cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2023-21983,https://securityvulnerability.io/vulnerability/CVE-2023-21983,,"Vulnerability in the Application Express Administration product of Oracle Application Express (component: None).  Supported versions that are affected are Application Express Administration: 18.2-22.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Application Express Administration.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Application Express Administration accessible data as well as  unauthorized read access to a subset of Application Express Administration accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Application Express Administration. CVSS 3.1 Base Score 5.6 (Confidentiality, Integrity and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L).",Oracle,Application Express (apex),5.6,MEDIUM,0.0006099999882280827,false,false,false,false,,false,false,2023-07-18T21:15:00.000Z,0
CVE-2023-21975,https://securityvulnerability.io/vulnerability/CVE-2023-21975,Application Express Customers Plugin Vulnerability in Oracle,"A vulnerability exists in the Oracle Application Express Customers Plugin that may allow a low-privileged attacker with network access to compromise user accounts. Exploitation requires interaction from a user other than the attacker, which could lead to unauthorized access and takeover of the Application Express Customers Plugin. This vulnerability impacts not only the plugin itself but might also affect additional products, indicating a significant security risk if exploited.",Oracle,Application Express (apex),9,CRITICAL,0.0004299999854993075,false,false,false,false,,false,false,2023-07-18T21:15:00.000Z,0
CVE-2023-21974,https://securityvulnerability.io/vulnerability/CVE-2023-21974,User Account Vulnerability in Oracle Application Express Team Calendar Plugin,"A vulnerability exists in the Application Express Team Calendar Plugin from Oracle that allows a low-privileged attacker with network access via HTTP to compromise user accounts. Exploitation of this weakness necessitates human interaction from a user who is not the attacker. Though primarily affecting the Team Calendar Plugin, successful attacks could have downstream impacts on other associated products, leading to a potential takeover of the Application Express Team Calendar Plugin. This vulnerability highlights the critical need for organizations utilizing the plugin to bolster their security measures and stay informed about potential threats.",Oracle,Application Express (apex),9,CRITICAL,0.0004299999854993075,false,false,false,false,,false,false,2023-07-18T21:15:00.000Z,0
CVE-2021-2460,https://securityvulnerability.io/vulnerability/CVE-2021-2460,,"Vulnerability in the Oracle Application Express Data Reporter component of Oracle Database Server. The supported version that is affected is Prior to 21.1.0.00.04. Easily exploitable vulnerability allows low privileged attacker having Valid User Account privilege with network access via HTTP to compromise Oracle Application Express Data Reporter. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Application Express Data Reporter, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Express Data Reporter accessible data as well as unauthorized read access to a subset of Oracle Application Express Data Reporter accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).",Oracle,Application Express (apex),5.4,MEDIUM,0.0005699999746866524,false,false,false,false,,false,false,2021-07-21T00:15:00.000Z,0
CVE-2021-2117,https://securityvulnerability.io/vulnerability/CVE-2021-2117,,"Vulnerability in the Oracle Application Express Survey Builder component of Oracle Database Server. The supported version that is affected is Prior to 20.2. Easily exploitable vulnerability allows low privileged attacker having Valid User Account privilege with network access via HTTP to compromise Oracle Application Express Survey Builder. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Application Express Survey Builder, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Express Survey Builder accessible data as well as unauthorized read access to a subset of Oracle Application Express Survey Builder accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).",Oracle,Application Express (apex),5.4,MEDIUM,0.0005699999746866524,false,false,false,false,,false,false,2021-01-20T14:50:12.000Z,0
CVE-2021-2116,https://securityvulnerability.io/vulnerability/CVE-2021-2116,,"Vulnerability in the Oracle Application Express Opportunity Tracker component of Oracle Database Server. The supported version that is affected is Prior to 20.2. Easily exploitable vulnerability allows low privileged attacker having Valid User Account privilege with network access via HTTP to compromise Oracle Application Express Opportunity Tracker. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Application Express Opportunity Tracker, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Express Opportunity Tracker accessible data as well as unauthorized read access to a subset of Oracle Application Express Opportunity Tracker accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).",Oracle,Application Express (apex),5.4,MEDIUM,0.0005699999746866524,false,false,false,false,,false,false,2021-01-20T14:50:12.000Z,0
CVE-2020-14900,https://securityvulnerability.io/vulnerability/CVE-2020-14900,,"Vulnerability in the Oracle Application Express Group Calendar component of Oracle Database Server. The supported version that is affected is Prior to 20.2. Easily exploitable vulnerability allows low privileged attacker having Valid User Account privilege with network access via HTTP to compromise Oracle Application Express Group Calendar. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Application Express Group Calendar, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Express Group Calendar accessible data as well as unauthorized read access to a subset of Oracle Application Express Group Calendar accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).",Oracle,Application Express (apex),5.4,MEDIUM,0.0005699999746866524,false,false,false,false,,false,false,2020-10-21T14:04:31.000Z,0
CVE-2020-14898,https://securityvulnerability.io/vulnerability/CVE-2020-14898,,"Vulnerability in the Oracle Application Express Packaged Apps component of Oracle Database Server. The supported version that is affected is Prior to 20.2. Easily exploitable vulnerability allows low privileged attacker having Valid User Account privilege with network access via HTTP to compromise Oracle Application Express Packaged Apps. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Application Express Packaged Apps, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Express Packaged Apps accessible data as well as unauthorized read access to a subset of Oracle Application Express Packaged Apps accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).",Oracle,Application Express (apex),5.4,MEDIUM,0.0005699999746866524,false,false,false,false,,false,false,2020-10-21T14:04:31.000Z,0
CVE-2020-14899,https://securityvulnerability.io/vulnerability/CVE-2020-14899,,"Vulnerability in the Oracle Application Express Data Reporter component of Oracle Database Server. The supported version that is affected is Prior to 20.2. Easily exploitable vulnerability allows low privileged attacker having Valid User Account privilege with network access via HTTP to compromise Oracle Application Express Data Reporter. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Application Express Data Reporter, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Express Data Reporter accessible data as well as unauthorized read access to a subset of Oracle Application Express Data Reporter accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).",Oracle,Application Express (apex),5.4,MEDIUM,0.0005699999746866524,false,false,false,false,,false,false,2020-10-21T14:04:31.000Z,0
CVE-2020-14762,https://securityvulnerability.io/vulnerability/CVE-2020-14762,,"Vulnerability in the Oracle Application Express component of Oracle Database Server. The supported version that is affected is Prior to 20.2. Easily exploitable vulnerability allows low privileged attacker having SQL Workshop privilege with network access via HTTP to compromise Oracle Application Express. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Application Express, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Express accessible data as well as unauthorized read access to a subset of Oracle Application Express accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).",Oracle,Application Express (apex),5.4,MEDIUM,0.0005699999746866524,false,false,false,false,,false,false,2020-10-21T14:04:24.000Z,0
CVE-2020-14763,https://securityvulnerability.io/vulnerability/CVE-2020-14763,,"Vulnerability in the Oracle Application Express Quick Poll component of Oracle Database Server. The supported version that is affected is Prior to 20.2. Easily exploitable vulnerability allows low privileged attacker having Valid User Account privilege with network access via HTTP to compromise Oracle Application Express Quick Poll. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Application Express Quick Poll, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Express Quick Poll accessible data as well as unauthorized read access to a subset of Oracle Application Express Quick Poll accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).",Oracle,Application Express (apex),5.4,MEDIUM,0.0005699999746866524,false,false,false,false,,false,false,2020-10-21T14:04:24.000Z,0
CVE-2007-3854,https://securityvulnerability.io/vulnerability/CVE-2007-3854,,"Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5+, 9.2.0.7, and 10.1.0.5 allow remote authenticated users to have unknown impact via (1) SYS.DBMS_PRVTAQIS in the Advanced Queuing component (DB02) and (2) MDSYS.MD in the Spatial component (DB12).  NOTE: Oracle has not disputed reliable researcher claims that DB02 is for SQL injection and DB12 is for a buffer overflow.",Oracle,"Database Server,Application Server,Peoplesoft Enterprise Customer Relationship Management,Peoplesoft Enterprise Peopletools,Peoplesoft Enterprise Human Capital Management,Secure Enterprise Search,Apex,E-business Suite,Collaboration Suite",,,0.018309999257326126,false,false,false,false,,false,false,2007-07-18T19:00:00.000Z,0
CVE-2007-3860,https://securityvulnerability.io/vulnerability/CVE-2007-3860,,"Unspecified vulnerability in Oracle Application Express (formerly Oracle HTML DB) 2.2.0.00.32 up to 3.0.0.00.20 allows developers to have an unknown impact via unknown attack vectors, aka APEX01.  NOTE: a reliable researcher states that this is SQL injection in the wwv_flow_security.check_db_password function due to insufficient checks for '""' characters.",Oracle,Apex,,,0.006610000040382147,false,false,false,false,,false,false,2007-07-18T19:00:00.000Z,0
CVE-2006-7138,https://securityvulnerability.io/vulnerability/CVE-2006-7138,,"SQL injection vulnerability in wwv_flow_utilities.gen_popup_list in the WWV_FLOW_UTILITIES package for Oracle APEX/HTMLDB before 2.2 allows remote authenticated users to execute arbitrary SQL by modifying the P_LOV parameter and calculating a matching MD5 checksum for the P_LOV_CHECKSUM parameter.  NOTE: it is likely that this issue is subsumed by CVE-2006-5351, but due to lack of details from Oracle, this cannot be proven.",Oracle,Apex,,,0.0014900000533089042,false,false,false,false,,false,false,2007-03-07T20:00:00.000Z,0
CVE-2006-7158,https://securityvulnerability.io/vulnerability/CVE-2006-7158,,"Cross-site scripting (XSS) vulnerability in Oracle Application Express (APEX) before 2.2.1, aka Oracle HTML DB, allows remote attackers to inject arbitrary web script or HTML via the NOTIFICATION_MSG parameter.  NOTE: it is likely that this issue overlaps one of the identifiers in CVE-2006-5351.",Oracle,Apex,,,0.011749999597668648,false,false,false,false,,false,false,2007-03-07T20:00:00.000Z,0
CVE-2006-5599,https://securityvulnerability.io/vulnerability/CVE-2006-5599,,Cross-site scripting (XSS) vulnerability in Oracle Application Express (formerly HTML DB) before 2.2.1 allows remote attackers to inject arbitrary HTML or web script via the WWV_FLOW_ITEM_HELP package.  NOTE: it is likely that this issue overlaps one of the Oracle VulnIDs covered by CVE-2006-5351. Oracle has not publicly disputed claims by a reliable researcher that this has been fixed by the October 2006 CPU.,Oracle,Apex,,,0.005760000087320805,false,false,false,false,,false,false,2006-10-28T01:00:00.000Z,0
CVE-2006-5352,https://securityvulnerability.io/vulnerability/CVE-2006-5352,,"Multiple unspecified vulnerabilities in Oracle Application Express 1.5 up to 1.6.1 have unknown impact and remote attack vectors, aka Vuln# (1) APEX04, (2) APEX20, and (3) APEX21.",Oracle,Apex,,,0.009730000048875809,false,false,false,false,,false,false,2006-10-18T01:00:00.000Z,0
CVE-2006-5351,https://securityvulnerability.io/vulnerability/CVE-2006-5351,,"Multiple unspecified vulnerabilities in Oracle Application Express (formerly Oracle HTML DB) 1.5 up to 2.0 have unknown impact and remote attack vectors, aka Vuln# (1) APEX01, (2) APEX02, (3) APEX03, (4) APEX05, (5) APEX06, (6) APEX07, (7) APEX08, (8) APEX09, (9) APEX10, (10) APEX11, (11) APEX12, (12) APEX13, (13) APEX14, (14) APEX15, (15) APEX16, (16) APEX17, (17) APEX18, (18) APEX19, (19) APEX22, (20) APEX23, (21) APEX24, (22) APEX25, (23) APEX26, (24) APEX27, (25) APEX28, (26) APEX29, (27) APEX30, (28) APEX31, (29) APEX32, (30) APEX33, (31) APEX34, and (32) APEX35.  NOTE: as of 20061027, it is likely that some of these identifiers are associated with cross-site scripting (XSS) in WWV_FLOW_ITEM_HELP and NOTIFICATION_MSG, but these have been provided separate identifiers.",Oracle,Apex,,,0.01233999989926815,false,false,false,false,,false,false,2006-10-18T01:00:00.000Z,0