cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-22004,https://securityvulnerability.io/vulnerability/CVE-2023-22004,Unauthenticated HTTP Vulnerability in Oracle E-Business Suite Reports Configuration,"A significant vulnerability has been identified in the Oracle E-Business Suite, specifically within the Reports Configuration component. This issue allows unauthenticated attackers with network access via HTTP to exploit the system. Although the successful exploitation requires human interaction, it poses serious risks, as it can lead to unauthorized updates, insertions, or deletions of data within the Oracle Applications Technology framework. Organizations using supported versions between 12.2.3 and 12.2.12 are strongly advised to investigate and implement suitable security measures to mitigate potential risks.",Oracle,E-business Suite Technology Stack,4.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2023-07-18T21:15:00.000Z,0
CVE-2020-14805,https://securityvulnerability.io/vulnerability/CVE-2020-14805,Unauthenticated Access Vulnerability in Oracle E-Business Suite Search,"The vulnerability in Oracle E-Business Suite Secure Enterprise Search allows an unauthenticated attacker with HTTP network access to exploit the Search Integration Engine. This can lead to unauthorized creation, deletion, or modification of critical data. Victims of such attacks may find sensitive information exposed or manipulated, risking the integrity and confidentiality of their data within the Oracle E-Business Suite environment.",Oracle,E-business Suite Secure Enterprise Search,9.1,CRITICAL,0.0027000000700354576,false,,false,false,false,,,false,false,,2020-10-21T14:04:26.000Z,0
CVE-2018-3167,https://securityvulnerability.io/vulnerability/CVE-2018-3167,,"Vulnerability in the Application Management Pack for Oracle E-Business Suite component of Oracle E-Business Suite (subcomponent: User Monitoring). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Application Management Pack for Oracle E-Business Suite. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Application Management Pack for Oracle E-Business Suite accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).",Oracle,Application Management Pack For Oracle E-business Suite,5.3,MEDIUM,0.005280000157654285,false,,false,false,false,,,false,false,,2018-10-17T01:00:00.000Z,0
CVE-2017-10066,https://securityvulnerability.io/vulnerability/CVE-2017-10066,,"Vulnerability in the Oracle Applications Technology Stack component of Oracle E-Business Suite (subcomponent: Oracle Forms). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Applications Technology Stack. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications Technology Stack accessible data. CVSS 3.0 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).",Oracle,E-business Suite Technology Stack,5.3,MEDIUM,0.001550000044517219,false,,false,false,false,,,false,false,,2017-10-19T17:00:00.000Z,0
CVE-2017-10324,https://securityvulnerability.io/vulnerability/CVE-2017-10324,,"Vulnerability in the Oracle Applications Technology Stack component of Oracle E-Business Suite (subcomponent: Oracle Forms). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Applications Technology Stack. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Applications Technology Stack accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).",Oracle,E-business Suite Technology Stack,5.3,MEDIUM,0.0013800000306218863,false,,false,false,false,,,false,false,,2017-10-19T17:00:00.000Z,0
CVE-2017-10179,https://securityvulnerability.io/vulnerability/CVE-2017-10179,,"Vulnerability in the Application Management Pack for Oracle E-Business Suite component of Oracle E-Business Suite (subcomponent: User Monitoring). Supported versions that are affected are AMP 12.1.0.4.0 and AMP 13.1.1.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Application Management Pack for Oracle E-Business Suite. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Application Management Pack for Oracle E-Business Suite accessible data as well as unauthorized read access to a subset of Application Management Pack for Oracle E-Business Suite accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N).",Oracle,Application Management Pack For Oracle E-business Suite,6.5,MEDIUM,0.0014700000174343586,false,,false,false,false,,,false,false,,2017-08-08T15:00:00.000Z,0
CVE-2016-3549,https://securityvulnerability.io/vulnerability/CVE-2016-3549,,"Unspecified vulnerability in the Oracle E-Business Suite Secure Enterprise Search component in Oracle E-Business Suite 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentiality via vectors related to Search Integration Engine.",Oracle,E-business Suite Secure Enterprise Search,5.3,MEDIUM,0.002469999948516488,false,,false,false,false,,,false,false,,2016-07-21T10:00:00.000Z,0
CVE-2016-3524,https://securityvulnerability.io/vulnerability/CVE-2016-3524,,"Unspecified vulnerability in the Oracle Applications Technology Stack component in Oracle E-Business Suite 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentiality and integrity via vectors related to Configuration.",Oracle,E-business Suite,5.4,MEDIUM,0.0019099999917671084,false,,false,false,false,,,false,false,,2016-07-21T10:00:00.000Z,0
CVE-2016-3520,https://securityvulnerability.io/vulnerability/CVE-2016-3520,,"Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote administrators to affect confidentiality via vectors related to AOL Diagnostic tests.",Oracle,E-business Suite,4.9,MEDIUM,0.0017000000225380063,false,,false,false,false,,,false,false,,2016-07-21T10:00:00.000Z,0
CVE-2016-0507,https://securityvulnerability.io/vulnerability/CVE-2016-0507,,"Unspecified vulnerability in the Oracle iReceivables component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect integrity via unknown vectors related to AR Web Utilities, a different vulnerability than CVE-2016-0519.",Oracle,E-business Suite,,,0.001449999981559813,false,,false,false,false,,,false,false,,2016-01-21T02:00:00.000Z,0
CVE-2016-0515,https://securityvulnerability.io/vulnerability/CVE-2016-0515,,"Unspecified vulnerability in the Oracle CRM Technical Foundation component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect confidentiality and integrity via vectors related to BIS Common Components, a different vulnerability than CVE-2016-0514.",Oracle,E-business Suite,,,0.0018100000452250242,false,,false,false,false,,,false,false,,2016-01-21T02:00:00.000Z,0
CVE-2016-0514,https://securityvulnerability.io/vulnerability/CVE-2016-0514,,"Unspecified vulnerability in the Oracle CRM Technical Foundation component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect confidentiality and integrity via vectors related to BIS Common Components, a different vulnerability than CVE-2016-0515.",Oracle,E-business Suite,,,0.0018100000452250242,false,,false,false,false,,,false,false,,2016-01-21T02:00:00.000Z,0
CVE-2016-0517,https://securityvulnerability.io/vulnerability/CVE-2016-0517,,"Unspecified vulnerability in the Oracle Human Resources component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect confidentiality and integrity via unknown vectors related to General utilities, a different vulnerability than CVE-2016-0518.",Oracle,E-business Suite,,,0.0018100000452250242,false,,false,false,false,,,false,false,,2016-01-21T02:00:00.000Z,0
CVE-2016-0519,https://securityvulnerability.io/vulnerability/CVE-2016-0519,,"Unspecified vulnerability in the Oracle iReceivables component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect integrity via unknown vectors related to AR Web Utilities, a different vulnerability than CVE-2016-0507.",Oracle,E-business Suite,,,0.001449999981559813,false,,false,false,false,,,false,false,,2016-01-21T02:00:00.000Z,0
CVE-2016-0518,https://securityvulnerability.io/vulnerability/CVE-2016-0518,,"Unspecified vulnerability in the Oracle Human Resources component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect confidentiality and integrity via unknown vectors related to General utilities, a different vulnerability than CVE-2016-0517.",Oracle,E-business Suite,,,0.0018100000452250242,false,,false,false,false,,,false,false,,2016-01-21T02:00:00.000Z,0
CVE-2016-0527,https://securityvulnerability.io/vulnerability/CVE-2016-0527,,"Unspecified vulnerability in the Oracle Customer Interaction History component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentiality and integrity via vectors related to User GUI, a different vulnerability than CVE-2016-0528, CVE-2016-0529, and CVE-2016-0530.",Oracle,E-business Suite,,,0.0018100000452250242,false,,false,false,false,,,false,false,,2016-01-21T02:00:00.000Z,0
CVE-2016-0526,https://securityvulnerability.io/vulnerability/CVE-2016-0526,,"Unspecified vulnerability in the Oracle CRM Technical Foundation component in Oracle E-Business Suite 11.5.10.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect integrity via unknown vectors related to Wireless Framework.",Oracle,E-business Suite,,,0.0018100000452250242,false,,false,false,false,,,false,false,,2016-01-21T02:00:00.000Z,0
CVE-2016-0459,https://securityvulnerability.io/vulnerability/CVE-2016-0459,,"Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote authenticated users to affect integrity via unknown vectors related to Popup Windows.",Oracle,E-business Suite,,,0.000859999970998615,false,,false,false,false,,,false,false,,2016-01-21T02:00:00.000Z,0
CVE-2016-0511,https://securityvulnerability.io/vulnerability/CVE-2016-0511,,"Unspecified vulnerability in the Oracle E-Business Intelligence component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Common Components, a different vulnerability than CVE-2016-0547, CVE-2016-0548, and CVE-2016-0549.",Oracle,E-business Suite,,,0.0018100000452250242,false,,false,false,false,,,false,false,,2016-01-21T02:00:00.000Z,0
CVE-2016-0510,https://securityvulnerability.io/vulnerability/CVE-2016-0510,,Unspecified vulnerability in the Oracle E-Business Intelligence component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Business Views Catalog.,Oracle,E-business Suite,,,0.0018100000452250242,false,,false,false,false,,,false,false,,2016-01-21T02:00:00.000Z,0
CVE-2016-0509,https://securityvulnerability.io/vulnerability/CVE-2016-0509,,Unspecified vulnerability in the Oracle Internet Expenses component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect integrity via unknown vectors related to AP Web Utilities.,Oracle,E-business Suite,,,0.001449999981559813,false,,false,false,false,,,false,false,,2016-01-21T02:00:00.000Z,0
CVE-2016-0456,https://securityvulnerability.io/vulnerability/CVE-2016-0456,,"Unspecified vulnerability in the Application Mgmt Pack for E-Business Suite component in Oracle E-Business Suite 12.1 and 12.2 allows remote attackers to affect confidentiality via vectors related to REST Framework, a different vulnerability than CVE-2016-0457. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this issue is an XML External Entity (XXE) vulnerability, which allows remote attackers to read arbitrary files, cause a denial of service, conduct server-side request forgery (SSRF) attacks, or conduct SMB Relay attacks via a crafted DTD in an XML request to OA_HTML/copxmllcmservicecontroller.js.",Oracle,E-business Suite,,,0.004149999935179949,false,,false,false,false,,,false,false,,2016-01-21T02:00:00.000Z,0
CVE-2016-0512,https://securityvulnerability.io/vulnerability/CVE-2016-0512,,Unspecified vulnerability in the Oracle Human Resources component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Self Service - Common Modules.,Oracle,E-business Suite,,,0.0018100000452250242,false,,false,false,false,,,false,false,,2016-01-21T02:00:00.000Z,0
CVE-2016-0556,https://securityvulnerability.io/vulnerability/CVE-2016-0556,,"Unspecified vulnerability in the Oracle Advanced Collections component in Oracle E-Business Suite 11.5.10.2, 12.1.1, 12.1.2, and 12.1.3 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Administration, a different vulnerability than CVE-2016-0557.",Oracle,E-business Suite,,,0.000859999970998615,false,,false,false,false,,,false,false,,2016-01-21T02:00:00.000Z,0
CVE-2016-0457,https://securityvulnerability.io/vulnerability/CVE-2016-0457,,"Unspecified vulnerability in the Application Mgmt Pack for E-Business Suite component in Oracle E-Business Suite 12.1 and 12.2 allows remote attackers to affect confidentiality via vectors related to REST Framework, a different vulnerability than CVE-2016-0456.  NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this issue is an XML External Entity (XXE) vulnerability, which allows remote attackers to read arbitrary files, cause a denial of service, conduct server-side request forgery (SSRF) attacks, or conduct SMB Relay attacks via a crafted DTD in an XML request to OA_HTML/lcmServiceController.jsp.",Oracle,E-business Suite,,,0.004149999935179949,false,,false,false,false,,,false,false,,2016-01-21T02:00:00.000Z,0