cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2020-2673,https://securityvulnerability.io/vulnerability/CVE-2020-2673,Unauthorized Access Vulnerability in Oracle Application Testing Suite by Oracle,"This vulnerability in Oracle Application Testing Suite within Oracle Enterprise Manager allows an unauthenticated user with HTTP network access to exploit the system. This can lead to unauthorized access to sensitive information, as attackers can potentially gain control over all accessible data within the application. Systems running affected versions (12.5.0.3, 13.1.0.1, 13.2.0.1, and 13.3.0.1) are particularly at risk.",Oracle,Application Testing Suite,7.5,HIGH,0.0036100000143051147,false,,false,false,false,,,false,false,,2020-01-15T16:34:06.000Z,0
CVE-2019-2727,https://securityvulnerability.io/vulnerability/CVE-2019-2727,Vulnerability in Oracle Application Testing Suite by Oracle,"An unauthenticated access vulnerability exists in the Oracle Application Testing Suite, which is part of Oracle Enterprise Manager Products Suite. This flaw allows an attacker with network access to HTTP to potentially compromise the system. Successful exploitation can enable unauthorized modifications, including updates, insertions, or deletions of accessible data, as well as unauthorized reads of sensitive data. Furthermore, it poses a risk of partial denial of service conditions, jeopardizing the availability of the application.",Oracle,Application Testing Suite,7.3,HIGH,0.0008299999753944576,false,,false,false,false,,,false,false,,2019-07-23T23:15:00.000Z,0
CVE-2019-2557,https://securityvulnerability.io/vulnerability/CVE-2019-2557,Vulnerability in Oracle Application Testing Suite for Load Testing,"A vulnerability exists in the Oracle Application Testing Suite component of the Oracle Enterprise Manager Products Suite, specifically within the Load Testing for Web Apps subcomponent. This issue allows a low-privileged attacker, with network access via HTTP, to manipulate the Oracle Application Testing Suite. Exploiting this vulnerability enables unauthorized updates, inserts, or deletions of accessible data and grants unauthorized read access to certain datasets. Additionally, it can lead to a partial denial of service of the Oracle Application Testing Suite.",Oracle,Application Testing Suite,6.3,MEDIUM,0.003599999938160181,false,,false,false,false,,,false,false,,2019-04-23T18:16:39.000Z,0
CVE-2018-3304,https://securityvulnerability.io/vulnerability/CVE-2018-3304,,"Vulnerability in the Oracle Application Testing Suite component of Oracle Enterprise Manager Products Suite (subcomponent: Load Testing for Web Apps). Supported versions that are affected are 12.5.0.3, 13.1.0.1, 13.2.0.1 and 13.3.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Testing Suite. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Testing Suite accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Application Testing Suite. CVSS 3.0 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L).",Oracle,Application Testing Suite,6.5,MEDIUM,0.0006399999838322401,false,,false,false,false,,,false,false,,2019-01-16T19:00:00.000Z,0
CVE-2018-3305,https://securityvulnerability.io/vulnerability/CVE-2018-3305,,"Vulnerability in the Oracle Application Testing Suite component of Oracle Enterprise Manager Products Suite (subcomponent: Load Testing for Web Apps). Supported versions that are affected are 12.5.0.3, 13.1.0.1, 13.2.0.1 and 13.3.0.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Application Testing Suite. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Testing Suite accessible data as well as unauthorized read access to a subset of Oracle Application Testing Suite accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Application Testing Suite. CVSS 3.0 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).",Oracle,Application Testing Suite,6.3,MEDIUM,0.0006600000197067857,false,,false,false,false,,,false,false,,2019-01-16T19:00:00.000Z,0
CVE-2017-3311,https://securityvulnerability.io/vulnerability/CVE-2017-3311,,"Vulnerability in the Application Testing Suite component of Oracle Enterprise Manager Grid Control (subcomponent: Test Manager for Web Apps). Supported versions that are affected are 12.5.0.3, 12.5.0.2 and 12.4.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Application Testing Suite. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Application Testing Suite accessible data. CVSS v3.0 Base Score 5.3 (Integrity impacts).",Oracle,Application Testing Suite,5.3,MEDIUM,0.001820000004954636,false,,false,false,false,,,false,false,,2017-01-27T22:01:00.000Z,0
CVE-2016-0488,https://securityvulnerability.io/vulnerability/CVE-2016-0488,,"Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Load Testing for Web Apps, a different vulnerability than CVE-2016-0492.  NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this is a directory traversal vulnerability in the isAllowedUrl function in the admin pages, which allows remote attackers to bypass authentication and gain administrator access via directory traversal sequences following a URI entry that does not require authentication.",Oracle,Application Testing Suite,,,0.7780399918556213,false,,false,false,false,,,false,false,,2016-01-21T02:00:00.000Z,0
CVE-2016-0490,https://securityvulnerability.io/vulnerability/CVE-2016-0490,,"Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Test Manager for Web Apps, a different vulnerability than CVE-2016-0487.  NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this is a directory traversal vulnerability in the UploadServlet servlet, which allows remote attackers to upload and execute arbitrary files via directory traversal sequences in a filename header.",Oracle,Application Testing Suite,,,0.8578299880027771,false,,false,false,false,,,false,false,,2016-01-21T02:00:00.000Z,0
CVE-2016-0492,https://securityvulnerability.io/vulnerability/CVE-2016-0492,,"Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Load Testing for Web Apps, a different vulnerability than CVE-2016-0488.  NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this is a directory traversal vulnerability in the isAllowedUrl function, which allows remote attackers to bypass authentication via directory traversal sequences following a URI entry that does not require authentication, as demonstrated by olt/Login.do/../../olt/UploadFileUpload.do.",Oracle,Application Testing Suite,,,0.9637600183486938,false,,false,false,false,,,false,false,,2016-01-21T02:00:00.000Z,0
CVE-2016-0478,https://securityvulnerability.io/vulnerability/CVE-2016-0478,,"Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality via unknown vectors related to Load Testing for Web Apps, a different vulnerability than CVE-2016-0476 and CVE-2016-0477.  NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this is a directory traversal vulnerability in the DownloadServlet servlet, which allows remote attackers to read arbitrary files via directory traversal sequences in the scriptName parameter.",Oracle,Application Testing Suite,,,0.7916600108146667,false,,false,false,false,,,false,false,,2016-01-21T02:00:00.000Z,0
CVE-2016-0486,https://securityvulnerability.io/vulnerability/CVE-2016-0486,,"Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality via unknown vectors related to Test Manager for Web Apps, a different vulnerability than CVE-2016-0480, CVE-2016-0481, CVE-2016-0482, and CVE-2016-0485.  NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this is a directory traversal vulnerability in the DownloadServlet servlet, which allows remote attackers to read arbitrary files via directory traversal sequences in the exportFileName parameter.",Oracle,Application Testing Suite,,,0.2926599979400635,false,,false,false,false,,,false,false,,2016-01-21T02:00:00.000Z,0
CVE-2016-0487,https://securityvulnerability.io/vulnerability/CVE-2016-0487,,"Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Test Manager for Web Apps, a different vulnerability than CVE-2016-0490.  NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this is a directory traversal vulnerability in the process method in the ActionServlet servlet, which allows remote attackers to bypass authentication via directory traversal sequences following an unspecified URI string.",Oracle,Application Testing Suite,,,0.7780399918556213,false,,false,false,false,,,false,false,,2016-01-21T02:00:00.000Z,0
CVE-2016-0489,https://securityvulnerability.io/vulnerability/CVE-2016-0489,,"Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Test Manager for Web Apps.  NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this is a directory traversal vulnerability in the ActionServlet servlet, which allows remote authenticated users to upload and execute arbitrary files via directory traversal sequences in the tempfilename parameter in a ReportImage action.",Oracle,Application Testing Suite,,,0.8791400194168091,false,,false,false,false,,,false,false,,2016-01-21T02:00:00.000Z,0
CVE-2016-0484,https://securityvulnerability.io/vulnerability/CVE-2016-0484,,"Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality via unknown vectors related to Test Manager for Web Apps.  NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this is a directory traversal vulnerability in the DownloadServlet servlet, which allows remote attackers to read arbitrary files via directory traversal sequences in the scriptPath parameter.",Oracle,Application Testing Suite,,,0.7916600108146667,false,,false,false,false,,,false,false,,2016-01-21T02:00:00.000Z,0
CVE-2016-0480,https://securityvulnerability.io/vulnerability/CVE-2016-0480,,"Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality via unknown vectors related to Test Manager for Web Apps, a different vulnerability than CVE-2016-0481, CVE-2016-0482, CVE-2016-0485, and CVE-2016-0486.  NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this is a directory traversal vulnerability in the DownloadServlet servlet, which allows remote attackers to read arbitrary files via directory traversal sequences in the TMAPReportImage parameter.",Oracle,Application Testing Suite,,,0.7916600108146667,false,,false,false,false,,,false,false,,2016-01-21T02:00:00.000Z,0
CVE-2016-0477,https://securityvulnerability.io/vulnerability/CVE-2016-0477,,"Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality via unknown vectors related to Load Testing for Web Apps, a different vulnerability than CVE-2016-0476 and CVE-2016-0478.  NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this is a directory traversal vulnerability in the DownloadServlet servlet, which allows remote attackers to read arbitrary files via directory traversal sequences in the (1) repository, (2) workspace, or (3) scenario parameter.",Oracle,Application Testing Suite,,,0.7916600108146667,false,,false,false,false,,,false,false,,2016-01-21T02:00:00.000Z,0
CVE-2016-0482,https://securityvulnerability.io/vulnerability/CVE-2016-0482,,"Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality via unknown vectors related to Test Manager for Web Apps, a different vulnerability than CVE-2016-0480, CVE-2016-0481, CVE-2016-0485, and CVE-2016-0486.  NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this is a directory traversal vulnerability in the DownloadServlet servlet, which allows remote attackers to read arbitrary files via directory traversal sequences in the file parameter.",Oracle,Application Testing Suite,,,0.7916600108146667,false,,false,false,false,,,false,false,,2016-01-21T02:00:00.000Z,0
CVE-2016-0491,https://securityvulnerability.io/vulnerability/CVE-2016-0491,,Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect integrity and availability via unknown vectors related to Load Testing for Web Apps.  NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that the UploadFileAction servlet allows remote authenticated users to upload and execute arbitrary files via an * (asterisk) character in the fileType parameter.,Oracle,Application Testing Suite,,,0.9336000084877014,false,,false,false,false,,,false,false,,2016-01-21T02:00:00.000Z,0
CVE-2016-0485,https://securityvulnerability.io/vulnerability/CVE-2016-0485,,"Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality via unknown vectors related to Test Manager for Web Apps, a different vulnerability than CVE-2016-0480, CVE-2016-0481, CVE-2016-0482, and CVE-2016-0486.  NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this is a directory traversal vulnerability in the DownloadServlet servlet, which allows remote attackers to read arbitrary files via directory traversal sequences in the reportName parameter.",Oracle,Application Testing Suite,,,0.2926599979400635,false,,false,false,false,,,false,false,,2016-01-21T02:00:00.000Z,0