cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-21261,https://securityvulnerability.io/vulnerability/CVE-2024-21261,Oracle Application Express Vulnerability Affects 23.2 and 24.1 Versions,"Vulnerability in Oracle Application Express (component: General).  Supported versions that are affected are 23.2 and  24.1. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Application Express.  While the vulnerability is in Oracle Application Express, attacks may significantly impact additional products (scope change).  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Application Express accessible data as well as  unauthorized read access to a subset of Oracle Application Express accessible data. CVSS 3.1 Base Score 4.9 (Confidentiality and Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N).",Oracle,Oracle Application Express,4.9,MEDIUM,0.00044999999227002263,false,false,false,false,,false,false,2024-10-15T19:52:54.588Z,0
CVE-2023-21974,https://securityvulnerability.io/vulnerability/CVE-2023-21974,User Account Vulnerability in Oracle Application Express Team Calendar Plugin,"A vulnerability exists in the Application Express Team Calendar Plugin from Oracle that allows a low-privileged attacker with network access via HTTP to compromise user accounts. Exploitation of this weakness necessitates human interaction from a user who is not the attacker. Though primarily affecting the Team Calendar Plugin, successful attacks could have downstream impacts on other associated products, leading to a potential takeover of the Application Express Team Calendar Plugin. This vulnerability highlights the critical need for organizations utilizing the plugin to bolster their security measures and stay informed about potential threats.",Oracle,Application Express (apex),9,CRITICAL,0.0004299999854993075,false,false,false,false,,false,false,2023-07-18T21:15:00.000Z,0
CVE-2023-21983,https://securityvulnerability.io/vulnerability/CVE-2023-21983,,"Vulnerability in the Application Express Administration product of Oracle Application Express (component: None).  Supported versions that are affected are Application Express Administration: 18.2-22.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Application Express Administration.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Application Express Administration accessible data as well as  unauthorized read access to a subset of Application Express Administration accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Application Express Administration. CVSS 3.1 Base Score 5.6 (Confidentiality, Integrity and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L).",Oracle,Application Express (apex),5.6,MEDIUM,0.0006099999882280827,false,false,false,false,,false,false,2023-07-18T21:15:00.000Z,0
CVE-2023-21975,https://securityvulnerability.io/vulnerability/CVE-2023-21975,Application Express Customers Plugin Vulnerability in Oracle,"A vulnerability exists in the Oracle Application Express Customers Plugin that may allow a low-privileged attacker with network access to compromise user accounts. Exploitation requires interaction from a user other than the attacker, which could lead to unauthorized access and takeover of the Application Express Customers Plugin. This vulnerability impacts not only the plugin itself but might also affect additional products, indicating a significant security risk if exploited.",Oracle,Application Express (apex),9,CRITICAL,0.0004299999854993075,false,false,false,false,,false,false,2023-07-18T21:15:00.000Z,0
CVE-2021-2460,https://securityvulnerability.io/vulnerability/CVE-2021-2460,,"Vulnerability in the Oracle Application Express Data Reporter component of Oracle Database Server. The supported version that is affected is Prior to 21.1.0.00.04. Easily exploitable vulnerability allows low privileged attacker having Valid User Account privilege with network access via HTTP to compromise Oracle Application Express Data Reporter. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Application Express Data Reporter, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Express Data Reporter accessible data as well as unauthorized read access to a subset of Oracle Application Express Data Reporter accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).",Oracle,Application Express (apex),5.4,MEDIUM,0.0005699999746866524,false,false,false,false,,false,false,2021-07-21T00:15:00.000Z,0
CVE-2021-2116,https://securityvulnerability.io/vulnerability/CVE-2021-2116,,"Vulnerability in the Oracle Application Express Opportunity Tracker component of Oracle Database Server. The supported version that is affected is Prior to 20.2. Easily exploitable vulnerability allows low privileged attacker having Valid User Account privilege with network access via HTTP to compromise Oracle Application Express Opportunity Tracker. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Application Express Opportunity Tracker, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Express Opportunity Tracker accessible data as well as unauthorized read access to a subset of Oracle Application Express Opportunity Tracker accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).",Oracle,Application Express (apex),5.4,MEDIUM,0.0005699999746866524,false,false,false,false,,false,false,2021-01-20T14:50:12.000Z,0
CVE-2021-2117,https://securityvulnerability.io/vulnerability/CVE-2021-2117,,"Vulnerability in the Oracle Application Express Survey Builder component of Oracle Database Server. The supported version that is affected is Prior to 20.2. Easily exploitable vulnerability allows low privileged attacker having Valid User Account privilege with network access via HTTP to compromise Oracle Application Express Survey Builder. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Application Express Survey Builder, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Express Survey Builder accessible data as well as unauthorized read access to a subset of Oracle Application Express Survey Builder accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).",Oracle,Application Express (apex),5.4,MEDIUM,0.0005699999746866524,false,false,false,false,,false,false,2021-01-20T14:50:12.000Z,0
CVE-2020-14898,https://securityvulnerability.io/vulnerability/CVE-2020-14898,,"Vulnerability in the Oracle Application Express Packaged Apps component of Oracle Database Server. The supported version that is affected is Prior to 20.2. Easily exploitable vulnerability allows low privileged attacker having Valid User Account privilege with network access via HTTP to compromise Oracle Application Express Packaged Apps. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Application Express Packaged Apps, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Express Packaged Apps accessible data as well as unauthorized read access to a subset of Oracle Application Express Packaged Apps accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).",Oracle,Application Express (apex),5.4,MEDIUM,0.0005699999746866524,false,false,false,false,,false,false,2020-10-21T14:04:31.000Z,0
CVE-2020-14899,https://securityvulnerability.io/vulnerability/CVE-2020-14899,,"Vulnerability in the Oracle Application Express Data Reporter component of Oracle Database Server. The supported version that is affected is Prior to 20.2. Easily exploitable vulnerability allows low privileged attacker having Valid User Account privilege with network access via HTTP to compromise Oracle Application Express Data Reporter. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Application Express Data Reporter, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Express Data Reporter accessible data as well as unauthorized read access to a subset of Oracle Application Express Data Reporter accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).",Oracle,Application Express (apex),5.4,MEDIUM,0.0005699999746866524,false,false,false,false,,false,false,2020-10-21T14:04:31.000Z,0
CVE-2020-14900,https://securityvulnerability.io/vulnerability/CVE-2020-14900,,"Vulnerability in the Oracle Application Express Group Calendar component of Oracle Database Server. The supported version that is affected is Prior to 20.2. Easily exploitable vulnerability allows low privileged attacker having Valid User Account privilege with network access via HTTP to compromise Oracle Application Express Group Calendar. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Application Express Group Calendar, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Express Group Calendar accessible data as well as unauthorized read access to a subset of Oracle Application Express Group Calendar accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).",Oracle,Application Express (apex),5.4,MEDIUM,0.0005699999746866524,false,false,false,false,,false,false,2020-10-21T14:04:31.000Z,0
CVE-2020-14763,https://securityvulnerability.io/vulnerability/CVE-2020-14763,,"Vulnerability in the Oracle Application Express Quick Poll component of Oracle Database Server. The supported version that is affected is Prior to 20.2. Easily exploitable vulnerability allows low privileged attacker having Valid User Account privilege with network access via HTTP to compromise Oracle Application Express Quick Poll. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Application Express Quick Poll, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Express Quick Poll accessible data as well as unauthorized read access to a subset of Oracle Application Express Quick Poll accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).",Oracle,Application Express (apex),5.4,MEDIUM,0.0005699999746866524,false,false,false,false,,false,false,2020-10-21T14:04:24.000Z,0
CVE-2020-14762,https://securityvulnerability.io/vulnerability/CVE-2020-14762,,"Vulnerability in the Oracle Application Express component of Oracle Database Server. The supported version that is affected is Prior to 20.2. Easily exploitable vulnerability allows low privileged attacker having SQL Workshop privilege with network access via HTTP to compromise Oracle Application Express. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Application Express, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Express accessible data as well as unauthorized read access to a subset of Oracle Application Express accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).",Oracle,Application Express (apex),5.4,MEDIUM,0.0005699999746866524,false,false,false,false,,false,false,2020-10-21T14:04:24.000Z,0
CVE-2020-2972,https://securityvulnerability.io/vulnerability/CVE-2020-2972,,"Vulnerability in the Oracle Application Express component of Oracle Database Server. Supported versions that are affected are 5.1-19.2. Easily exploitable vulnerability allows low privileged attacker having SQL Workshop privilege with network access via HTTP to compromise Oracle Application Express. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Application Express, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Express accessible data as well as unauthorized read access to a subset of Oracle Application Express accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).",Oracle,Application Express,5.4,MEDIUM,0.000539999979082495,false,false,false,false,,false,false,2020-07-15T17:34:36.000Z,0
CVE-2020-2513,https://securityvulnerability.io/vulnerability/CVE-2020-2513,,"Vulnerability in the Oracle Application Express component of Oracle Database Server. Supported versions that are affected are 5.1-19.2. Easily exploitable vulnerability allows low privileged attacker having SQL Workshop privilege with network access via HTTP to compromise Oracle Application Express. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Application Express, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Express accessible data as well as unauthorized read access to a subset of Oracle Application Express accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).",Oracle,Application Express,5.4,MEDIUM,0.000539999979082495,false,false,false,false,,false,false,2020-07-15T17:34:36.000Z,0
CVE-2020-2971,https://securityvulnerability.io/vulnerability/CVE-2020-2971,,"Vulnerability in the Oracle Application Express component of Oracle Database Server. Supported versions that are affected are 5.1-19.2. Easily exploitable vulnerability allows low privileged attacker having SQL Workshop privilege with network access via HTTP to compromise Oracle Application Express. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Application Express, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Express accessible data as well as unauthorized read access to a subset of Oracle Application Express accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).",Oracle,Application Express,5.4,MEDIUM,0.000539999979082495,false,false,false,false,,false,false,2020-07-15T17:34:36.000Z,0
CVE-2020-2973,https://securityvulnerability.io/vulnerability/CVE-2020-2973,,"Vulnerability in the Oracle Application Express component of Oracle Database Server. Supported versions that are affected are 5.1-19.2. Easily exploitable vulnerability allows low privileged attacker having SQL Workshop privilege with network access via HTTP to compromise Oracle Application Express. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Application Express, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Express accessible data as well as unauthorized read access to a subset of Oracle Application Express accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).",Oracle,Application Express,5.4,MEDIUM,0.000539999979082495,false,false,false,false,,false,false,2020-07-15T17:34:36.000Z,0
CVE-2020-2974,https://securityvulnerability.io/vulnerability/CVE-2020-2974,,"Vulnerability in the Oracle Application Express component of Oracle Database Server. Supported versions that are affected are 5.1-19.2. Easily exploitable vulnerability allows low privileged attacker having SQL Workshop privilege with network access via HTTP to compromise Oracle Application Express. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Application Express, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Express accessible data as well as unauthorized read access to a subset of Oracle Application Express accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).",Oracle,Application Express,5.4,MEDIUM,0.000539999979082495,false,false,false,false,,false,false,2020-07-15T17:34:36.000Z,0
CVE-2020-2975,https://securityvulnerability.io/vulnerability/CVE-2020-2975,,"Vulnerability in the Oracle Application Express component of Oracle Database Server. Supported versions that are affected are 5.1-19.2. Easily exploitable vulnerability allows low privileged attacker having SQL Workshop privilege with network access via HTTP to compromise Oracle Application Express. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Application Express, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Express accessible data as well as unauthorized read access to a subset of Oracle Application Express accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).",Oracle,Application Express,5.4,MEDIUM,0.000539999979082495,false,false,false,false,,false,false,2020-07-15T17:34:36.000Z,0
CVE-2020-2976,https://securityvulnerability.io/vulnerability/CVE-2020-2976,,"Vulnerability in the Oracle Application Express component of Oracle Database Server. Supported versions that are affected are 5.1-19.2. Easily exploitable vulnerability allows low privileged attacker having SQL Workshop privilege with network access via HTTP to compromise Oracle Application Express. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Application Express, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Express accessible data as well as unauthorized read access to a subset of Oracle Application Express accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).",Oracle,Application Express,5.4,MEDIUM,0.000539999979082495,false,false,false,false,,false,false,2020-07-15T17:34:36.000Z,0
CVE-2020-2977,https://securityvulnerability.io/vulnerability/CVE-2020-2977,,"Vulnerability in the Oracle Application Express component of Oracle Database Server. Supported versions that are affected are 5.1-19.2. Easily exploitable vulnerability allows low privileged attacker having Valid User Account privilege with network access via HTTP to compromise Oracle Application Express. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Express accessible data as well as unauthorized read access to a subset of Oracle Application Express accessible data. CVSS 3.1 Base Score 4.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N).",Oracle,Application Express,4.6,MEDIUM,0.000539999979082495,false,false,false,false,,false,false,2020-07-15T17:34:36.000Z,0
CVE-2020-2514,https://securityvulnerability.io/vulnerability/CVE-2020-2514,,"Vulnerability in the Oracle Application Express component of Oracle Database Server. The supported version that is affected is Prior to 19.2. Easily exploitable vulnerability allows low privileged attacker having End User Role privilege with network access via HTTPS to compromise Oracle Application Express. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Express accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Application Express. CVSS 3.0 Base Score 4.6 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L).",Oracle,Application Express,4.6,MEDIUM,0.0005300000193528831,false,false,false,false,,false,false,2020-04-15T13:29:43.000Z,0
CVE-2019-2484,https://securityvulnerability.io/vulnerability/CVE-2019-2484,,"Vulnerability in the Application Express component of Oracle Database Server. Supported versions that are affected are 5.1 and 18.2. Easily exploitable vulnerability allows low privileged attacker having Valid Account privilege with network access via HTTP to compromise Application Express. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Application Express, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Application Express accessible data as well as unauthorized read access to a subset of Application Express accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).",Oracle,Application Express,5.4,MEDIUM,0.000539999979082495,false,false,false,false,,false,false,2019-07-23T23:15:00.000Z,0
CVE-2018-2699,https://securityvulnerability.io/vulnerability/CVE-2018-2699,,"Vulnerability in the Application Express component of Oracle Database Server. The supported version that is affected is Prior to 5.1.4.00.08. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Application Express. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Application Express, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Application Express accessible data as well as unauthorized read access to a subset of Application Express accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",Oracle,Application Express,6.1,MEDIUM,0.001290000043809414,false,false,false,false,,false,false,2018-01-18T02:00:00.000Z,0
CVE-2016-3448,https://securityvulnerability.io/vulnerability/CVE-2016-3448,,Unspecified vulnerability in the Application Express component in Oracle Database Server before 5.0.4 allows remote attackers to affect confidentiality and integrity via unknown vectors.,Oracle,Application Express,6.1,MEDIUM,0.0016199999954551458,false,false,false,false,,false,false,2016-07-21T10:00:00.000Z,0
CVE-2016-3467,https://securityvulnerability.io/vulnerability/CVE-2016-3467,,Unspecified vulnerability in the Application Express component in Oracle Database Server before 5.0.4 allows remote attackers to affect availability via unknown vectors.,Oracle,Application Express,5.8,MEDIUM,0.0021800000686198473,false,false,false,false,,false,false,2016-07-21T10:00:00.000Z,0