cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-21983,https://securityvulnerability.io/vulnerability/CVE-2023-21983,Vulnerability in Oracle Application Express Administration Allows Unauthorized Access,"A vulnerability in Oracle's Application Express Administration allows an unauthenticated attacker with network access via HTTP to potentially compromise system security. This vulnerability could enable unauthorized operations such as updates, inserts, or deletions of accessible data. Additionally, it could allow unauthorized read access to certain data subsets and even lead to a partial denial of service. Organizations utilizing affected versions of Application Express Administration should assess their exposure and apply appropriate security measures to mitigate risks.",Oracle,Application Express (apex),5.6,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2023-07-18T21:15:00.000Z,0
CVE-2023-21975,https://securityvulnerability.io/vulnerability/CVE-2023-21975,Application Express Customers Plugin Vulnerability in Oracle,"A vulnerability exists in the Oracle Application Express Customers Plugin that may allow a low-privileged attacker with network access to compromise user accounts. Exploitation requires interaction from a user other than the attacker, which could lead to unauthorized access and takeover of the Application Express Customers Plugin. This vulnerability impacts not only the plugin itself but might also affect additional products, indicating a significant security risk if exploited.",Oracle,Application Express (apex),9,CRITICAL,0.00044999999227002263,false,,false,false,false,,,false,false,,2023-07-18T21:15:00.000Z,0
CVE-2023-21974,https://securityvulnerability.io/vulnerability/CVE-2023-21974,User Account Vulnerability in Oracle Application Express Team Calendar Plugin,"A vulnerability exists in the Application Express Team Calendar Plugin from Oracle that allows a low-privileged attacker with network access via HTTP to compromise user accounts. Exploitation of this weakness necessitates human interaction from a user who is not the attacker. Though primarily affecting the Team Calendar Plugin, successful attacks could have downstream impacts on other associated products, leading to a potential takeover of the Application Express Team Calendar Plugin. This vulnerability highlights the critical need for organizations utilizing the plugin to bolster their security measures and stay informed about potential threats.",Oracle,Application Express (apex),9,CRITICAL,0.00044999999227002263,false,,false,false,false,,,false,false,,2023-07-18T21:15:00.000Z,0
CVE-2021-2460,https://securityvulnerability.io/vulnerability/CVE-2021-2460,Vulnerability in Oracle Database Server's Application Express Data Reporter,"An exploitable vulnerability exists in the Oracle Application Express Data Reporter component of Oracle Database Server. This issue allows an attacker with valid user credentials and network access over HTTP to compromise the system. The vulnerability necessitates human interaction from an individual who is not the attacker. Successful exploitation can lead to unauthorized updates, insertion or deletion of data and unauthorized read access to certain data sets available within the Oracle Application Express Data Reporter. This could have broader implications for other dependent systems and data integrity.",Oracle,Application Express (apex),5.4,MEDIUM,0.0005699999746866524,false,,false,false,false,,,false,false,,2021-07-21T00:15:00.000Z,0
CVE-2021-2117,https://securityvulnerability.io/vulnerability/CVE-2021-2117,Vulnerability in Oracle Application Express Survey Builder Component,"A vulnerability exists in the Oracle Application Express Survey Builder component of Oracle Database Server, allowing low-privileged attackers with valid user accounts to exploit the system via HTTP. The attack requires human interaction from an external party. While the vulnerability is specific to the Survey Builder, successful exploits can disrupt additional products, allowing unauthorized access to sensitive data and potential alterations, including updates, inserts, or deletions to the accessible data. This highlights a critical need for robust security measures and user awareness to prevent potential data misuse.",Oracle,Application Express (apex),5.4,MEDIUM,0.0005699999746866524,false,,false,false,false,,,false,false,,2021-01-20T14:50:12.000Z,0
CVE-2021-2116,https://securityvulnerability.io/vulnerability/CVE-2021-2116,Vulnerability in Oracle Application Express Opportunity Tracker Component,"A vulnerability exists in the Oracle Application Express Opportunity Tracker component of Oracle Database Server, affecting versions prior to 20.2. It can be exploited by low-privileged attackers who possess a valid user account, allowing them to gain unauthorized access to sensitive data. Successful exploitation of this vulnerability requires human interaction from an individual other than the attacker. Attackers can potentially manipulate data within the Opportunity Tracker, including unauthorized updates, insertions, and deletions, as well as reading of accessible data. This vulnerability may significantly impact not only the Opportunity Tracker but also other associated products within the Oracle ecosystem.",Oracle,Application Express (apex),5.4,MEDIUM,0.0005699999746866524,false,,false,false,false,,,false,false,,2021-01-20T14:50:12.000Z,0
CVE-2020-14900,https://securityvulnerability.io/vulnerability/CVE-2020-14900,Vulnerability in Oracle Database Server Group Calendar Component,"A vulnerability exists in the Oracle Application Express Group Calendar component of Oracle Database Server that allows a low privileged attacker with a valid user account to exploit the system via HTTP. Successful exploitation of this vulnerability requires interaction from a user other than the attacker, potentially leading to unauthorized updates, insertions, or deletions of accessible data within the Group Calendar. Moreover, it can also grant unauthorized read access to a portion of the data, affecting not only the Group Calendar component but potentially impacting additional connected products.",Oracle,Application Express (apex),5.4,MEDIUM,0.0005699999746866524,false,,false,false,false,,,false,false,,2020-10-21T14:04:31.000Z,0
CVE-2020-14899,https://securityvulnerability.io/vulnerability/CVE-2020-14899,Vulnerability in Oracle Database Server's Application Express Data Reporter Component,"This vulnerability in the Oracle Application Express Data Reporter component can be exploited by low-privileged attackers with valid user accounts. By leveraging network access via HTTP, attackers can manipulate accessible data in ways that include unauthorized updates, deletions, or inserts. The attack requires human interaction, which adds a layer of complexity. Notably, while the vulnerability is centered on the Data Reporter, its exploitation can affect additional components or products within Oracle's ecosystem, potentially leading to significant data breaches.",Oracle,Application Express (apex),5.4,MEDIUM,0.0005699999746866524,false,,false,false,false,,,false,false,,2020-10-21T14:04:31.000Z,0
CVE-2020-14898,https://securityvulnerability.io/vulnerability/CVE-2020-14898,Unauthorized Access Vulnerability in Oracle Application Express Packaged Apps,"A vulnerability exists within Oracle Application Express Packaged Apps of Oracle Database Server that can be exploited by low privileged attackers with a valid user account. This issue, present in versions prior to 20.2, allows attackers with network access via HTTP to manipulate accessible data within packaged applications. Successful exploitation necessitates human interaction from a source other than the attacker. Consequently, this vulnerability could lead to unauthorized updates, inserts, or deletions of data, as well as unauthorized reading of sensitive information within the Oracle Application Express Packaged Apps framework. Organizations should ensure they implement proper security measures to mitigate potential risks associated with this vulnerability.",Oracle,Application Express (apex),5.4,MEDIUM,0.0005699999746866524,false,,false,false,false,,,false,false,,2020-10-21T14:04:31.000Z,0
CVE-2020-14763,https://securityvulnerability.io/vulnerability/CVE-2020-14763,Vulnerability in Oracle Application Express Quick Poll Component of Oracle Database Server,"A vulnerability exists in the Oracle Application Express Quick Poll component of Oracle Database Server that could allow a low privileged attacker with network access via HTTP to exploit the system. While primarily affecting the Quick Poll feature, successful exploitation can lead to unauthorized modifications of accessible data, including updates, inserts, and deletions. Additionally, attackers can gain unauthorized read access to certain data elements, posing significant risks to the integrity and confidentiality of the database environment. This vulnerability requires human interaction for successful exploitation but remains a serious threat to organizations utilizing affected versions of Oracle Application Express.",Oracle,Application Express (apex),5.4,MEDIUM,0.0005699999746866524,false,,false,false,false,,,false,false,,2020-10-21T14:04:24.000Z,0
CVE-2020-14762,https://securityvulnerability.io/vulnerability/CVE-2020-14762,Vulnerability in Oracle Application Express Affects Oracle Database Server,"A vulnerability exists in the Oracle Application Express component of Oracle Database Server, allowing low privileged attackers with SQL Workshop privilege to exploit this weakness via HTTP. This means that they can perform unauthorized actions such as updating, inserting, or deleting data accessible through the Oracle Application Express interface. The vulnerability necessitates human interaction, making it particularly concerning due to potential involvement from unsuspecting users. Compromises through this vulnerability can lead to significant impacts on data confidentiality and integrity, affecting not only the Application Express itself but potentially other connected products too.",Oracle,Application Express (apex),5.4,MEDIUM,0.0005699999746866524,false,,false,false,false,,,false,false,,2020-10-21T14:04:24.000Z,0