CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2017-10093
https://notcve.org/view.php?id=CVE-2017-10093
Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain Products Suite (subcomponent: Security). Supported versions that are affected are 9.3.5 and 9.3.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Agile PLM accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). • http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html http://www.securityfocus.com/bid/99692 http://www.securitytracker.com/id/1038947 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2016-5521
https://notcve.org/view.php?id=CVE-2016-5521
Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2016-5512. Vulnerabilidad no especificada en el componente Oracle GlassFish Server en Oracle Fusion Middleware 2.1.1, 3.0.1 y 3.1.2 permite a usuarios remotos autenticados afectar la confidencialidad, la integridad y la disponibilidad a través de vectores relacionados con Java Server Faces. • http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html http://www.securityfocus.com/bid/93655 • CWE-284: Improper Access Control •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2016-5512
https://notcve.org/view.php?id=CVE-2016-5512
Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2016-5521. Vulnerabilidad no especificada en el componente Oracle Agile PLM en Oracle Supply Chain Products Suite 9.3.4 y 9.3.5 permite a atacantes remotos afectar la confidencialidad y la integridad a través de vectores desconocidos, una vulnerabilidad diferente a CVE-2016-5521. • http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html http://www.securityfocus.com/bid/93660 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2016-5522
https://notcve.org/view.php?id=CVE-2016-5522
Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote authenticated users to affect confidentiality via unknown vectors. Vulnerabilidad no especificada en el componente Oracle Agile PLM en Oracle Supply Chain Products Suite 9.3.4 y 9.3.5 permite a usuarios remotos autenticados afectar la confidencialidad a través de vectores desconocidos. • http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html http://www.securityfocus.com/bid/93675 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2016-5526
https://notcve.org/view.php?id=CVE-2016-5526
Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Apache Tomcat. Vulnerabilidad no especificada en el componente Oracle Agile PLM en Oracle Supply Chain Products Suite 9.3.4 y 9.3.5 permite a atacantes remotos afectar la confidencialidad, la integridad y la disponibilidad a través de vectores relacionados con Apache Tomcat. • http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html http://www.securityfocus.com/bid/93652 • CWE-284: Improper Access Control •