CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-21591
https://notcve.org/view.php?id=CVE-2022-21591
18 Oct 2022 — Vulnerability in the Oracle Transportation Management product of Oracle Supply Chain (component: UI Infrastructure). Supported versions that are affected are 6.4.3 and 6.5.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Transportation Management. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Transportation Management accessible data and unauthorized ability to cause a ... • https://www.oracle.com/security-alerts/cpuoct2022.html •
CVSS: 3.3EPSS: 0%CPEs: 2EXPL: 0CVE-2022-39409
https://notcve.org/view.php?id=CVE-2022-39409
18 Oct 2022 — Vulnerability in the Oracle Transportation Management product of Oracle Supply Chain (component: Business Process Automation). Supported versions that are affected are 6.4.3 and 6.5.1. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Transportation Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Transportation Management. CVSS 3.1 Base Score 2... • https://www.oracle.com/security-alerts/cpuoct2022.html •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2022-39411
https://notcve.org/view.php?id=CVE-2022-39411
18 Oct 2022 — Vulnerability in the Oracle Transportation Management product of Oracle Supply Chain (component: Business Process Automation). Supported versions that are affected are 6.4.3 and 6.5.1. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Transportation Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Transportation Management accessible data. CVSS 3.1 Base Sco... • https://www.oracle.com/security-alerts/cpuoct2022.html •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-39420
https://notcve.org/view.php?id=CVE-2022-39420
18 Oct 2022 — Vulnerability in the Oracle Transportation Management product of Oracle Supply Chain (component: Data, Functional Security). Supported versions that are affected are 6.4.3 and 6.5.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Transportation Management. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Transportation Management accessible data as well as unauthorized read... • https://www.oracle.com/security-alerts/cpuoct2022.html •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2022-21480
https://notcve.org/view.php?id=CVE-2022-21480
19 Apr 2022 — Vulnerability in the Oracle Transportation Management product of Oracle Supply Chain (component: User Interface). Supported versions that are affected are 6.4.3 and 6.5.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Transportation Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Transportation Management, attacks may significantly impact additional pro... • https://www.oracle.com/security-alerts/cpuapr2022.html •
CVSS: 5.5EPSS: 23%CPEs: 1EXPL: 1CVE-2021-35616
https://notcve.org/view.php?id=CVE-2021-35616
20 Oct 2021 — Vulnerability in the Oracle Transportation Management product of Oracle Supply Chain (component: UI Infrastructure). The supported version that is affected is 6.4.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Transportation Management. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Transportation Management accessible data as well as unauthorized read access to a subs... • https://github.com/Ofirhamam/OracleOTM •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-2476
https://notcve.org/view.php?id=CVE-2021-2476
20 Oct 2021 — Vulnerability in the Oracle Transportation Management product of Oracle Supply Chain (component: Authentication). The supported version that is affected is 6.4.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Transportation Management. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Transportation Management accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). • https://www.oracle.com/security-alerts/cpuoct2021.html •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-14544
https://notcve.org/view.php?id=CVE-2020-14544
15 Jul 2020 — Vulnerability in the Oracle Transportation Management product of Oracle Supply Chain (component: Data, Domain & Function Security). The supported version that is affected is 6.4.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Transportation Management. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Transportation Management accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impa... • https://www.oracle.com/security-alerts/cpujul2020.html •
CVSS: 7.0EPSS: 93%CPEs: 77EXPL: 19CVE-2020-9484 – tomcat: deserialization flaw in session persistence storage leading to RCE
https://notcve.org/view.php?id=CVE-2020-9484
20 May 2020 — When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the PersistenceManager with a FileStore; and c) the PersistenceManager is configured with sessionAttributeValueClassNameFilter="null" (the default unless a SecurityManager is used) or a sufficiently lax filter to allow the attacker provided object to be deserialized; and d)... • https://packetstorm.news/files/id/157924 • CWE-502: Deserialization of Untrusted Data •
CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 0CVE-2020-2744
https://notcve.org/view.php?id=CVE-2020-2744
15 Apr 2020 — Vulnerability in the Oracle Transportation Management product of Oracle Supply Chain (component: Security). Supported versions that are affected are 6.3.7, 6.4.2 and 6.4.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Transportation Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Transportation Management, attacks may significantly impact additional pro... • https://www.oracle.com/security-alerts/cpuapr2020.html •