cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2022-21598,https://securityvulnerability.io/vulnerability/CVE-2022-21598,Unauthenticated Vulnerability in Oracle Siebel CRM Repository Utilities,"A vulnerability exists in the Repository Utilities component of Oracle Siebel CRM, allowing unauthenticated attackers to exploit network access via HTTP. This flaw can lead to unauthorized modifications, deletions, or creations of data, impacting critical data integrity for Siebel Core - DB Deployment and Configuration. Supported versions affected include 22.8 and earlier. Organizations should implement security measures to mitigate exploitation risks associated with this vulnerability.",Oracle,Siebel Core - Db Deployment And Configuration,7.5,HIGH,0.00044999999227002263,false,,false,false,false,,,false,false,,2022-10-18T00:00:00.000Z,0
CVE-2022-21255,https://securityvulnerability.io/vulnerability/CVE-2022-21255,Unauthorized Access Vulnerability in Oracle E-Business Suite Configurator,"The Oracle Configurator in Oracle E-Business Suite suffers from a vulnerability that could allow low-privileged attackers with network access to exploit the system via HTTP. This vulnerability enables unauthorized individuals to create, delete, or modify critical data within the Oracle Configurator. Successful exploitation could lead to significant risk, as it compromises the confidentiality and integrity of all accessible data. Proper security measures must be implemented to mitigate these risks and safeguard sensitive information.",Oracle,Configurator,8.1,HIGH,0.00044999999227002263,false,,false,false,false,,,false,false,,2022-01-19T11:22:16.000Z,0
CVE-2021-2273,https://securityvulnerability.io/vulnerability/CVE-2021-2273,Oracle E-Business Suite Legal Entity Configurator Vulnerability,"A vulnerability exists in Oracle's Legal Entity Configurator for the E-Business Suite that allows low-privileged attackers with network access to exploit the system via HTTP. This issue is particularly concerning as it can lead to unauthorized creation, deletion, or modification of critical data. It presents a serious risk to the integrity and confidentiality of all data accessible through the Legal Entity Configurator, potentially leading to full access for malicious actors.",Oracle,Legal Entity Configurator,8.1,HIGH,0.0009399999980814755,false,,false,false,false,,,false,false,,2021-04-22T21:53:58.000Z,0
CVE-2021-2078,https://securityvulnerability.io/vulnerability/CVE-2021-2078,Unauthorized Data Access in Oracle Configurator by Oracle Corporation,"The vulnerability in Oracle Configurator allows unauthenticated attackers with network access to exploit the product, potentially compromising sensitive data and systems. While requiring human interaction from a third party, the effects of a successful exploit can lead to unauthorized access to critical information. Attackers can perform unauthorized updates, inserts, or deletions on data accessible through Oracle Configurator. This vulnerability poses significant risks not only to the Configurator itself but also to other associated Oracle products, making it crucial for organizations to implement timely security measures.",Oracle,Configurator,8.2,HIGH,0.0020699999295175076,false,,false,false,false,,,false,false,,2021-01-20T14:50:08.000Z,0
CVE-2021-2080,https://securityvulnerability.io/vulnerability/CVE-2021-2080,Unauthenticated Access Vulnerability in Oracle Configurator from Oracle,"This vulnerability in Oracle Configurator allows unauthenticated attackers with HTTP network access to compromise the system. While successful exploitation requires interaction from a user not involved in the attack, the consequences can be severe. Attackers may gain unauthorized access to sensitive data or exert complete control over accessible data within Oracle Configurator, enabling them to update, insert, or delete this data without authorization. Given the broad impact this can have, it is crucial for affected organizations to apply necessary patches and maintain a proactive security posture.",Oracle,Configurator,8.2,HIGH,0.0020699999295175076,false,,false,false,false,,,false,false,,2021-01-20T14:50:08.000Z,0
CVE-2021-2079,https://securityvulnerability.io/vulnerability/CVE-2021-2079,Unauthenticated Access Vulnerability in Oracle Configurator from Oracle,"Oracle Configurator, part of Oracle Supply Chain, contains a vulnerability that allows unauthenticated attackers to compromise the system through HTTP. This issue primarily affects versions 12.1 and 12.2, enabling unauthorized access to sensitive data. Although successful exploitation requires human interaction, the potential consequences can be severe, including complete access to all accessible data, unauthorized updates, inserts, or deletions within Oracle Configurator. This vulnerability poses significant risks not just to Oracle Configurator itself but may also impact other interrelated products.",Oracle,Configurator,8.2,HIGH,0.0020699999295175076,false,,false,false,false,,,false,false,,2021-01-20T14:50:08.000Z,0
CVE-2020-2984,https://securityvulnerability.io/vulnerability/CVE-2020-2984,Vulnerability in Oracle Configuration Manager Affects Oracle Enterprise Manager,"This vulnerability in Oracle Configuration Manager facilitates unauthorized access for low-privileged attackers with network access via HTTP. Exploiting this vulnerability allows attackers to compromise data integrity and confidentiality, potentially leading to unauthorized updates, inserts, or deletions of accessible data within the Oracle Configuration Manager.",Oracle,Configuration Manager,7.1,HIGH,0.0006500000017695129,false,,false,false,false,,,false,false,,2020-07-15T17:34:37.000Z,0
CVE-2020-14669,https://securityvulnerability.io/vulnerability/CVE-2020-14669,Unauthenticated Access Vulnerability in Oracle Configurator by Oracle,"An unauthenticated access vulnerability exists in the Oracle Configurator component of Oracle Supply Chain, specifically in the UI Servlet. This vulnerability can be exploited by an attacker with network access via HTTP, allowing unauthorized access to sensitive data. Successful exploitation requires human interaction from a victim. The vulnerability can result in complete access to Oracle Configurator data, along with unauthorized capabilities to update, insert, or delete data. The potential impact goes beyond Oracle Configurator, potentially affecting other interconnected products.",Oracle,Configurator,8.2,HIGH,0.0019199999514967203,false,,false,false,false,,,false,false,,2020-07-15T17:34:33.000Z,0
CVE-2020-2865,https://securityvulnerability.io/vulnerability/CVE-2020-2865,Unauthenticated Data Access Vulnerability in Oracle Configurator by Oracle,"A vulnerability exists in the Oracle Configurator component of Oracle Supply Chain, affecting versions 12.1 and 12.2. This issue allows unauthenticated attackers with network access via HTTP to exploit the vulnerability easily. Successful exploitation may lead to unauthorized read access to certain data within the Oracle Configurator. It is crucial for organizations using these versions to take appropriate measures to mitigate this risk.",Oracle,Configurator,5.3,MEDIUM,0.0008900000248104334,false,,false,false,false,,,false,false,,2020-04-15T13:29:50.000Z,0
CVE-2019-2965,https://securityvulnerability.io/vulnerability/CVE-2019-2965,Oracle Siebel CRM Unauthorized Access Vulnerability,"A vulnerability exists in the Siebel Core - DB Deployment and Configuration component of Oracle Siebel CRM, allowing unauthenticated attackers with HTTP network access to exploit this weakness. Successful exploitation can lead to unauthorized access to sensitive data and potentially grant complete access to all data within the Siebel Core - DB Deployment and Configuration system. Affected versions include 19.8 and earlier, highlighting the critical need for users to apply necessary security updates and configurations to mitigate this risk.",Oracle,Siebel Core - Db Deployment And Configuration,7.5,HIGH,0.0036100000143051147,false,,false,false,false,,,false,false,,2019-10-16T17:40:56.000Z,0
CVE-2019-2567,https://securityvulnerability.io/vulnerability/CVE-2019-2567,Unauthorized Access Vulnerability in Oracle Configurator for Supply Chain Products Suite,"An unauthenticated attacker with network access via HTTP can exploit a vulnerability in Oracle Configurator, part of the Oracle Supply Chain Products Suite. This could lead to unauthorized access to sensitive data, allowing attackers to compromise all data accessible through Oracle Configurator. It has been found in versions 12.1 and 12.2, highlighting the critical need for users to ensure their systems are protected against potential threats.",Oracle,Configurator,7.5,HIGH,0.0036100000143051147,false,,false,false,false,,,false,false,,2019-04-23T18:16:39.000Z,0
CVE-2016-3438,https://securityvulnerability.io/vulnerability/CVE-2016-3438,,"Unspecified vulnerability in the Oracle Configurator component in Oracle Supply Chain Products Suite 12.0.6, 12.1, and 12.2 allows remote attackers to affect confidentiality and integrity via vectors related to JRAD Heartbeat. NOTE: the previous information is from the April 2016 CPU. Oracle has not commented on third-party claims that that this issue involves multiple cross-site scripting (XSS) vulnerabilities, which allow remote attackers to inject arbitrary web script or HTML via three unspecified parameters in an unknown JSP file.",Oracle,Configurator,8.2,HIGH,0.002369999885559082,false,,false,false,false,,,false,false,,2016-04-21T10:00:00.000Z,0
CVE-2016-0570,https://securityvulnerability.io/vulnerability/CVE-2016-0570,,"Unspecified vulnerability in the Oracle HCM Configuration Workbench component in Oracle E-Business Suite 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality via unknown vectors.",Oracle,Human Capital Management Configuration Workbench,,,0.0025100000202655792,false,,false,false,false,,,false,false,,2016-01-21T02:00:00.000Z,0
CVE-2016-0540,https://securityvulnerability.io/vulnerability/CVE-2016-0540,,"Unspecified vulnerability in the Oracle Configurator component in Oracle Supply Chain Products Suite 11.5.10.2, 12.1, and 12.2 allows remote attackers to affect confidentiality via unknown vectors related to UI Servlet, a different vulnerability than CVE-2016-0541.",Oracle,Configurator,,,0.0018100000452250242,false,,false,false,false,,,false,false,,2016-01-21T02:00:00.000Z,0
CVE-2016-0541,https://securityvulnerability.io/vulnerability/CVE-2016-0541,,"Unspecified vulnerability in the Oracle Configurator component in Oracle Supply Chain Products Suite 11.5.10.2, 12.1, and 12.2 allows remote attackers to affect confidentiality via unknown vectors related to UI Servlet, a different vulnerability than CVE-2016-0540.",Oracle,Configurator,,,0.0018100000452250242,false,,false,false,false,,,false,false,,2016-01-21T02:00:00.000Z,0
CVE-2002-1639,https://securityvulnerability.io/vulnerability/CVE-2002-1639,,"Oracle Configurator before 11.5.7.17.32 and 11.5.6.16.53 allows remote attackers to obtain sensitive information via a request to the oracle.apps.cz.servlet.UiServlet servlet with the test parameter set to ""version"" or ""host"".",Oracle,Configurator,,,0.009519999846816063,false,,false,false,false,,,false,false,,2002-04-01T05:00:00.000Z,0
CVE-2002-1640,https://securityvulnerability.io/vulnerability/CVE-2002-1640,,Multiple cross-site scripting (XSS) vulnerabilities in Oracle Configurator before 11.5.7.17.32 and 11.5.6.16.53 allows remote attackers to inject arbitrary web script or HTML via (1) Text Features in the DHTML UI or (2) the test parameter to the oracle.apps.cz.servlet.UiServlet servlet.,Oracle,Configurator,,,0.015960000455379486,false,,false,false,false,,,false,false,,2002-04-01T05:00:00.000Z,0