cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-21128,https://securityvulnerability.io/vulnerability/CVE-2024-21128,Vulnerability in Oracle E-Business Suite APIs by Oracle,"This vulnerability affects the Oracle Application Object Library within the Oracle E-Business Suite APIs, allowing low-privileged attackers with HTTP network access to potentially compromise the library. The attack necessitates human interaction, which makes exploitation simpler. While primarily targeting the Application Object Library, the potential consequences of successful attacks can extend to other connected components, enabling unauthorized data manipulation such as updates, insertions, or deletions. Additionally, attackers may gain unauthorized read access to sensitive data contained within the library.",Oracle,Application Object Library,5.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-07-16T23:15:00.000Z,0
CVE-2024-20929,https://securityvulnerability.io/vulnerability/CVE-2024-20929,Unauthorized Access to Sensitive Data via HTTP,"A vulnerability exists in the Oracle Application Object Library component of the Oracle E-Business Suite, specifically concerning database privileges. It affects versions 12.2.3 through 12.2.13. An unauthenticated attacker can exploit this vulnerability over HTTP, enabling them to perform unauthorized actions such as updates, inserts, or deletes on accessible data within the Application Object Library. Additionally, attackers may gain unauthorized read access to specific subsets of data. The impact includes potential compromises to data integrity and confidentiality within affected systems.",Oracle,Application Object Library,6.5,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-02-17T01:50:12.419Z,0
CVE-2024-20915,https://securityvulnerability.io/vulnerability/CVE-2024-20915,Oracle Application Object Library Vulnerability Could Lead to Partial Denial of Service,Vulnerability in the Oracle Application Object Library product of Oracle E-Business Suite (component: Login - SSO).  Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Application Object Library. CVSS 3.1 Base Score 5.3 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).,Oracle,Application Object Library,5.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-02-17T01:50:09.593Z,0
CVE-2023-21978,https://securityvulnerability.io/vulnerability/CVE-2023-21978,Vulnerability in Oracle E-Business Suite's Application Object Library,"This vulnerability presents a security concern within the Oracle Application Object Library of the Oracle E-Business Suite, affecting multiple versions from 12.2.3 to 12.2.11. It allows a low-privileged attacker with network access via HTTP to compromise sensitive components of the application. Successfully carrying out an attack necessitates user interaction from an individual unrelated to the attacker, indicating potential social engineering vectors. The exploit may lead to unauthorized modifications or deletions of data, unauthorized reads of sensitive information, and could cause a partial denial of service for the Application Object Library. This vulnerability highlights the importance of maintaining secure practices, as the impacts extend beyond the affected product to potentially other systems relying on the library.",Oracle,Application Object Library,6.5,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2023-04-18T20:15:00.000Z,0
CVE-2021-2314,https://securityvulnerability.io/vulnerability/CVE-2021-2314,Unauthorized Access Vulnerability in Oracle E-Business Suite,"An authorization bypass vulnerability exists in the Oracle Application Object Library component of Oracle E-Business Suite. This vulnerability affects versions 12.1.3 and 12.2.3 through 12.2.10. It allows a low-privileged attacker with network access via HTTP to exploit the flaw and gain unauthorized access, potentially compromising or modifying critical data. Successful exploitation can lead to significant data integrity issues, allowing attackers to create, delete, or modify data without appropriate permissions.",Oracle,Application Object Library,8.1,HIGH,0.0009399999980814755,false,,false,false,false,,,false,false,,2021-04-22T21:54:02.000Z,0
CVE-2020-14840,https://securityvulnerability.io/vulnerability/CVE-2020-14840,Unauthenticated Access Vulnerability in Oracle E-Business Suite's Application Object Library,"An unauthenticated access vulnerability exists in the Oracle Application Object Library component of Oracle E-Business Suite, allowing an attacker with network access via HTTP to exploit the system. This vulnerability affects supported versions 12.1.3 and versions 12.2.3 through 12.2.10. While an attack requires human interaction from a person other than the attacker, it poses a significant risk as it could lead to unauthorized updates, insertions, or deletions of accessible data within Oracle Application Object Library. Attackers can exploit this vulnerability to impact other products relying on the affected component, leading to broader security implications.",Oracle,Application Object Library,4.7,MEDIUM,0.0009500000160187483,false,,false,false,false,,,false,false,,2020-10-21T14:04:28.000Z,0
CVE-2020-14635,https://securityvulnerability.io/vulnerability/CVE-2020-14635,Unauthorized Data Access Vulnerability in Oracle E-Business Suite Logging Component,"A vulnerability exists in the Logging component of Oracle's Application Object Library within the Oracle E-Business Suite. This flaw allows unauthenticated attackers with network access via HTTP to gain unauthorized read access to select data in the Oracle Application Object Library. The impacted versions include 12.2.5 to 12.2.9, and the vulnerability can be easily exploited, posing a significant security risk to sensitive information within the application.",Oracle,Application Object Library,5.3,MEDIUM,0.0008900000248104334,false,,false,false,false,,,false,false,,2020-07-15T17:34:31.000Z,0
CVE-2020-14554,https://securityvulnerability.io/vulnerability/CVE-2020-14554,Exploit in Oracle E-Business Suite's Application Object Library,"A vulnerability exists in the Oracle Application Object Library component of Oracle E-Business Suite, affecting several versions including 12.1.3 and a range of 12.2 releases. This flaw allows an unauthenticated attacker to exploit the Application Object Library through network access via HTTP. While successful exploitation requires human interaction, the attack can lead to unauthorized access for updating, inserting, or deleting sensitive data managed by the library. Given the nature of the vulnerability, its repercussions could extend to adversely affecting other products within the Oracle ecosystem.",Oracle,Application Object Library,4.7,MEDIUM,0.0008299999753944576,false,,false,false,false,,,false,false,,2020-07-15T17:34:27.000Z,0
CVE-2019-3027,https://securityvulnerability.io/vulnerability/CVE-2019-3027,Oracle E-Business Suite Login Help Vulnerability Risk,"An access control vulnerability exists in the Login Help component of the Oracle Application Object Library within Oracle E-Business Suite. This vulnerability can be exploited by an unauthenticated attacker who has network access via HTTP, allowing them to compromise the Oracle Application Object Library. The exploit can lead to unauthorized actions, which may result in a partial denial of service, impacting the availability of the application. Affected versions include Oracle E-Business Suite from 12.2.5 to 12.2.9. Organizations should apply patches and monitor their systems to protect against potential exploitation.",Oracle,Application Object Library,5.3,MEDIUM,0.0008299999753944576,false,,false,false,false,,,false,false,,2019-10-16T17:40:59.000Z,0
CVE-2019-2761,https://securityvulnerability.io/vulnerability/CVE-2019-2761,File Upload Vulnerability in Oracle E-Business Suite by Oracle,"A vulnerability exists in the Oracle E-Business Suite, specifically within the Oracle Application Object Library component, that allows unauthenticated network attackers to exploit file upload functionalities. This vulnerability can lead to unauthorized read access to sensitive data within the Oracle Application Object Library. Affected versions include 12.1.3 and 12.2.3 through 12.2.8. Organizations using these versions should take necessary precautions to mitigate potential risks.",Oracle,Application Object Library,3.7,LOW,0.0008900000248104334,false,,false,false,false,,,false,false,,2019-07-23T23:15:00.000Z,0
CVE-2019-2621,https://securityvulnerability.io/vulnerability/CVE-2019-2621,Oracle E-Business Suite Vulnerability in Application Object Library,"The vulnerability in the Oracle Application Object Library of the Oracle E-Business Suite allows an unauthenticated attacker to compromise the system through network access over HTTP. This vulnerability requires human interaction, which can lead to unauthorized updates, inserts, or deletions of critical data within the Oracle Application Object Library. Although the flaw lies within this specific component, its exploitation can have broader implications across other products in the suite, posing a significant risk to data integrity.",Oracle,Application Object Library,4.7,MEDIUM,0.0008299999753944576,false,,false,false,false,,,false,false,,2019-04-23T18:16:41.000Z,0
CVE-2018-3244,https://securityvulnerability.io/vulnerability/CVE-2018-3244,,"Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Attachments / File Upload). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Object Library accessible data. CVSS 3.0 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).",Oracle,Application Object Library,5.3,MEDIUM,0.001550000044517219,false,,false,false,false,,,false,false,,2018-10-17T01:00:00.000Z,0
CVE-2018-2934,https://securityvulnerability.io/vulnerability/CVE-2018-2934,,"Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Attachments / File Upload). The supported version that is affected is 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Object Library accessible data. CVSS 3.0 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).",Oracle,Application Object Library,5.3,MEDIUM,0.0016299999551847577,false,,false,false,false,,,false,false,,2018-07-18T13:00:00.000Z,0
CVE-2018-2867,https://securityvulnerability.io/vulnerability/CVE-2018-2867,,"Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Diagnostics). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Application Object Library accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).",Oracle,Application Object Library,5.3,MEDIUM,0.0013099999632686377,false,,false,false,false,,,false,false,,2018-04-19T02:00:00.000Z,0
CVE-2018-2804,https://securityvulnerability.io/vulnerability/CVE-2018-2804,,"Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: DB Privileges). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Application Object Library accessible data as well as unauthorized access to critical data or complete access to all Oracle Application Object Library accessible data. CVSS 3.0 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).",Oracle,Application Object Library,7.4,HIGH,0.0022499999031424522,false,,false,false,false,,,false,false,,2018-04-19T02:00:00.000Z,0
CVE-2018-2874,https://securityvulnerability.io/vulnerability/CVE-2018-2874,,Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Logging). The supported version that is affected is 12.1.3. Easily exploitable vulnerability allows physical access to compromise Oracle Application Object Library. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Application Object Library accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N).,Oracle,Application Object Library,4.3,MEDIUM,0.0008099999977275729,false,,false,false,false,,,false,false,,2018-04-19T02:00:00.000Z,0
CVE-2018-2864,https://securityvulnerability.io/vulnerability/CVE-2018-2864,,"Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Diagnostics). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Application Object Library accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).",Oracle,Application Object Library,5.3,MEDIUM,0.0013099999632686377,false,,false,false,false,,,false,false,,2018-04-19T02:00:00.000Z,0
CVE-2018-2635,https://securityvulnerability.io/vulnerability/CVE-2018-2635,,"Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Login). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Object Library accessible data as well as unauthorized read access to a subset of Oracle Application Object Library accessible data. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).",Oracle,Application Object Library,4.8,MEDIUM,0.0014700000174343586,false,,false,false,false,,,false,false,,2018-01-18T02:00:00.000Z,0
CVE-2017-10331,https://securityvulnerability.io/vulnerability/CVE-2017-10331,,"Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Diagnostics). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Application Object Library accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).",Oracle,Application Object Library,5.3,MEDIUM,0.0013800000306218863,false,,false,false,false,,,false,false,,2017-10-19T17:00:00.000Z,0
CVE-2017-10328,https://securityvulnerability.io/vulnerability/CVE-2017-10328,,"Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Diagnostics). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Application Object Library accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).",Oracle,Application Object Library,7.5,HIGH,0.0015800000401213765,false,,false,false,false,,,false,false,,2017-10-19T17:00:00.000Z,0
CVE-2017-10177,https://securityvulnerability.io/vulnerability/CVE-2017-10177,,"Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Flexfields). The supported version that is affected is 12.2.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Application Object Library accessible data as well as unauthorized access to critical data or complete access to all Oracle Application Object Library accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).",Oracle,Application Object Library,8.1,HIGH,0.0010900000343099236,false,,false,false,false,,,false,false,,2017-08-08T15:00:00.000Z,0
CVE-2017-10246,https://securityvulnerability.io/vulnerability/CVE-2017-10246,,"Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: iHelp). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Application Object Library accessible data as well as unauthorized update, insert or delete access to some of Oracle Application Object Library accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N).",Oracle,Application Object Library,8.2,HIGH,0.012760000303387642,false,,false,false,false,,,false,false,,2017-08-08T15:00:00.000Z,0
CVE-2017-10244,https://securityvulnerability.io/vulnerability/CVE-2017-10244,,"Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Attachments). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Application Object Library accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).",Oracle,Application Object Library,5.3,MEDIUM,0.0013099999632686377,false,,false,false,false,,,false,false,,2017-08-08T15:00:00.000Z,0
CVE-2017-3556,https://securityvulnerability.io/vulnerability/CVE-2017-3556,,"Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: File Management). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Application Object Library accessible data. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).",Oracle,Application Object Library,5.3,MEDIUM,0.001829999964684248,false,,false,false,false,,,false,false,,2017-04-24T19:00:00.000Z,0
CVE-2017-3246,https://securityvulnerability.io/vulnerability/CVE-2017-3246,,"Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Patching). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Application Object Library executes to compromise Oracle Application Object Library. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Application Object Library accessible data as well as unauthorized access to critical data or complete access to all Oracle Application Object Library accessible data. CVSS v3.0 Base Score 6.0 (Confidentiality and Integrity impacts).",Oracle,Application Object Library,6,MEDIUM,0.0005200000014156103,false,,false,false,false,,,false,false,,2017-01-27T22:01:00.000Z,0