cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-21100,https://securityvulnerability.io/vulnerability/CVE-2024-21100,Oracle Commerce Platform Vulnerability Could Lead to Unauthorized Data Access,"Vulnerability in the Oracle Commerce Platform product of Oracle Commerce (component: Platform).  Supported versions that are affected are 11.3.0, 11.3.1 and  11.3.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Platform.  While the vulnerability is in Oracle Commerce Platform, attacks may significantly impact additional products (scope change).  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Commerce Platform accessible data. CVSS 3.1 Base Score 4.0 (Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N).",Oracle,Commerce Platform,4,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-04-16T22:15:00.000Z,0
CVE-2022-21559,https://securityvulnerability.io/vulnerability/CVE-2022-21559,Vulnerability in Oracle Commerce Platform - Oracle,"A vulnerability exists within the Oracle Commerce Platform's Dynamo Application Framework that can be exploited by an attacker with low privileges who has logged onto the infrastructure where the platform operates. This flaw enables the attacker to gain unauthorized access to critical information and potentially all data accessible through the Oracle Commerce Platform. Organizations utilizing affected versions 11.3.0, 11.3.1, or 11.3.2 should take immediate actions to mitigate the risks associated with this vulnerability.",Oracle,Commerce Platform,5.5,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2022-07-19T21:07:57.000Z,0
CVE-2022-21387,https://securityvulnerability.io/vulnerability/CVE-2022-21387,Remote Code Execution Vulnerability in Oracle Commerce Platform by Oracle,"A security flaw in the Oracle Commerce Platform's Dynamo Application Framework enables unauthenticated attackers with network access to exploit the system. This exploitation can lead to unauthorized read access to specific data within the platform, thereby putting sensitive information at risk. The flaw affects versions 11.3.0, 11.3.1, and 11.3.2 and highlights vulnerabilities in access controls that could be leveraged by malicious actors.",Oracle,Commerce Platform,5.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2022-01-19T11:26:28.000Z,0
CVE-2021-2463,https://securityvulnerability.io/vulnerability/CVE-2021-2463,Unauthenticated Network Vulnerability in Oracle Commerce Platform,"A critical security vulnerability exists in the Oracle Commerce Platform, specifically within the Dynamo Application Framework. This flaw allows an unauthenticated attacker to exploit the system via network access over HTTP, potentially leading to full control over the platform. The vulnerable versions include 11.0.0, 11.1.0, 11.2.0, and versions 11.3.0 to 11.3.2. When exploited, this vulnerability can severely compromise the confidentiality, integrity, and availability of the affected systems. Organizations using affected versions are strongly urged to apply the necessary security patches to mitigate potential risks.",Oracle,Commerce Platform,9.8,CRITICAL,0.004170000087469816,false,,false,false,false,,,false,false,,2021-07-21T00:15:00.000Z,0
CVE-2020-14535,https://securityvulnerability.io/vulnerability/CVE-2020-14535,Unauthenticated Access Vulnerability in Oracle Commerce Service Center,"The vulnerability in Oracle Commerce Service Center enables an unauthenticated attacker with network access via HTTP to exploit the system. Successful exploitation can lead to unauthorized creation, deletion, or modification of critical data, allowing attackers to gain complete access to all data within the Oracle Commerce Service Center environment. This security flaw affects versions 11.1 and 11.2, as well as those prior to 11.3.1, highlighting significant concerns for organizations relying on this platform.",Oracle,Commerce Platform,7.4,HIGH,0.0019399999873712659,false,,false,false,false,,,false,false,,2020-07-15T17:34:26.000Z,0
CVE-2020-14533,https://securityvulnerability.io/vulnerability/CVE-2020-14533,Unauthorized Access Vulnerability in Oracle Commerce Platform by Oracle,"A vulnerability exists within the Oracle Commerce Platform's Dynamo Application Framework, potentially allowing a high-privileged attacker with network access via HTTP to exploit the platform. The attack requires human interaction from a third party, leading to unauthorized update, insertion, or deletion of accessible data. Furthermore, it provides access to confidential data, risking integrity and confidentiality within supported versions 11.1, 11.2, and those prior to 11.3.1.",Oracle,Commerce Platform,3.5,LOW,0.000539999979082495,false,,false,false,false,,,false,false,,2020-07-15T17:34:25.000Z,0
CVE-2020-14532,https://securityvulnerability.io/vulnerability/CVE-2020-14532,Vulnerability in Oracle Commerce Platform's Dynamo Application Framework,"A vulnerability exists within the Oracle Commerce Platform's Dynamo Application Framework, allowing unauthenticated attackers to gain network access via HTTP. This can result in unauthorized updates, insertions, or deletions of accessible data, especially with human interaction required from an unsuspecting user. Although the primary issue is in the Oracle Commerce Platform, the implications of a successful attack may extend to other associated products.",Oracle,Commerce Platform,4.7,MEDIUM,0.0008299999753944576,false,,false,false,false,,,false,false,,2020-07-15T17:34:25.000Z,0
CVE-2019-2712,https://securityvulnerability.io/vulnerability/CVE-2019-2712,Vulnerability in Oracle Commerce Platform of Oracle,"The vulnerability in the Oracle Commerce Platform, specifically within the Dynamo Application Framework, exposes supported versions 11.2.0.3 and 11.3.1 to potential attacks. An attacker can exploit this weakness remotely through HTTP, requiring minimal user interaction. Successful exploitation may allow the attacker to execute unauthorized operations such as updates, inserts, or deletions of data within the platform. Moreover, it can facilitate unauthorized reading of sensitive data, thus compromising the confidentiality and integrity of the information stored on Oracle Commerce. Organizations using affected versions should implement necessary security measures to mitigate these risks.",Oracle,Commerce Platform,6.1,MEDIUM,0.0008299999753944576,false,,false,false,false,,,false,false,,2019-04-23T18:16:45.000Z,0
CVE-2019-2659,https://securityvulnerability.io/vulnerability/CVE-2019-2659,Unauthenticated Network Vulnerability in Oracle Commerce Platform by Oracle,"Oracle Commerce Platform contains a vulnerability in the Dynamo Application Framework that allows unauthenticated attackers with network access via HTTP to compromise the platform's security. Successful exploitation requires human interaction from a non-attacker. The flaw enables attackers to perform unauthorized actions such as update, insert, or delete data, and gain unauthorized read access to certain data within the Oracle Commerce Platform. This vulnerability poses significant risks to the integrity and confidentiality of accessible data.",Oracle,Commerce Platform,6.1,MEDIUM,0.0008299999753944576,false,,false,false,false,,,false,false,,2019-04-23T18:16:43.000Z,0
CVE-2018-3122,https://securityvulnerability.io/vulnerability/CVE-2018-3122,,"Vulnerability in the Oracle Retail Open Commerce Platform component of Oracle Retail Applications (subcomponent: Integrations). Supported versions that are affected are 6.0, 6.0.1 and 5.3. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Retail Open Commerce Platform. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Retail Open Commerce Platform accessible data as well as unauthorized access to critical data or complete access to all Oracle Retail Open Commerce Platform accessible data. CVSS 3.0 Base Score 6.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N).",Oracle,Retail Open Commerce Platform Cloud Service,6.8,MEDIUM,0.0005300000193528831,false,,false,false,false,,,false,false,,2018-10-17T01:00:00.000Z,0
CVE-2017-10172,https://securityvulnerability.io/vulnerability/CVE-2017-10172,,"Vulnerability in the Oracle Retail Open Commerce Platform component of Oracle Retail Applications (subcomponent: Framework). Supported versions that are affected are 5.0, 5.1, 5.2, 5.3, 6.0, 6.1, 15.0 and 15.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Open Commerce Platform. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Retail Open Commerce Platform, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Retail Open Commerce Platform accessible data as well as unauthorized read access to a subset of Oracle Retail Open Commerce Platform accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",Oracle,Retail Open Commerce Platform Cloud Service,6.1,MEDIUM,0.001290000043809414,false,,false,false,false,,,false,false,,2017-08-08T15:00:00.000Z,0
CVE-2017-10173,https://securityvulnerability.io/vulnerability/CVE-2017-10173,,"Vulnerability in the Oracle Retail Open Commerce Platform component of Oracle Retail Applications (subcomponent: Website). Supported versions that are affected are 5.0, 5.1, 5.2, 5.3, 6.0, 6.1, 15.0 and 15.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Open Commerce Platform. While the vulnerability is in Oracle Retail Open Commerce Platform, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Retail Open Commerce Platform accessible data. CVSS 3.0 Base Score 5.8 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N).",Oracle,Retail Open Commerce Platform Cloud Service,5.8,MEDIUM,0.001550000044517219,false,,false,false,false,,,false,false,,2017-08-08T15:00:00.000Z,0
CVE-2017-3451,https://securityvulnerability.io/vulnerability/CVE-2017-3451,,"Vulnerability in the Oracle Retail Open Commerce Platform component of Oracle Retail Applications (subcomponent: Web). Supported versions that are affected are 4.0, 5.0, 5.1, 5.3, 6.0,6.1, 15.0 and 16.0. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Retail Open Commerce Platform. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Retail Open Commerce Platform, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Retail Open Commerce Platform accessible data as well as unauthorized read access to a subset of Oracle Retail Open Commerce Platform accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).",Oracle,Retail Open Commerce Platform Cloud Service,5.4,MEDIUM,0.0005499999970197678,false,,false,false,false,,,false,false,,2017-04-24T19:00:00.000Z,0
CVE-2017-3296,https://securityvulnerability.io/vulnerability/CVE-2017-3296,,"Vulnerability in the Oracle Commerce Platform component of Oracle Commerce (subcomponent: Dynamo Application Framework). Supported versions that are affected are 10.0.3.5, 10.2.0.5 and 11.2.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Platform. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Commerce Platform accessible data. CVSS v3.0 Base Score 4.3 (Confidentiality impacts).",Oracle,Commerce Platform,4.3,MEDIUM,0.0010600000387057662,false,,false,false,false,,,false,false,,2017-01-27T22:01:00.000Z,0
CVE-2016-0522,https://securityvulnerability.io/vulnerability/CVE-2016-0522,,"Unspecified vulnerability in the Oracle Retail Open Commerce Platform Cloud Service component in Oracle Retail Applications 3.5, 4.5, 4.7, and 5.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Framework.",Oracle,Retail Open Commerce Platform Cloud Service,,,0.00773000018671155,false,,false,false,false,,,false,false,,2016-01-21T02:00:00.000Z,0
CVE-2015-2607,https://securityvulnerability.io/vulnerability/CVE-2015-2607,,"Unspecified vulnerability in the Oracle Commerce Guided Search / Oracle Commerce Experience Manager component in Oracle Commerce Platform 3.0.2, 3.1.1, 3.1.2, 11.0, and 11.1 allows remote attackers to affect confidentiality via unknown vectors related to Content Acquisition System.",Oracle,Commerce Platform,,,0.0022299999836832285,false,,false,false,false,,,false,false,,2015-07-16T10:00:00.000Z,0
CVE-2015-2653,https://securityvulnerability.io/vulnerability/CVE-2015-2653,,"Unspecified vulnerability in the Oracle Commerce Guided Search / Oracle Commerce Experience Manager component in Oracle Commerce Platform 3.1.1, 3.1.2, 11.0, and 11.1 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Content Acquisition System.",Oracle,Commerce Platform,,,0.0022299999836832285,false,,false,false,false,,,false,false,,2015-07-16T10:00:00.000Z,0
CVE-2015-0510,https://securityvulnerability.io/vulnerability/CVE-2015-0510,,"Unspecified vulnerability in the Oracle Commerce Platform component in Oracle Commerce Platform 9.4, 10.0, and 10.2 allows remote attackers to affect integrity via vectors related to Dynamo Application Framework - HTML Admin User Interface.",Oracle,Commerce Platform,,,0.0015200000489130616,false,,false,false,false,,,false,false,,2015-04-16T16:00:00.000Z,0