente Oracle Access Manager en Oracle Fusion Middleware 11.1.2.2, permite a usuarios remotos autenticados afectar la confidencialidad y la integridad a través de vectores desconocidos relacionados con Configuration Service. • http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html •
CVSS: 7.5EPSS: 94%CPEs: 5EXPL: 0CVE-2015-2602 – Oracle Endeca Information Discovery Integrator ETL Server UploadFileContent Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-2602
Unspecified vulnerability in the Oracle Endeca Information Discovery Studio component in Oracle Fusion Middleware 2.2.2, 2.3, 2.4, 3.0, and 3.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Integrator, a different vulnerability than CVE-2015-2603, CVE-2015-2604, CVE-2015-2605, CVE-2015-2606, and CVE-2015-4745. Vulnerabilidad no especificada en el componente Oracle Endeca Information Discovery Studio en Oracle Fusion Middleware de las versiones 2.2.2, 2.3, 2.4, 3.0 y 3.1, permite a atacantes remotos afectar la confidencialidad, integridad y disponibilidad a través de vectores desconocidos relacionados con Integrator, una vulnerabilidad diferente a CVE-2015-2603, CVE-2015-2604, CVE-2015-2605, CVE-2015-2606 y CVE-2015-4745. This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Oracle Endeca Information Discovery. Authentication is required to exploit this vulnerability but an authentication bypass is known. The specific flaw exists within the handling of file uploads using UploadFileContent. The issue lies in the failure to sanitize the path of files uploaded, allowing for them to be placed at an attacker controlled location. • http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html http://www.securityfocus.com/bid/75755 http://www.zerodayinitiative.com/advisories/ZDI-15-355 •
CVSS: 7.5EPSS: 94%CPEs: 5EXPL: 0CVE-2015-2603 – Oracle Endeca Information Discovery Integrator ETL Server Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2015-2603
Unspecified vulnerability in the Oracle Endeca Information Discovery Studio component in Oracle Fusion Middleware 2.2.2, 2.3, 2.4, 3.0, and 3.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Integrator, a different vulnerability than CVE-2015-2602, CVE-2015-2604, CVE-2015-2605, CVE-2015-2606, and CVE-2015-4745. Vulnerabilidad no especificada en el componente Oracle Endeca Information Discovery Studio en Oracle Fusion Middleware de las versiones 2.2.2, 2.3, 2.4, 3.0 y 3.1, permite a atacantes remotos afectar la confidencialidad, integridad, y disponibilidad a través de vectores desconocidos relacionados con Integrator, una vulnerabilidad diferente a CVE-2015-2602, CVE-2015-2604, CVE-2015-2605, CVE-2015-2606 y CVE-2015-4745. This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Oracle Endeca Information Discovery. Authentication is not required to exploit this vulnerability. The specific flaw exists within the generation and use of session hashes. The issue lies in the use of the fixed data when authenticating. • http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html http://www.securityfocus.com/bid/75754 http://www.zerodayinitiative.com/advisories/ZDI-15-356 •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2015-2658
https://notcve.org/view.php?id=CVE-2015-2658
Unspecified vulnerability in the Web Cache component in Oracle Fusion Middleware 11.1.1.7.0 allows remote attackers to affect confidentiality via vectors related to SSL/TLS Support. Vulnerabilidad no especificada en el componente Web Cache en Oracle Fusion Middleware 11.1.1.7.0, permite a atacantes remotos afectar la confidencialidad a través de vectores relacionados con SSL/TLS Support. • http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html http://www.securitytracker.com/id/1032945 •