cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2025-21554,https://securityvulnerability.io/vulnerability/CVE-2025-21554,Unauthenticated Access Vulnerability in Oracle Communications Order and Service Management,"A security flaw exists in Oracle Communications Order and Service Management, allowing unauthenticated attackers with network access via HTTP to exploit this vulnerability. Affected versions include 7.4.0, 7.4.1, and 7.5.0. If successfully attacked, it can result in unauthorized read access to sensitive data, posing a risk to data confidentiality. Organizations using this application should apply the relevant security updates to mitigate risks associated with this vulnerability.",Oracle,Oracle Communications Order And Service Management,5.3,MEDIUM,0.01,false,false,false,false,false,false,false,2025-01-21T20:53:17.695Z,0
CVE-2025-21544,https://securityvulnerability.io/vulnerability/CVE-2025-21544,Vulnerability in Oracle Communications Order and Service Management,"This vulnerability affects the Oracle Communications Order and Service Management product, enabling low-privileged attackers with network access via HTTP to potentially compromise the system. Successful exploitation requires human interaction from individuals other than the attacker, which may broaden the impact beyond just the affected product. Attackers could gain unauthorized update, insert, or delete access to sensitive data within the system, as well as unauthorized read access to certain accessible data.",Oracle,Oracle Communications Order And Service Management,5.4,MEDIUM,0.01,false,false,false,false,false,false,false,2025-01-21T20:53:13.975Z,0
CVE-2025-21542,https://securityvulnerability.io/vulnerability/CVE-2025-21542,Security Flaw in Oracle Communications Order and Service Management by Oracle,"A vulnerability has been identified in the Oracle Communications Order and Service Management product, enabling an attacker with low privileges and network access via HTTP to execute unauthorized actions. Such actions include updating, inserting, or deleting data, as well as unauthorized reading of accessible data. Additionally, this flaw could allow attackers to partially disrupt service availability. Supported versions impacted by this security vulnerability are 7.4.0, 7.4.1, and 7.5.0. Organizations using these versions should take immediate action to mitigate risks associated with unauthorized data manipulation and service disruptions.",Oracle,Oracle Communications Order And Service Management,6.3,MEDIUM,0.01,false,false,false,false,false,false,false,2025-01-21T20:53:13.104Z,0
CVE-2023-22088,https://securityvulnerability.io/vulnerability/CVE-2023-22088,,Vulnerability in the Oracle Communications Order and Service Management product of Oracle Communications Applications (component: User Management).  Supported versions that are affected are 7.4.0 and  7.4.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Order and Service Management.  Successful attacks of this vulnerability can result in  unauthorized read access to a subset of Oracle Communications Order and Service Management accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).,Oracle,Communications Order And Service Management,4.3,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2023-10-17T22:15:00.000Z,0
CVE-2018-2756,https://securityvulnerability.io/vulnerability/CVE-2018-2756,,"Vulnerability in the Oracle Communications Order and Service Management component of Oracle Communications Applications (subcomponent: WebUI). Supported versions that are affected are 7.2.4.3.0, 7.3.0.1.x, 7.3.1.0.7 and 7.3.5.0.x. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Order and Service Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Order and Service Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Communications Order and Service Management accessible data. CVSS 3.0 Base Score 6.3 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N).",Oracle,Communications Order And Service Management,6.3,MEDIUM,0.0010900000343099236,false,false,false,false,,false,false,2018-04-19T02:00:00.000Z,0
CVE-2018-2567,https://securityvulnerability.io/vulnerability/CVE-2018-2567,,"Vulnerability in the Oracle Communications Order and Service Management component of Oracle Communications Applications (subcomponent: Portal). Supported versions that are affected are 7.2.4.1.x, 7.2.4.2.x, 7.3.0.x.x and 7.3.0.1.x. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Order and Service Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Communications Order and Service Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Order and Service Management accessible data as well as unauthorized read access to a subset of Oracle Communications Order and Service Management accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",Oracle,Communications Order And Service Management,6.1,MEDIUM,0.001290000043809414,false,false,false,false,,false,false,2018-01-18T02:00:00.000Z,0