CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-20990
https://notcve.org/view.php?id=CVE-2024-20990
16 Apr 2024 — Vulnerability in the Oracle Applications Technology product of Oracle E-Business Suite (component: Templates). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Applications Technology. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Applications Technology accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). • https://www.oracle.com/security-alerts/cpuapr2024.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-22093
https://notcve.org/view.php?id=CVE-2023-22093
17 Oct 2023 — Vulnerability in the Oracle iRecruitment product of Oracle E-Business Suite (component: Requisition and Vacancy). Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iRecruitment. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle iRecruitment accessible data as well as unauthorized read access to a subset of Oracle iRecrui... • https://www.oracle.com/security-alerts/cpuoct2023.html •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-22076
https://notcve.org/view.php?id=CVE-2023-22076
17 Oct 2023 — Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Personalization). Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Applications Framework. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Applications Framework, attacks may significantly impact additional products... • https://www.oracle.com/security-alerts/cpuoct2023.html •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-22035
https://notcve.org/view.php?id=CVE-2023-22035
18 Jul 2023 — Vulnerability in the Oracle Scripting product of Oracle E-Business Suite (component: iSurvey Module). Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Scripting. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Scripting, attacks may significantly impact additional products (scope change). Successful attacks of t... • https://www.oracle.com/security-alerts/cpujul2023.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-22004
https://notcve.org/view.php?id=CVE-2023-22004
18 Jul 2023 — Vulnerability in the Oracle Applications Technology product of Oracle E-Business Suite (component: Reports Configuration). Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Applications Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some ... • https://www.oracle.com/security-alerts/cpujul2023.html •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-21849
https://notcve.org/view.php?id=CVE-2023-21849
17 Jan 2023 — Vulnerability in the Oracle Applications DBA product of Oracle E-Business Suite (component: Java utils). Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Applications DBA. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Applications DBA accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts... • https://www.oracle.com/security-alerts/cpujan2023.html • CWE-284: Improper Access Control •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-21847
https://notcve.org/view.php?id=CVE-2023-21847
17 Jan 2023 — Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: Download). Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Web Applications Desktop Integrator, attacks may significa... • https://www.oracle.com/security-alerts/cpujan2023.html •
CVSS: 10.0EPSS: 94%CPEs: 1EXPL: 5CVE-2022-21587 – Oracle E-Business Suite Unspecified Vulnerability
https://notcve.org/view.php?id=CVE-2022-21587
18 Oct 2022 — Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: Upload). Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator. Successful attacks of this vulnerability can result in takeover of Oracle Web Applications Desktop Integrator. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability imp... • https://packetstorm.news/files/id/171208 • CWE-306: Missing Authentication for Critical Function •
CVSS: 7.5EPSS: 93%CPEs: 2EXPL: 1CVE-2022-21500
https://notcve.org/view.php?id=CVE-2022-21500
19 May 2022 — Vulnerability in Oracle E-Business Suite (component: Manage Proxies). The supported version that is affected is 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle E-Business Suite. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle E-Business Suite accessible data. Note: Authentication is required for successful attack, however the user may be self-registered. • https://github.com/Cappricio-Securities/CVE-2022-21500 •
CVSS: 9.0EPSS: 0%CPEs: 39EXPL: 0CVE-2022-23307 – A deserialization flaw in the Chainsaw component of Log4j 1 can lead to malicious code execution.
https://notcve.org/view.php?id=CVE-2022-23307
18 Jan 2022 — CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists. CVE-2020-9493 identificó un problema de deserialización presente en Apache Chainsaw. Versiones anteriores a Chainsaw V2.0 Chainsaw era un componente de Apache Log4j versiones 1.2.x donde se presenta el mismo problema A flaw was found in the log4j 1.x chainsaw component, where the contents of certain log entries are deserializ... • https://lists.apache.org/thread/rg4yyc89vs3dw6kpy3r92xop9loywyhh • CWE-502: Deserialization of Untrusted Data •