Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2020-14745

Summary
Assigner-oracle
Assigner Org ID-43595867-4340-4103-b7a2-9a5208d29a85
Published At-21 Oct, 2020 | 14:04
Updated At-26 Sep, 2024 | 20:29
Rejected At-
Credits

Vulnerability in the Oracle REST Data Services product of Oracle REST Data Services (component: General). Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c; Standalone ORDS: prior to 20.2.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle REST Data Services. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle REST Data Services accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:oracle
Assigner Org ID:43595867-4340-4103-b7a2-9a5208d29a85
Published At:21 Oct, 2020 | 14:04
Updated At:26 Sep, 2024 | 20:29
Rejected At:
▼CVE Numbering Authority (CNA)

Vulnerability in the Oracle REST Data Services product of Oracle REST Data Services (component: General). Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c; Standalone ORDS: prior to 20.2.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle REST Data Services. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle REST Data Services accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).

Affected Products
Vendor
Oracle CorporationOracle Corporation
Product
REST Data Services
Versions
Affected
  • 11.2.0.4
  • 12.1.0.2
  • 12.2.0.1
  • 18c
  • 19c; Standalone ORDS: prior to 20.2.1
Problem Types
TypeCWE IDDescription
textN/AEasily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle REST Data Services. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle REST Data Services accessible data.
Type: text
CWE ID: N/A
Description: Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle REST Data Services. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle REST Data Services accessible data.
Metrics
VersionBase scoreBase severityVector
3.14.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Version: 3.1
Base score: 4.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.oracle.com/security-alerts/cpuoct2020.html
x_refsource_MISC
Hyperlink: https://www.oracle.com/security-alerts/cpuoct2020.html
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.oracle.com/security-alerts/cpuoct2020.html
x_refsource_MISC
x_transferred
Hyperlink: https://www.oracle.com/security-alerts/cpuoct2020.html
Resource:
x_refsource_MISC
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secalert_us@oracle.com
Published At:21 Oct, 2020 | 15:15
Updated At:22 Oct, 2020 | 15:09

Vulnerability in the Oracle REST Data Services product of Oracle REST Data Services (component: General). Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c; Standalone ORDS: prior to 20.2.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle REST Data Services. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle REST Data Services accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.14.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Primary2.04.0MEDIUM
AV:N/AC:L/Au:S/C:P/I:N/A:N
Type: Primary
Version: 3.1
Base score: 4.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Type: Primary
Version: 2.0
Base score: 4.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:S/C:P/I:N/A:N
CPE Matches
Oracle Corporation
oracle
>>rest_data_services>>Versions before 20.2.1(exclusive)
cpe:2.3:a:oracle:rest_data_services:*:*:*:*:standalone:*:*:*
Oracle Corporation
oracle
>>rest_data_services>>11.2.0.4
cpe:2.3:a:oracle:rest_data_services:11.2.0.4:*:*:*:-:*:*:*
Oracle Corporation
oracle
>>rest_data_services>>12.1.0.2
cpe:2.3:a:oracle:rest_data_services:12.1.0.2:*:*:*:-:*:*:*
Oracle Corporation
oracle
>>rest_data_services>>12.2.0.1
cpe:2.3:a:oracle:rest_data_services:12.2.0.1:*:*:*:-:*:*:*
Oracle Corporation
oracle
>>rest_data_services>>18c
cpe:2.3:a:oracle:rest_data_services:18c:*:*:*:-:*:*:*
Oracle Corporation
oracle
>>rest_data_services>>19c
cpe:2.3:a:oracle:rest_data_services:19c:*:*:*:-:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.oracle.com/security-alerts/cpuoct2020.htmlsecalert_us@oracle.com
Patch
Vendor Advisory
Hyperlink: https://www.oracle.com/security-alerts/cpuoct2020.html
Source: secalert_us@oracle.com
Resource:
Patch
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

374Records found
CVE-2021-2326
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-2.7||LOW
EPSS-0.18% / 39.78%
||
7 Day CHG~0.00%
Published-20 Jul, 2021 | 22:43
Updated-26 Sep, 2024 | 14:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Database Vault component of Oracle Database Server. Supported versions that are affected are 12.2.0.1 and 19c. Easily exploitable vulnerability allows high privileged attacker having DBA privilege with network access via Oracle Net to compromise Database Vault. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Database Vault accessible data. CVSS 3.1 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-database_vaultDatabase - Enterprise Edition
CVE-2019-2430
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-6.5||MEDIUM
EPSS-0.37% / 58.16%
||
7 Day CHG~0.00%
Published-16 Jan, 2019 | 19:00
Updated-02 Oct, 2024 | 16:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Argus Safety component of Oracle Health Sciences Applications (subcomponent: Console). Supported versions that are affected are 8.1 and 8.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Argus Safety. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Argus Safety accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-argus_safetyArgus Safety
CVE-2019-2579
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-72.79% / 98.74%
||
7 Day CHG~0.00%
Published-23 Apr, 2019 | 18:16
Updated-02 Oct, 2024 | 15:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle WebCenter Sites accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-webcenter_sitesWebCenter Sites
CVE-2021-2311
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-6.5||MEDIUM
EPSS-0.52% / 66.14%
||
7 Day CHG~0.00%
Published-22 Apr, 2021 | 21:54
Updated-26 Sep, 2024 | 14:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Hospitality Inventory Management product of Oracle Food and Beverage Applications (component: Export to Reporting and Analytics). The supported version that is affected is 9.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Inventory Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Inventory Management accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-hospitality_inventory_managementHospitality Inventory Management
CVE-2021-2301
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-2.7||LOW
EPSS-0.32% / 54.41%
||
7 Day CHG~0.00%
Published-22 Apr, 2021 | 21:54
Updated-26 Sep, 2024 | 14:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N).

Action-Not Available
Vendor-NetApp, Inc.Oracle Corporation
Product-oncommand_insightactive_iq_unified_manageroncommand_workflow_automationmysqlsnapcenterMySQL Server
CVE-2020-13943
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-4.3||MEDIUM
EPSS-9.57% / 92.68%
||
7 Day CHG~0.00%
Published-12 Oct, 2020 | 13:46
Updated-04 Aug, 2024 | 12:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

If an HTTP/2 client connecting to Apache Tomcat 10.0.0-M1 to 10.0.0-M7, 9.0.0.M1 to 9.0.37 or 8.5.0 to 8.5.57 exceeded the agreed maximum number of concurrent streams for a connection (in violation of the HTTP/2 protocol), it was possible that a subsequent request made on that connection could contain HTTP headers - including HTTP/2 pseudo headers - from a previous request rather than the intended headers. This could lead to users seeing responses for unexpected resources.

Action-Not Available
Vendor-n/aThe Apache Software FoundationDebian GNU/LinuxOracle Corporation
Product-instantis_enterprisetrackdebian_linuxtomcatsd-wan_edgeApache Tomcat
CVE-2016-0587
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4||MEDIUM
EPSS-0.17% / 38.05%
||
7 Day CHG~0.00%
Published-21 Jan, 2016 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53, 8.54, and 8.55 allows remote authenticated users to affect confidentiality via unknown vectors related to File Processing.

Action-Not Available
Vendor-n/aOracle Corporation
Product-peoplesoft_enterprise_peopletoolsn/a
CVE-2016-0409
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4||MEDIUM
EPSS-0.17% / 38.05%
||
7 Day CHG~0.00%
Published-21 Jan, 2016 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the PeopleSoft Enterprise HCM Global Payroll Switzerland component in Oracle PeopleSoft Products 9.1 and 9.2 allows remote authenticated users to affect confidentiality via vectors related to Security.

Action-Not Available
Vendor-n/aOracle Corporation
Product-peoplesoft_productsn/a
CVE-2016-0448
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4||MEDIUM
EPSS-0.33% / 55.51%
||
7 Day CHG~0.00%
Published-21 Jan, 2016 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66, and Java SE Embedded 8u65 allows remote authenticated users to affect confidentiality via vectors related to JMX.

Action-Not Available
Vendor-n/aOracle CorporationCanonical Ltd.
Product-jrejdkubuntu_linuxn/a
CVE-2019-2911
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-2.7||LOW
EPSS-0.19% / 40.32%
||
7 Day CHG~0.00%
Published-16 Oct, 2019 | 17:40
Updated-01 Oct, 2024 | 16:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Server product of Oracle MySQL (component: Information Schema). Supported versions that are affected are 5.6.45 and prior, 5.7.27 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N).

Action-Not Available
Vendor-NetApp, Inc.Canonical Ltd.Oracle CorporationFedora Project
Product-ubuntu_linuxsnapcenterfedoraactive_iq_unified_manageroncommand_workflow_automationmysqloncommand_insightMySQL Server
CVE-2016-0407
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-6.5||MEDIUM
EPSS-0.18% / 39.65%
||
7 Day CHG~0.00%
Published-21 Apr, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the PeopleSoft Enterprise HCM component in Oracle PeopleSoft Products 9.1 and 9.2 allows remote authenticated users to affect confidentiality via vectors related to Fusion HR Talent Integration.

Action-Not Available
Vendor-n/aOracle Corporation
Product-peoplesoft_enterprise_human_capital_management_human_resourcesn/a
CVE-2021-2303
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.9||MEDIUM
EPSS-0.84% / 74.26%
||
7 Day CHG~0.00%
Published-22 Apr, 2021 | 21:54
Updated-26 Sep, 2024 | 14:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the OSS Support Tools product of Oracle Support Tools (component: Diagnostic Assistant). The supported version that is affected is Prior to 2.12.41. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise OSS Support Tools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all OSS Support Tools accessible data. CVSS 3.1 Base Score 4.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-oss_support_toolsOSS Support Tools
CVE-2016-0462
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4||MEDIUM
EPSS-0.20% / 41.59%
||
7 Day CHG~0.00%
Published-21 Jan, 2016 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53 and 8.54 allows remote authenticated users to affect confidentiality via unknown vectors related to Multichannel Framework, a different vulnerability than CVE-2015-2650.

Action-Not Available
Vendor-n/aOracle Corporation
Product-peoplesoft_enterprise_peopletoolsn/a
CVE-2016-0643
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-3.3||LOW
EPSS-0.36% / 57.80%
||
7 Day CHG~0.00%
Published-21 Apr, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect confidentiality via vectors related to DML.

Action-Not Available
Vendor-n/aopenSUSEMariaDB FoundationRed Hat, Inc.IBM CorporationDebian GNU/LinuxOracle Corporation
Product-enterprise_linuxleapmysqlmariadbdebian_linuxpowerkvmn/a
CVE-2016-0777
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-67.20% / 98.52%
||
7 Day CHG~0.00%
Published-14 Jan, 2016 | 00:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key.

Action-Not Available
Vendor-n/aOpenBSDSophos Ltd.Apple Inc.Oracle CorporationHP Inc.
Product-unified_threat_managementremote_device_access_virtual_customer_access_systemsolarisopensshunified_threat_management_softwarelinuxmac_os_xn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2021-2358
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.9||MEDIUM
EPSS-0.62% / 69.43%
||
7 Day CHG~0.00%
Published-20 Jul, 2021 | 22:43
Updated-26 Sep, 2024 | 14:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: Rest interfaces for Access Mgr). The supported version that is affected is 11.1.2.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTPS to compromise Oracle Access Manager. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Access Manager accessible data. CVSS 3.1 Base Score 4.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-access_managerAccess Manager
CVE-2016-0427
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4||MEDIUM
EPSS-0.17% / 38.05%
||
7 Day CHG~0.00%
Published-21 Jan, 2016 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control 11.1.0.1, 11.2.0.4, 12.1.0.4, and 12.1.0.5 allows remote authenticated users to affect confidentiality via unknown vectors related to UI Framework.

Action-Not Available
Vendor-n/aOracle Corporation
Product-enterprise_manager_grid_controln/a
CVE-2021-2343
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-0.18% / 39.15%
||
7 Day CHG~0.00%
Published-20 Jul, 2021 | 22:43
Updated-26 Sep, 2024 | 14:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Workflow product of Oracle E-Business Suite (component: Workflow Notification Mailer). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Workflow. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Workflow accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-workflowWorkflow
CVE-2016-0614
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4||MEDIUM
EPSS-0.17% / 38.05%
||
7 Day CHG~0.00%
Published-21 Jan, 2016 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle BI Publisher component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, and 12.2.1.0.0 allows remote authenticated users to affect confidentiality via unknown vectors.

Action-Not Available
Vendor-n/aOracle Corporation
Product-business_intelligence_publishern/a
CVE-2019-2615
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.9||MEDIUM
EPSS-58.34% / 98.14%
||
7 Day CHG~0.00%
Published-23 Apr, 2019 | 18:16
Updated-02 Oct, 2024 | 15:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 4.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-weblogic_serverWebLogic Server
CVE-2019-2913
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5||MEDIUM
EPSS-0.43% / 61.69%
||
7 Day CHG~0.00%
Published-16 Oct, 2019 | 17:40
Updated-01 Oct, 2024 | 16:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via OracleNet to compromise Core RDBMS. While the vulnerability is in Core RDBMS, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Core RDBMS accessible data. CVSS 3.0 Base Score 5.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-database_serverOracle Database
CVE-2021-2386
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-0.16% / 37.19%
||
7 Day CHG~0.00%
Published-20 Jul, 2021 | 22:44
Updated-26 Sep, 2024 | 13:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: Web Access). Supported versions that are affected are 20.12.0-20.12.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Primavera P6 Enterprise Project Portfolio Management accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-primavera_p6_enterprise_project_portfolio_managementPrimavera P6 Enterprise Project Portfolio Management
CVE-2019-2564
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-0.28% / 50.64%
||
7 Day CHG~0.00%
Published-23 Apr, 2019 | 18:16
Updated-02 Oct, 2024 | 15:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Web Runtime). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-jd_edwards_enterpriseone_toolsJD Edwards EnterpriseOne Tools
CVE-2021-2333
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.9||MEDIUM
EPSS-0.59% / 68.61%
||
7 Day CHG~0.00%
Published-20 Jul, 2021 | 22:43
Updated-26 Sep, 2024 | 14:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle XML DB component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Easily exploitable vulnerability allows high privileged attacker having Alter User privilege with network access via Oracle Net to compromise Oracle XML DB. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle XML DB accessible data. CVSS 3.1 Base Score 4.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-xml_databaseDatabase - Enterprise Edition
CVE-2019-2951
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-0.43% / 61.69%
||
7 Day CHG~0.00%
Published-16 Oct, 2019 | 17:40
Updated-01 Oct, 2024 | 16:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the PeopleSoft Enterprise HCM Human Resources product of Oracle PeopleSoft (component: US Federal Specific). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise HCM Human Resources. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise HCM Human Resources accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-peoplesoft_enterprise_human_capital_management_human_resourcesPeopleSoft Enterprise HCM Human Resources
CVE-2015-4828
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4||MEDIUM
EPSS-0.17% / 38.05%
||
7 Day CHG~0.00%
Published-21 Oct, 2015 | 21:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the PeopleSoft Enterprise FSCM component in Oracle PeopleSoft Products 9.2 allows remote authenticated users to affect confidentiality via vectors related to FIN Resource Management (Security).

Action-Not Available
Vendor-n/aOracle Corporation
Product-peoplesoft_productsn/a
CVE-2021-2175
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-2.7||LOW
EPSS-0.43% / 61.96%
||
7 Day CHG~0.00%
Published-22 Apr, 2021 | 00:00
Updated-26 Sep, 2024 | 18:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Database Vault component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having Create Any View, Select Any View privilege with network access via Oracle Net to compromise Database Vault. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Database Vault accessible data. CVSS 3.1 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-database_serverDatabase - Enterprise Edition
CVE-2021-2226
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.9||MEDIUM
EPSS-1.73% / 82.10%
||
7 Day CHG~0.00%
Published-22 Apr, 2021 | 21:53
Updated-26 Sep, 2024 | 14:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.1 Base Score 4.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N).

Action-Not Available
Vendor-NetApp, Inc.Oracle Corporation
Product-oncommand_insightactive_iq_unified_manageroncommand_workflow_automationmysqlsnapcenterMySQL Server
CVE-2021-22134
Matching Score-8
Assigner-Elastic
ShareView Details
Matching Score-8
Assigner-Elastic
CVSS Score-4.3||MEDIUM
EPSS-0.17% / 37.44%
||
7 Day CHG~0.00%
Published-08 Mar, 2021 | 20:40
Updated-03 Aug, 2024 | 18:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A document disclosure flaw was found in Elasticsearch versions after 7.6.0 and before 7.11.0 when Document or Field Level Security is used. Get requests do not properly apply security permissions when executing a query against a recently updated document. This affects documents that have been updated and not yet refreshed in the index. This could result in the search disclosing the existence of documents and fields the attacker should not be able to view.

Action-Not Available
Vendor-Oracle CorporationElasticsearch BV
Product-communications_cloud_native_core_automated_test_suiteelasticsearchElasticsearch
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-863
Incorrect Authorization
CVE-2021-22145
Matching Score-8
Assigner-Elastic
ShareView Details
Matching Score-8
Assigner-Elastic
CVSS Score-6.5||MEDIUM
EPSS-67.93% / 98.55%
||
7 Day CHG~0.00%
Published-21 Jul, 2021 | 11:20
Updated-08 Jul, 2025 | 11:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A memory disclosure vulnerability was identified in Elasticsearch 7.10.0 to 7.13.3 error reporting. A user with the ability to submit arbitrary queries to Elasticsearch could submit a malformed query that would result in an error message returned containing previously used portions of a data buffer. This buffer could contain sensitive information such as Elasticsearch documents or authentication details.

Action-Not Available
Vendor-Oracle CorporationElasticsearch BV
Product-communications_cloud_native_core_automated_test_suiteelasticsearchElasticsearch
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-209
Generation of Error Message Containing Sensitive Information
CVE-2021-2173
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.1||MEDIUM
EPSS-0.46% / 63.51%
||
7 Day CHG~0.00%
Published-22 Apr, 2021 | 00:00
Updated-26 Sep, 2024 | 18:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Recovery component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having DBA Level Account privilege with network access via Oracle Net to compromise Recovery. While the vulnerability is in Recovery, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Recovery accessible data. CVSS 3.1 Base Score 4.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-database_serverDatabase - Enterprise Edition
CVE-2021-2044
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-6.5||MEDIUM
EPSS-0.57% / 68.17%
||
7 Day CHG~0.00%
Published-20 Jan, 2021 | 14:50
Updated-26 Sep, 2024 | 18:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the PeopleSoft Enterprise FIN Payables product of Oracle PeopleSoft (component: Financial Sanctions). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise FIN Payables. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise FIN Payables accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-peoplesoft_enterprise_fin_payablesPeopleSoft Enterprise FIN Payables
CVE-2019-2833
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-7.7||HIGH
EPSS-0.41% / 60.70%
||
7 Day CHG~0.00%
Published-23 Jul, 2019 | 22:31
Updated-01 Oct, 2024 | 16:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Hospitality Simphony component of Oracle Food and Beverage Applications. The supported version that is affected is 18.2.1. Easily exploitable vulnerability allows low privileged attacker having Import/Export privilege with network access via HTTP to compromise Oracle Hospitality Simphony. While the vulnerability is in Oracle Hospitality Simphony, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Simphony accessible data. CVSS 3.0 Base Score 7.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-food_and_beverage_applicationsHospitality Simphony
CVE-2015-4838
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4||MEDIUM
EPSS-0.27% / 50.20%
||
7 Day CHG~0.00%
Published-21 Oct, 2015 | 23:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle JDeveloper component in Oracle Fusion Middleware 11.1.2.4.0, 12.1.2.0.0, and 12.1.3.0.0 allows remote authenticated users to affect confidentiality via vectors related to ADF Faces.

Action-Not Available
Vendor-n/aOracle Corporation
Product-fusion_middlewaren/a
CVE-2015-4804
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4||MEDIUM
EPSS-0.27% / 50.20%
||
7 Day CHG~0.00%
Published-21 Oct, 2015 | 21:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the PeopleSoft Enterprise HCM Talent Acquisition Management component in Oracle PeopleSoft Products 9.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Security.

Action-Not Available
Vendor-n/aOracle Corporation
Product-peoplesoft_productsn/a
CVE-2021-20483
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.27% / 49.62%
||
7 Day CHG~0.00%
Published-16 Jun, 2021 | 16:15
Updated-16 Sep, 2024 | 23:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Identity Manager 6.0.2 is vulnerable to server-side request forgery (SSRF). By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to obtain sensitive data. IBM X-Force ID: 197591.

Action-Not Available
Vendor-Oracle CorporationIBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-security_identity_managersolarislinux_kernelwindowsaixSecurity Identity Manager
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2015-4728
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4||MEDIUM
EPSS-0.17% / 38.05%
||
7 Day CHG~0.00%
Published-16 Jul, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle Sourcing component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, and 12.2.4 allows remote authenticated users to affect confidentiality via unknown vectors related to Bid/Quote creation.

Action-Not Available
Vendor-n/aOracle Corporation
Product-e-business_suiten/a
CVE-2015-4826
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4||MEDIUM
EPSS-0.28% / 50.54%
||
7 Day CHG~0.00%
Published-21 Oct, 2015 | 21:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Types.

Action-Not Available
Vendor-n/aopenSUSEMariaDB FoundationRed Hat, Inc.Fedora ProjectDebian GNU/LinuxOracle CorporationCanonical Ltd.
Product-enterprise_linux_serverenterprise_linux_server_aussolarisenterprise_linux_eusleapmysqlopensusemariadbubuntu_linuxenterprise_linux_desktopfedoraenterprise_linux_server_tusenterprise_linux_workstationdebian_linuxn/a
CVE-2015-4768
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4||MEDIUM
EPSS-0.20% / 41.59%
||
7 Day CHG~0.00%
Published-16 Jul, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.1, 6.2, 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, 6.3.6, and 6.3.7 allows remote authenticated users to affect confidentiality via unknown vectors related to Diagnostics.

Action-Not Available
Vendor-n/aOracle Corporation
Product-supply_chain_products_suiten/a
CVE-2015-4762
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4||MEDIUM
EPSS-0.17% / 38.05%
||
7 Day CHG~0.00%
Published-21 Oct, 2015 | 21:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle Applications DBA component in Oracle E-Business Suite 12.2.3 and 12.2.4 allows remote authenticated users to affect confidentiality via unknown vectors related to Online patching.

Action-Not Available
Vendor-n/aOracle Corporation
Product-e-business_suiten/a
CVE-2015-3646
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4||MEDIUM
EPSS-0.15% / 35.21%
||
7 Day CHG~0.00%
Published-12 May, 2015 | 19:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OpenStack Identity (Keystone) before 2014.1.5 and 2014.2.x before 2014.2.4 logs the backend_argument configuration option content, which allows remote authenticated users to obtain passwords and other sensitive backend information by reading the Keystone logs.

Action-Not Available
Vendor-n/aOpenStackOracle Corporation
Product-keystonesolarisn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2021-2032
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-0.26% / 48.45%
||
7 Day CHG~0.00%
Published-20 Jan, 2021 | 14:50
Updated-26 Sep, 2024 | 18:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Server product of Oracle MySQL (component: Information Schema). Supported versions that are affected are 5.7.32 and prior and 8.0.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).

Action-Not Available
Vendor-MariaDB FoundationNetApp, Inc.Oracle Corporation
Product-mariadboncommand_insightoncommand_workflow_automationmysqlsnapcenterMySQL Server
CVE-2019-2943
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-6.5||MEDIUM
EPSS-0.74% / 72.39%
||
7 Day CHG~0.00%
Published-16 Oct, 2019 | 17:40
Updated-01 Oct, 2024 | 16:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Data Integrator product of Oracle Fusion Middleware (component: Studio). The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Data Integrator. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Data Integrator accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-data_integratorData Integrator
CVE-2021-2110
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5||MEDIUM
EPSS-0.20% / 41.52%
||
7 Day CHG~0.00%
Published-20 Jan, 2021 | 14:50
Updated-26 Sep, 2024 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Argus Safety product of Oracle Health Sciences Applications (component: Letters). The supported version that is affected is 8.2.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Argus Safety. While the vulnerability is in Oracle Argus Safety, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Argus Safety accessible data. CVSS 3.1 Base Score 5.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-argus_safetyArgus Safety
CVE-2023-21827
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-0.21% / 43.02%
||
7 Day CHG~0.00%
Published-17 Jan, 2023 | 23:35
Updated-17 Sep, 2024 | 14:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Database Data Redaction component of Oracle Database Server. Supported versions that are affected are 19c and 21c. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via Oracle Net to compromise Oracle Database Data Redaction. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Database Data Redaction accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-databaseDatabase - Enterprise Edition
CVE-2023-21902
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-0.57% / 68.23%
||
7 Day CHG+0.04%
Published-18 Apr, 2023 | 19:54
Updated-16 Sep, 2024 | 19:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Financial Services Behavior Detection Platform product of Oracle Financial Services Applications (component: Application). The supported version that is affected is 8.0.8.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Behavior Detection Platform. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Financial Services Behavior Detection Platform accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-financial_services_behavior_detection_platformFinancial Services Behavior Detection Platform
CVE-2023-21941
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-0.36% / 57.77%
||
7 Day CHG+0.02%
Published-18 Apr, 2023 | 19:54
Updated-16 Sep, 2024 | 15:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Web Server). Supported versions that are affected are 6.4.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle BI Publisher accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-bi_publisherBI Publisher (formerly XML Publisher)
CVE-2023-21959
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-0.36% / 57.77%
||
7 Day CHG+0.02%
Published-18 Apr, 2023 | 19:54
Updated-16 Sep, 2024 | 15:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle iReceivables product of Oracle E-Business Suite (component: Attachments). Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle iReceivables. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle iReceivables accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-ireceivablesiReceivables
CVE-2023-21997
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-0.36% / 57.77%
||
7 Day CHG+0.02%
Published-18 Apr, 2023 | 19:54
Updated-13 Sep, 2024 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle User Management product of Oracle E-Business Suite (component: Proxy User Delegation). Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle User Management. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle User Management accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-user_managementUser Management
CVE-2023-22009
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-0.27% / 50.14%
||
7 Day CHG~0.00%
Published-18 Jul, 2023 | 20:18
Updated-13 Sep, 2024 | 18:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Self-Service Human Resources product of Oracle E-Business Suite (component: Workforce Management). Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Self-Service Human Resources. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Self-Service Human Resources accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-self-service_human_resourcesSelf-Service Human Resources
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 7
  • 8
  • Next
Details not found