Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-53071

Summary
Assigner-oracle
Assigner Org ID-43595867-4340-4103-b7a2-9a5208d29a85
Published At-21 Oct, 2025 | 20:03
Updated At-22 Oct, 2025 | 17:27
Rejected At-
Credits

Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Upload Attachments). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Applications Framework. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications Framework accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:oracle
Assigner Org ID:43595867-4340-4103-b7a2-9a5208d29a85
Published At:21 Oct, 2025 | 20:03
Updated At:22 Oct, 2025 | 17:27
Rejected At:
â–¼CVE Numbering Authority (CNA)

Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Upload Attachments). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Applications Framework. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications Framework accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).

Affected Products
Vendor
Oracle CorporationOracle Corporation
Product
Oracle Applications Framework
Versions
Affected
  • From 12.2.3 through 12.2.14 (custom)
Problem Types
TypeCWE IDDescription
N/AN/AEasily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Applications Framework. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications Framework accessible data.
Type: N/A
CWE ID: N/A
Description: Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Applications Framework. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications Framework accessible data.
Metrics
VersionBase scoreBase severityVector
3.14.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Version: 3.1
Base score: 4.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.oracle.com/security-alerts/cpuoct2025.html
vendor-advisory
Hyperlink: https://www.oracle.com/security-alerts/cpuoct2025.html
Resource:
vendor-advisory
â–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-284CWE-284 Improper Access Control
Type: CWE
CWE ID: CWE-284
Description: CWE-284 Improper Access Control
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secalert_us@oracle.com
Published At:21 Oct, 2025 | 20:20
Updated At:24 Oct, 2025 | 14:37

Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Upload Attachments). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Applications Framework. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications Framework accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.14.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Type: Secondary
Version: 3.1
Base score: 4.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
CPE Matches
Oracle Corporation
oracle
>>applications_framework>>Versions from 12.2.3(inclusive) to 12.2.14(inclusive)
cpe:2.3:a:oracle:applications_framework:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-284Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-284
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.oracle.com/security-alerts/cpuoct2025.htmlsecalert_us@oracle.com
Vendor Advisory
Hyperlink: https://www.oracle.com/security-alerts/cpuoct2025.html
Source: secalert_us@oracle.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

384Records found
CVE-2025-53064
Matching Score-10
Assigner-Oracle
ShareView Details
Matching Score-10
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-0.04% / 13.33%
||
7 Day CHG~0.00%
Published-21 Oct, 2025 | 20:03
Updated-28 Oct, 2025 | 16:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Personalization). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Applications Framework. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications Framework accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-applications_frameworkOracle Applications Framework
CWE ID-CWE-284
Improper Access Control
CVE-2018-3286
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-0.32% / 55.13%
||
7 Day CHG~0.00%
Published-17 Oct, 2018 | 01:00
Updated-02 Oct, 2024 | 19:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).

Action-Not Available
Vendor-Microsoft CorporationNetApp, Inc.Oracle Corporation
Product-snapcenterstorage_automation_storewindowsoncommand_workflow_automationoncommand_unified_managermysqloncommand_insightMySQL Server
CVE-2023-21834
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-0.22% / 44.36%
||
7 Day CHG~0.00%
Published-17 Jan, 2023 | 23:35
Updated-17 Sep, 2024 | 14:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Self-Service Human Resources product of Oracle E-Business Suite (component: Workflow, Approval, Work Force Management). Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Self-Service Human Resources. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Self-Service Human Resources accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-self-service_human_resourcesSelf-Service Human Resources
CVE-2018-3058
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-0.16% / 36.92%
||
7 Day CHG~0.00%
Published-18 Jul, 2018 | 13:00
Updated-02 Oct, 2024 | 19:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: MyISAM). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).

Action-Not Available
Vendor-MariaDB FoundationDebian GNU/LinuxNetApp, Inc.Red Hat, Inc.Oracle CorporationCanonical Ltd.
Product-enterprise_linux_serverubuntu_linuxdebian_linuxmariadboncommand_insightenterprise_linux_workstationstorage_automation_storeoncommand_workflow_automationenterprise_linux_desktopmysqlsnapcenterMySQL Server
CVE-2018-1999003
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.15% / 34.96%
||
7 Day CHG~0.00%
Published-23 Jul, 2018 | 19:00
Updated-05 Aug, 2024 | 12:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Improper authorization vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in Queue.java that allows attackers with Overall/Read permission to cancel queued builds.

Action-Not Available
Vendor-n/aJenkinsOracle Corporation
Product-communications_cloud_native_core_automated_test_suitejenkinsn/a
CWE ID-CWE-863
Incorrect Authorization
CVE-2023-22096
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-0.12% / 30.61%
||
7 Day CHG~0.00%
Published-17 Oct, 2023 | 21:03
Updated-13 Sep, 2024 | 15:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.20 and 21.3-21.11. Easily exploitable vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via Oracle Net to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java VM accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-database_serverDatabase - Enterprise Edition
CVE-2021-22060
Matching Score-8
Assigner-VMware by Broadcom
ShareView Details
Matching Score-8
Assigner-VMware by Broadcom
CVSS Score-4.3||MEDIUM
EPSS-0.19% / 41.12%
||
7 Day CHG~0.00%
Published-07 Jan, 2022 | 22:39
Updated-03 Aug, 2024 | 18:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Spring Framework versions 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. This is a follow-up to CVE-2021-22096 that protects against additional types of input and in more places of the Spring Framework codebase.

Action-Not Available
Vendor-n/aOracle CorporationVMware (Broadcom Inc.)
Product-communications_cloud_native_core_service_communication_proxyspring_frameworkcommunications_cloud_native_core_consoleSpring Framework
CVE-2021-2162
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-0.29% / 51.76%
||
7 Day CHG-0.34%
Published-22 Apr, 2021 | 21:53
Updated-26 Sep, 2024 | 15:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Audit Plug-in). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).

Action-Not Available
Vendor-NetApp, Inc.Oracle Corporation
Product-oncommand_insightactive_iq_unified_manageroncommand_workflow_automationmysqlsnapcenterMySQL Server
CVE-2021-2113
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-0.20% / 42.14%
||
7 Day CHG~0.00%
Published-20 Jan, 2021 | 14:50
Updated-26 Sep, 2024 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Financial Services Revenue Management and Billing product of Oracle Financial Services Applications (component: On Demand Billing). Supported versions that are affected are 2.9.0.0 and 2.9.0.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Revenue Management and Billing. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Revenue Management and Billing accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-financial_services_revenue_management_and_billingFinancial Services Revenue Management and Billing
CVE-2023-22013
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-0.14% / 34.63%
||
7 Day CHG~0.00%
Published-18 Jul, 2023 | 20:18
Updated-13 Sep, 2024 | 18:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server). Supported versions that are affected are 6.4.0.0.0 and 7.0.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-business_intelligenceBusiness Intelligence Enterprise Edition
CVE-2023-22012
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-0.14% / 34.63%
||
7 Day CHG~0.00%
Published-18 Jul, 2023 | 20:18
Updated-13 Sep, 2024 | 18:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server). The supported version that is affected is 7.0.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-business_intelligenceBusiness Intelligence Enterprise Edition
CVE-2018-1000193
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.76% / 73.12%
||
7 Day CHG~0.00%
Published-05 Jun, 2018 | 21:00
Updated-05 Aug, 2024 | 12:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A improper neutralization of control sequences vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in HudsonPrivateSecurityRealm.java that allows users to sign up using user names containing control characters that can then appear to have the same name as other users, and cannot be deleted via the UI.

Action-Not Available
Vendor-n/aJenkinsOracle Corporation
Product-communications_cloud_native_core_automated_test_suitejenkinsn/a
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-2020-2947
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-0.32% / 55.02%
||
7 Day CHG~0.00%
Published-15 Apr, 2020 | 13:29
Updated-27 Sep, 2024 | 18:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the PeopleSoft Enterprise HCM Absence Management product of Oracle PeopleSoft (component: Absence Management). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise HCM Absence Management. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise HCM Absence Management accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-peoplesoft_enterprise_human_capital_management_absence_managementPeopleSoft Enterprise HCM Absence Management
CVE-2024-21233
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-0.31% / 53.89%
||
7 Day CHG~0.00%
Published-15 Oct, 2024 | 19:52
Updated-31 Oct, 2024 | 13:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Database Core component of Oracle Database Server. Supported versions that are affected are 19.3-19.24, 21.3-21.15 and 23.4-23.5. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via Oracle Net to compromise Oracle Database Core. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Database Core accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-database_serverOracle Database Server
CWE ID-CWE-203
Observable Discrepancy
CVE-2020-14708
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-0.20% / 42.14%
||
7 Day CHG~0.00%
Published-15 Jul, 2020 | 17:34
Updated-26 Sep, 2024 | 20:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Segment). Supported versions that are affected are 16.0, 17.0 and 18.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Customer Management and Segmentation Foundation. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Customer Management and Segmentation Foundation accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-retail_customer_management_and_segmentation_foundationRetail Customer Management and Segmentation Foundation
CVE-2020-14551
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-0.20% / 42.14%
||
7 Day CHG~0.00%
Published-15 Jul, 2020 | 17:34
Updated-27 Sep, 2024 | 18:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle AutoVue product of Oracle Supply Chain (component: Security). The supported version that is affected is 21.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle AutoVue. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle AutoVue accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-autovueAutoVue 3D Professional Advanced
CVE-2020-14553
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-0.36% / 57.91%
||
7 Day CHG~0.00%
Published-15 Jul, 2020 | 17:34
Updated-27 Sep, 2024 | 18:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Pluggable Auth). Supported versions that are affected are 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).

Action-Not Available
Vendor-NetApp, Inc.Canonical Ltd.Oracle CorporationFedora Project
Product-ubuntu_linuxsnapcenterfedoraactive_iq_unified_manageroncommand_workflow_automationmysqloncommand_insightMySQL Server
CVE-2017-3651
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-0.41% / 61.24%
||
7 Day CHG~0.00%
Published-08 Aug, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).

Action-Not Available
Vendor-Debian GNU/LinuxRed Hat, Inc.Oracle CorporationMariaDB Foundation
Product-enterprise_linux_desktopenterprise_linux_server_tusenterprise_linux_eusenterprise_linux_workstationmariadbdebian_linuxenterprise_linux_servermysqlenterprise_linux_server_ausopenstackMySQL Server
CVE-2017-3464
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-0.22% / 44.14%
||
7 Day CHG-0.02%
Published-24 Apr, 2017 | 19:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).

Action-Not Available
Vendor-Debian GNU/LinuxRed Hat, Inc.Oracle CorporationMariaDB Foundation
Product-enterprise_linux_desktopenterprise_linux_server_tusenterprise_linux_workstationenterprise_linux_server_eusmariadbdebian_linuxenterprise_linux_servermysqlenterprise_linux_server_ausMySQL Server
CVE-2022-20614
Matching Score-8
Assigner-Jenkins Project
ShareView Details
Matching Score-8
Assigner-Jenkins Project
CVSS Score-4.3||MEDIUM
EPSS-0.10% / 28.47%
||
7 Day CHG~0.00%
Published-12 Jan, 2022 | 00:00
Updated-03 Aug, 2024 | 02:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A missing permission check in Jenkins Mailer Plugin 391.ve4a_38c1b_cf4b_ and earlier allows attackers with Overall/Read access to use the DNS used by the Jenkins instance to resolve an attacker-specified hostname.

Action-Not Available
Vendor-Oracle CorporationJenkins
Product-communications_cloud_native_core_automated_test_suitemailerJenkins Mailer Plugin
CWE ID-CWE-862
Missing Authorization
CVE-2025-21563
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-0.25% / 47.77%
||
7 Day CHG+0.14%
Published-21 Jan, 2025 | 20:53
Updated-29 Apr, 2025 | 20:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the PeopleSoft Enterprise CC Common Application Objects product of Oracle PeopleSoft (component: Run Control Management). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise CC Common Application Objects. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise CC Common Application Objects accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-peoplesoft_enterprise_cc_common_application_objectsPeopleSoft Enterprise CC Common Application Objects
CWE ID-CWE-863
Incorrect Authorization
CVE-2019-2700
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-0.28% / 50.89%
||
7 Day CHG~0.00%
Published-23 Apr, 2019 | 18:16
Updated-02 Oct, 2024 | 15:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the PeopleSoft Enterprise ELM component of Oracle PeopleSoft Products (subcomponent: Enterprise Learning Mgmt). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise ELM. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise ELM accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-peoplesoft_enterprise_learning_managementPeopleSoft Enterprise ELM Enterprise Learning Management
CVE-2019-2734
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-0.28% / 50.89%
||
7 Day CHG~0.00%
Published-16 Oct, 2019 | 17:40
Updated-01 Oct, 2024 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows low privileged attacker having Create Session, Execute on DBMS_ADVISOR privilege with network access via OracleNet to compromise Core RDBMS. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Core RDBMS accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-database_serverOracle Database
CVE-2025-21517
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-0.19% / 40.98%
||
7 Day CHG+0.09%
Published-21 Jan, 2025 | 20:53
Updated-17 Mar, 2025 | 19:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Supported versions that are affected are Prior to 9.2.9.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of JD Edwards EnterpriseOne Tools accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-jd_edwards_enterpriseone_toolsJD Edwards EnterpriseOne Tools
CWE ID-CWE-863
Incorrect Authorization
CVE-2023-23487
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 20.56%
||
7 Day CHG~0.00%
Published-09 Jul, 2023 | 23:54
Updated-13 Feb, 2025 | 16:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 audit logging

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to insufficient audit logging. IBM X-Force ID: 245918.

Action-Not Available
Vendor-Linux Kernel Organization, IncOracle CorporationMicrosoft CorporationIBM Corporation
Product-solarislinux_kerneldb2windowsaixDb2 for Linux, UNIX and Windows
CVE-2021-22096
Matching Score-8
Assigner-VMware by Broadcom
ShareView Details
Matching Score-8
Assigner-VMware by Broadcom
CVSS Score-4.3||MEDIUM
EPSS-0.22% / 44.55%
||
7 Day CHG~0.00%
Published-28 Oct, 2021 | 15:22
Updated-03 Aug, 2024 | 18:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries.

Action-Not Available
Vendor-n/aVMware (Broadcom Inc.)NetApp, Inc.Oracle Corporation
Product-communications_cloud_native_core_service_communication_proxycommunications_cloud_native_core_consoleactive_iq_unified_managermetrocluster_tiebreakersnap_creator_frameworkmanagement_services_for_element_software_and_netapp_hcispring_frameworksnapcenterSpring Framework
CWE ID-CWE-117
Improper Output Neutralization for Logs
CVE-2022-21245
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-0.18% / 38.97%
||
7 Day CHG~0.00%
Published-19 Jan, 2022 | 11:21
Updated-24 Sep, 2024 | 20:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).

Action-Not Available
Vendor-NetApp, Inc.Oracle CorporationFedora Project
Product-snapcenterfedoraactive_iq_unified_manageroncommand_workflow_automationmysqloncommand_insightMySQL Server
CVE-2016-3427
Matching Score-6
Assigner-Oracle
ShareView Details
Matching Score-6
Assigner-Oracle
CVSS Score-9.8||CRITICAL
EPSS-92.58% / 99.74%
||
7 Day CHG-1.04%
Published-21 Apr, 2016 | 10:00
Updated-22 Oct, 2025 | 00:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2023-06-02||Apply updates per vendor instructions.

Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX.

Action-Not Available
Vendor-n/aCanonical Ltd.Debian GNU/LinuxOracle CorporationopenSUSEThe Apache Software FoundationSUSENetApp, Inc.Red Hat, Inc.
Product-enterprise_linux_serveroncommand_performance_managerubuntu_linuxoncommand_insighte-series_santricity_management_plug-insenterprise_linux_desktoplinux_enterprise_desktoplinux_enterprise_software_development_kite-series_santricity_storage_managerdebian_linuxenterprise_linux_server_eusvasa_provider_for_clustered_data_ontapleape-series_santricity_web_serviceslinux_enterprise_module_for_legacysatellitelinuxjrockitenterprise_linux_eusopenstack_cloudopensusejdkoncommand_reportmanagervirtual_storage_consolejreoncommand_shiftenterprise_linux_server_auscassandraenterprise_linux_server_tusoncommand_workflow_automationmanager_proxyoncommand_balancelinux_enterprise_serverenterprise_linux_workstationoncommand_unified_manageroncommand_cloud_managerstoragegridn/aJava SE and JRockit
CWE ID-CWE-284
Improper Access Control
CVE-2016-3159
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-3.8||LOW
EPSS-0.04% / 10.67%
||
7 Day CHG~0.00%
Published-13 Apr, 2016 | 16:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The fpu_fxrstor function in arch/x86/i387.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensitive register content information from another guest by leveraging pending exception and mask bits. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-2076.

Action-Not Available
Vendor-n/aXen ProjectFedora ProjectDebian GNU/LinuxOracle Corporation
Product-debian_linuxfedoravm_serverxenn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-284
Improper Access Control
CVE-2023-21901
Matching Score-6
Assigner-Oracle
ShareView Details
Matching Score-6
Assigner-Oracle
CVSS Score-7.4||HIGH
EPSS-0.17% / 37.94%
||
7 Day CHG~0.00%
Published-16 Jan, 2024 | 21:39
Updated-11 Jun, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 8.0.7, 8.0.8, 8.0.9, 8.1.0, 8.1.1 and 8.1.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. While the vulnerability is in Oracle Financial Services Analytical Applications Infrastructure, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Analytical Applications Infrastructure accessible data as well as unauthorized read access to a subset of Oracle Financial Services Analytical Applications Infrastructure accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Financial Services Analytical Applications Infrastructure. CVSS 3.1 Base Score 7.4 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L).

Action-Not Available
Vendor-Oracle Corporation
Product-financial_services_analytical_applications_infrastructureFinancial Services Analytical Applications Infrastructure
CWE ID-CWE-284
Improper Access Control
CVE-2023-21922
Matching Score-6
Assigner-Oracle
ShareView Details
Matching Score-6
Assigner-Oracle
CVSS Score-6.8||MEDIUM
EPSS-1.07% / 77.54%
||
7 Day CHG~0.00%
Published-18 Apr, 2023 | 19:54
Updated-17 Sep, 2024 | 02:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Health Sciences InForm product of Oracle Health Sciences Applications (component: Core). Supported versions that are affected are Prior to 6.3.1.3 and Prior to 7.0.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Health Sciences InForm. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Health Sciences InForm accessible data as well as unauthorized access to critical data or complete access to all Oracle Health Sciences InForm accessible data. CVSS 3.1 Base Score 6.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-health_sciences_informHealth Sciences InForm
CWE ID-CWE-284
Improper Access Control
CVE-2023-21849
Matching Score-6
Assigner-Oracle
ShareView Details
Matching Score-6
Assigner-Oracle
CVSS Score-7.5||HIGH
EPSS-0.99% / 76.66%
||
7 Day CHG~0.00%
Published-17 Jan, 2023 | 23:35
Updated-17 Sep, 2024 | 14:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Applications DBA product of Oracle E-Business Suite (component: Java utils). Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Applications DBA. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Applications DBA accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-e-business_suiteApplications DBA
CWE ID-CWE-284
Improper Access Control
CVE-2016-3158
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-3.8||LOW
EPSS-0.04% / 10.36%
||
7 Day CHG~0.00%
Published-13 Apr, 2016 | 16:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The xrstor function in arch/x86/xstate.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensitive register content information from another guest by leveraging pending exception and mask bits. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-2076.

Action-Not Available
Vendor-n/aXen ProjectFedora ProjectOracle Corporation
Product-fedoravm_serverxenn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-284
Improper Access Control
CVE-2023-21985
Matching Score-6
Assigner-Oracle
ShareView Details
Matching Score-6
Assigner-Oracle
CVSS Score-7.7||HIGH
EPSS-0.13% / 32.82%
||
7 Day CHG~0.00%
Published-18 Apr, 2023 | 19:54
Updated-16 Sep, 2024 | 15:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Utility). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Solaris, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Solaris. CVSS 3.1 Base Score 7.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-solarisSolaris Operating System
CWE ID-CWE-284
Improper Access Control
CVE-2026-21984
Matching Score-6
Assigner-Oracle
ShareView Details
Matching Score-6
Assigner-Oracle
CVSS Score-7.5||HIGH
EPSS-0.03% / 7.80%
||
7 Day CHG~0.00%
Published-20 Jan, 2026 | 21:56
Updated-26 Feb, 2026 | 14:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-vm_virtualboxOracle VM VirtualBox
CWE ID-CWE-284
Improper Access Control
CVE-2023-21846
Matching Score-6
Assigner-Oracle
ShareView Details
Matching Score-6
Assigner-Oracle
CVSS Score-8.8||HIGH
EPSS-1.08% / 77.64%
||
7 Day CHG~0.00%
Published-17 Jan, 2023 | 23:35
Updated-17 Sep, 2024 | 14:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: Security). Supported versions that are affected are 5.9.0.0.0, 6.4.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Oracle BI Publisher. Successful attacks of this vulnerability can result in takeover of Oracle BI Publisher. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-bi_publisherBI Publisher (formerly XML Publisher)
CWE ID-CWE-284
Improper Access Control
CVE-2023-21860
Matching Score-6
Assigner-Oracle
ShareView Details
Matching Score-6
Assigner-Oracle
CVSS Score-6.3||MEDIUM
EPSS-0.51% / 66.18%
||
7 Day CHG~0.00%
Published-18 Jan, 2023 | 00:15
Updated-17 Sep, 2024 | 02:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: Internal Operations). Supported versions that are affected are 7.4.38 and prior, 7.5.28 and prior, 7.6.24 and prior and 8.0.31 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-mysql_clusterMySQL Cluster
CWE ID-CWE-284
Improper Access Control
CVE-2026-21959
Matching Score-6
Assigner-Oracle
ShareView Details
Matching Score-6
Assigner-Oracle
CVSS Score-4.9||MEDIUM
EPSS-0.04% / 13.44%
||
7 Day CHG~0.00%
Published-20 Jan, 2026 | 21:56
Updated-29 Jan, 2026 | 20:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Workflow product of Oracle E-Business Suite (component: Workflow Loader). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Workflow. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Workflow accessible data. CVSS 3.1 Base Score 4.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-workflowOracle Workflow
CWE ID-CWE-284
Improper Access Control
CVE-2026-21962
Matching Score-6
Assigner-Oracle
ShareView Details
Matching Score-6
Assigner-Oracle
CVSS Score-10||CRITICAL
EPSS-0.03% / 8.25%
||
7 Day CHG~0.00%
Published-20 Jan, 2026 | 21:56
Updated-03 Feb, 2026 | 00:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in product of Oracle Fusion Middleware (component: Weblogic Server Proxy Plug-in for Apache HTTP Server, Weblogic Server Proxy Plug-in for IIS). Supported versions that are affected are 12.2.1.4.0, 14.1.1.0.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in. While the vulnerability is in Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in accessible data as well as unauthorized access to critical data or complete access to all Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in accessible data. Note: Affected version for Weblogic Server Proxy Plug-in for IIS is 12.2.1.4.0 only. CVSS 3.1 Base Score 10.0 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-weblogic_server_proxy_plug-inhttp_serverOracle HTTP Server, Oracle Weblogic Server Proxy Plug-in
CWE ID-CWE-284
Improper Access Control
CVE-2026-21960
Matching Score-6
Assigner-Oracle
ShareView Details
Matching Score-6
Assigner-Oracle
CVSS Score-6.5||MEDIUM
EPSS-0.06% / 18.27%
||
7 Day CHG~0.00%
Published-20 Jan, 2026 | 21:56
Updated-26 Feb, 2026 | 14:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Applications DBA product of Oracle E-Business Suite (component: Java utils). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Applications DBA. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Applications DBA accessible data as well as unauthorized access to critical data or complete access to all Oracle Applications DBA accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-applications_dbaOracle Applications DBA
CWE ID-CWE-284
Improper Access Control
CVE-2026-21982
Matching Score-6
Assigner-Oracle
ShareView Details
Matching Score-6
Assigner-Oracle
CVSS Score-7.5||HIGH
EPSS-0.07% / 20.73%
||
7 Day CHG~0.00%
Published-20 Jan, 2026 | 21:56
Updated-26 Feb, 2026 | 14:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Difficult to exploit vulnerability allows unauthenticated attacker with access to the physical communication segment attached to the hardware where the Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-vm_virtualboxOracle VM VirtualBox
CWE ID-CWE-284
Improper Access Control
CVE-2023-21894
Matching Score-6
Assigner-Oracle
ShareView Details
Matching Score-6
Assigner-Oracle
CVSS Score-7.3||HIGH
EPSS-0.27% / 50.35%
||
7 Day CHG~0.00%
Published-17 Jan, 2023 | 23:35
Updated-17 Sep, 2024 | 02:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Global Lifecycle Management NextGen OUI Framework product of Oracle Fusion Middleware (component: NextGen Installer issues). Supported versions that are affected are Prior to 13.9.4.2.11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Global Lifecycle Management NextGen OUI Framework executes to compromise Oracle Global Lifecycle Management NextGen OUI Framework. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Global Lifecycle Management NextGen OUI Framework. CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-global_lifecycle_management_nextgen_oui_frameworkGlobal Lifecycle Management NextGen OUI Framework
CWE ID-CWE-284
Improper Access Control
CVE-2023-21854
Matching Score-6
Assigner-Oracle
ShareView Details
Matching Score-6
Assigner-Oracle
CVSS Score-7.5||HIGH
EPSS-0.21% / 43.07%
||
7 Day CHG~0.00%
Published-17 Jan, 2023 | 23:35
Updated-17 Sep, 2024 | 14:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Sales Offline product of Oracle E-Business Suite (component: Core Components). Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Sales Offline. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Sales Offline accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-sales_offlineSales Offline
CWE ID-CWE-284
Improper Access Control
CVE-2023-21980
Matching Score-6
Assigner-Oracle
ShareView Details
Matching Score-6
Assigner-Oracle
CVSS Score-7.1||HIGH
EPSS-0.38% / 58.79%
||
7 Day CHG~0.00%
Published-18 Apr, 2023 | 19:54
Updated-13 Feb, 2025 | 16:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Server product of Oracle MySQL (component: Client programs). Supported versions that are affected are 5.7.41 and prior and 8.0.32 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 7.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-mysqlMySQL Server
CWE ID-CWE-284
Improper Access Control
CVE-2023-21832
Matching Score-6
Assigner-Oracle
ShareView Details
Matching Score-6
Assigner-Oracle
CVSS Score-8.8||HIGH
EPSS-1.08% / 77.64%
||
7 Day CHG~0.00%
Published-17 Jan, 2023 | 23:35
Updated-17 Sep, 2024 | 14:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: Security). Supported versions that are affected are 5.9.0.0.0, 6.4.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Oracle BI Publisher. Successful attacks of this vulnerability can result in takeover of Oracle BI Publisher. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-bi_publisherBI Publisher (formerly XML Publisher)
CWE ID-CWE-284
Improper Access Control
CVE-2023-21850
Matching Score-6
Assigner-Oracle
ShareView Details
Matching Score-6
Assigner-Oracle
CVSS Score-7.5||HIGH
EPSS-0.28% / 51.34%
||
7 Day CHG~0.00%
Published-17 Jan, 2023 | 23:35
Updated-17 Sep, 2024 | 14:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Demantra Demand Management product of Oracle Supply Chain (component: E-Business Collections). Supported versions that are affected are 12.1 and 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Demantra Demand Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Demantra Demand Management accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-demantra_demand_managementDemantra Demand Management
CWE ID-CWE-284
Improper Access Control
CVE-2023-22102
Matching Score-6
Assigner-Oracle
ShareView Details
Matching Score-6
Assigner-Oracle
CVSS Score-8.3||HIGH
EPSS-0.90% / 75.48%
||
7 Day CHG-2.59%
Published-17 Oct, 2023 | 21:03
Updated-06 Mar, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.1.0 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Connectors, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).

Action-Not Available
Vendor-NetApp, Inc.Oracle Corporation
Product-oncommand_insightmysql_connector\/jMySQL Connectors
CWE ID-CWE-284
Improper Access Control
CVE-2023-21828
Matching Score-6
Assigner-Oracle
ShareView Details
Matching Score-6
Assigner-Oracle
CVSS Score-8.1||HIGH
EPSS-0.75% / 73.00%
||
7 Day CHG~0.00%
Published-17 Jan, 2023 | 23:35
Updated-17 Sep, 2024 | 14:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Hospitality Reporting and Analytics product of Oracle Food and Beverage Applications (component: Reporting). The supported version that is affected is 9.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle Hospitality Reporting and Analytics. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Hospitality Reporting and Analytics accessible data as well as unauthorized access to critical data or complete access to all Oracle Hospitality Reporting and Analytics accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-hospitality_reporting_and_analyticsHospitality Reporting and Analytics
CWE ID-CWE-284
Improper Access Control
CVE-2023-21923
Matching Score-6
Assigner-Oracle
ShareView Details
Matching Score-6
Assigner-Oracle
CVSS Score-8.3||HIGH
EPSS-0.79% / 73.75%
||
7 Day CHG~0.00%
Published-18 Apr, 2023 | 19:54
Updated-17 Sep, 2024 | 02:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Health Sciences InForm product of Oracle Health Sciences Applications (component: Core). Supported versions that are affected are Prior to 6.3.1.3 and Prior to 7.0.0.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Health Sciences InForm. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Health Sciences InForm accessible data as well as unauthorized access to critical data or complete access to all Oracle Health Sciences InForm accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Health Sciences InForm. CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L).

Action-Not Available
Vendor-Oracle Corporation
Product-health_sciences_informHealth Sciences InForm
CWE ID-CWE-284
Improper Access Control
CVE-2023-21852
Matching Score-6
Assigner-Oracle
ShareView Details
Matching Score-6
Assigner-Oracle
CVSS Score-7.5||HIGH
EPSS-0.21% / 43.07%
||
7 Day CHG~0.00%
Published-17 Jan, 2023 | 23:35
Updated-17 Sep, 2024 | 14:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Learning Management product of Oracle E-Business Suite (component: Setup). Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Learning Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Learning Management accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-learning_managementLearning Management
CWE ID-CWE-284
Improper Access Control
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 7
  • 8
  • Next
Details not found