Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

Oracle

Source -

CNACISA

BOS Name -

Oracle Corporation

CNA CVEs -

224

ADP CVEs -

0

CISA CVEs -

43

NVD CVEs -

0
Related CVEsRelated ProductsRelated AssignersReports
267Vulnerabilities found
CVE-2025-61757
Assigner-Oracle
ShareView Details
Assigner-Oracle
CVSS Score-9.8||CRITICAL
EPSS-87.83% / 99.49%
||
7 Day CHG~0.00%
Published-21 Oct, 2025 | 20:03
Updated-26 Feb, 2026 | 16:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2025-12-12||Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: REST WebServices). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Identity Manager. Successful attacks of this vulnerability can result in takeover of Identity Manager. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-identity_managerIdentity ManagerFusion Middleware
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2025-61884
Assigner-Oracle
ShareView Details
Assigner-Oracle
CVSS Score-7.5||HIGH
EPSS-51.08% / 97.93%
||
7 Day CHG~0.00%
Published-12 Oct, 2025 | 02:34
Updated-26 Feb, 2026 | 17:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2025-11-10||Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Vulnerability in the Oracle Configurator product of Oracle E-Business Suite (component: Runtime UI). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Configurator. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Configurator accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-configuratorOracle ConfiguratorE-Business Suite
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-444
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
CWE ID-CWE-501
Trust Boundary Violation
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CWE ID-CWE-93
Improper Neutralization of CRLF Sequences ('CRLF Injection')
CVE-2025-61882
Assigner-Oracle
ShareView Details
Assigner-Oracle
CVSS Score-9.8||CRITICAL
EPSS-90.86% / 99.65%
||
7 Day CHG+1.37%
Published-05 Oct, 2025 | 03:17
Updated-26 Feb, 2026 | 17:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2025-10-27||Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Vulnerability in the Oracle Concurrent Processing product of Oracle E-Business Suite (component: BI Publisher Integration). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Concurrent Processing. Successful attacks of this vulnerability can result in takeover of Oracle Concurrent Processing. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-concurrent_processingOracle Concurrent ProcessingE-Business Suite
CWE ID-CWE-287
Improper Authentication
CVE-2024-21287
Assigner-Oracle
ShareView Details
Assigner-Oracle
CVSS Score-7.5||HIGH
EPSS-69.83% / 98.68%
||
7 Day CHG~0.00%
Published-18 Nov, 2024 | 21:39
Updated-27 Oct, 2025 | 17:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2024-12-12||Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Vulnerability in the Oracle Agile PLM Framework product of Oracle Supply Chain (component: Software Development Kit, Process Extension). The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile PLM Framework. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Agile PLM Framework accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-agile_product_lifecycle_managementOracle Agile PLM FrameworkAgile Product Lifecycle Management (PLM)
CWE ID-CWE-863
Incorrect Authorization
CVE-2024-21182
Assigner-Oracle
ShareView Details
Assigner-Oracle
CVSS Score-7.5||HIGH
EPSS-89.74% / 99.59%
||
7 Day CHG+0.09%
Published-16 Jul, 2024 | 22:40
Updated-02 Jun, 2026 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2026-06-04||Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-weblogic_serverWebLogic ServerWebLogic Server
CVE-2024-20953
Assigner-Oracle
ShareView Details
Assigner-Oracle
CVSS Score-8.8||HIGH
EPSS-67.91% / 98.60%
||
7 Day CHG~0.00%
Published-17 Feb, 2024 | 01:50
Updated-27 Oct, 2025 | 17:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2025-03-17||Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain (component: Export). The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks of this vulnerability can result in takeover of Oracle Agile PLM. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-agile_product_lifecycle_managementAgile PLM Frameworkagile_plm_frameworkAgile Product Lifecycle Management (PLM)
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2023-21839
Assigner-Oracle
ShareView Details
Assigner-Oracle
CVSS Score-7.5||HIGH
EPSS-94.17% / 99.92%
||
7 Day CHG~0.00%
Published-17 Jan, 2023 | 23:35
Updated-27 Oct, 2025 | 17:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2023-05-22||Apply updates per vendor instructions.

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-weblogic_serverWebLogic ServerWebLogic Server
CWE ID-CWE-306
Missing Authentication for Critical Function
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2022-21587
Assigner-Oracle
ShareView Details
Assigner-Oracle
CVSS Score-9.8||CRITICAL
EPSS-94.40% / 99.98%
||
7 Day CHG~0.00%
Published-18 Oct, 2022 | 00:00
Updated-27 Oct, 2025 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2023-02-23||Apply updates per vendor instructions.

Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: Upload). Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator. Successful attacks of this vulnerability can result in takeover of Oracle Web Applications Desktop Integrator. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-e-business_suiteWeb Applications Desktop IntegratorE-Business Suite
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2022-21445
Assigner-Oracle
ShareView Details
Assigner-Oracle
CVSS Score-9.8||CRITICAL
EPSS-92.03% / 99.72%
||
7 Day CHG~0.00%
Published-19 Apr, 2022 | 20:37
Updated-27 Oct, 2025 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2024-10-09||Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Vulnerability in the Oracle Application Development Framework (ADF) product of Oracle Fusion Middleware (component: ADF Faces). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Development Framework (ADF). Successful attacks of this vulnerability can result in takeover of Oracle Application Development Framework (ADF). Note: Oracle Application Development Framework (ADF) is downloaded via Oracle JDeveloper Product. Please refer to Fusion Middleware Patch Advisor for more details. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-application_development_frameworkApplication Development Framework (ADF)jdeveloperADF Faces
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2021-35587
Assigner-Oracle
ShareView Details
Assigner-Oracle
CVSS Score-9.8||CRITICAL
EPSS-94.27% / 99.94%
||
7 Day CHG~0.00%
Published-19 Jan, 2022 | 11:21
Updated-27 Oct, 2025 | 17:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-12-19||Apply updates per vendor instructions.

Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: OpenSSO Agent). Supported versions that are affected are 11.1.2.3.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager. Successful attacks of this vulnerability can result in takeover of Oracle Access Manager. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-access_managerAccess ManagerFusion Middleware
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2020-14750
Assigner-Oracle
ShareView Details
Assigner-Oracle
CVSS Score-9.8||CRITICAL
EPSS-94.44% / 99.99%
||
7 Day CHG~0.00%
Published-01 Nov, 2020 | 23:50
Updated-12 Jan, 2026 | 20:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-05-03||Apply updates per vendor instructions.

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-weblogic_serverWebLogic ServerWebLogic Server
CVE-2020-14882
Assigner-Oracle
ShareView Details
Assigner-Oracle
CVSS Score-9.8||CRITICAL
EPSS-94.45% / 99.99%
||
7 Day CHG~0.00%
Published-21 Oct, 2020 | 14:04
Updated-12 Jan, 2026 | 20:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-05-03||Apply updates per vendor instructions.

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-weblogic_serverWebLogic ServerWebLogic Server
CVE-2020-14883
Assigner-Oracle
ShareView Details
Assigner-Oracle
CVSS Score-7.2||HIGH
EPSS-94.44% / 99.99%
||
7 Day CHG~0.00%
Published-21 Oct, 2020 | 14:04
Updated-12 Jan, 2026 | 20:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-05-03||Apply updates per vendor instructions.

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-weblogic_serverWebLogic ServerWebLogic Server
CVE-2020-14871
Assigner-Oracle
ShareView Details
Assigner-Oracle
CVSS Score-10||CRITICAL
EPSS-88.87% / 99.54%
||
7 Day CHG~0.00%
Published-21 Oct, 2020 | 14:04
Updated-27 Oct, 2025 | 17:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-05-03||Apply updates per vendor instructions.

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Pluggable authentication module). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. Note: This CVE is not exploitable for Solaris 11.1 and later releases, and ZFSSA 8.7 and later releases, thus the CVSS Base Score is 0.0. CVSS 3.1 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-solarisSolaris Operating SystemsolarisSolaris and Zettabyte File System (ZFS)
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-14864
Assigner-Oracle
ShareView Details
Assigner-Oracle
CVSS Score-7.5||HIGH
EPSS-94.02% / 99.90%
||
7 Day CHG~0.00%
Published-21 Oct, 2020 | 14:04
Updated-12 Jan, 2026 | 20:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-07-18||Apply updates per vendor instructions.

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Installation). Supported versions that are affected are 5.5.0.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-business_intelligenceBusiness Intelligence Enterprise EditionIntelligence Enterprise Edition
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2020-14644
Assigner-Oracle
ShareView Details
Assigner-Oracle
CVSS Score-9.8||CRITICAL
EPSS-93.64% / 99.85%
||
7 Day CHG~0.00%
Published-15 Jul, 2020 | 17:34
Updated-12 Jan, 2026 | 21:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2024-10-09||Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-weblogic_serverWebLogic Serverweblogic_serverWebLogic Server
CVE-2020-2883
Assigner-Oracle
ShareView Details
Assigner-Oracle
CVSS Score-9.8||CRITICAL
EPSS-94.37% / 99.97%
||
7 Day CHG~0.00%
Published-15 Apr, 2020 | 13:29
Updated-12 Jan, 2026 | 21:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2025-01-28||Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-weblogic_serverWebLogic ServerWebLogic Server
CVE-2020-2551
Assigner-Oracle
ShareView Details
Assigner-Oracle
CVSS Score-9.8||CRITICAL
EPSS-94.41% / 99.98%
||
7 Day CHG~0.00%
Published-15 Jan, 2020 | 16:34
Updated-12 Jan, 2026 | 21:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2023-12-07||Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: WLS Core Components). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-weblogic_serverWebLogic ServerFusion Middleware
CVE-2020-2555
Assigner-Oracle
ShareView Details
Assigner-Oracle
CVSS Score-9.8||CRITICAL
EPSS-93.14% / 99.80%
||
7 Day CHG~0.00%
Published-15 Jan, 2020 | 16:34
Updated-27 Oct, 2025 | 17:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-05-03||Apply updates per vendor instructions.

Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Caching,CacheStore,Invocation). Supported versions that are affected are 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle Coherence. Successful attacks of this vulnerability can result in takeover of Oracle Coherence. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-webcenter_portalcommerce_platformutilities_frameworkhealthcare_data_repositoryretail_assortment_planningcoherencerapid_planningaccess_managercommunications_diameter_signaling_routerWebCenter PortalUtilities FrameworkMultiple Products
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2019-3010
Assigner-Oracle
ShareView Details
Assigner-Oracle
CVSS Score-8.8||HIGH
EPSS-53.48% / 98.04%
||
7 Day CHG~0.00%
Published-16 Oct, 2019 | 17:40
Updated-12 Jan, 2026 | 20:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-06-15||Apply updates per vendor instructions.

Vulnerability in the Oracle Solaris product of Oracle Systems (component: XScreenSaver). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-solarisSolaris Operating SystemSolaris
CVE-2019-2725
Assigner-Oracle
ShareView Details
Assigner-Oracle
CVSS Score-7.5||HIGH
EPSS-94.47% / 100.00%
||
7 Day CHG~0.00%
Published-26 Apr, 2019 | 18:21
Updated-12 Jan, 2026 | 20:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-07-10||Apply updates per vendor instructions.

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-agile_plmstoragetek_tape_analytics_sw_toolpeoplesoft_enterprise_peopletoolscommunications_converged_application_servervm_virtualboxweblogic_servertape_virtual_storage_manager_guitape_library_acslsTape Library ACSLSWebLogic Server
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-2019-2616
Assigner-Oracle
ShareView Details
Assigner-Oracle
CVSS Score-7.2||HIGH
EPSS-93.99% / 99.90%
||
7 Day CHG~0.00%
Published-23 Apr, 2019 | 18:16
Updated-13 Jan, 2026 | 22:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-04-15||Apply updates per vendor instructions.

Vulnerability in the BI Publisher (formerly XML Publisher) component of Oracle Fusion Middleware (subcomponent: BI Publisher Security). Supported versions that are affected are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise BI Publisher (formerly XML Publisher). While the vulnerability is in BI Publisher (formerly XML Publisher), attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of BI Publisher (formerly XML Publisher) accessible data as well as unauthorized read access to a subset of BI Publisher (formerly XML Publisher) accessible data. CVSS 3.0 Base Score 7.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-business_intelligence_publisherBI Publisher (formerly XML Publisher)BI Publisher (Formerly XML Publisher)
CVE-2018-2628
Assigner-Oracle
ShareView Details
Assigner-Oracle
CVSS Score-9.8||CRITICAL
EPSS-94.42% / 99.98%
||
7 Day CHG~0.00%
Published-19 Apr, 2018 | 02:00
Updated-27 Oct, 2025 | 17:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-09-29||Apply updates per vendor instructions.

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.2 and 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-weblogic_serverWebLogic ServerWebLogic Server
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2017-10271
Assigner-Oracle
ShareView Details
Assigner-Oracle
CVSS Score-7.5||HIGH
EPSS-94.44% / 99.99%
||
7 Day CHG~0.00%
Published-19 Oct, 2017 | 17:00
Updated-21 Apr, 2026 | 20:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-08-10||Apply updates per vendor instructions.

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Security). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0 and 12.2.1.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-weblogic_serverWebLogic ServerWebLogic Server
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2017-3506
Assigner-Oracle
ShareView Details
Assigner-Oracle
CVSS Score-7.4||HIGH
EPSS-94.41% / 99.98%
||
7 Day CHG~0.00%
Published-24 Apr, 2017 | 19:00
Updated-22 Apr, 2026 | 13:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2024-06-24||Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.0, 12.2.1.1 and 12.2.1.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle WebLogic Server accessible data as well as unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-weblogic_serverWebLogic Serverweblogic_serverWebLogic Server
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2016-8304
Assigner-Oracle
ShareView Details
Assigner-Oracle
CVSS Score-5.4||MEDIUM
EPSS-0.20% / 42.53%
||
7 Day CHG~0.00%
Published-27 Jan, 2017 | 22:01
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0 and 12.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle FLEXCUBE Universal Banking, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data. CVSS v3.0 Base Score 5.4 (Confidentiality and Integrity impacts).

Action-Not Available
Vendor-Oracle Corporation
Product-flexcube_universal_bankingFLEXCUBE Universal Banking
CWE ID-CWE-284
Improper Access Control
CVE-2017-3282
Assigner-Oracle
ShareView Details
Assigner-Oracle
CVSS Score-4.7||MEDIUM
EPSS-0.55% / 68.33%
||
7 Day CHG~0.00%
Published-27 Jan, 2017 | 22:01
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Partner Management component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Partner Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Partner Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Partner Management accessible data. CVSS v3.0 Base Score 4.7 (Integrity impacts).

Action-Not Available
Vendor-Oracle Corporation
Product-partner_managementPartner Management
CVE-2017-3384
Assigner-Oracle
ShareView Details
Assigner-Oracle
CVSS Score-8.2||HIGH
EPSS-0.84% / 75.21%
||
7 Day CHG~0.00%
Published-27 Jan, 2017 | 22:01
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Advanced Outbound Telephony. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Advanced Outbound Telephony, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Advanced Outbound Telephony accessible data as well as unauthorized update, insert or delete access to some of Oracle Advanced Outbound Telephony accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts).

Action-Not Available
Vendor-Oracle Corporation
Product-advanced_outbound_telephonyAdvanced Outbound Telephony
CVE-2017-3311
Assigner-Oracle
ShareView Details
Assigner-Oracle
CVSS Score-5.3||MEDIUM
EPSS-0.64% / 70.83%
||
7 Day CHG~0.00%
Published-27 Jan, 2017 | 22:01
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Application Testing Suite component of Oracle Enterprise Manager Grid Control (subcomponent: Test Manager for Web Apps). Supported versions that are affected are 12.5.0.3, 12.5.0.2 and 12.4.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Application Testing Suite. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Application Testing Suite accessible data. CVSS v3.0 Base Score 5.3 (Integrity impacts).

Action-Not Available
Vendor-Oracle Corporation
Product-application_testing_suiteApplication Testing Suite
CVE-2017-3259
Assigner-Oracle
ShareView Details
Assigner-Oracle
CVSS Score-3.7||LOW
EPSS-0.47% / 65.01%
||
7 Day CHG~0.00%
Published-27 Jan, 2017 | 22:01
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 3.7 (Confidentiality impacts).

Action-Not Available
Vendor-Oracle Corporation
Product-jdkjreJava SE
CVE-2016-8330
Assigner-Oracle
ShareView Details
Assigner-Oracle
CVSS Score-3.7||LOW
EPSS-0.45% / 63.89%
||
7 Day CHG~0.00%
Published-27 Jan, 2017 | 22:01
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11.3. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Solaris accessible data. CVSS v3.0 Base Score 3.7 (Integrity impacts).

Action-Not Available
Vendor-Oracle Corporation
Product-solarisSolaris Operating System
CWE ID-CWE-284
Improper Access Control
CVE-2017-3316
Assigner-Oracle
ShareView Details
Assigner-Oracle
CVSS Score-8.4||HIGH
EPSS-1.60% / 82.09%
||
7 Day CHG~0.00%
Published-27 Jan, 2017 | 22:01
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: GUI). Supported versions that are affected are VirtualBox prior to 5.0.32 and prior to 5.1.14. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS v3.0 Base Score 8.4 (Confidentiality, Integrity and Availability impacts).

Action-Not Available
Vendor-Oracle Corporation
Product-vm_virtualboxVM VirtualBox
CWE ID-CWE-20
Improper Input Validation
CVE-2017-3314
Assigner-Oracle
ShareView Details
Assigner-Oracle
CVSS Score-6.1||MEDIUM
EPSS-0.50% / 66.41%
||
7 Day CHG~0.00%
Published-27 Jan, 2017 | 22:01
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 12.0.0, 12.1.0 and 12.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle FLEXCUBE Universal Banking, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data. CVSS v3.0 Base Score 6.1 (Confidentiality and Integrity impacts).

Action-Not Available
Vendor-Oracle Corporation
Product-flexcube_universal_bankingFLEXCUBE Universal Banking
CVE-2017-3285
Assigner-Oracle
ShareView Details
Assigner-Oracle
CVSS Score-8.2||HIGH
EPSS-0.75% / 73.49%
||
7 Day CHG~0.00%
Published-27 Jan, 2017 | 22:01
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Service Fulfillment Manager component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Service Fulfillment Manager. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Service Fulfillment Manager, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Service Fulfillment Manager accessible data as well as unauthorized update, insert or delete access to some of Oracle Service Fulfillment Manager accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts).

Action-Not Available
Vendor-Oracle Corporation
Product-service_fulfillment_managerService Fulfillment Manager
CVE-2016-8300
Assigner-Oracle
ShareView Details
Assigner-Oracle
CVSS Score-5.3||MEDIUM
EPSS-0.30% / 54.07%
||
7 Day CHG~0.00%
Published-27 Jan, 2017 | 22:01
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Product / Instrument Search). Supported versions that are affected are 2.0.1, 2.2.0 and 12.0.1. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Private Banking. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Private Banking accessible data. CVSS v3.0 Base Score 5.3 (Confidentiality impacts).

Action-Not Available
Vendor-Oracle Corporation
Product-flexcube_private_bankingFLEXCUBE Private Banking
CWE ID-CWE-284
Improper Access Control
CVE-2017-3333
Assigner-Oracle
ShareView Details
Assigner-Oracle
CVSS Score-8.2||HIGH
EPSS-0.65% / 71.20%
||
7 Day CHG~0.00%
Published-27 Jan, 2017 | 22:01
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Marketing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Marketing accessible data as well as unauthorized update, insert or delete access to some of Oracle Marketing accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts).

Action-Not Available
Vendor-Oracle Corporation
Product-marketingMarketing
CVE-2017-3410
Assigner-Oracle
ShareView Details
Assigner-Oracle
CVSS Score-8.2||HIGH
EPSS-0.84% / 75.21%
||
7 Day CHG~0.00%
Published-27 Jan, 2017 | 22:01
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Advanced Outbound Telephony. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Advanced Outbound Telephony, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Advanced Outbound Telephony accessible data as well as unauthorized update, insert or delete access to some of Oracle Advanced Outbound Telephony accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts).

Action-Not Available
Vendor-Oracle Corporation
Product-advanced_outbound_telephonyAdvanced Outbound Telephony
CVE-2017-3301
Assigner-Oracle
ShareView Details
Assigner-Oracle
CVSS Score-3.3||LOW
EPSS-0.46% / 64.31%
||
7 Day CHG~0.00%
Published-27 Jan, 2017 | 22:01
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11.3. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Solaris accessible data. CVSS v3.0 Base Score 3.3 (Integrity impacts).

Action-Not Available
Vendor-Oracle Corporation
Product-solarisSolaris Operating System
CVE-2016-8328
Assigner-Oracle
ShareView Details
Assigner-Oracle
CVSS Score-3.7||LOW
EPSS-0.56% / 68.63%
||
7 Day CHG~0.00%
Published-27 Jan, 2017 | 22:01
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Java Mission Control). The supported version that is affected is Java SE: 8u112. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data. Note: Applies to Java Mission Control Installation. CVSS v3.0 Base Score 3.7 (Integrity impacts).

Action-Not Available
Vendor-Oracle Corporation
Product-jdkjreJava SE
CVE-2017-3268
Assigner-Oracle
ShareView Details
Assigner-Oracle
CVSS Score-7.5||HIGH
EPSS-1.87% / 83.48%
||
7 Day CHG~0.00%
Published-27 Jan, 2017 | 22:01
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.2 and 8.5.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS v3.0 Base Score 7.5 (Availability impacts).

Action-Not Available
Vendor-Oracle Corporation
Product-outside_in_technologyOutside In Technology
CVE-2016-8324
Assigner-Oracle
ShareView Details
Assigner-Oracle
CVSS Score-5.3||MEDIUM
EPSS-0.72% / 72.80%
||
7 Day CHG~0.00%
Published-27 Jan, 2017 | 22:01
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle FLEXCUBE Core Banking component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 5.1.0, 5.2.0 and 11.5.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Core Banking. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Core Banking accessible data. CVSS v3.0 Base Score 5.3 (Confidentiality impacts).

Action-Not Available
Vendor-Oracle Corporation
Product-flexcube_core_bankingFLEXCUBE Core Banking
CWE ID-CWE-284
Improper Access Control
CVE-2016-8308
Assigner-Oracle
ShareView Details
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-0.64% / 71.05%
||
7 Day CHG~0.00%
Published-27 Jan, 2017 | 22:01
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Product / Instrument Search). Supported versions that are affected are 2.0.1, 2.2.0 and 12.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Private Banking. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Private Banking accessible data. CVSS v3.0 Base Score 4.3 (Integrity impacts).

Action-Not Available
Vendor-Oracle Corporation
Product-flexcube_private_bankingFLEXCUBE Private Banking
CVE-2017-3433
Assigner-Oracle
ShareView Details
Assigner-Oracle
CVSS Score-8.2||HIGH
EPSS-0.84% / 75.21%
||
7 Day CHG~0.00%
Published-27 Jan, 2017 | 22:01
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle One-to-One Fulfillment. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle One-to-One Fulfillment, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle One-to-One Fulfillment accessible data as well as unauthorized update, insert or delete access to some of Oracle One-to-One Fulfillment accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts).

Action-Not Available
Vendor-Oracle Corporation
Product-one-to-one_fulfillmentOne-to-One Fulfillment
CVE-2017-3323
Assigner-Oracle
ShareView Details
Assigner-Oracle
CVSS Score-3.7||LOW
EPSS-0.91% / 76.23%
||
7 Day CHG~0.00%
Published-27 Jan, 2017 | 22:01
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Cluster component of Oracle MySQL (subcomponent: Cluster: General). Supported versions that are affected are 7.2.25 and earlier, 7.3.14 and earlier and 7.4.12 and earlier. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Cluster. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS v3.0 Base Score 3.7 (Availability impacts).

Action-Not Available
Vendor-Oracle Corporation
Product-mysql_clusterMySQL Cluster
CWE ID-CWE-20
Improper Input Validation
CVE-2016-8322
Assigner-Oracle
ShareView Details
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-0.25% / 48.37%
||
7 Day CHG~0.00%
Published-27 Jan, 2017 | 22:01
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle FLEXCUBE Core Banking component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 5.1.0, 5.2.0 and 11.5.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Core Banking. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Core Banking accessible data. CVSS v3.0 Base Score 4.3 (Confidentiality impacts).

Action-Not Available
Vendor-Oracle Corporation
Product-flexcube_core_bankingFLEXCUBE Core Banking
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-3399
Assigner-Oracle
ShareView Details
Assigner-Oracle
CVSS Score-8.2||HIGH
EPSS-0.84% / 75.21%
||
7 Day CHG~0.00%
Published-27 Jan, 2017 | 22:01
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Advanced Outbound Telephony. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Advanced Outbound Telephony, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Advanced Outbound Telephony accessible data as well as unauthorized update, insert or delete access to some of Oracle Advanced Outbound Telephony accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts).

Action-Not Available
Vendor-Oracle Corporation
Product-advanced_outbound_telephonyAdvanced Outbound Telephony
CVE-2016-8299
Assigner-Oracle
ShareView Details
Assigner-Oracle
CVSS Score-6.3||MEDIUM
EPSS-0.29% / 52.97%
||
7 Day CHG~0.00%
Published-27 Jan, 2017 | 22:01
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0 and 12.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle FLEXCUBE Universal Banking. CVSS v3.0 Base Score 6.3 (Confidentiality, Integrity and Availability impacts).

Action-Not Available
Vendor-Oracle Corporation
Product-flexcube_universal_bankingFLEXCUBE Universal Banking
CWE ID-CWE-284
Improper Access Control
CVE-2016-8312
Assigner-Oracle
ShareView Details
Assigner-Oracle
CVSS Score-8.2||HIGH
EPSS-0.76% / 73.82%
||
7 Day CHG~0.00%
Published-27 Jan, 2017 | 22:01
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Product / Instrument Search). Supported versions that are affected are 2.0.1, 2.2.0 and 12.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Private Banking. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle FLEXCUBE Private Banking, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Private Banking accessible data as well as unauthorized update, insert or delete access to some of Oracle FLEXCUBE Private Banking accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts).

Action-Not Available
Vendor-Oracle Corporation
Product-flexcube_private_bankingFLEXCUBE Private Banking
CWE ID-CWE-284
Improper Access Control
CVE-2016-8307
Assigner-Oracle
ShareView Details
Assigner-Oracle
CVSS Score-5.3||MEDIUM
EPSS-0.72% / 72.80%
||
7 Day CHG~0.00%
Published-27 Jan, 2017 | 22:01
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0 and 12.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data. CVSS v3.0 Base Score 5.3 (Confidentiality impacts).

Action-Not Available
Vendor-Oracle Corporation
Product-flexcube_universal_bankingFLEXCUBE Universal Banking
CWE ID-CWE-284
Improper Access Control
CVE-2016-8282
Assigner-Oracle
ShareView Details
Assigner-Oracle
CVSS Score-6.1||MEDIUM
EPSS-0.51% / 66.88%
||
7 Day CHG~0.00%
Published-27 Jan, 2017 | 22:01
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Product / Instrument Search). Supported versions that are affected are 2.0.1, 2.2.0 and 12.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Private Banking. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle FLEXCUBE Private Banking, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Private Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Private Banking accessible data. CVSS v3.0 Base Score 6.1 (Confidentiality and Integrity impacts).

Action-Not Available
Vendor-Oracle Corporation
Product-flexcube_private_bankingFLEXCUBE Private Banking
CWE ID-CWE-284
Improper Access Control
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • Next