Page 21 of 103 results (0.008 seconds)

CVSS: 6.4EPSS: 0%CPEs: 4EXPL: 0

Unspecified vulnerability in the Oracle Commerce Guided Search / Oracle Commerce Experience Manager component in Oracle Commerce Platform 3.1.1, 3.1.2, 11.0, and 11.1 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Content Acquisition System. Vulnerabilidad no especificada en el componente Oracle Commerce Guided Search / Oracle Commerce Experience Manager en Oracle Commerce Platform 3.1.1, 3.1.2, 11.0 y 11.1, permite a atacantes remotos afectar la confidencialidad e integridad a través de vectores desconocidos relacionados con Content Acquisition System. • http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html •

CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0

Unspecified vulnerability in the Oracle Commerce Platform component in Oracle Commerce Platform 9.4, 10.0, and 10.2 allows remote attackers to affect integrity via vectors related to Dynamo Application Framework - HTML Admin User Interface. Vulnerabilidad no especificada en el componente Oracle Commerce Platform en Oracle Commerce Platform 9.4, 10.0, y 10.2 permite a atacantes remotos afectar la integridad a través de vectores relacionados con Dynamo Application Framework - HTML Admin User Interface. • http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html •

CVSS: 7.5EPSS: 90%CPEs: 6EXPL: 0

Unspecified vulnerability in the Oracle Commerce Guided Search / Oracle Commerce Experience Manager component in Oracle Commerce Platform 3.x and 11.x allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Workbench. Vulnerabilidad no especificada en el componente Oracle Commerce Guided Search / Oracle Commerce Experience Manager en Oracle Commerce Platform 3.x y 11.x permite a atacantes remotos afectar la confidencialidad, la integridad y la disponibilidad a través de vectores desconocidos relacionados con Workbench. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Endeca Tools and Frameworks. Authentication is required to exploit this vulnerability, but authentication is easily bypassed. This product installs a web application called Oracle Endeca Workbench, which includes a handler for requests to Script.action. This handler fails to properly authenticate the user, so that an attacker can access this handler using the built-in and undocumented "anonymous" user account. • http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html •