cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-21148,https://securityvulnerability.io/vulnerability/CVE-2024-21148,Oracle Applications Framework Vulnerability Affects Confidentiality and Integrity,"Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Personalization).  Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Applications Framework.  Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Applications Framework, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Applications Framework accessible data as well as  unauthorized read access to a subset of Oracle Applications Framework accessible data. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N).",Oracle,Applications Framework,4.8,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-07-16T23:15:00.000Z,0
CVE-2024-21080,https://securityvulnerability.io/vulnerability/CVE-2024-21080,Unauthorized Access Vulnerability in Oracle E-Business Suite REST Services,"The vulnerability in Oracle E-Business Suite's REST Services component exposes the system to unauthorized access by low privileged attackers. Through network access via HTTP, an attacker can exploit this flaw to gain access to critical data, which can lead to unauthorized manipulation of data within the Oracle Applications Framework. The supported versions ranging from 12.2.9 to 12.2.13 are particularly at risk, necessitating immediate evaluation and remediation to prevent potential data breaches.",Oracle,Applications Framework,6.5,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-04-16T22:15:00.000Z,0
CVE-2023-22076,https://securityvulnerability.io/vulnerability/CVE-2023-22076,Unauthorized Data Access Vulnerability in Oracle E-Business Suite,"A vulnerability exists in the Oracle Applications Framework of the Oracle E-Business Suite, primarily affecting versions 12.2.3 through 12.2.12. This vulnerability allows unauthenticated access to be exploited via HTTP, potentially leading to unauthorized updates, inserts, or deletions of available data. Although exploit attempts may require human interaction, the implications can extend beyond the framework, affecting other interconnected products. Security measures should be taken to prevent unauthorized reading of sensitive data accessible through the framework.",Oracle,Applications Framework,6.1,MEDIUM,0.0006099999882280827,false,,false,false,false,,,false,false,,2023-10-17T22:15:00.000Z,0
CVE-2023-22042,https://securityvulnerability.io/vulnerability/CVE-2023-22042,Unauthenticated Vulnerability in Oracle E-Business Suite's Applications Framework,"A vulnerability exists in the Oracle Applications Framework of Oracle E-Business Suite, allowing unauthenticated attackers with network access to compromise the application. Attackers must manipulate human interaction to exploit this flaw. Successful exploitation can lead to unauthorized data alterations, including updates, inserts, or deletions, and unauthorized read access to sensitive data. While the vulnerability is confined to the Applications Framework, it has the potential to impact broader systems within the Oracle E-Business Suite.",Oracle,Applications Framework,6.1,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2023-07-18T21:15:00.000Z,0
CVE-2022-21636,https://securityvulnerability.io/vulnerability/CVE-2022-21636,Session Management Vulnerability in Oracle E-Business Suite,"A vulnerability exists in the Oracle Applications Framework component of Oracle E-Business Suite, specifically within its session management feature. This security flaw can be easily exploited by attackers with low privileges who possess network access via HTTP. Successful exploitation of this vulnerability may grant unauthorized access to critical data or allow complete control over all data accessible through the Oracle Applications Framework. This can pose a significant risk to organizations utilizing affected versions of the software.",Oracle,Applications Framework,6.5,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2022-10-18T00:00:00.000Z,0
CVE-2022-21566,https://securityvulnerability.io/vulnerability/CVE-2022-21566,Unauthenticated Access Vulnerability in Oracle E-Business Suite's Oracle Applications Framework,"An unauthenticated access vulnerability exists within the Oracle Applications Framework component of Oracle E-Business Suite, affecting versions 12.2.9 to 12.2.11. This flaw permits an attacker with network access to HTTP to compromise the system, potentially leading to unauthorized access to sensitive data. A successful exploitation could provide complete access to all data that is accessible through the Oracle Applications Framework, making it critical for organizations to apply security patches provided by Oracle to mitigate risks.",Oracle,Applications Framework,7.5,HIGH,0.00044999999227002263,false,,false,false,false,,,false,false,,2022-07-19T21:08:10.000Z,0
CVE-2022-21477,https://securityvulnerability.io/vulnerability/CVE-2022-21477,Oracle E-Business Suite Attachments Vulnerability in Oracle Applications Framework,"A vulnerability exists within the Oracle Applications Framework of Oracle E-Business Suite, specifically affecting file upload functionalities. This flaw enables low-privileged attackers with network access to exploit the system, requiring human interaction from a third party for successful exploitation. The impact of successful exploitation can lead to unauthorized data manipulation, such as updates, inserts, or deletions, as well as unauthorized read access to sensitive data. As this vulnerability affects the underlying framework, it poses risks to other interconnected products, potentially broadening the scope of its impact.",Oracle,Applications Framework,5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2022-04-19T20:38:21.000Z,0
CVE-2022-21468,https://securityvulnerability.io/vulnerability/CVE-2022-21468,Vulnerability in Oracle E-Business Suite's Applications Framework,"The vulnerability within Oracle E-Business Suite's Applications Framework allows unauthenticated attackers to exploit the system through HTTP. Although successful exploitation requires interaction from a user other than the attacker, the impacts can be severe, potentially allowing unauthorized updates, inserts, or deletions of data. Furthermore, the vulnerability might permit unauthorized read access to a portion of accessible data within the Applications Framework, posing risks to confidentiality and integrity. Addressing this vulnerability is vital for safeguarding sensitive information and maintaining operational security.",Oracle,Applications Framework,6.1,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2022-04-19T20:38:08.000Z,0
CVE-2022-21445,https://securityvulnerability.io/vulnerability/CVE-2022-21445,Unauthenticated Network Access Vulnerability in Oracle Application Development Framework,"This vulnerability exists in the Oracle Application Development Framework (ADF) within the Oracle Fusion Middleware. It allows unauthenticated attackers with network access via HTTP to exploit ADF, potentially leading to a complete takeover of the affected framework. The vulnerability, which affects specific versions of ADF, poses a significant risk as it can compromise the confidentiality, integrity, and availability of the application. Users should consult the Fusion Middleware Patch Advisor for mitigation steps.",Oracle,Application Development Framework (adf),9.8,CRITICAL,0.014790000393986702,true,2024-09-18T00:00:00.000Z,false,false,true,2023-08-07T05:59:13.000Z,true,false,false,,2022-04-19T20:37:33.000Z,0
CVE-2021-2477,https://securityvulnerability.io/vulnerability/CVE-2021-2477,Oracle E-Business Suite Session Management Vulnerability,"A vulnerability within the Session Management component of Oracle E-Business Suite allows unauthorized network access via HTTP. This could lead to unauthorized actions and the potential for a partial denial of service, severely impacting the application’s availability. Affected versions include 12.1.3 and 12.2.3 through 12.2.10, presenting a significant risk to organizations using these versions.",Oracle,Applications Framework,5.3,MEDIUM,0.0009500000160187483,false,,false,false,false,,,false,false,,2021-10-20T10:49:42.000Z,0
CVE-2021-2380,https://securityvulnerability.io/vulnerability/CVE-2021-2380,File Upload Vulnerability in Oracle E-Business Suite by Oracle,"A vulnerability exists within the Oracle Applications Framework component of Oracle E-Business Suite that allows an attacker with low privileges and network access via HTTP to exploit the system. The exploitation of this vulnerability requires human interaction from a third-party user. Although the vulnerability is primarily within the Oracle Applications Framework, successful attacks may significantly affect other connected systems. The consequences of this vulnerability can lead to unauthorized access to sensitive data, including the possibility for unauthorized updating, inserting, or deleting data within any accessible areas of the Oracle Applications Framework.",Oracle,Applications Framework,7.6,HIGH,0.0007099999929778278,false,,false,false,false,,,false,false,,2021-07-20T22:43:55.000Z,0
CVE-2021-2200,https://securityvulnerability.io/vulnerability/CVE-2021-2200,Unauthorized Access Vulnerability in Oracle E-Business Suite by Oracle,"A vulnerability exists in the Oracle Applications Framework component of Oracle E-Business Suite, specifically in version 12.2.10. This issue allows unauthenticated attackers with network access to compromise the framework via HTTP. Exploiting this vulnerability can result in unauthorized creation, deletion, or modification of critical data, granting attackers complete access to all data within the Oracle Applications Framework. This poses a significant risk to organizational data integrity and confidentiality.",Oracle,Applications Framework,9.1,CRITICAL,0.0028899998869746923,false,,false,false,false,,,false,false,,2021-04-22T21:53:50.000Z,0
CVE-2020-14746,https://securityvulnerability.io/vulnerability/CVE-2020-14746,Vulnerability in Oracle Applications Framework of Oracle E-Business Suite,"A security vulnerability in the Oracle Applications Framework component of Oracle E-Business Suite allows an unauthenticated attacker with network access via HTTP to compromise the system. Exploitation of this flaw necessitates human interaction from a third party. Once successfully attacked, it could result in unauthorized updates, inserts, or deletions of sensitive data accessible through the Oracle Applications Framework. Attacks leveraging this vulnerability may have a broader impact on other integrated applications.",Oracle,Applications Framework,4.7,MEDIUM,0.0009399999980814755,false,,false,false,false,,,false,false,,2020-10-21T14:04:23.000Z,0
CVE-2020-14610,https://securityvulnerability.io/vulnerability/CVE-2020-14610,File Upload Vulnerability in Oracle E-Business Suite by Oracle,"A vulnerability exists in the Oracle Applications Framework component of Oracle E-Business Suite, specifically related to file uploading mechanisms. This issue allows an authenticated low-privileged attacker with network access to exploit the vulnerability via HTTP. Successful exploitation necessitates human interaction from a third party, but can lead to unauthorized access to critical data and the ability to manipulate information within the Oracle Applications Framework. The implications of this vulnerability can extend beyond the framework itself, potentially affecting other connected applications, leading to security breaches and data integrity issues.",Oracle,Applications Framework,7.6,HIGH,0.0006399999838322401,false,,false,false,false,,,false,false,,2020-07-15T17:34:30.000Z,0
CVE-2020-14590,https://securityvulnerability.io/vulnerability/CVE-2020-14590,Oracle E-Business Suite Vulnerability Exposes Applications Framework Data,"A vulnerability exists in the Oracle Applications Framework component of the Oracle E-Business Suite. It allows an attacker with high privileges and network access via HTTP to potentially exploit the framework, gaining unauthorized read access to certain data within the Oracle Applications Framework. This vulnerability affects multiple versions of the product, namely versions 12.1.3 and 12.2.3 to 12.2.9, thereby posing a significant security concern for organizations relying on these applications.",Oracle,Applications Framework,2.7,LOW,0.000539999979082495,false,,false,false,false,,,false,false,,2020-07-15T17:34:28.000Z,0
CVE-2020-2890,https://securityvulnerability.io/vulnerability/CVE-2020-2890,Vulnerability in Oracle Applications Framework of Oracle E-Business Suite,"The vulnerability in the Oracle Applications Framework component of the Oracle E-Business Suite enables unauthenticated remote attackers with network access to compromise the Applications Framework. Exploitation requires human interaction from a person other than the attacker, creating a unique attack vector. Victims may experience unauthorized access to critical data, as the vulnerability allows attackers to potentially gain full access to all accessible data within the Applications Framework, along with unauthorized operations such as update, insert, or delete actions on certain data. The implications of such an exploit can be severe, impacting data confidentiality and integrity across multiple associated products.",Oracle,Applications Framework,8.2,HIGH,0.0019199999514967203,false,,false,false,false,,,false,false,,2020-04-15T13:29:51.000Z,0
CVE-2020-2866,https://securityvulnerability.io/vulnerability/CVE-2020-2866,Vulnerability in Oracle Applications Framework of Oracle E-Business Suite,"A vulnerability exists in the Attachments / File Upload component of the Oracle Applications Framework within Oracle E-Business Suite, affecting versions 12.2.5 through 12.2.9. This issue allows unauthenticated attackers with network access via HTTP to compromise the framework. Exploitation of this vulnerability can lead to unauthorized changes, including updates, insertions, or deletions of data within the accessible framework portions. Organizations utilizing the affected versions should address this vulnerability promptly to protect against potential data integrity issues.",Oracle,Applications Framework,5.3,MEDIUM,0.0008900000248104334,false,,false,false,false,,,false,false,,2020-04-15T13:29:50.000Z,0
CVE-2020-2666,https://securityvulnerability.io/vulnerability/CVE-2020-2666,Unauthorized Access Vulnerability in Oracle E-Business Suite by Oracle,"A vulnerability in the Oracle Applications Framework component of Oracle E-Business Suite allows unauthenticated attackers to exploit file upload functionalities. This issue affects versions 12.2.5 through 12.2.9, enabling attackers with network access via HTTPS to gain unauthorized update, insert, or delete privileges on accessible data within the framework. Organizations using the affected versions are encouraged to implement the recommended patches to safeguard their systems against this potential exploitation.",Oracle,Applications Framework,5.3,MEDIUM,0.0008900000248104334,false,,false,false,false,,,false,false,,2020-01-15T16:34:06.000Z,0
CVE-2020-2566,https://securityvulnerability.io/vulnerability/CVE-2020-2566,File Upload Vulnerability in Oracle E-Business Suite by Oracle,"This vulnerability exists in the Oracle Applications Framework within Oracle E-Business Suite, allowing an unauthenticated attacker with network access via HTTPS to manipulate the file upload functionality. When exploited, this vulnerability can permit the attacker to gain unauthorized access to update, insert, or delete data within the Oracle Applications Framework. Successful exploitation necessitates human interaction, indicating that additional precautions may be required for user inputs and uploads. As a result, although the vulnerability is limited to the Oracle Applications Framework, it has the potential to affect the integrity of connected products.",Oracle,Applications Framework,4.7,MEDIUM,0.0008299999753944576,false,,false,false,false,,,false,false,,2020-01-15T16:34:01.000Z,0
CVE-2019-2682,https://securityvulnerability.io/vulnerability/CVE-2019-2682,Unauthenticated File Upload Vulnerability in Oracle E-Business Suite,"This vulnerability pertains to the Oracle Applications Framework component of Oracle E-Business Suite, specifically in the Attachments/File Upload subcomponent. It allows for unauthenticated attackers to compromise the framework when they have network access via HTTP. Successful exploitation can lead to unauthorized access to sensitive data, enabling adversaries to execute file uploads that could update, insert, or delete data within the Oracle Applications Framework. The exploitation process necessitates human interaction from a user other than the attacker. This opens the door for significant repercussions on related products due to the interconnected nature of the Oracle E-Business Suite.",Oracle,Applications Framework,8.2,HIGH,0.002369999885559082,false,,false,false,false,,,false,false,,2019-04-23T18:16:43.000Z,0
CVE-2018-3138,https://securityvulnerability.io/vulnerability/CVE-2018-3138,,"Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Attachments / File Upload). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Application Object Library, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Application Object Library accessible data as well as unauthorized update, insert or delete access to some of Oracle Application Object Library accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",Oracle,Applications Framework,8.2,HIGH,0.0014700000174343586,false,,false,false,false,,,false,false,,2018-10-17T01:00:00.000Z,0
CVE-2018-2971,https://securityvulnerability.io/vulnerability/CVE-2018-2971,,"Vulnerability in the Oracle Applications Framework component of Oracle E-Business Suite (subcomponent: REST Services). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Applications Framework. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Applications Framework accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).",Oracle,Applications Framework,4.3,MEDIUM,0.0007200000109151006,false,,false,false,false,,,false,false,,2018-10-17T01:00:00.000Z,0
CVE-2018-3243,https://securityvulnerability.io/vulnerability/CVE-2018-3243,,"Vulnerability in the Oracle Applications Framework component of Oracle E-Business Suite (subcomponent: None). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Applications Framework. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Applications Framework, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Applications Framework accessible data as well as unauthorized update, insert or delete access to some of Oracle Applications Framework accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",Oracle,Applications Framework,8.2,HIGH,0.0014700000174343586,false,,false,false,false,,,false,false,,2018-10-17T01:00:00.000Z,0
CVE-2018-2732,https://securityvulnerability.io/vulnerability/CVE-2018-2732,,"Vulnerability in the Oracle Financial Services Analytical Applications Reconciliation Framework component of Oracle Financial Services Applications (subcomponent: User Interface). The supported version that is affected is 8.0.x. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Reconciliation Framework. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Analytical Applications Reconciliation Framework, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Analytical Applications Reconciliation Framework accessible data as well as unauthorized read access to a subset of Oracle Financial Services Analytical Applications Reconciliation Framework accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",Oracle,Financial Services Analytical Applications Reconciliation Framework,6.1,MEDIUM,0.001290000043809414,false,,false,false,false,,,false,false,,2018-01-18T02:00:00.000Z,0
CVE-2017-3528,https://securityvulnerability.io/vulnerability/CVE-2017-3528,,"Vulnerability in the Oracle Applications Framework component of Oracle E-Business Suite (subcomponent: Popup windows (lists of values, datepicker, etc.)). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily ""exploitable"" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Applications Framework. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Applications Framework, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications Framework accessible data. CVSS 3.0 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N).",Oracle,Applications Framework,5.4,MEDIUM,0.01169000007212162,false,,false,false,false,,,false,false,,2017-04-24T19:00:00.000Z,0