cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-21268,https://securityvulnerability.io/vulnerability/CVE-2024-21268,Vulnerability in Oracle Applications Manager Affects Oracle E-Business Suite,"A significant security vulnerability has been identified in the Oracle Applications Manager component of the Oracle E-Business Suite, specifically affecting versions 12.2.11 through 12.2.13. This vulnerability can be easily exploited by low privileged attackers with HTTP network access to compromise the Oracle Applications Manager environment. Successful exploitation can lead to unauthorized actions, including the creation, deletion, or modification of critical data. Attackers may gain complete access to all data managed by the Oracle Applications Manager, posing severe risks to data confidentiality and integrity. Organizations utilizing affected versions should take immediate steps to remediate this vulnerability to protect against potential data breaches and unauthorized access.",Oracle,Oracle Applications Manager,8.1,HIGH,0.0004799999878741801,false,,false,false,false,,,false,false,,2024-10-15T19:52:57.090Z,0
CVE-2021-35581,https://securityvulnerability.io/vulnerability/CVE-2021-35581,Oracle E-Business Suite Vulnerability in Applications Manager,"The Oracle Applications Manager within the Oracle E-Business Suite is vulnerable to an unauthenticated access exploit, allowing attackers with network access via HTTP to potentially compromise the system. The vulnerability requires human interaction to be exploited and affects specific versions of the Applications Manager, resulting in unauthorized access to sensitive data. Successful exploitation may lead to the ability to update, insert, or delete critical information, creating significant risks for the organization.",Oracle,Applications Manager,4.7,MEDIUM,0.0008299999753944576,false,,false,false,false,,,false,false,,2021-10-20T10:50:26.000Z,0
CVE-2021-35582,https://securityvulnerability.io/vulnerability/CVE-2021-35582,Vulnerability in Oracle E-Business Suite's View Reports Component,"A security vulnerability in the Oracle Applications Manager, part of the Oracle E-Business Suite, could allow low-privileged attackers with network access via HTTP to compromise the system. Although the vulnerability resides in the View Reports component, successful exploitation may lead to unauthorized updates, inserts, or deletions of accessible data within Oracle Applications Manager. Furthermore, it could also enable unauthorized read access to certain datasets and potentially trigger a partial denial of service. Exploitation requires human interaction from a third party, making awareness vital for mitigating risks associated with this flaw. For more detailed information, refer to the Oracle security alerts.",Oracle,Applications Manager,6.5,MEDIUM,0.0005300000193528831,false,,false,false,false,,,false,false,,2021-10-20T10:50:26.000Z,0
CVE-2021-35580,https://securityvulnerability.io/vulnerability/CVE-2021-35580,Unauthenticated Access Vulnerability in Oracle Applications Manager of Oracle E-Business Suite,"Oracle Applications Manager, part of the Oracle E-Business Suite, is vulnerable to an unauthenticated access flaw that could be exploited by attackers. The vulnerability allows a network-accessible attacker to compromise the application, potentially leading to unauthorized modifications and data access. This requires human interaction from another individual to succeed. Affected versions include 12.1.3 and 12.2.3 through 12.2.10, highlighting the need for all users to review their security configurations and apply appropriate mitigations to safeguard sensitive information.",Oracle,Applications Manager,6.1,MEDIUM,0.0008299999753944576,false,,false,false,false,,,false,false,,2021-10-20T10:50:25.000Z,0
CVE-2021-35569,https://securityvulnerability.io/vulnerability/CVE-2021-35569,Vulnerability in Oracle Applications Manager for E-Business Suite,"A vulnerability in Oracle Applications Manager within the Oracle E-Business Suite allows a high-privileged attacker with network access to exploit the Diagnostics component. This vulnerability can lead to unauthorized access to sensitive data, enabling attackers to compromise Oracle Applications Manager. The affected versions include 12.1.3 and 12.2.3-12.2.10, requiring organizations to apply necessary updates to mitigate potential risks associated with data exposure.",Oracle,Applications Manager,4.9,MEDIUM,0.0008900000248104334,false,,false,false,false,,,false,false,,2021-10-20T10:50:16.000Z,0
CVE-2021-35566,https://securityvulnerability.io/vulnerability/CVE-2021-35566,Vulnerability in Oracle Applications Manager of Oracle E-Business Suite,"The vulnerability in Oracle Applications Manager of Oracle E-Business Suite allows low-privileged attackers with network access to exploit the system via HTTP. This exploitation can lead to unauthorized creation, deletion, or modification of critical data. Successful exploitation grants attackers access to sensitive information, potentially impacting the confidentiality and integrity of all data accessible through Oracle Applications Manager. Support for vulnerable versions extends across several licensed editions, emphasizing the risk of unauthorized actions.",Oracle,Applications Manager,8.1,HIGH,0.0008900000248104334,false,,false,false,false,,,false,false,,2021-10-20T10:50:13.000Z,0
CVE-2021-2275,https://securityvulnerability.io/vulnerability/CVE-2021-2275,Vulnerability in Oracle E-Business Suite's Applications Manager Product,"A vulnerability exists in the Oracle Applications Manager component of the Oracle E-Business Suite that could allow a high privileged attacker with network access via HTTP to compromise the application. An attacker could potentially create, delete, or modify critical data, leading to unauthorized access and manipulation of all data accessible through Oracle Applications Manager. Versions 12.1.3 and 12.2.3 through 12.2.10 are impacted, emphasizing the importance of updating systems to secure against this risk.",Oracle,Applications Manager,6.5,MEDIUM,0.0009399999980814755,false,,false,false,false,,,false,false,,2021-04-22T21:53:58.000Z,0
CVE-2020-14826,https://securityvulnerability.io/vulnerability/CVE-2020-14826,SQL Extensions Vulnerability in Oracle E-Business Suite's Applications Manager,"The vulnerability affects the Oracle Applications Manager component of Oracle E-Business Suite, specifically targeting SQL Extensions. This flaw allows an unauthenticated attacker with network access to exploit the system via HTTP. Successful exploitation could lead to unauthorized read access to certain data within the Oracle Applications Manager, raising concerns about data confidentiality. It primarily impacts versions 12.1.3 and 12.2.3 through 12.2.10, making it crucial for users to apply recommended security patches.",Oracle,Applications Manager,5.3,MEDIUM,0.0009699999936856329,false,,false,false,false,,,false,false,,2020-10-21T14:04:27.000Z,0
CVE-2020-14811,https://securityvulnerability.io/vulnerability/CVE-2020-14811,Unauthenticated Access Vulnerability in Oracle E-Business Suite's Applications Manager,"A vulnerability exists in Oracle Applications Manager, part of the Oracle E-Business Suite, that could allow an unauthenticated attacker with network access to HTTP to gain unauthorized read access to sensitive data. This issue particularly affects the supported versions 12.1.3 and 12.2.3 through 12.2.10. If exploited, the attacker could compromise the integrity of the data managed by Oracle Applications Manager, leading to potential data breaches.",Oracle,Applications Manager,5.3,MEDIUM,0.0009699999936856329,false,,false,false,false,,,false,false,,2020-10-21T14:04:26.000Z,0
CVE-2020-14761,https://securityvulnerability.io/vulnerability/CVE-2020-14761,Unauthenticated Access Vulnerability in Oracle Applications Manager by Oracle,"This vulnerability in Oracle Applications Manager enables an unauthenticated attacker with network access via HTTP to exploit the system, potentially allowing for unauthorized data manipulation. Attackers may execute unauthorized updates, inserts, or deletions on accessible data, as well as gain read access to sensitive subsets of that data. This issue affects multiple versions of the product, specifically 12.1.3 and versions 12.2.3 through 12.2.7, highlighting a critical need for prompt security measures.",Oracle,Applications Manager,6.5,MEDIUM,0.001019999966956675,false,,false,false,false,,,false,false,,2020-10-21T14:04:24.000Z,0
CVE-2020-2946,https://securityvulnerability.io/vulnerability/CVE-2020-2946,Vulnerability in Oracle Enterprise Manager Application Performance Monitoring,"A vulnerability exists in the Application Performance Management component of Oracle Enterprise Manager, specifically in versions 12.1.0.5, 13.2.0.0, and 13.3.0.0. This flaw can be exploited by high-privileged attackers with network access via HTTP, leading to unauthorized access to sensitive data. Attackers could potentially manipulate Application Performance Management by executing operations such as unauthorized updates, insertions, or deletions of accessible data, as well as cause a partial denial of service. This poses a significant risk to the integrity and confidentiality of monitored applications.",Oracle,Apm - Application Performance Management,6,MEDIUM,0.0007999999797903001,false,,false,false,false,,,false,false,,2020-04-15T13:29:53.000Z,0
CVE-2020-2614,https://securityvulnerability.io/vulnerability/CVE-2020-2614,Exploitable Vulnerability in Oracle Enterprise Manager for Fusion Middleware,"A vulnerability in the Oracle Enterprise Manager for Fusion Middleware, specifically affecting the APM Mesh component, allows an attacker with high privileges and network access to exploit the system via HTTP. This easily exploitable vulnerability can lead to unauthorized access to sensitive data, permitting attackers to update, insert, or delete data without permission. Furthermore, it presents the risk of causing a partial denial of service for the affected products, thereby compromising the integrity and availability of the system.",Oracle,Apm - Application Performance Management,6,MEDIUM,0.0007999999797903001,false,,false,false,false,,,false,false,,2020-01-15T16:34:03.000Z,0
CVE-2019-2825,https://securityvulnerability.io/vulnerability/CVE-2019-2825,Vulnerability in Oracle Applications Manager of Oracle E-Business Suite,"A vulnerability exists in the Oracle Applications Manager component of Oracle E-Business Suite that allows a high privileged attacker with network access via HTTP to exploit the system. This exploitable flaw could lead to unauthorized creation, deletion, or modification of critical data within Oracle Applications Manager. Successful exploitation enables an attacker to gain unauthorized access to sensitive data, compromising both the confidentiality and integrity of affected systems.",Oracle,Applications Manager,6.5,MEDIUM,0.0008900000248104334,false,,false,false,false,,,false,false,,2019-07-23T23:15:00.000Z,0
CVE-2019-2546,https://securityvulnerability.io/vulnerability/CVE-2019-2546,,"Vulnerability in the Oracle Applications Manager component of Oracle E-Business Suite (subcomponent: SQL Extensions). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 and 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Applications Manager. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications Manager accessible data. CVSS 3.0 Base Score 8.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H).",Oracle,Applications Manager,4.3,MEDIUM,0.0007999999797903001,false,,false,false,false,,,false,false,,2019-01-16T19:00:00.000Z,0
CVE-2018-3237,https://securityvulnerability.io/vulnerability/CVE-2018-3237,,"Vulnerability in the Oracle Applications Manager component of Oracle E-Business Suite (subcomponent: Support Cart). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Applications Manager. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Applications Manager accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).",Oracle,Applications Manager,5.3,MEDIUM,0.0013099999632686377,false,,false,false,false,,,false,false,,2018-10-17T01:00:00.000Z,0
CVE-2018-3235,https://securityvulnerability.io/vulnerability/CVE-2018-3235,,"Vulnerability in the Oracle Applications Manager component of Oracle E-Business Suite (subcomponent: None). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Applications Manager. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Applications Manager, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Applications Manager accessible data as well as unauthorized update, insert or delete access to some of Oracle Applications Manager accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",Oracle,Applications Manager,8.2,HIGH,0.0014700000174343586,false,,false,false,false,,,false,false,,2018-10-17T01:00:00.000Z,0
CVE-2018-3167,https://securityvulnerability.io/vulnerability/CVE-2018-3167,,"Vulnerability in the Application Management Pack for Oracle E-Business Suite component of Oracle E-Business Suite (subcomponent: User Monitoring). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Application Management Pack for Oracle E-Business Suite. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Application Management Pack for Oracle E-Business Suite accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).",Oracle,Application Management Pack For Oracle E-business Suite,5.3,MEDIUM,0.005280000157654285,false,,false,false,false,,,false,false,,2018-10-17T01:00:00.000Z,0
CVE-2018-2996,https://securityvulnerability.io/vulnerability/CVE-2018-2996,,"Vulnerability in the Oracle Applications Manager component of Oracle E-Business Suite (subcomponent: Oracle Diagnostics Interfaces). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Applications Manager. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Applications Manager accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).",Oracle,Applications Manager,7.5,HIGH,0.001500000013038516,false,,false,false,false,,,false,false,,2018-07-18T13:00:00.000Z,0
CVE-2017-10179,https://securityvulnerability.io/vulnerability/CVE-2017-10179,,"Vulnerability in the Application Management Pack for Oracle E-Business Suite component of Oracle E-Business Suite (subcomponent: User Monitoring). Supported versions that are affected are AMP 12.1.0.4.0 and AMP 13.1.1.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Application Management Pack for Oracle E-Business Suite. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Application Management Pack for Oracle E-Business Suite accessible data as well as unauthorized read access to a subset of Application Management Pack for Oracle E-Business Suite accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N).",Oracle,Application Management Pack For Oracle E-business Suite,6.5,MEDIUM,0.0014700000174343586,false,,false,false,false,,,false,false,,2017-08-08T15:00:00.000Z,0
CVE-2017-10144,https://securityvulnerability.io/vulnerability/CVE-2017-10144,,Vulnerability in the Oracle Applications Manager component of Oracle E-Business Suite (subcomponent: Oracle Diagnostics Interfaces). The supported version that is affected is 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Applications Manager. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Applications Manager. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).,Oracle,Applications Manager,7.5,HIGH,0.0012199999764561653,false,,false,false,false,,,false,false,,2017-08-08T15:00:00.000Z,0
CVE-2017-3277,https://securityvulnerability.io/vulnerability/CVE-2017-3277,,"Vulnerability in the Oracle Applications Manager component of Oracle E-Business Suite (subcomponent: OAM Client). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Applications Manager. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Applications Manager accessible data. CVSS v3.0 Base Score 4.9 (Confidentiality impacts).",Oracle,Applications Manager,4.9,MEDIUM,0.0008200000156648457,false,,false,false,false,,,false,false,,2017-01-27T22:01:00.000Z,0
CVE-2016-3525,https://securityvulnerability.io/vulnerability/CVE-2016-3525,,Unspecified vulnerability in the Oracle Applications Manager component in Oracle E-Business Suite 12.1.3 allows remote attackers to affect confidentiality via vectors related to Cookie Management.,Oracle,Applications Manager,5.9,MEDIUM,0.0022799998987466097,false,,false,false,false,,,false,false,,2016-07-21T10:00:00.000Z,0
CVE-2016-0531,https://securityvulnerability.io/vulnerability/CVE-2016-0531,,Unspecified vulnerability in the Oracle Applications Manager component in Oracle E-Business Suite 12.1.3 allows remote authenticated users to affect integrity via unknown vectors related to Oracle Diagnostics Interfaces.,Oracle,Applications Manager,,,0.000859999970998615,false,,false,false,false,,,false,false,,2016-01-21T02:00:00.000Z,0
CVE-2015-0489,https://securityvulnerability.io/vulnerability/CVE-2015-0489,,Unspecified vulnerability in the Application Management Pack for Oracle E-Business Suite component in Oracle E-Business Suite AMP 121030 and 121020 allows local users to affect confidentiality via vectors related to EBS Plugin.,Oracle,E-business Suite Application Management Pack,,,0.0006000000284984708,false,,false,false,false,,,false,false,,2015-04-16T16:00:00.000Z,0
CVE-2015-2808,https://securityvulnerability.io/vulnerability/CVE-2015-2808,,"The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the ""Bar Mitzvah"" issue.",Oracle,"Http Server,Integrated Lights Out Manager Firmware,Communications Application Session Controller,Communications Policy Management",,,0.004379999823868275,false,,false,false,false,,,false,false,,2015-04-01T00:00:00.000Z,0