CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-21859
https://notcve.org/view.php?id=CVE-2023-21859
Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: Authentication Engine). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Access Manager executes to compromise Oracle Access Manager. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Access Manager accessible data. CVSS 3.1 Base Score 4.4 (Confidentiality impacts). • https://www.oracle.com/security-alerts/cpujan2023.html •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-39405
https://notcve.org/view.php?id=CVE-2022-39405
Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: Authentication Engine). The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Access Manager accessible data. CVSS 3.1 Base Score 5.3 (Integrity impacts). • https://www.oracle.com/security-alerts/cpuoct2022.html • CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-39412 – Oracle Access Management CustomReadServlet Directory Traversal Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2022-39412
Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: Admin Console). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Access Manager accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). • https://www.oracle.com/security-alerts/cpuoct2022.html • CWE-306: Missing Authentication for Critical Function •
CVSS: 9.8EPSS: 96%CPEs: 3EXPL: 1CVE-2021-35587 – Oracle Fusion Middleware Unspecified Vulnerability
https://notcve.org/view.php?id=CVE-2021-35587
Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: OpenSSO Agent). Supported versions that are affected are 11.1.2.3.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager. Successful attacks of this vulnerability can result in takeover of Oracle Access Manager. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). • https://github.com/antx-code/CVE-2021-35587 https://www.oracle.com/security-alerts/cpujan2022.html • CWE-306: Missing Authentication for Critical Function •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2021-2358
https://notcve.org/view.php?id=CVE-2021-2358
Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: Rest interfaces for Access Mgr). The supported version that is affected is 11.1.2.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTPS to compromise Oracle Access Manager. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Access Manager accessible data. CVSS 3.1 Base Score 4.9 (Confidentiality impacts). • https://www.oracle.com/security-alerts/cpujul2021.html •