Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2021-2059

Summary
Assigner-oracle
Assigner Org ID-43595867-4340-4103-b7a2-9a5208d29a85
Published At-20 Jan, 2021 | 14:50
Updated At-26 Sep, 2024 | 18:26
Rejected At-
Credits

Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: Web interface). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iStore. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle iStore accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:oracle
Assigner Org ID:43595867-4340-4103-b7a2-9a5208d29a85
Published At:20 Jan, 2021 | 14:50
Updated At:26 Sep, 2024 | 18:26
Rejected At:
▼CVE Numbering Authority (CNA)

Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: Web interface). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iStore. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle iStore accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).

Affected Products
Vendor
Oracle CorporationOracle Corporation
Product
iStore
Versions
Affected
  • 12.1.1-12.1.3
  • 12.2.3-12.2.10
Problem Types
TypeCWE IDDescription
textN/AEasily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iStore. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle iStore accessible data.
Type: text
CWE ID: N/A
Description: Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iStore. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle iStore accessible data.
Metrics
VersionBase scoreBase severityVector
3.15.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Version: 3.1
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.oracle.com/security-alerts/cpujan2021.html
x_refsource_MISC
Hyperlink: https://www.oracle.com/security-alerts/cpujan2021.html
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.oracle.com/security-alerts/cpujan2021.html
x_refsource_MISC
x_transferred
Hyperlink: https://www.oracle.com/security-alerts/cpujan2021.html
Resource:
x_refsource_MISC
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secalert_us@oracle.com
Published At:20 Jan, 2021 | 15:15
Updated At:26 Jan, 2021 | 19:36

Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: Web interface). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iStore. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle iStore accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.15.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
Type: Primary
Version: 3.1
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N
CPE Matches
Oracle Corporation
oracle
>>istore>>Versions from 12.1.1(inclusive) to 12.1.3(inclusive)
cpe:2.3:a:oracle:istore:*:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>istore>>Versions from 12.2.3(inclusive) to 12.2.10(inclusive)
cpe:2.3:a:oracle:istore:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.oracle.com/security-alerts/cpujan2021.htmlsecalert_us@oracle.com
Vendor Advisory
Hyperlink: https://www.oracle.com/security-alerts/cpujan2021.html
Source: secalert_us@oracle.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

492Records found
CVE-2013-2443
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5||MEDIUM
EPSS-3.85% / 87.75%
||
7 Day CHG~0.00%
Published-18 Jun, 2013 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Libraries, a different vulnerability than CVE-2013-2452 and CVE-2013-2455. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is due to an incorrect "checking order" within the AccessControlContext class.

Action-Not Available
Vendor-n/aSun Microsystems (Oracle Corporation)Oracle Corporation
Product-jrejdkn/a
CVE-2002-0565
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-5.92% / 90.27%
||
7 Day CHG~0.00%
Published-11 Jun, 2002 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Oracle 9iAS 1.0.2.x compiles JSP files in the _pages directory with world-readable permissions under the web root, which allows remote attackers to obtain sensitive information derived from the JSP code, including usernames and passwords, via a direct HTTP request to _pages.

Action-Not Available
Vendor-n/aOracle Corporation
Product-application_serverapplication_server_web_cacheoracle9in/a
CVE-2002-1858
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.37% / 57.94%
||
7 Day CHG~0.00%
Published-28 Jun, 2005 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Oracle Oracle9i Application Server 1.0.2.2 and 9.0.2 through 9.0.2.0.1, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing dot ("WEB-INF.").

Action-Not Available
Vendor-n/aOracle Corporation
Product-application_servern/a
CVE-2013-0431
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5.3||MEDIUM
EPSS-91.59% / 99.66%
||
7 Day CHG~0.00%
Published-31 Jan, 2013 | 14:10
Updated-30 Jul, 2025 | 01:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-06-15||Apply updates per vendor instructions.

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, and OpenJDK 7, allows user-assisted remote attackers to bypass the Java security sandbox via unspecified vectors related to JMX, aka "Issue 52," a different vulnerability than CVE-2013-1490.

Action-Not Available
Vendor-n/aOracle Corporation
Product-openjdkjren/aJava Runtime Environment (JRE)
CWE ID-CWE-693
Protection Mechanism Failure
CVE-2019-2836
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-7.5||HIGH
EPSS-1.68% / 81.46%
||
7 Day CHG~0.00%
Published-23 Jul, 2019 | 22:31
Updated-15 Oct, 2024 | 18:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Hospitality Simphony component of Oracle Food and Beverage Applications. The supported version that is affected is 18.2.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Simphony. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Simphony accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-food_and_beverage_applicationsHospitality Simphony
CVE-2013-2437
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5||MEDIUM
EPSS-3.85% / 87.75%
||
7 Day CHG~0.00%
Published-18 Jun, 2013 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Deployment.

Action-Not Available
Vendor-n/aSun Microsystems (Oracle Corporation)Oracle Corporation
Product-jrejdkn/a
CVE-2013-0394
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5||MEDIUM
EPSS-0.32% / 54.49%
||
7 Day CHG~0.00%
Published-17 Jan, 2013 | 01:30
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the PeopleSoft HRMS component in Oracle PeopleSoft Products 9.0 and 9.1 allows remote attackers to affect confidentiality via unknown vectors related to Candidate Gateway.

Action-Not Available
Vendor-n/aOracle Corporation
Product-peoplesoft_productsn/a
CVE-2019-2794
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5.3||MEDIUM
EPSS-0.77% / 72.56%
||
7 Day CHG~0.00%
Published-23 Jul, 2019 | 22:31
Updated-15 Oct, 2024 | 18:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 12.0.1-12.0.3, 12.1.0-12.4.0 and 14.0.0-14.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-flexcube_universal_bankingFLEXCUBE Universal Banking
CVE-2013-2409
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5||MEDIUM
EPSS-0.32% / 54.49%
||
7 Day CHG~0.00%
Published-17 Apr, 2013 | 14:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows remote attackers to affect confidentiality via vectors related to PIA Core Technology.

Action-Not Available
Vendor-n/aOracle Corporation
Product-peoplesoft_enterprise_peopletoolsn/a
CVE-2013-2446
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5||MEDIUM
EPSS-3.48% / 87.12%
||
7 Day CHG~0.00%
Published-18 Jun, 2013 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via vectors related to CORBA. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue does not properly enforce access restrictions for CORBA output streams.

Action-Not Available
Vendor-n/aSun Microsystems (Oracle Corporation)Oracle Corporation
Product-jrejdkn/a
CVE-2013-2456
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5||MEDIUM
EPSS-3.44% / 87.04%
||
7 Day CHG~0.00%
Published-18 Jun, 2013 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Serialization. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper access checks for subclasses in the ObjectOutputStream class.

Action-Not Available
Vendor-n/aSun Microsystems (Oracle Corporation)Oracle Corporation
Product-jrejdkn/a
CVE-2013-2412
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5||MEDIUM
EPSS-3.81% / 87.66%
||
7 Day CHG~0.00%
Published-18 Jun, 2013 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Serviceability. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to insufficient indication of an SSL connection failure by JConsole, related to RMI connection dialog box.

Action-Not Available
Vendor-n/aSun Microsystems (Oracle Corporation)Oracle Corporation
Product-jrejdkn/a
CVE-2013-2447
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5||MEDIUM
EPSS-3.85% / 87.75%
||
7 Day CHG~0.00%
Published-18 Jun, 2013 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Networking. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to obtain a socket's local address via vectors involving inconsistencies between Socket.getLocalAddress and InetAddress.getLocalHost.

Action-Not Available
Vendor-n/aSun Microsystems (Oracle Corporation)Oracle Corporation
Product-jrejdkn/a
CVE-2013-2452
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5||MEDIUM
EPSS-3.85% / 87.75%
||
7 Day CHG~0.00%
Published-18 Jun, 2013 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Libraries, a different vulnerability than CVE-2013-2443 and CVE-2013-2455. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "network address handling in virtual machine identifiers" and the lack of "unique and unpredictable IDs" in the java.rmi.dgc.VMID class.

Action-Not Available
Vendor-n/aSun Microsystems (Oracle Corporation)Oracle Corporation
Product-jrejdkn/a
CVE-2002-1089
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-10.41% / 92.92%
||
7 Day CHG~0.00%
Published-31 Aug, 2002 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

rwcgi60 CGI program in Oracle Reports Server, by design, provides sensitive information such as the full pathname, which could enable remote attackers to use the information in additional attacks.

Action-Not Available
Vendor-n/aOracle Corporation
Product-application_serverreportsn/a
CVE-2013-1561
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5||MEDIUM
EPSS-0.58% / 68.04%
||
7 Day CHG~0.00%
Published-17 Apr, 2013 | 15:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and JavaFX 2.2.7 and earlier allows remote attackers to affect confidentiality via unknown vectors related to JavaFX.

Action-Not Available
Vendor-n/aOracle Corporation
Product-javafxjdkjren/a
CVE-2019-2935
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5.3||MEDIUM
EPSS-0.84% / 73.73%
||
7 Day CHG~0.00%
Published-16 Oct, 2019 | 17:40
Updated-15 Oct, 2024 | 18:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Siebel UI Framework product of Oracle Siebel CRM (component: EAI). Supported versions that are affected are 19.8 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel UI Framework. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Siebel UI Framework accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-siebel_ui_frameworkSiebel UI Framework
CVE-2022-22976
Matching Score-8
Assigner-VMware by Broadcom
ShareView Details
Matching Score-8
Assigner-VMware by Broadcom
CVSS Score-5.3||MEDIUM
EPSS-0.36% / 57.76%
||
7 Day CHG~0.00%
Published-19 May, 2022 | 14:50
Updated-03 Aug, 2024 | 03:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Spring Security versions 5.5.x prior to 5.5.7, 5.6.x prior to 5.6.4, and earlier unsupported versions contain an integer overflow vulnerability. When using the BCrypt class with the maximum work factor (31), the encoder does not perform any salt rounds, due to an integer overflow error. The default settings are not affected by this CVE.

Action-Not Available
Vendor-n/aVMware (Broadcom Inc.)NetApp, Inc.Oracle Corporation
Product-financial_services_crime_and_compliance_management_studiospring_securityactive_iq_unified_managerSpring Security
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2013-1535
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5||MEDIUM
EPSS-0.32% / 54.49%
||
7 Day CHG~0.00%
Published-17 Apr, 2013 | 12:10
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 2.8.0 through 4.1.0, 5.1.0, 5.2.0, 5.3.4, and 6.0.1 allows remote attackers to affect confidentiality via vectors related to BASE.

Action-Not Available
Vendor-n/aOracle Corporation
Product-financial_services_softwaren/a
CVE-2013-1510
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5||MEDIUM
EPSS-0.32% / 54.49%
||
7 Day CHG~0.00%
Published-17 Apr, 2013 | 05:04
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect confidentiality via unknown vectors related to Portal Framework, a different vulnerability than CVE-2015-0419.

Action-Not Available
Vendor-n/aOracle Corporation
Product-siebel_crmn/a
CVE-2022-22473
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-3.7||LOW
EPSS-0.09% / 25.89%
||
7 Day CHG~0.00%
Published-14 Jul, 2022 | 16:25
Updated-16 Sep, 2024 | 16:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to obtain sensitive information caused by improper handling of Administrative Console data. This information could be used in further attacks against the system. IBM X-Force ID: 225347.

Action-Not Available
Vendor-Microsoft CorporationHP Inc.IBM CorporationLinux Kernel Organization, IncOracle Corporation
Product-solarislinux_kernelwebsphere_application_serverihp-uxwindowsz\/osaixWebSphere Application Server
CVE-2022-21387
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5.3||MEDIUM
EPSS-0.77% / 72.56%
||
7 Day CHG~0.00%
Published-19 Jan, 2022 | 11:26
Updated-24 Sep, 2024 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Commerce Platform product of Oracle Commerce (component: Dynamo Application Framework). Supported versions that are affected are 11.3.0, 11.3.1 and 11.3.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Platform. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Commerce Platform accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-commerce_platformCommerce Platform
CVE-2022-21602
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5.3||MEDIUM
EPSS-0.65% / 69.92%
||
7 Day CHG~0.00%
Published-18 Oct, 2022 | 00:00
Updated-24 Sep, 2024 | 15:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal). Supported versions that are affected are 8.58, 8.59 and 8.60. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-peoplesoft_enterprisePeopleSoft Enterprise PT PeopleTools
CVE-2022-21597
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5.3||MEDIUM
EPSS-0.61% / 68.78%
||
7 Day CHG~0.00%
Published-18 Oct, 2022 | 00:00
Updated-24 Sep, 2024 | 19:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaScript). Supported versions that are affected are Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle GraalVM Enterprise Edition accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-graalvmGraalVM Enterprise Edition
CVE-2022-21266
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-7.5||HIGH
EPSS-2.23% / 83.86%
||
7 Day CHG~0.00%
Published-19 Jan, 2022 | 11:22
Updated-24 Sep, 2024 | 20:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Pipeline Manager). Supported versions that are affected are 12.0.0.3 and 12.0.0.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Billing and Revenue Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Billing and Revenue Management accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-communications_billing_and_revenue_managementCommunications Billing and Revenue Management
CVE-2022-21296
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5.3||MEDIUM
EPSS-0.30% / 52.45%
||
7 Day CHG~0.00%
Published-19 Jan, 2022 | 11:23
Updated-03 Aug, 2024 | 02:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).

Action-Not Available
Vendor-Debian GNU/LinuxNetApp, Inc.Oracle Corporation
Product-openjdkactive_iq_unified_managerjdkcloud_insights_acquisition_unitoncommand_workflow_automationsolidfiresantricity_unified_managerdebian_linuxgraalvmsnapmanagerhci_management_nodejree-series_santricity_os_controller7-mode_transition_toole-series_santricity_storage_managere-series_santricity_web_servicescloud_secure_agentsantricity_storage_pluginoncommand_insightJava SE JDK and JRE
CVE-2022-21466
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-7.5||HIGH
EPSS-1.18% / 77.87%
||
7 Day CHG~0.00%
Published-19 Apr, 2022 | 20:38
Updated-24 Sep, 2024 | 20:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Commerce Guided Search product of Oracle Commerce (component: Tools and Frameworks). The supported version that is affected is 11.3.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Guided Search. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Commerce Guided Search accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-commerce_guided_searchCommerce Guided Search / Oracle Commerce Experience Manager
CVE-2022-21476
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-7.5||HIGH
EPSS-0.14% / 35.52%
||
7 Day CHG-0.00%
Published-19 Apr, 2022 | 20:38
Updated-03 Aug, 2024 | 02:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

Action-Not Available
Vendor-azulDebian GNU/LinuxNetApp, Inc.Oracle Corporation
Product-bootstrap_osopenjdkactive_iq_unified_managercloud_insights_acquisition_unitjdkhci_compute_nodeelement_softwaresolidfiresantricity_unified_managerdebian_linuxgraalvmzuluhci_management_nodee-series_santricity_os_controllere-series_santricity_storage_managere-series_santricity_web_servicescloud_secure_agentoncommand_insightJava SE JDK and JRE
CVE-2022-21421
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-7.5||HIGH
EPSS-4.29% / 88.42%
||
7 Day CHG~0.00%
Published-19 Apr, 2022 | 20:37
Updated-24 Sep, 2024 | 20:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Web General). Supported versions that are affected are 5.5.0.0.0, 5.9.0.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-business_intelligenceBusiness Intelligence Enterprise Edition
CVE-2017-10186
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5.3||MEDIUM
EPSS-0.56% / 67.42%
||
7 Day CHG~0.00%
Published-08 Aug, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle iStore component of Oracle E-Business Suite (subcomponent: User and Company Profile). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iStore. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle iStore accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-istoreiStore
CVE-2022-21500
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-7.5||HIGH
EPSS-93.93% / 99.87%
||
7 Day CHG~0.00%
Published-19 May, 2022 | 23:55
Updated-24 Sep, 2024 | 20:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in Oracle E-Business Suite (component: Manage Proxies). The supported version that is affected is 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle E-Business Suite. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle E-Business Suite accessible data. Note: Authentication is required for successful attack, however the user may be self-registered. <br> <br>Oracle E-Business Suite 12.1 is not impacted by this vulnerability. Customers should refer to the Patch Availability Document for details. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-user_managemente-business_suiteUser Management
CVE-2022-21346
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-7.5||HIGH
EPSS-3.86% / 87.77%
||
7 Day CHG~0.00%
Published-19 Jan, 2022 | 11:25
Updated-24 Sep, 2024 | 20:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: BI Publisher Security). Supported versions that are affected are 5.5.0.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle BI Publisher accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-bi_publisherBI Publisher (formerly XML Publisher)
CVE-2022-21364
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5.3||MEDIUM
EPSS-0.94% / 75.33%
||
7 Day CHG~0.00%
Published-19 Jan, 2022 | 11:25
Updated-24 Sep, 2024 | 20:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Weblogic). Supported versions that are affected are 8.57, 8.58 and 8.59. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-peoplesoft_enterprise_peopletoolsPeopleSoft Enterprise PT PeopleTools
CVE-2016-0457
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5||MEDIUM
EPSS-0.56% / 67.40%
||
7 Day CHG~0.00%
Published-21 Jan, 2016 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Application Mgmt Pack for E-Business Suite component in Oracle E-Business Suite 12.1 and 12.2 allows remote attackers to affect confidentiality via vectors related to REST Framework, a different vulnerability than CVE-2016-0456. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this issue is an XML External Entity (XXE) vulnerability, which allows remote attackers to read arbitrary files, cause a denial of service, conduct server-side request forgery (SSRF) attacks, or conduct SMB Relay attacks via a crafted DTD in an XML request to OA_HTML/lcmServiceController.jsp.

Action-Not Available
Vendor-n/aOracle Corporation
Product-e-business_suiten/a
CVE-2022-21300
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-7.5||HIGH
EPSS-2.23% / 83.86%
||
7 Day CHG~0.00%
Published-19 Jan, 2022 | 11:23
Updated-24 Sep, 2024 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the PeopleSoft Enterprise CS SA Integration Pack product of Oracle PeopleSoft (component: Snapshot Integration). Supported versions that are affected are 9.0 and 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise CS SA Integration Pack. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise CS SA Integration Pack accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-peoplesoft_enterprise_cs_sa_integration_packPeopleSoft Enterprise CS SA Integration Pack
CVE-2022-21371
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-7.5||HIGH
EPSS-94.16% / 99.91%
||
7 Day CHG~0.00%
Published-19 Jan, 2022 | 11:26
Updated-24 Sep, 2024 | 20:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Container). Supported versions that are affected are 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-weblogic_serverWebLogic Server
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2022-21540
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5.3||MEDIUM
EPSS-0.44% / 62.29%
||
7 Day CHG~0.00%
Published-19 Jul, 2022 | 00:00
Updated-03 Aug, 2024 | 02:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2 and 22.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).

Action-Not Available
Vendor-azulDebian GNU/LinuxNetApp, Inc.Oracle CorporationFedora Project
Product-openjdkdebian_linuxgraalvmzulujrehci_management_nodefedora7-mode_transition_toolactive_iq_unified_managerjdkcloud_insights_acquisition_unitcloud_secure_agenthci_compute_nodesolidfireoncommand_insightJava SE JDK and JRE
CVE-2022-21292
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-7.5||HIGH
EPSS-4.67% / 88.91%
||
7 Day CHG~0.00%
Published-19 Jan, 2022 | 11:23
Updated-24 Sep, 2024 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Samples). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-weblogic_serverWebLogic Server
CVE-2022-21282
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5.3||MEDIUM
EPSS-0.30% / 52.45%
||
7 Day CHG~0.00%
Published-19 Jan, 2022 | 11:23
Updated-03 Aug, 2024 | 02:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).

Action-Not Available
Vendor-Debian GNU/LinuxNetApp, Inc.Oracle Corporation
Product-openjdkactive_iq_unified_managerjdkcloud_insights_acquisition_unitoncommand_workflow_automationsolidfiresantricity_unified_managerdebian_linuxgraalvmsnapmanagerhci_management_nodejree-series_santricity_os_controller7-mode_transition_toole-series_santricity_storage_managere-series_santricity_web_servicescloud_secure_agentsantricity_storage_pluginoncommand_insightJava SE JDK and JRE
CVE-2017-10118
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-7.5||HIGH
EPSS-0.45% / 62.53%
||
7 Day CHG~0.00%
Published-08 Aug, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

Action-Not Available
Vendor-Debian GNU/LinuxOracle CorporationNetApp, Inc.Phoenix Contact GmbH & Co. KG
Product-oncommand_unified_manageroncommand_balanceplug-in_for_symantec_netbackupjdkactive_iq_unified_managersteelstore_cloud_integrated_storagedebian_linuxcloud_backuponcommand_insightvasa_provider_for_clustered_data_ontapfl_mguard_dmoncommand_performance_managerjreelement_softwaresnapmanagervirtual_storage_consoleoncommand_shifte-series_santricity_storage_managerstorage_replication_adapter_for_clustered_data_ontapjrockite-series_santricity_os_controllerJava
CVE-2021-45485
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.38% / 58.75%
||
7 Day CHG~0.00%
Published-25 Dec, 2021 | 01:05
Updated-04 Aug, 2024 | 04:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6/output_core.c has an information leak because of certain use of a hash table which, although big, doesn't properly consider that IPv6-based attackers can typically choose among many IPv6 source addresses.

Action-Not Available
Vendor-n/aNetApp, Inc.Linux Kernel Organization, IncOracle Corporation
Product-solidfire_\&_hci_management_nodeh300s_firmwareh410c_firmwareaff_a400_firmwareh410sh610s_firmwareh300shci_compute_nodefabric-attached_storage_a400_firmwareall_flash_fabric-attached_storage_8300_firmwarecommunications_cloud_native_core_policyh300e_firmwareh610sh500ee-series_santricity_os_controllerh500s_firmwareh500e_firmwarecommunications_cloud_native_core_binding_support_functionh700ehci_compute_node_firmwareh610c_firmwareh610ch300eh500sh615c_firmwareall_flash_fabric-attached_storage_8700communications_cloud_native_core_network_exposure_functionall_flash_fabric-attached_storage_8300fabric-attached_storage_8700_firmwarefabric-attached_storage_8300all_flash_fabric-attached_storage_8700_firmwarelinux_kernelh410s_firmwareh700s_firmwareaff_a400h615cfabric-attached_storage_8300_firmwaresolidfire\,_enterprise_sds_\&_hci_storage_nodefabric-attached_storage_a400h410ch700e_firmwareh700sfabric-attached_storage_8700brocade_fabric_operating_system_firmwaren/a
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2017-10154
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5.3||MEDIUM
EPSS-0.51% / 65.32%
||
7 Day CHG~0.00%
Published-19 Oct, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Access Manager component of Oracle Fusion Middleware (subcomponent: Web Server Plugin). The supported version that is affected is 11.1.2.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Access Manager accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-access_managerAccess Manager
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-10280
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-6.5||MEDIUM
EPSS-0.73% / 71.78%
||
7 Day CHG~0.00%
Published-19 Oct, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Test Framework). Supported versions that are affected are 8.54, 8.55 and 8.56. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-peoplesoft_enterprise_peopletoolsPeopleSoft Enterprise PT PeopleTools
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-10093
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5.3||MEDIUM
EPSS-0.42% / 60.83%
||
7 Day CHG~0.00%
Published-08 Aug, 2017 | 15:00
Updated-08 May, 2025 | 18:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain Products Suite (subcomponent: Security). Supported versions that are affected are 9.3.5 and 9.3.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Agile PLM accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-agile_product_lifecycle_managementAgile PLM Framework
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-10176
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-7.5||HIGH
EPSS-1.47% / 80.15%
||
7 Day CHG~0.00%
Published-08 Aug, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

Action-Not Available
Vendor-Debian GNU/LinuxOracle CorporationNetApp, Inc.Phoenix Contact GmbH & Co. KG
Product-oncommand_unified_manageroncommand_balanceplug-in_for_symantec_netbackupjdkactive_iq_unified_managersteelstore_cloud_integrated_storagedebian_linuxcloud_backuponcommand_insightvasa_provider_for_clustered_data_ontapfl_mguard_dmoncommand_performance_managerjreelement_softwaresnapmanagervirtual_storage_consoleoncommand_shifte-series_santricity_storage_managerstorage_replication_adapter_for_clustered_data_ontapjrockite-series_santricity_os_controllerJava
CVE-2017-10115
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-7.5||HIGH
EPSS-0.24% / 47.57%
||
7 Day CHG~0.00%
Published-08 Aug, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

Action-Not Available
Vendor-Debian GNU/LinuxRed Hat, Inc.Oracle CorporationNetApp, Inc.Phoenix Contact GmbH & Co. KG
Product-enterprise_linux_desktoponcommand_unified_manageroncommand_balanceplug-in_for_symantec_netbackupenterprise_linux_server_tusenterprise_linux_eusenterprise_linux_workstationjdkactive_iq_unified_managersatellitesteelstore_cloud_integrated_storagedebian_linuxenterprise_linux_servercloud_backupenterprise_linux_server_ausoncommand_insightvasa_provider_for_clustered_data_ontapfl_mguard_dmoncommand_performance_managerjreelement_softwaresnapmanagervirtual_storage_consoleoncommand_shifte-series_santricity_storage_managerstorage_replication_adapter_for_clustered_data_ontapjrockite-series_santricity_os_controllerJava
CVE-2025-30758
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 8.92%
||
7 Day CHG~0.00%
Published-15 Jul, 2025 | 19:27
Updated-29 Jul, 2025 | 17:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Siebel CRM End User product of Oracle Siebel CRM (component: User Interface). Supported versions that are affected are 25.0-25.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel CRM End User. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Siebel CRM End User accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-siebel_crm_deploymentSiebel CRM End User
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-10310
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-7.5||HIGH
EPSS-2.01% / 82.98%
||
7 Day CHG~0.00%
Published-19 Oct, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Hyperion Financial Reporting component of Oracle Hyperion (subcomponent: Security Models). The supported version that is affected is 11.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hyperion Financial Reporting. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hyperion Financial Reporting accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-hyperion_financial_reportingHyperion Financial Reporting
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-10328
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-7.5||HIGH
EPSS-1.74% / 81.75%
||
7 Day CHG~0.00%
Published-19 Oct, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Diagnostics). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Application Object Library accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-application_object_libraryApplication Object Library
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-10332
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-7.5||HIGH
EPSS-1.74% / 81.75%
||
7 Day CHG~0.00%
Published-19 Oct, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Universal Work Queue component of Oracle E-Business Suite (subcomponent: Administration). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Universal Work Queue. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Universal Work Queue accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-universal_work_queueUniversal Work Queue
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
  • Previous
  • 1
  • 2
  • ...
  • 6
  • 7
  • 8
  • 9
  • 10
  • Next
Details not found