Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2021-23839

Summary
Assigner-openssl
Assigner Org ID-3a12439a-ef3a-4c79-92e6-6081a721f1e5
Published At-16 Feb, 2021 | 16:55
Updated At-17 Sep, 2024 | 03:59
Rejected At-
Credits

Incorrect SSLv2 rollback protection

OpenSSL 1.0.2 supports SSLv2. If a client attempts to negotiate SSLv2 with a server that is configured to support both SSLv2 and more recent SSL and TLS versions then a check is made for a version rollback attack when unpadding an RSA signature. Clients that support SSL or TLS versions greater than SSLv2 are supposed to use a special form of padding. A server that supports greater than SSLv2 is supposed to reject connection attempts from a client where this special form of padding is present, because this indicates that a version rollback has occurred (i.e. both client and server support greater than SSLv2, and yet this is the version that is being requested). The implementation of this padding check inverted the logic so that the connection attempt is accepted if the padding is present, and rejected if it is absent. This means that such as server will accept a connection if a version rollback attack has occurred. Further the server will erroneously reject a connection if a normal SSLv2 connection attempt is made. Only OpenSSL 1.0.2 servers from version 1.0.2s to 1.0.2x are affected by this issue. In order to be vulnerable a 1.0.2 server must: 1) have configured SSLv2 support at compile time (this is off by default), 2) have configured SSLv2 support at runtime (this is off by default), 3) have configured SSLv2 ciphersuites (these are not in the default ciphersuite list) OpenSSL 1.1.1 does not have SSLv2 support and therefore is not vulnerable to this issue. The underlying error is in the implementation of the RSA_padding_check_SSLv23() function. This also affects the RSA_SSLV23_PADDING padding mode used by various other functions. Although 1.1.1 does not support SSLv2 the RSA_padding_check_SSLv23() function still exists, as does the RSA_SSLV23_PADDING padding mode. Applications that directly call that function or use that padding mode will encounter this issue. However since there is no support for the SSLv2 protocol in 1.1.1 this is considered a bug and not a security issue in that version. OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.0.2y (Affected 1.0.2s-1.0.2x).

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:openssl
Assigner Org ID:3a12439a-ef3a-4c79-92e6-6081a721f1e5
Published At:16 Feb, 2021 | 16:55
Updated At:17 Sep, 2024 | 03:59
Rejected At:
▼CVE Numbering Authority (CNA)
Incorrect SSLv2 rollback protection

OpenSSL 1.0.2 supports SSLv2. If a client attempts to negotiate SSLv2 with a server that is configured to support both SSLv2 and more recent SSL and TLS versions then a check is made for a version rollback attack when unpadding an RSA signature. Clients that support SSL or TLS versions greater than SSLv2 are supposed to use a special form of padding. A server that supports greater than SSLv2 is supposed to reject connection attempts from a client where this special form of padding is present, because this indicates that a version rollback has occurred (i.e. both client and server support greater than SSLv2, and yet this is the version that is being requested). The implementation of this padding check inverted the logic so that the connection attempt is accepted if the padding is present, and rejected if it is absent. This means that such as server will accept a connection if a version rollback attack has occurred. Further the server will erroneously reject a connection if a normal SSLv2 connection attempt is made. Only OpenSSL 1.0.2 servers from version 1.0.2s to 1.0.2x are affected by this issue. In order to be vulnerable a 1.0.2 server must: 1) have configured SSLv2 support at compile time (this is off by default), 2) have configured SSLv2 support at runtime (this is off by default), 3) have configured SSLv2 ciphersuites (these are not in the default ciphersuite list) OpenSSL 1.1.1 does not have SSLv2 support and therefore is not vulnerable to this issue. The underlying error is in the implementation of the RSA_padding_check_SSLv23() function. This also affects the RSA_SSLV23_PADDING padding mode used by various other functions. Although 1.1.1 does not support SSLv2 the RSA_padding_check_SSLv23() function still exists, as does the RSA_SSLV23_PADDING padding mode. Applications that directly call that function or use that padding mode will encounter this issue. However since there is no support for the SSLv2 protocol in 1.1.1 this is considered a bug and not a security issue in that version. OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.0.2y (Affected 1.0.2s-1.0.2x).

Affected Products
Vendor
OpenSSLOpenSSL
Product
OpenSSL
Versions
Affected
  • Fixed in OpenSSL 1.0.2y (Affected 1.0.2s-1.0.2x)
Problem Types
TypeCWE IDDescription
textN/ARollback attack
Type: text
CWE ID: N/A
Description: Rollback attack
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
unknown
url:
https://www.openssl.org/policies/secpolicy.html#Low
lang:
eng
value:
Low
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
D. Katz and Joel Luellwitz (Trustwave)
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.openssl.org/news/secadv/20210216.txt
N/A
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=30919ab80a478f2d81f2e9acdcca3fa4740cd547
N/A
https://www.oracle.com/security-alerts/cpuApr2021.html
N/A
https://security.netapp.com/advisory/ntap-20210219-0009/
N/A
https://www.oracle.com//security-alerts/cpujul2021.html
N/A
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44846
N/A
https://www.oracle.com/security-alerts/cpuoct2021.html
N/A
https://www.oracle.com/security-alerts/cpuapr2022.html
N/A
https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf
N/A
https://security.netapp.com/advisory/ntap-20240621-0006/
N/A
Hyperlink: https://www.openssl.org/news/secadv/20210216.txt
Resource: N/A
Hyperlink: https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=30919ab80a478f2d81f2e9acdcca3fa4740cd547
Resource: N/A
Hyperlink: https://www.oracle.com/security-alerts/cpuApr2021.html
Resource: N/A
Hyperlink: https://security.netapp.com/advisory/ntap-20210219-0009/
Resource: N/A
Hyperlink: https://www.oracle.com//security-alerts/cpujul2021.html
Resource: N/A
Hyperlink: https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44846
Resource: N/A
Hyperlink: https://www.oracle.com/security-alerts/cpuoct2021.html
Resource: N/A
Hyperlink: https://www.oracle.com/security-alerts/cpuapr2022.html
Resource: N/A
Hyperlink: https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf
Resource: N/A
Hyperlink: https://security.netapp.com/advisory/ntap-20240621-0006/
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.openssl.org/news/secadv/20210216.txt
x_transferred
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=30919ab80a478f2d81f2e9acdcca3fa4740cd547
x_transferred
https://www.oracle.com/security-alerts/cpuApr2021.html
x_transferred
https://security.netapp.com/advisory/ntap-20210219-0009/
x_transferred
https://www.oracle.com//security-alerts/cpujul2021.html
x_transferred
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44846
x_transferred
https://www.oracle.com/security-alerts/cpuoct2021.html
x_transferred
https://www.oracle.com/security-alerts/cpuapr2022.html
x_transferred
https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf
x_transferred
https://security.netapp.com/advisory/ntap-20240621-0006/
x_transferred
Hyperlink: https://www.openssl.org/news/secadv/20210216.txt
Resource:
x_transferred
Hyperlink: https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=30919ab80a478f2d81f2e9acdcca3fa4740cd547
Resource:
x_transferred
Hyperlink: https://www.oracle.com/security-alerts/cpuApr2021.html
Resource:
x_transferred
Hyperlink: https://security.netapp.com/advisory/ntap-20210219-0009/
Resource:
x_transferred
Hyperlink: https://www.oracle.com//security-alerts/cpujul2021.html
Resource:
x_transferred
Hyperlink: https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44846
Resource:
x_transferred
Hyperlink: https://www.oracle.com/security-alerts/cpuoct2021.html
Resource:
x_transferred
Hyperlink: https://www.oracle.com/security-alerts/cpuapr2022.html
Resource:
x_transferred
Hyperlink: https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf
Resource:
x_transferred
Hyperlink: https://security.netapp.com/advisory/ntap-20240621-0006/
Resource:
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:openssl-security@openssl.org
Published At:16 Feb, 2021 | 17:15
Updated At:21 Jun, 2024 | 19:15

OpenSSL 1.0.2 supports SSLv2. If a client attempts to negotiate SSLv2 with a server that is configured to support both SSLv2 and more recent SSL and TLS versions then a check is made for a version rollback attack when unpadding an RSA signature. Clients that support SSL or TLS versions greater than SSLv2 are supposed to use a special form of padding. A server that supports greater than SSLv2 is supposed to reject connection attempts from a client where this special form of padding is present, because this indicates that a version rollback has occurred (i.e. both client and server support greater than SSLv2, and yet this is the version that is being requested). The implementation of this padding check inverted the logic so that the connection attempt is accepted if the padding is present, and rejected if it is absent. This means that such as server will accept a connection if a version rollback attack has occurred. Further the server will erroneously reject a connection if a normal SSLv2 connection attempt is made. Only OpenSSL 1.0.2 servers from version 1.0.2s to 1.0.2x are affected by this issue. In order to be vulnerable a 1.0.2 server must: 1) have configured SSLv2 support at compile time (this is off by default), 2) have configured SSLv2 support at runtime (this is off by default), 3) have configured SSLv2 ciphersuites (these are not in the default ciphersuite list) OpenSSL 1.1.1 does not have SSLv2 support and therefore is not vulnerable to this issue. The underlying error is in the implementation of the RSA_padding_check_SSLv23() function. This also affects the RSA_SSLV23_PADDING padding mode used by various other functions. Although 1.1.1 does not support SSLv2 the RSA_padding_check_SSLv23() function still exists, as does the RSA_SSLV23_PADDING padding mode. Applications that directly call that function or use that padding mode will encounter this issue. However since there is no support for the SSLv2 protocol in 1.1.1 this is considered a bug and not a security issue in that version. OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.0.2y (Affected 1.0.2s-1.0.2x).

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.13.7LOW
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
Primary2.04.3MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Type: Primary
Version: 3.1
Base score: 3.7
Base severity: LOW
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
Type: Primary
Version: 2.0
Base score: 4.3
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
CPE Matches
OpenSSL
openssl
>>openssl>>Versions from 1.0.2s(inclusive) to 1.0.2x(inclusive)
cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>business_intelligence>>5.5.0.0.0
cpe:2.3:a:oracle:business_intelligence:5.5.0.0.0:*:*:*:enterprise:*:*:*
Oracle Corporation
oracle
>>business_intelligence>>5.9.0.0.0
cpe:2.3:a:oracle:business_intelligence:5.9.0.0.0:*:*:*:enterprise:*:*:*
Oracle Corporation
oracle
>>business_intelligence>>12.2.1.3.0
cpe:2.3:a:oracle:business_intelligence:12.2.1.3.0:*:*:*:enterprise:*:*:*
Oracle Corporation
oracle
>>business_intelligence>>12.2.1.4.0
cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:*:*:*:enterprise:*:*:*
Oracle Corporation
oracle
>>enterprise_manager_for_storage_management>>13.4.0.0
cpe:2.3:a:oracle:enterprise_manager_for_storage_management:13.4.0.0:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>enterprise_manager_ops_center>>12.4.0.0
cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>graalvm>>19.3.5
cpe:2.3:a:oracle:graalvm:19.3.5:*:*:*:enterprise:*:*:*
Oracle Corporation
oracle
>>graalvm>>20.3.1.2
cpe:2.3:a:oracle:graalvm:20.3.1.2:*:*:*:community:*:*:*
Oracle Corporation
oracle
>>graalvm>>21.0.0.2
cpe:2.3:a:oracle:graalvm:21.0.0.2:*:*:*:community:*:*:*
Oracle Corporation
oracle
>>jd_edwards_world_security>>a9.4
cpe:2.3:a:oracle:jd_edwards_world_security:a9.4:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>zfs_storage_appliance_kit>>8.8
cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*
Siemens AG
siemens
>>sinec_ins>>Versions before 1.0(exclusive)
cpe:2.3:a:siemens:sinec_ins:*:*:*:*:*:*:*:*
Siemens AG
siemens
>>sinec_ins>>1.0
cpe:2.3:a:siemens:sinec_ins:1.0:-:*:*:*:*:*:*
Siemens AG
siemens
>>sinec_ins>>1.0
cpe:2.3:a:siemens:sinec_ins:1.0:sp1:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-327Primarynvd@nist.gov
CWE ID: CWE-327
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdfopenssl-security@openssl.org
Patch
Third Party Advisory
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=30919ab80a478f2d81f2e9acdcca3fa4740cd547openssl-security@openssl.org
N/A
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44846openssl-security@openssl.org
Third Party Advisory
https://security.netapp.com/advisory/ntap-20210219-0009/openssl-security@openssl.org
Third Party Advisory
https://security.netapp.com/advisory/ntap-20240621-0006/openssl-security@openssl.org
N/A
https://www.openssl.org/news/secadv/20210216.txtopenssl-security@openssl.org
Vendor Advisory
https://www.oracle.com//security-alerts/cpujul2021.htmlopenssl-security@openssl.org
Patch
Third Party Advisory
https://www.oracle.com/security-alerts/cpuApr2021.htmlopenssl-security@openssl.org
Patch
Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2022.htmlopenssl-security@openssl.org
Patch
Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2021.htmlopenssl-security@openssl.org
Patch
Third Party Advisory
Hyperlink: https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf
Source: openssl-security@openssl.org
Resource:
Patch
Third Party Advisory
Hyperlink: https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=30919ab80a478f2d81f2e9acdcca3fa4740cd547
Source: openssl-security@openssl.org
Resource: N/A
Hyperlink: https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44846
Source: openssl-security@openssl.org
Resource:
Third Party Advisory
Hyperlink: https://security.netapp.com/advisory/ntap-20210219-0009/
Source: openssl-security@openssl.org
Resource:
Third Party Advisory
Hyperlink: https://security.netapp.com/advisory/ntap-20240621-0006/
Source: openssl-security@openssl.org
Resource: N/A
Hyperlink: https://www.openssl.org/news/secadv/20210216.txt
Source: openssl-security@openssl.org
Resource:
Vendor Advisory
Hyperlink: https://www.oracle.com//security-alerts/cpujul2021.html
Source: openssl-security@openssl.org
Resource:
Patch
Third Party Advisory
Hyperlink: https://www.oracle.com/security-alerts/cpuApr2021.html
Source: openssl-security@openssl.org
Resource:
Patch
Third Party Advisory
Hyperlink: https://www.oracle.com/security-alerts/cpuapr2022.html
Source: openssl-security@openssl.org
Resource:
Patch
Third Party Advisory
Hyperlink: https://www.oracle.com/security-alerts/cpuoct2021.html
Source: openssl-security@openssl.org
Resource:
Patch
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

665Records found
CVE-2011-3513
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-0.50% / 65.35%
||
7 Day CHG~0.00%
Published-18 Oct, 2011 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.2, and 12.1.3 allows remote attackers to affect integrity, related to HTML Pages.

Action-Not Available
Vendor-n/aOracle Corporation
Product-e-business_suiten/a
CVE-2016-5554
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-2.02% / 83.41%
||
7 Day CHG~0.00%
Published-25 Oct, 2016 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect integrity via vectors related to JMX.

Action-Not Available
Vendor-n/aOracle Corporation
Product-jrejdkn/a
CVE-2016-5542
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-3.1||LOW
EPSS-2.02% / 83.41%
||
7 Day CHG~0.00%
Published-25 Oct, 2016 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect integrity via vectors related to Libraries.

Action-Not Available
Vendor-n/aOracle Corporation
Product-jrejdkn/a
CVE-2018-2968
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-6.5||MEDIUM
EPSS-1.00% / 76.59%
||
7 Day CHG~0.00%
Published-18 Jul, 2018 | 13:00
Updated-02 Oct, 2024 | 20:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Primavera Unifier component of Oracle Construction and Engineering Suite (subcomponent: Core). Supported versions that are affected are 16.x, 17.x and 18.x. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera Unifier. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Primavera Unifier accessible data. CVSS 3.0 Base Score 6.5 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N).

Action-Not Available
Vendor-n/aOracle Corporation
Product-primavera_unifiern/a
CVE-2018-3129
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-1.06% / 77.25%
||
7 Day CHG~0.00%
Published-17 Oct, 2018 | 01:00
Updated-02 Oct, 2024 | 19:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Portal). Supported versions that are affected are 8.55, 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-peoplesoft_enterprise_peopletoolsPeopleSoft Enterprise PT PeopleTools
CVE-2016-0521
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-0.31% / 53.89%
||
7 Day CHG~0.00%
Published-21 Jan, 2016 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle iProcurement component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect integrity via unknown vectors related to Redirection.

Action-Not Available
Vendor-n/aOracle Corporation
Product-e-business_suiten/a
CVE-2011-2251
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-0.42% / 61.40%
||
7 Day CHG~0.00%
Published-20 Jul, 2011 | 23:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.3.0.3 allows remote attackers to affect integrity via unknown vectors.

Action-Not Available
Vendor-n/aOracle Corporation
Product-secure_backupn/a
CVE-2011-2323
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-0.44% / 62.77%
||
7 Day CHG~0.00%
Published-18 Oct, 2011 | 23:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Health Sciences - Oracle Thesaurus Management System component in Oracle Industry Applications 4.6.1 and 4.6.2 allows remote attackers to affect integrity, related to TMS Help.

Action-Not Available
Vendor-n/aOracle Corporation
Product-industry_applicationsn/a
CVE-2015-2630
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-0.31% / 53.89%
||
7 Day CHG~0.00%
Published-16 Jul, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Technology stack component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote attackers to affect integrity via unknown vectors related to Applet startup.

Action-Not Available
Vendor-n/aOracle Corporation
Product-e-business_suiten/a
CVE-2011-2316
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-0.44% / 62.77%
||
7 Day CHG~0.00%
Published-18 Oct, 2011 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Siebel Apps - Marketing component in Oracle Siebel CRM 8.0.0 allows remote attackers to affect integrity via unknown vectors related to Email Marketing.

Action-Not Available
Vendor-n/aOracle Corporation
Product-siebel_crmn/a
CVE-2011-2308
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-0.44% / 62.77%
||
7 Day CHG~0.00%
Published-18 Oct, 2011 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.0.6, 12.1.2, and 12.1.3 allows remote attackers to affect integrity via unknown vectors related to Online Help.

Action-Not Available
Vendor-n/aOracle Corporation
Product-e-business_suiten/a
CVE-2016-5450
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.7||MEDIUM
EPSS-0.42% / 61.17%
||
7 Day CHG~0.00%
Published-21 Jul, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows remote attackers to affect integrity via vectors related to UIF Open UI.

Action-Not Available
Vendor-n/aOracle Corporation
Product-siebel_ui_frameworkn/a
CVE-2016-4971
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-8.8||HIGH
EPSS-74.35% / 98.81%
||
7 Day CHG-1.23%
Published-30 Jun, 2016 | 17:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

GNU wget before 1.18 allows remote servers to write to arbitrary files by redirecting a request from HTTP to a crafted FTP resource.

Action-Not Available
Vendor-n/aPalo Alto Networks, Inc.GNUOracle CorporationCanonical Ltd.
Product-wgetpan-osubuntu_linuxsolarisn/a
CVE-2011-2246
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-0.42% / 61.40%
||
7 Day CHG~0.00%
Published-20 Jul, 2011 | 23:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Business Intelligence component in Oracle E-Business Suite 11.5.10.2, 12.0.4, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect integrity via unknown vectors related to Financials.

Action-Not Available
Vendor-n/aOracle Corporation
Product-e-business_suiten/a
CVE-2018-7064
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-6.1||MEDIUM
EPSS-0.39% / 59.63%
||
7 Day CHG~0.00%
Published-10 May, 2019 | 17:10
Updated-05 Aug, 2024 | 06:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A reflected cross-site scripting (XSS) vulnerability is present in an unauthenticated Aruba Instant web interface. An attacker could use this vulnerability to trick an IAP administrator into clicking a link which could then take administrative actions on the Instant cluster, or expose the session cookie for an administrative session. Workaround: Administrators should make sure they log out of the Aruba Instant UI when not actively managing the system, and should use caution clicking links from external sources while logged into the IAP administrative interface. Resolution: Fixed in Aruba Instant 4.2.4.12, 6.5.4.11, 8.3.0.6, and 8.4.0.0

Action-Not Available
Vendor-n/aSiemens AGAruba Networks
Product-aruba_instantscalance_w1750d_firmwarescalance_w1750dAruba Instant (IAP)
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2011-2314
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-0.50% / 65.35%
||
7 Day CHG~0.00%
Published-18 Oct, 2011 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle Containers for J2EE component in Oracle Fusion Middleware 10.1.2.3 allows remote attackers to affect integrity via unknown vectors related to JavaServer Pages.

Action-Not Available
Vendor-n/aOracle Corporation
Product-fusion_middlewaren/a
CVE-2011-2309
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-0.44% / 62.77%
||
7 Day CHG~0.00%
Published-18 Oct, 2011 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Health Sciences - Oracle Clinical, Remote Data Capture component in Oracle Industry Applications 4.6 and 4.6.2 allows remote attackers to affect integrity, related to RDC Help.

Action-Not Available
Vendor-n/aOracle Corporation
Product-industry_applicationsn/a
CVE-2015-1196
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.85% / 74.49%
||
7 Day CHG~0.00%
Published-21 Jan, 2015 | 18:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

GNU patch 2.7.1 allows remote attackers to write to arbitrary files via a symlink attack in a patch file.

Action-Not Available
Vendor-n/aGNUOracle CorporationopenSUSE
Product-patchopensusesolarisn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2015-0470
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-1.65% / 81.70%
||
7 Day CHG~0.00%
Published-16 Apr, 2015 | 16:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Oracle Java SE 8u40 allows remote attackers to affect integrity via unknown vectors related to Hotspot.

Action-Not Available
Vendor-n/aOracle Corporation
Product-jrejdkn/a
CVE-2011-2302
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-0.50% / 65.35%
||
7 Day CHG~0.00%
Published-18 Oct, 2011 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.2, and 12.1.3 allows remote attackers to affect integrity via unknown vectors related to Single Sign On.

Action-Not Available
Vendor-n/aOracle Corporation
Product-e-business_suiten/a
CVE-2015-0477
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-3.76% / 87.77%
||
7 Day CHG~0.00%
Published-16 Apr, 2015 | 16:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect integrity via unknown vectors related to Beans.

Action-Not Available
Vendor-n/aOracle Corporation
Product-jrejdkn/a
CVE-2015-0380
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-0.40% / 59.91%
||
7 Day CHG~0.00%
Published-21 Jan, 2015 | 18:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle Telecommunications Billing Integrator component in Oracle E-Business Suite 11.5.10.2, 12.0.4, 12.0.5, 12.0.6, 12.1.1, 12.1.2, 12.1.3, 12.2.2, 12.2.3, and 12.2.4 allows remote attackers to affect integrity via unknown vectors related to OA Based UI for Bill Summary.

Action-Not Available
Vendor-n/aOracle Corporation
Product-e-business_suiten/a
CVE-2011-0833
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-0.31% / 53.89%
||
7 Day CHG~0.00%
Published-20 Apr, 2011 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Siebel CRM Core component in Oracle Siebel CRM 7.8.2, 8.0.0, and 8.1.1 allows remote attackers to affect integrity, related to UIF Client.

Action-Not Available
Vendor-n/aOracle Corporation
Product-siebel_crmn/a
CVE-2016-5512
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-6.1||MEDIUM
EPSS-0.22% / 44.33%
||
7 Day CHG~0.00%
Published-25 Oct, 2016 | 14:00
Updated-08 May, 2025 | 18:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2016-5521.

Action-Not Available
Vendor-n/aOracle Corporation
Product-agile_product_lifecycle_managementn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2018-4848
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-6.1||MEDIUM
EPSS-0.31% / 53.89%
||
7 Day CHG~0.00%
Published-14 Jun, 2018 | 00:00
Updated-05 Aug, 2024 | 05:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.3), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.4.1), SCALANCE X-200RNA switch family (All versions < V3.2.7), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < V4.1.3). The integrated configuration web server of the affected devices could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link. User interaction is required for a successful exploitation. The user must be logged into the web interface in order for the exploitation to succeed. At the stage of publishing this security advisory no public exploitation is known. The vendor has confirmed the vulnerability and provides mitigations to resolve it.

Action-Not Available
Vendor-Siemens AG
Product-scalance_x-200_firmwarescalance_x-200scalance_x-200_irtscalance_x-200_irt_firmwarescalance_x300scalance_x300_firmwareSCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants)SCALANCE X-200RNA switch familySCALANCE X-200 switch family (incl. SIPLUS NET variants)SCALANCE X-200IRT switch family (incl. SIPLUS NET variants)
CWE ID-CWE-80
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2011-0844
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-0.27% / 50.29%
||
7 Day CHG~0.00%
Published-20 Apr, 2011 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the OpenSSO Enterprise and Sun Java System Access Manager components in Oracle Sun Products Suite 7.1 and 8.0 allows remote attackers to affect integrity via unknown vectors related to Authentication.

Action-Not Available
Vendor-n/aOracle Corporation
Product-sun_products_suiten/a
CVE-2016-5459
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.7||MEDIUM
EPSS-0.42% / 61.17%
||
7 Day CHG~0.00%
Published-21 Jul, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Siebel Core - Common Components component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows remote attackers to affect integrity via vectors related to iHelp.

Action-Not Available
Vendor-n/aOracle Corporation
Product-siebel_core-common_componentsn/a
CVE-2018-2785
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.7||MEDIUM
EPSS-1.06% / 77.25%
||
7 Day CHG~0.00%
Published-19 Apr, 2018 | 02:00
Updated-03 Oct, 2024 | 20:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Stylesheet). Supported versions that are affected are 8.54, 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-peoplesoft_enterprise_peopletoolsPeopleSoft Enterprise PT PeopleTools
CVE-2016-5511
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-0.24% / 46.61%
||
7 Day CHG~0.00%
Published-25 Oct, 2016 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle WebCenter Sites component in Oracle Fusion Middleware 12.2.1.0.0, 12.2.1.1.0, and 12.2.1.2.0 allows remote attackers to affect integrity via unknown vectors.

Action-Not Available
Vendor-n/aOracle Corporation
Product-webcenter_sitesn/a
CVE-2018-2959
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-0.83% / 74.06%
||
7 Day CHG~0.00%
Published-18 Jul, 2018 | 13:00
Updated-02 Oct, 2024 | 20:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Siebel UI Framework component of Oracle Siebel CRM (subcomponent: UIF Open UI). The supported version that is affected is 18.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel UI Framework. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Siebel UI Framework accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-siebel_ui_frameworkSiebel UI Framework
CVE-2018-3127
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-0.70% / 71.58%
||
7 Day CHG~0.00%
Published-17 Oct, 2018 | 01:00
Updated-02 Oct, 2024 | 19:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Demantra Demand Management component of Oracle Supply Chain Products Suite (subcomponent: Product Security). Supported versions that are affected are 7.3.5 and 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Demantra Demand Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Demantra Demand Management accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-demantra_demand_managementDemantra Demand Management
CVE-2014-6478
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-0.50% / 65.29%
||
7 Day CHG~0.00%
Published-15 Oct, 2014 | 15:15
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote attackers to affect integrity via vectors related to SERVER:SSL:yaSSL.

Action-Not Available
Vendor-n/aJuniper Networks, Inc.MariaDB FoundationSUSEOracle Corporation
Product-solarisjunos_spacemariadbmysqllinux_enterprise_desktoplinux_enterprise_workstation_extensionlinux_enterprise_serverlinux_enterprise_software_development_kitn/a
CVE-2011-0789
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-0.31% / 53.89%
||
7 Day CHG~0.00%
Published-20 Apr, 2011 | 03:09
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 10.1.2.3 allows remote attackers to affect integrity via unknown vectors.

Action-Not Available
Vendor-n/aOracle Corporation
Product-fusion_middlewaren/a
CVE-2014-6526
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-0.31% / 53.89%
||
7 Day CHG~0.00%
Published-21 Jan, 2015 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle Directory Server Enterprise Edition component in Oracle Fusion Middleware 7.0 allows remote attackers to affect integrity via unknown vectors related to Admin Console.

Action-Not Available
Vendor-n/aOracle Corporation
Product-fusion_middlewaren/a
CVE-2018-3262
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.7||MEDIUM
EPSS-1.06% / 77.25%
||
7 Day CHG~0.00%
Published-17 Oct, 2018 | 01:00
Updated-02 Oct, 2024 | 19:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Stylesheet). Supported versions that are affected are 8.55, 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-peoplesoft_enterprise_peopletoolsPeopleSoft Enterprise PT PeopleTools
CVE-2014-6596
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-0.31% / 53.89%
||
7 Day CHG~0.00%
Published-21 Jan, 2015 | 15:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect integrity via unknown vectors related to Portal Framework.

Action-Not Available
Vendor-n/aOracle Corporation
Product-siebel_crmn/a
CVE-2018-3256
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.7||MEDIUM
EPSS-1.06% / 77.25%
||
7 Day CHG~0.00%
Published-17 Oct, 2018 | 01:00
Updated-02 Oct, 2024 | 19:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Email Center component of Oracle E-Business Suite (subcomponent: Message Display). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Email Center. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Email Center, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Email Center accessible data. CVSS 3.0 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-email_centerEmail Center
CVE-2011-0879
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-0.31% / 53.65%
||
7 Day CHG~0.00%
Published-20 Jul, 2011 | 22:36
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Instance Management component in Oracle Database Server 10.1.0.5, 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.1, and 11.2.0.2; and Oracle Enterprise Manager Grid Control 10.1.0.6 and 10.2.0.5; allows remote attackers to affect integrity via unknown vectors.

Action-Not Available
Vendor-n/aOracle Corporation
Product-database_serverenterprise_manager_grid_controln/a
CVE-2018-3150
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-3.7||LOW
EPSS-0.78% / 73.31%
||
7 Day CHG~0.00%
Published-17 Oct, 2018 | 01:00
Updated-02 Oct, 2024 | 19:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Utility). The supported version that is affected is Java SE: 11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data. Note: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-jdkjreJava
CVE-2011-0849
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-0.27% / 50.55%
||
7 Day CHG~0.00%
Published-20 Apr, 2011 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Oracle Java Dynamic Management Kit 5.1 allows remote attackers to affect integrity, related to HTML Adaptor.

Action-Not Available
Vendor-n/aOracle Corporation
Product-java_dynamic_management_kitn/a
CVE-2018-2966
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-7.4||HIGH
EPSS-1.00% / 76.59%
||
7 Day CHG~0.00%
Published-18 Jul, 2018 | 13:00
Updated-02 Oct, 2024 | 20:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Primavera Unifier component of Oracle Construction and Engineering Suite (subcomponent: Core). Supported versions that are affected are 16.x, 17.x and 18.x. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera Unifier. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera Unifier, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Primavera Unifier accessible data. CVSS 3.0 Base Score 7.4 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-primavera_unifierPrimavera Unifier
CVE-2011-0785
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-0.23% / 45.41%
||
7 Day CHG~0.00%
Published-20 Apr, 2011 | 03:09
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle Help component in Oracle Database Server 11.1.0.7, 11.2.0.1, 11.2.0.2, 10.1.0.5, 10.2.0.3, 10.2.0.4, 10.2.0.5, and 10.1.0.5; and Oracle Fusion Middleware 11.1.1.2.0, 11.1.1.3.0, and 11.1.1.4.0 allows remote attackers to affect integrity via unknown vectors.

Action-Not Available
Vendor-n/aOracle Corporation
Product-database_serverfusion_middlewaren/a
CVE-2011-0805
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-0.23% / 45.41%
||
7 Day CHG~0.00%
Published-20 Apr, 2011 | 03:09
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the UIX component in Oracle Database Server 10.1.0.5, 10.2.0.4, 11.1.0.7, and 11.2.0.1 allows remote attackers to affect integrity via unknown vectors.

Action-Not Available
Vendor-n/aOracle Corporation
Product-database_servern/a
CVE-2011-0828
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-0.31% / 53.89%
||
7 Day CHG~0.00%
Published-20 Apr, 2011 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Oracle PeopleSoft Enterprise 8.8 Bundle #13 allows remote attackers to affect integrity via unknown vectors related to Application Portal.

Action-Not Available
Vendor-n/aOracle Corporation
Product-peoplesoft_enterprisen/a
CVE-2011-0881
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-0.42% / 61.40%
||
7 Day CHG~0.00%
Published-20 Jul, 2011 | 22:36
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the EMCTL component in Oracle Database Server 10.2.0.3, 10.2.0.4, and 11.1.0.7, and Oracle Enterprise Manager Grid Control 10.1.0.6, allows remote attackers to affect integrity via unknown vectors.

Action-Not Available
Vendor-n/aOracle Corporation
Product-database_serverenterprise_manager_grid_controln/a
CVE-2011-0843
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-0.31% / 53.89%
||
7 Day CHG~0.00%
Published-20 Apr, 2011 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Siebel CRM Core component in Oracle Siebel CRM 7.8.2, 8.0.0, and 8.1.1 allows remote attackers to affect integrity via unknown vectors related to Globalization - Automotive.

Action-Not Available
Vendor-n/aOracle Corporation
Product-siebel_crmn/a
CVE-2011-0876
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-0.31% / 53.65%
||
7 Day CHG~0.00%
Published-20 Jul, 2011 | 22:36
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Enterprise Manager Console component in Oracle Database Server 10.1.0.5, 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.1, and 11.2.0.2; and Oracle Enterprise Manager Grid Control 10.1.0.6 and 10.2.0.5; allows remote attackers to affect integrity via unknown vectors related to Security.

Action-Not Available
Vendor-n/aOracle Corporation
Product-database_serverenterprise_manager_grid_controln/a
CVE-2018-19439
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-38.88% / 97.16%
||
7 Day CHG~0.00%
Published-13 Dec, 2018 | 19:00
Updated-05 Aug, 2024 | 11:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

XSS exists in the Administration Console in Oracle Secure Global Desktop 4.4 20080807152602 (but was fixed in later versions including 5.4). helpwindow.jsp has reflected XSS via all parameters, as demonstrated by the sgdadmin/faces/com_sun_web_ui/help/helpwindow.jsp windowTitle parameter.

Action-Not Available
Vendor-n/aOracle Corporation
Product-secure_global_desktopn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2014-4217
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-0.65% / 70.22%
||
7 Day CHG~0.00%
Published-17 Jul, 2014 | 02:36
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0, 10.3.6.0, and 12.1.1.0 allows remote attackers to affect integrity via vectors related to WLS - Web Services.

Action-Not Available
Vendor-n/aOracle Corporation
Product-fusion_middlewaren/a
CVE-2005-4549
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.95% / 75.98%
||
7 Day CHG~0.00%
Published-28 Dec, 2005 | 11:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in Oracle Application Server (OracleAS) Discussion Forum Portlet allows remote attackers to inject arbitrary web script or HTML via the (1) RowKeyValue parameter in the PORTAL schema; and the (2) title and (3) content input fields when creating an forum article.

Action-Not Available
Vendor-n/aOracle Corporation
Product-application_server_discussion_forum_portletn/a
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • ...
  • 13
  • 14
  • Next
Details not found