cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-21128,https://securityvulnerability.io/vulnerability/CVE-2024-21128,Vulnerability in Oracle E-Business Suite APIs by Oracle,"This vulnerability affects the Oracle Application Object Library within the Oracle E-Business Suite APIs, allowing low-privileged attackers with HTTP network access to potentially compromise the library. The attack necessitates human interaction, which makes exploitation simpler. While primarily targeting the Application Object Library, the potential consequences of successful attacks can extend to other connected components, enabling unauthorized data manipulation such as updates, insertions, or deletions. Additionally, attackers may gain unauthorized read access to sensitive data contained within the library.",Oracle,Application Object Library,5.4,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-07-16T23:15:00.000Z,0
CVE-2024-20929,https://securityvulnerability.io/vulnerability/CVE-2024-20929,Unauthorized Access to Sensitive Data via HTTP,"A vulnerability exists in the Oracle Application Object Library component of the Oracle E-Business Suite, specifically concerning database privileges. It affects versions 12.2.3 through 12.2.13. An unauthenticated attacker can exploit this vulnerability over HTTP, enabling them to perform unauthorized actions such as updates, inserts, or deletes on accessible data within the Application Object Library. Additionally, attackers may gain unauthorized read access to specific subsets of data. The impact includes potential compromises to data integrity and confidentiality within affected systems.",Oracle,Application Object Library,6.5,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-02-17T01:50:12.419Z,0
CVE-2024-20915,https://securityvulnerability.io/vulnerability/CVE-2024-20915,Oracle Application Object Library Vulnerability Could Lead to Partial Denial of Service,Vulnerability in the Oracle Application Object Library product of Oracle E-Business Suite (component: Login - SSO).  Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Application Object Library. CVSS 3.1 Base Score 5.3 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).,Oracle,Application Object Library,5.3,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-02-17T01:50:09.593Z,0
CVE-2023-21978,https://securityvulnerability.io/vulnerability/CVE-2023-21978,,"Vulnerability in the Oracle Application Object Library product of Oracle E-Business Suite (component: GUI).  Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Application Object Library.  Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Application Object Library, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Application Object Library accessible data as well as  unauthorized read access to a subset of Oracle Application Object Library accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Application Object Library. CVSS 3.1 Base Score 6.5 (Confidentiality, Integrity and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L).",Oracle,Application Object Library,6.5,MEDIUM,0.00044999999227002263,false,false,false,false,,false,false,2023-04-18T20:15:00.000Z,0
CVE-2021-2314,https://securityvulnerability.io/vulnerability/CVE-2021-2314,,"Vulnerability in the Oracle Application Object Library product of Oracle E-Business Suite (component: Profiles). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Application Object Library accessible data as well as unauthorized access to critical data or complete access to all Oracle Application Object Library accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).",Oracle,Application Object Library,8.1,HIGH,0.0009399999980814755,false,false,false,false,,false,false,2021-04-22T21:54:02.000Z,0
CVE-2020-14840,https://securityvulnerability.io/vulnerability/CVE-2020-14840,,"Vulnerability in the Oracle Application Object Library product of Oracle E-Business Suite (component: Diagnostics). Supported versions that are affected are 12.1.3 and 12.2.3 - 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Application Object Library, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Object Library accessible data. CVSS 3.1 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N).",Oracle,Application Object Library,4.7,MEDIUM,0.0009500000160187483,false,false,false,false,,false,false,2020-10-21T14:04:28.000Z,0
CVE-2020-14635,https://securityvulnerability.io/vulnerability/CVE-2020-14635,,Vulnerability in the Oracle Application Object Library product of Oracle E-Business Suite (component: Logging). Supported versions that are affected are 12.2.5-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Application Object Library accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).,Oracle,Application Object Library,5.3,MEDIUM,0.0008900000248104334,false,false,false,false,,false,false,2020-07-15T17:34:31.000Z,0
CVE-2020-14554,https://securityvulnerability.io/vulnerability/CVE-2020-14554,,"Vulnerability in the Oracle Application Object Library product of Oracle E-Business Suite (component: Diagnostics). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Application Object Library, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Object Library accessible data. CVSS 3.1 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N).",Oracle,Application Object Library,4.7,MEDIUM,0.0008299999753944576,false,false,false,false,,false,false,2020-07-15T17:34:27.000Z,0
CVE-2019-3027,https://securityvulnerability.io/vulnerability/CVE-2019-3027,,Vulnerability in the Oracle Application Object Library product of Oracle E-Business Suite (component: Login Help). Supported versions that are affected are 12.2.5-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Application Object Library. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).,Oracle,Application Object Library,5.3,MEDIUM,0.0008299999753944576,false,false,false,false,,false,false,2019-10-16T17:40:59.000Z,0
CVE-2019-2761,https://securityvulnerability.io/vulnerability/CVE-2019-2761,,Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Attachments / File Upload). Supported versions that are affected are 12.1.3 and 12.2.3 - 12.2.8. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Application Object Library accessible data. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).,Oracle,Application Object Library,3.7,LOW,0.0008900000248104334,false,false,false,false,,false,false,2019-07-23T23:15:00.000Z,0
CVE-2019-2621,https://securityvulnerability.io/vulnerability/CVE-2019-2621,,"Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Diagnostics). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 and 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Application Object Library, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Object Library accessible data. CVSS 3.0 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N).",Oracle,Application Object Library,4.7,MEDIUM,0.0008299999753944576,false,false,false,false,,false,false,2019-04-23T18:16:41.000Z,0
CVE-2018-3244,https://securityvulnerability.io/vulnerability/CVE-2018-3244,,"Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Attachments / File Upload). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Object Library accessible data. CVSS 3.0 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).",Oracle,Application Object Library,5.3,MEDIUM,0.001550000044517219,false,false,false,false,,false,false,2018-10-17T01:00:00.000Z,0
CVE-2018-2934,https://securityvulnerability.io/vulnerability/CVE-2018-2934,,"Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Attachments / File Upload). The supported version that is affected is 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Object Library accessible data. CVSS 3.0 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).",Oracle,Application Object Library,5.3,MEDIUM,0.0016299999551847577,false,false,false,false,,false,false,2018-07-18T13:00:00.000Z,0
CVE-2018-2864,https://securityvulnerability.io/vulnerability/CVE-2018-2864,,"Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Diagnostics). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Application Object Library accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).",Oracle,Application Object Library,5.3,MEDIUM,0.0013099999632686377,false,false,false,false,,false,false,2018-04-19T02:00:00.000Z,0
CVE-2018-2804,https://securityvulnerability.io/vulnerability/CVE-2018-2804,,"Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: DB Privileges). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Application Object Library accessible data as well as unauthorized access to critical data or complete access to all Oracle Application Object Library accessible data. CVSS 3.0 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).",Oracle,Application Object Library,7.4,HIGH,0.0022499999031424522,false,false,false,false,,false,false,2018-04-19T02:00:00.000Z,0
CVE-2018-2867,https://securityvulnerability.io/vulnerability/CVE-2018-2867,,"Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Diagnostics). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Application Object Library accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).",Oracle,Application Object Library,5.3,MEDIUM,0.0013099999632686377,false,false,false,false,,false,false,2018-04-19T02:00:00.000Z,0
CVE-2018-2874,https://securityvulnerability.io/vulnerability/CVE-2018-2874,,Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Logging). The supported version that is affected is 12.1.3. Easily exploitable vulnerability allows physical access to compromise Oracle Application Object Library. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Application Object Library accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N).,Oracle,Application Object Library,4.3,MEDIUM,0.0008099999977275729,false,false,false,false,,false,false,2018-04-19T02:00:00.000Z,0
CVE-2018-2635,https://securityvulnerability.io/vulnerability/CVE-2018-2635,,"Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Login). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Object Library accessible data as well as unauthorized read access to a subset of Oracle Application Object Library accessible data. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).",Oracle,Application Object Library,4.8,MEDIUM,0.0014700000174343586,false,false,false,false,,false,false,2018-01-18T02:00:00.000Z,0
CVE-2017-10331,https://securityvulnerability.io/vulnerability/CVE-2017-10331,,"Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Diagnostics). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Application Object Library accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).",Oracle,Application Object Library,5.3,MEDIUM,0.0013800000306218863,false,false,false,false,,false,false,2017-10-19T17:00:00.000Z,0
CVE-2017-10328,https://securityvulnerability.io/vulnerability/CVE-2017-10328,,"Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Diagnostics). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Application Object Library accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).",Oracle,Application Object Library,7.5,HIGH,0.0015800000401213765,false,false,false,false,,false,false,2017-10-19T17:00:00.000Z,0
CVE-2017-10244,https://securityvulnerability.io/vulnerability/CVE-2017-10244,,"Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Attachments). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Application Object Library accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).",Oracle,Application Object Library,5.3,MEDIUM,0.0013099999632686377,false,false,false,false,,false,false,2017-08-08T15:00:00.000Z,0
CVE-2017-10177,https://securityvulnerability.io/vulnerability/CVE-2017-10177,,"Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Flexfields). The supported version that is affected is 12.2.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Application Object Library accessible data as well as unauthorized access to critical data or complete access to all Oracle Application Object Library accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).",Oracle,Application Object Library,8.1,HIGH,0.0010900000343099236,false,false,false,false,,false,false,2017-08-08T15:00:00.000Z,0
CVE-2017-10246,https://securityvulnerability.io/vulnerability/CVE-2017-10246,,"Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: iHelp). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Application Object Library accessible data as well as unauthorized update, insert or delete access to some of Oracle Application Object Library accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N).",Oracle,Application Object Library,8.2,HIGH,0.01513999979943037,false,false,false,false,,false,false,2017-08-08T15:00:00.000Z,0
CVE-2017-3556,https://securityvulnerability.io/vulnerability/CVE-2017-3556,,"Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: File Management). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Application Object Library accessible data. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).",Oracle,Application Object Library,5.3,MEDIUM,0.001829999964684248,false,false,false,false,,false,false,2017-04-24T19:00:00.000Z,0
CVE-2017-3246,https://securityvulnerability.io/vulnerability/CVE-2017-3246,,"Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Patching). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Application Object Library executes to compromise Oracle Application Object Library. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Application Object Library accessible data as well as unauthorized access to critical data or complete access to all Oracle Application Object Library accessible data. CVSS v3.0 Base Score 6.0 (Confidentiality and Integrity impacts).",Oracle,Application Object Library,6,MEDIUM,0.0005200000014156103,false,false,false,false,,false,false,2017-01-27T22:01:00.000Z,0