CVSS: 8.2EPSS: 0%CPEs: 4EXPL: 0CVE-2021-2025
https://notcve.org/view.php?id=CVE-2021-2025
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Web General). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data. • https://www.oracle.com/security-alerts/cpujan2021.html •
CVSS: 7.6EPSS: 0%CPEs: 4EXPL: 0CVE-2021-2013
https://notcve.org/view.php?id=CVE-2021-2013
Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: BI Publisher Security). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle BI Publisher accessible data as well as unauthorized update, insert or delete access to some of Oracle BI Publisher accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle BI Publisher. CVSS 3.1 Base Score 7.6 (Confidentiality, Integrity and Availability impacts). • https://www.oracle.com/security-alerts/cpujan2021.html •
CVSS: 4.7EPSS: 0%CPEs: 2EXPL: 0CVE-2021-2005
https://notcve.org/view.php?id=CVE-2021-2005
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: BI Platform Security). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data. • https://www.oracle.com/security-alerts/cpujan2021.html •
CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 0CVE-2021-2003
https://notcve.org/view.php?id=CVE-2021-2003
Vulnerability in the Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Web Dashboards). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Business Intelligence Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Business Intelligence Enterprise Edition accessible data as well as unauthorized read access to a subset of Business Intelligence Enterprise Edition accessible data. • https://www.oracle.com/security-alerts/cpujan2021.html •
CVSS: 9.8EPSS: 97%CPEs: 13EXPL: 12CVE-2020-17530 – Apache Struts Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-17530
Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. Affected software : Apache Struts 2.0.0 - Struts 2.5.25. Una evaluación OGNL forzada, cuando se evalúa según la entrada del usuario sin procesar en los atributos de la etiqueta, puede conllevar a una ejecución de código remota. Software afectado: Apache Struts versión 2.0.0 - Struts versión 2.5.25 The Apache Struts framework, when forced, performs double evaluation of attribute values assigned to certain tags attributes such as id. It is therefore possible to pass in a value to Struts that will be evaluated again when a tag's attributes are rendered. • https://github.com/wuzuowei/CVE-2020-17530 https://github.com/ka1n4t/CVE-2020-17530 https://github.com/Al1ex/CVE-2020-17530 https://github.com/phil-fly/CVE-2020-17530 https://github.com/CyborgSecurity/CVE-2020-17530 https://github.com/fengziHK/CVE-2020-17530-strust2-061 https://github.com/uzzzval/CVE-2020-17530 https://github.com/nth347/CVE-2020-17530 https://github.com/secpool2000/CVE-2020-17530 https://github.com/keyuan15/CVE-2020-17530 https://github.com/kil • CWE-917: Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') •