CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-21073
https://notcve.org/view.php?id=CVE-2024-21073
16 Apr 2024 — Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: Claim LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Trade Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Trade Management accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). • https://www.oracle.com/security-alerts/cpuapr2024.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-21072
https://notcve.org/view.php?id=CVE-2024-21072
16 Apr 2024 — Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite (component: Data Provider UI). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Installed Base. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Installed Base, attacks may significantly impact additional products (scope change). Succes... • https://www.oracle.com/security-alerts/cpuapr2024.html •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-21071
https://notcve.org/view.php?id=CVE-2024-21071
16 Apr 2024 — Vulnerability in the Oracle Workflow product of Oracle E-Business Suite (component: Admin Screens and Grants UI). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Workflow. While the vulnerability is in Oracle Workflow, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Workflow. • https://www.oracle.com/security-alerts/cpuapr2024.html • CWE-284: Improper Access Control •
CVSS: 6.4EPSS: 0%CPEs: 3EXPL: 0CVE-2024-21070
https://notcve.org/view.php?id=CVE-2024-21070
16 Apr 2024 — Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Search Framework). Supported versions that are affected are 8.59, 8.60 and 8.61. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some ... • https://www.oracle.com/security-alerts/cpuapr2024.html •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-21069
https://notcve.org/view.php?id=CVE-2024-21069
16 Apr 2024 — Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). • https://security.netapp.com/advisory/ntap-20240426-0013 •
CVSS: 3.7EPSS: 0%CPEs: 38EXPL: 0CVE-2024-21068 – OpenJDK: integer overflow in C1 compiler address generation (8322122)
https://notcve.org/view.php?id=CVE-2024-21068
16 Apr 2024 — Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2 and 22; Oracle GraalVM Enterprise Edition: 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM ... • https://lists.debian.org/debian-lts-announce/2024/04/msg00014.html • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-21067
https://notcve.org/view.php?id=CVE-2024-21067
16 Apr 2024 — Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Host Management). The supported version that is affected is 13.5.0.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Enterprise Manager Base Platform executes to compromise Oracle Enterprise Manager Base Platform. While the vulnerability is in Oracle Enterprise Manager Base Platform, attacks may significantly impact additional products (... • https://www.oracle.com/security-alerts/cpuapr2024.html • CWE-284: Improper Access Control •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-21066
https://notcve.org/view.php?id=CVE-2024-21066
16 Apr 2024 — Vulnerability in the RDBMS component of Oracle Database Server. Supported versions that are affected are 19.3-19.22 and 21.3-21.13. Easily exploitable vulnerability allows high privileged attacker having Authenticated User privilege with logon to the infrastructure where RDBMS executes to compromise RDBMS. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all RD... • https://www.oracle.com/security-alerts/cpuapr2024.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 3EXPL: 0CVE-2024-21065
https://notcve.org/view.php?id=CVE-2024-21065
16 Apr 2024 — Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Workflow). Supported versions that are affected are 8.59, 8.60 and 8.61. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional prod... • https://www.oracle.com/security-alerts/cpuapr2024.html • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-21064
https://notcve.org/view.php?id=CVE-2024-21064
16 Apr 2024 — Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Web Answers). Supported versions that are affected are 7.0.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise... • https://www.oracle.com/security-alerts/cpuapr2024.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •