cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2023-22004,https://securityvulnerability.io/vulnerability/CVE-2023-22004,,"Vulnerability in the Oracle Applications Technology product of Oracle E-Business Suite (component: Reports Configuration).  Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Applications Technology.  Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Applications Technology accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N).",Oracle,E-business Suite Technology Stack,4.3,MEDIUM,0.0006099999882280827,false,false,false,false,,false,false,2023-07-18T21:15:00.000Z,0
CVE-2020-14805,https://securityvulnerability.io/vulnerability/CVE-2020-14805,,"Vulnerability in the Oracle E-Business Suite Secure Enterprise Search product of Oracle E-Business Suite (component: Search Integration Engine). Supported versions that are affected are 12.1.3 and 12.2.3 - 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle E-Business Suite Secure Enterprise Search. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle E-Business Suite Secure Enterprise Search accessible data as well as unauthorized access to critical data or complete access to all Oracle E-Business Suite Secure Enterprise Search accessible data. CVSS 3.1 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).",Oracle,E-business Suite Secure Enterprise Search,9.1,CRITICAL,0.0027000000700354576,false,false,false,false,,false,false,2020-10-21T14:04:26.000Z,0
CVE-2018-3167,https://securityvulnerability.io/vulnerability/CVE-2018-3167,,"Vulnerability in the Application Management Pack for Oracle E-Business Suite component of Oracle E-Business Suite (subcomponent: User Monitoring). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Application Management Pack for Oracle E-Business Suite. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Application Management Pack for Oracle E-Business Suite accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).",Oracle,Application Management Pack For Oracle E-business Suite,5.3,MEDIUM,0.005280000157654285,false,false,false,false,,false,false,2018-10-17T01:00:00.000Z,0
CVE-2017-10324,https://securityvulnerability.io/vulnerability/CVE-2017-10324,,"Vulnerability in the Oracle Applications Technology Stack component of Oracle E-Business Suite (subcomponent: Oracle Forms). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Applications Technology Stack. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Applications Technology Stack accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).",Oracle,E-business Suite Technology Stack,5.3,MEDIUM,0.0013800000306218863,false,false,false,false,,false,false,2017-10-19T17:00:00.000Z,0
CVE-2017-10066,https://securityvulnerability.io/vulnerability/CVE-2017-10066,,"Vulnerability in the Oracle Applications Technology Stack component of Oracle E-Business Suite (subcomponent: Oracle Forms). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Applications Technology Stack. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications Technology Stack accessible data. CVSS 3.0 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).",Oracle,E-business Suite Technology Stack,5.3,MEDIUM,0.001550000044517219,false,false,false,false,,false,false,2017-10-19T17:00:00.000Z,0
CVE-2017-10179,https://securityvulnerability.io/vulnerability/CVE-2017-10179,,"Vulnerability in the Application Management Pack for Oracle E-Business Suite component of Oracle E-Business Suite (subcomponent: User Monitoring). Supported versions that are affected are AMP 12.1.0.4.0 and AMP 13.1.1.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Application Management Pack for Oracle E-Business Suite. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Application Management Pack for Oracle E-Business Suite accessible data as well as unauthorized read access to a subset of Application Management Pack for Oracle E-Business Suite accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N).",Oracle,Application Management Pack For Oracle E-business Suite,6.5,MEDIUM,0.0014700000174343586,false,false,false,false,,false,false,2017-08-08T15:00:00.000Z,0
CVE-2016-3549,https://securityvulnerability.io/vulnerability/CVE-2016-3549,,"Unspecified vulnerability in the Oracle E-Business Suite Secure Enterprise Search component in Oracle E-Business Suite 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentiality via vectors related to Search Integration Engine.",Oracle,E-business Suite Secure Enterprise Search,5.3,MEDIUM,0.002469999948516488,false,false,false,false,,false,false,2016-07-21T10:00:00.000Z,0
CVE-2016-3520,https://securityvulnerability.io/vulnerability/CVE-2016-3520,,"Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote administrators to affect confidentiality via vectors related to AOL Diagnostic tests.",Oracle,E-business Suite,4.9,MEDIUM,0.0017000000225380063,false,false,false,false,,false,false,2016-07-21T10:00:00.000Z,0
CVE-2016-3524,https://securityvulnerability.io/vulnerability/CVE-2016-3524,,"Unspecified vulnerability in the Oracle Applications Technology Stack component in Oracle E-Business Suite 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentiality and integrity via vectors related to Configuration.",Oracle,E-business Suite,5.4,MEDIUM,0.0019099999917671084,false,false,false,false,,false,false,2016-07-21T10:00:00.000Z,0
CVE-2016-0512,https://securityvulnerability.io/vulnerability/CVE-2016-0512,,Unspecified vulnerability in the Oracle Human Resources component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Self Service - Common Modules.,Oracle,E-business Suite,,,0.0018100000452250242,false,false,false,false,,false,false,2016-01-21T02:00:00.000Z,0
CVE-2016-0526,https://securityvulnerability.io/vulnerability/CVE-2016-0526,,"Unspecified vulnerability in the Oracle CRM Technical Foundation component in Oracle E-Business Suite 11.5.10.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect integrity via unknown vectors related to Wireless Framework.",Oracle,E-business Suite,,,0.0018100000452250242,false,false,false,false,,false,false,2016-01-21T02:00:00.000Z,0
CVE-2016-0514,https://securityvulnerability.io/vulnerability/CVE-2016-0514,,"Unspecified vulnerability in the Oracle CRM Technical Foundation component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect confidentiality and integrity via vectors related to BIS Common Components, a different vulnerability than CVE-2016-0515.",Oracle,E-business Suite,,,0.0018100000452250242,false,false,false,false,,false,false,2016-01-21T02:00:00.000Z,0
CVE-2016-0517,https://securityvulnerability.io/vulnerability/CVE-2016-0517,,"Unspecified vulnerability in the Oracle Human Resources component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect confidentiality and integrity via unknown vectors related to General utilities, a different vulnerability than CVE-2016-0518.",Oracle,E-business Suite,,,0.0018100000452250242,false,false,false,false,,false,false,2016-01-21T02:00:00.000Z,0
CVE-2016-0509,https://securityvulnerability.io/vulnerability/CVE-2016-0509,,Unspecified vulnerability in the Oracle Internet Expenses component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect integrity via unknown vectors related to AP Web Utilities.,Oracle,E-business Suite,,,0.001449999981559813,false,false,false,false,,false,false,2016-01-21T02:00:00.000Z,0
CVE-2016-0518,https://securityvulnerability.io/vulnerability/CVE-2016-0518,,"Unspecified vulnerability in the Oracle Human Resources component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect confidentiality and integrity via unknown vectors related to General utilities, a different vulnerability than CVE-2016-0517.",Oracle,E-business Suite,,,0.0018100000452250242,false,false,false,false,,false,false,2016-01-21T02:00:00.000Z,0
CVE-2016-0459,https://securityvulnerability.io/vulnerability/CVE-2016-0459,,"Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote authenticated users to affect integrity via unknown vectors related to Popup Windows.",Oracle,E-business Suite,,,0.000859999970998615,false,false,false,false,,false,false,2016-01-21T02:00:00.000Z,0
CVE-2016-0507,https://securityvulnerability.io/vulnerability/CVE-2016-0507,,"Unspecified vulnerability in the Oracle iReceivables component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect integrity via unknown vectors related to AR Web Utilities, a different vulnerability than CVE-2016-0519.",Oracle,E-business Suite,,,0.001449999981559813,false,false,false,false,,false,false,2016-01-21T02:00:00.000Z,0
CVE-2016-0457,https://securityvulnerability.io/vulnerability/CVE-2016-0457,,"Unspecified vulnerability in the Application Mgmt Pack for E-Business Suite component in Oracle E-Business Suite 12.1 and 12.2 allows remote attackers to affect confidentiality via vectors related to REST Framework, a different vulnerability than CVE-2016-0456.  NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this issue is an XML External Entity (XXE) vulnerability, which allows remote attackers to read arbitrary files, cause a denial of service, conduct server-side request forgery (SSRF) attacks, or conduct SMB Relay attacks via a crafted DTD in an XML request to OA_HTML/lcmServiceController.jsp.",Oracle,E-business Suite,,,0.004149999935179949,false,false,false,false,,false,false,2016-01-21T02:00:00.000Z,0
CVE-2016-0513,https://securityvulnerability.io/vulnerability/CVE-2016-0513,,Unspecified vulnerability in the Oracle CRM Technical Foundation component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect integrity via vectors related to BIS Common Components.,Oracle,E-business Suite,,,0.001449999981559813,false,false,false,false,,false,false,2016-01-21T02:00:00.000Z,0
CVE-2016-0511,https://securityvulnerability.io/vulnerability/CVE-2016-0511,,"Unspecified vulnerability in the Oracle E-Business Intelligence component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Common Components, a different vulnerability than CVE-2016-0547, CVE-2016-0548, and CVE-2016-0549.",Oracle,E-business Suite,,,0.0018100000452250242,false,false,false,false,,false,false,2016-01-21T02:00:00.000Z,0
CVE-2016-0527,https://securityvulnerability.io/vulnerability/CVE-2016-0527,,"Unspecified vulnerability in the Oracle Customer Interaction History component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentiality and integrity via vectors related to User GUI, a different vulnerability than CVE-2016-0528, CVE-2016-0529, and CVE-2016-0530.",Oracle,E-business Suite,,,0.0018100000452250242,false,false,false,false,,false,false,2016-01-21T02:00:00.000Z,0
CVE-2016-0556,https://securityvulnerability.io/vulnerability/CVE-2016-0556,,"Unspecified vulnerability in the Oracle Advanced Collections component in Oracle E-Business Suite 11.5.10.2, 12.1.1, 12.1.2, and 12.1.3 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Administration, a different vulnerability than CVE-2016-0557.",Oracle,E-business Suite,,,0.000859999970998615,false,false,false,false,,false,false,2016-01-21T02:00:00.000Z,0
CVE-2016-0510,https://securityvulnerability.io/vulnerability/CVE-2016-0510,,Unspecified vulnerability in the Oracle E-Business Intelligence component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Business Views Catalog.,Oracle,E-business Suite,,,0.0018100000452250242,false,false,false,false,,false,false,2016-01-21T02:00:00.000Z,0
CVE-2016-0519,https://securityvulnerability.io/vulnerability/CVE-2016-0519,,"Unspecified vulnerability in the Oracle iReceivables component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect integrity via unknown vectors related to AR Web Utilities, a different vulnerability than CVE-2016-0507.",Oracle,E-business Suite,,,0.001449999981559813,false,false,false,false,,false,false,2016-01-21T02:00:00.000Z,0
CVE-2016-0456,https://securityvulnerability.io/vulnerability/CVE-2016-0456,,"Unspecified vulnerability in the Application Mgmt Pack for E-Business Suite component in Oracle E-Business Suite 12.1 and 12.2 allows remote attackers to affect confidentiality via vectors related to REST Framework, a different vulnerability than CVE-2016-0457. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this issue is an XML External Entity (XXE) vulnerability, which allows remote attackers to read arbitrary files, cause a denial of service, conduct server-side request forgery (SSRF) attacks, or conduct SMB Relay attacks via a crafted DTD in an XML request to OA_HTML/copxmllcmservicecontroller.js.",Oracle,E-business Suite,,,0.004149999935179949,false,false,false,false,,false,false,2016-01-21T02:00:00.000Z,0