CVSS: 7.6EPSS: 0%CPEs: 4EXPL: 0CVE-2021-2062
https://notcve.org/view.php?id=CVE-2021-2062
20 Jan 2021 — Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: Web Server). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle BI Publisher, attacks may significantly impact additional products.... • https://www.oracle.com/security-alerts/cpujan2021.html •
CVSS: 7.6EPSS: 0%CPEs: 4EXPL: 0CVE-2021-2049
https://notcve.org/view.php?id=CVE-2021-2049
20 Jan 2021 — Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: Administration). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle BI Publisher accessible data as well as unauthorized update, i... • https://www.oracle.com/security-alerts/cpujan2021.html •
CVSS: 7.6EPSS: 0%CPEs: 4EXPL: 0CVE-2021-2050
https://notcve.org/view.php?id=CVE-2021-2050
20 Jan 2021 — Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: E-Business Suite - XDO). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle BI Publisher accessible data as well as unauthorized u... • https://www.oracle.com/security-alerts/cpujan2021.html •
CVSS: 7.6EPSS: 0%CPEs: 4EXPL: 0CVE-2021-2051
https://notcve.org/view.php?id=CVE-2021-2051
20 Jan 2021 — Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: E-Business Suite - XDO). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle BI Publisher accessible data as well as unauthorized u... • https://www.oracle.com/security-alerts/cpujan2021.html •
CVSS: 8.1EPSS: 1%CPEs: 2EXPL: 0CVE-2021-2041
https://notcve.org/view.php?id=CVE-2021-2041
20 Jan 2021 — Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Installation). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in takeover of Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Base Score 8.1 (Confidential... • https://www.oracle.com/security-alerts/cpujan2021.html •
CVSS: 8.2EPSS: 2%CPEs: 4EXPL: 0CVE-2021-2025
https://notcve.org/view.php?id=CVE-2021-2025
20 Jan 2021 — Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Web General). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle... • https://www.oracle.com/security-alerts/cpujan2021.html •
CVSS: 7.6EPSS: 0%CPEs: 4EXPL: 0CVE-2021-2013
https://notcve.org/view.php?id=CVE-2021-2013
20 Jan 2021 — Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: BI Publisher Security). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle BI Publisher accessible data as well as unauthorized up... • https://www.oracle.com/security-alerts/cpujan2021.html •
CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 0CVE-2021-2003
https://notcve.org/view.php?id=CVE-2021-2003
20 Jan 2021 — Vulnerability in the Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Web Dashboards). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Business Intellige... • https://www.oracle.com/security-alerts/cpujan2021.html •
CVSS: 4.7EPSS: 0%CPEs: 2EXPL: 0CVE-2021-2005
https://notcve.org/view.php?id=CVE-2021-2005
20 Jan 2021 — Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: BI Platform Security). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence E... • https://www.oracle.com/security-alerts/cpujan2021.html •
CVSS: 9.8EPSS: 94%CPEs: 13EXPL: 13CVE-2020-17530 – Apache Struts Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-17530
11 Dec 2020 — Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. Affected software : Apache Struts 2.0.0 - Struts 2.5.25. Una evaluación OGNL forzada, cuando se evalúa según la entrada del usuario sin procesar en los atributos de la etiqueta, puede conllevar a una ejecución de código remota. Software afectado: Apache Struts versión 2.0.0 - Struts versión 2.5.25 The Apache Struts framework, when forced, performs double evaluation of attribute values assigned... • https://packetstorm.news/files/id/160721 • CWE-917: Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') •