cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2023-21859,https://securityvulnerability.io/vulnerability/CVE-2023-21859,,Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: Authentication Engine).   The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Access Manager executes to compromise Oracle Access Manager.  Successful attacks of this vulnerability can result in  unauthorized access to critical data or complete access to all Oracle Access Manager accessible data. CVSS 3.1 Base Score 4.4 (Confidentiality impacts).  CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N).,Oracle,Access Manager,4.4,MEDIUM,0.00044999999227002263,false,false,false,false,,false,false,2023-01-18T00:15:00.000Z,0
CVE-2022-39405,https://securityvulnerability.io/vulnerability/CVE-2022-39405,,"Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: Authentication Engine). The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Access Manager accessible data. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).",Oracle,Access Manager,5.3,MEDIUM,0.00044999999227002263,false,false,false,false,,false,false,2022-10-18T00:00:00.000Z,0
CVE-2022-39412,https://securityvulnerability.io/vulnerability/CVE-2022-39412,,Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: Admin Console). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Access Manager accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).,Oracle,Access Manager,7.5,HIGH,0.003860000055283308,false,false,false,false,,false,false,2022-10-18T00:00:00.000Z,0
CVE-2021-35587,https://securityvulnerability.io/vulnerability/CVE-2021-35587,,"Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: OpenSSO Agent). Supported versions that are affected are 11.1.2.3.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager. Successful attacks of this vulnerability can result in takeover of Oracle Access Manager. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",Oracle,Access Manager,9.8,CRITICAL,0.5661299824714661,true,false,false,true,true,false,false,2022-01-19T11:21:42.000Z,0
CVE-2021-2358,https://securityvulnerability.io/vulnerability/CVE-2021-2358,,Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: Rest interfaces for Access Mgr). The supported version that is affected is 11.1.2.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTPS to compromise Oracle Access Manager. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Access Manager accessible data. CVSS 3.1 Base Score 4.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N).,Oracle,Access Manager,4.9,MEDIUM,0.0009399999980814755,false,false,false,false,,false,false,2021-07-20T22:43:36.000Z,0
CVE-2020-14874,https://securityvulnerability.io/vulnerability/CVE-2020-14874,,"Vulnerability in the Oracle Cloud Infrastructure Identity and Access Management product of Oracle Cloud Services. Easily exploitable vulnerability allows high privileged attacker with network access to compromise Oracle Cloud Infrastructure Identity and Access Management. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Cloud Infrastructure Identity and Access Management accessible data as well as unauthorized read access to a subset of Oracle Cloud Infrastructure Identity and Access Management accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Cloud Infrastructure Identity and Access Management.",Oracle,Oracle Cloud Infrastructure Identity And Access Management,4.7,MEDIUM,0.000910000002477318,false,false,false,false,,false,false,2020-12-22T21:40:14.000Z,0
CVE-2020-2745,https://securityvulnerability.io/vulnerability/CVE-2020-2745,,Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: Federation). Supported versions that are affected are 11.1.2.3.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Access Manager. CVSS 3.0 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L).,Oracle,Access Manager,4.3,MEDIUM,0.0007699999841861427,false,false,false,false,,false,false,2020-04-15T13:29:44.000Z,0
CVE-2020-2747,https://securityvulnerability.io/vulnerability/CVE-2020-2747,,"Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: SSO Engine). Supported versions that are affected are 11.1.2.3.0 and 12.2.1.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Access Manager. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Access Manager, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Access Manager accessible data as well as unauthorized read access to a subset of Oracle Access Manager accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).",Oracle,Access Manager,5.4,MEDIUM,0.000539999979082495,false,false,false,false,,false,false,2020-04-15T13:29:44.000Z,0
CVE-2020-2740,https://securityvulnerability.io/vulnerability/CVE-2020-2740,,"Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: Authentication Engine). Supported versions that are affected are 11.1.2.3.0 and 12.2.1.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Access Manager. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Access Manager accessible data as well as unauthorized read access to a subset of Oracle Access Manager accessible data. CVSS 3.0 Base Score 4.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N).",Oracle,Access Manager,4.6,MEDIUM,0.000539999979082495,false,false,false,false,,false,false,2020-04-15T13:29:44.000Z,0
CVE-2018-2587,https://securityvulnerability.io/vulnerability/CVE-2018-2587,,"Vulnerability in the Oracle Access Manager component of Oracle Fusion Middleware (subcomponent: Web Server Plugin). Supported versions that are affected are 10.1.4.3.0, 11.1.2.3.0 and 12.2.1.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Access Manager accessible data as well as unauthorized read access to a subset of Oracle Access Manager accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N).",Oracle,"Access Manager,Adaptive Access Manager",6.5,MEDIUM,0.0018700000364333391,false,false,false,false,,false,false,2018-04-19T02:00:00.000Z,0
CVE-2018-2770,https://securityvulnerability.io/vulnerability/CVE-2018-2770,,"Vulnerability in the Oracle Adaptive Access Manager component of Oracle Fusion Middleware (subcomponent: OAAM Admin). The supported version that is affected is 11.1.2.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Adaptive Access Manager. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Adaptive Access Manager, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Adaptive Access Manager accessible data as well as unauthorized update, insert or delete access to some of Oracle Adaptive Access Manager accessible data. CVSS 3.0 Base Score 7.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N).",Oracle,Adaptive Access Manager,7.6,HIGH,0.0010900000343099236,false,false,false,false,,false,false,2018-04-19T02:00:00.000Z,0
CVE-2018-2879,https://securityvulnerability.io/vulnerability/CVE-2018-2879,,"Vulnerability in the Oracle Access Manager component of Oracle Fusion Middleware (subcomponent: Authentication Engine). Supported versions that are affected are 11.1.2.3.0 and 12.2.1.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager. While the vulnerability is in Oracle Access Manager, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Access Manager. Note: Please refer to Doc ID <a href=""http://support.oracle.com/CSP/main/article?cmd=show&type=NOT&id=2386496.1"">My Oracle Support Note 2386496.1 for instructions on how to address this issue. CVSS 3.0 Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H).",Oracle,Access Manager,9,CRITICAL,0.020239999517798424,false,false,false,true,true,false,false,2018-04-19T02:00:00.000Z,0
CVE-2017-10262,https://securityvulnerability.io/vulnerability/CVE-2017-10262,,Vulnerability in the Oracle Access Manager component of Oracle Fusion Middleware (subcomponent: Web Server Plugin). The supported version that is affected is 11.1.2.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Access Manager. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Access Manager accessible data. CVSS 3.0 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).,Oracle,Access Manager,5.9,MEDIUM,0.0015800000401213765,false,false,false,false,,false,false,2018-01-18T02:00:00.000Z,0
CVE-2017-10154,https://securityvulnerability.io/vulnerability/CVE-2017-10154,,Vulnerability in the Oracle Access Manager component of Oracle Fusion Middleware (subcomponent: Web Server Plugin). The supported version that is affected is 11.1.2.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Access Manager accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).,Oracle,Access Manager,5.3,MEDIUM,0.0013800000306218863,false,false,false,false,,false,false,2017-10-19T17:00:00.000Z,0
CVE-2011-0846,https://securityvulnerability.io/vulnerability/CVE-2011-0846,,Unspecified vulnerability in the Oracle Sun Java System Access Manager Policy Agent 2.2 allows remote attackers to affect availability via unknown vectors related to Web Proxy Agent.,Oracle,Sun Java System Access Manager Policy Agent,,,0.0033100000582635403,false,false,false,false,,false,false,2011-04-20T10:55:00.000Z,0
CVE-2010-4444,https://securityvulnerability.io/vulnerability/CVE-2010-4444,,"Unspecified vulnerability in Oracle Sun Java System Access Manager and Oracle OpenSSO 7, 7.1, and 8 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.",Oracle,"Opensso,Java System Access Manager",,,0.015259999781847,false,false,false,false,,false,false,2011-01-19T16:00:00.000Z,0
CVE-2009-2713,https://securityvulnerability.io/vulnerability/CVE-2009-2713,,"The CDCServlet component in Sun Java System Access Manager 7.0 2005Q4 and 7.1, when Cross Domain Single Sign On (CDSSO) is enabled, does not ensure that ""policy advice"" is presented to the correct client, which allows remote attackers to obtain sensitive information via unspecified vectors.",Oracle,Java System Access Manager,,,0.004579999949783087,false,false,false,false,,false,false,2009-08-07T18:33:00.000Z,0
CVE-2009-2712,https://securityvulnerability.io/vulnerability/CVE-2009-2712,,"Sun Java System Access Manager 6.3 2005Q1, 7.0 2005Q4, and 7.1; and OpenSSO Enterprise 8.0; when AMConfig.properties enables the debug flag, allows local users to discover cleartext passwords by reading debug files.",Oracle,Java System Access Manager,,,0.0004400000034365803,false,false,false,false,,false,false,2009-08-07T18:33:00.000Z,0
CVE-2009-2597,https://securityvulnerability.io/vulnerability/CVE-2009-2597,,The Sun Java System (SJS) Access Manager Policy Agent module 2.2 for SJS Web Proxy Server 4.0 allows remote attackers to cause a denial of service (daemon crash) via a GET request.,Oracle,Java System Access Manager Policy Agent,,,0.005470000207424164,false,false,false,false,,false,false,2009-07-27T14:30:00.000Z,0
CVE-2009-2268,https://securityvulnerability.io/vulnerability/CVE-2009-2268,,"Cross-site scripting (XSS) vulnerability in the Cross-Domain Controller (CDC) servlet in Sun Java System Access Manager 6 2005Q1, 7 2005Q4, and 7.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.",Oracle,Java System Access Manager,,,0.00215999991632998,false,false,false,false,,false,false,2009-07-01T12:26:00.000Z,0
CVE-2009-0348,https://securityvulnerability.io/vulnerability/CVE-2009-0348,,"The login module in Sun Java System Access Manager 6 2005Q1 (aka 6.3), 7 2005Q4 (aka 7.0), and 7.1 responds differently to a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.",Oracle,Java System Access Manager,,,0.022019999101758003,false,false,false,false,,false,false,2009-01-29T19:00:00.000Z,0
CVE-2009-0169,https://securityvulnerability.io/vulnerability/CVE-2009-0169,,"Sun Java System Access Manager 7.1 allows remote authenticated sub-realm administrators to gain privileges, as demonstrated by creating the amadmin account in the sub-realm, and then logging in as amadmin in the root realm.",Oracle,Java System Access Manager,,,0.003530000103637576,false,false,false,false,,false,false,2009-01-16T21:00:00.000Z,0
CVE-2009-0170,https://securityvulnerability.io/vulnerability/CVE-2009-0170,,"Sun Java System Access Manager 6.3 2005Q1, 7 2005Q4, and 7.1 allows remote authenticated users with console privileges to discover passwords, and obtain unspecified other ""access to resources,"" by visiting the Configuration Items component in the console.",Oracle,Java System Access Manager,,,0.003530000103637576,false,false,false,false,,false,false,2009-01-16T21:00:00.000Z,0
CVE-2008-4747,https://securityvulnerability.io/vulnerability/CVE-2008-4747,,Unspecified vulnerability in the search feature in Sun Java System LDAP JDK before 4.20 allows context-dependent attackers to obtain sensitive information via unknown attack vectors related to the LDAP JDK library.,Oracle,Java Access Manager,,,0.0006200000061653554,false,false,false,false,,false,false,2008-10-27T19:00:00.000Z,0
CVE-2008-2945,https://securityvulnerability.io/vulnerability/CVE-2008-2945,,"Sun Java System Access Manager 6.3 through 7.1 and Sun Java System Identity Server 6.1 and 6.2 do not properly process XSLT stylesheets in XSLT transforms in XML signatures, which allows context-dependent attackers to execute arbitrary code via a crafted stylesheet, a related issue to CVE-2007-3715, CVE-2007-3716, and CVE-2007-4289.",Oracle,"Java System Identity Server,Java System Access Manager",,,0.013799999840557575,false,false,false,false,,false,false,2008-06-30T22:00:00.000Z,0