cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2025-21558,https://securityvulnerability.io/vulnerability/CVE-2025-21558,Vulnerability in Primavera P6 Enterprise Project Portfolio Management by Oracle,"A vulnerability has been identified in Oracle's Primavera P6 Enterprise Project Portfolio Management, specifically within the Web Access component. This flaw allows low-privileged attackers with network access via HTTP to exploit the system, requiring human interaction from a third party. Although primarily affecting Primavera P6, successful exploitation could have broader implications for associated products. Attackers may gain unauthorized capabilities to update, insert, delete, or read sensitive data within the system, compromising both confidentiality and integrity of the accessible data.",Oracle,Primavera P6 Enterprise Project Portfolio Management,5.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-21T20:53:19.286Z,0
CVE-2025-21537,https://securityvulnerability.io/vulnerability/CVE-2025-21537,SQL Injection Vulnerability in Oracle PeopleSoft Cash Management,"A SQL Injection vulnerability exists in the Oracle PeopleSoft Enterprise FIN Cash Management product affecting version 9.2. This flaw can be exploited by low-privileged attackers with network access via HTTP, allowing unauthorized manipulation of data. Successful exploitation could lead to unauthorized updates, insertions, deletions, and reading of sensitive data, compromising both confidentiality and integrity within the application. Organizations using this version are advised to apply security patches promptly to safeguard against potential breaches.",Oracle,Peoplesoft Enterprise Fin Cash Management,5.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-21T20:53:11.110Z,0
CVE-2025-21528,https://securityvulnerability.io/vulnerability/CVE-2025-21528,Unauthenticated Access Vulnerability in Primavera P6 by Oracle,"A vulnerability exists in Oracle's Primavera P6 Enterprise Project Portfolio Management that permits unauthenticated attackers with network access via HTTP to exploit the system. This flaw enables unauthorized updates, inserts, or deletions of accessible data given that some level of human interaction from a non-attacker is required. The affected versions include multiple releases from 20.12 to 23.12, making it crucial for users to assess their installation for potential risks.",Oracle,Primavera P6 Enterprise Project Portfolio Management,4.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-21T20:53:07.485Z,0
CVE-2025-21526,https://securityvulnerability.io/vulnerability/CVE-2025-21526,Web Access Vulnerability in Oracle Primavera P6 Enterprise Project Portfolio Management,"A vulnerability exists in Oracle's Primavera P6 Enterprise Project Portfolio Management affecting specific versions of the Web Access component. This weakness allows low-privileged attackers with network access to compromise the application, necessitating human interaction for exploitation. Resulting attacks can lead to unauthorized updates, deletions, or access to sensitive data within Primavera P6. Additionally, successful exploitation may extend beyond the primary product, affecting other related systems. It is crucial to apply recommended security patches to mitigate risks associated with this vulnerability.",Oracle,Primavera P6 Enterprise Project Portfolio Management,5.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-21T20:53:06.692Z,0
CVE-2024-21286,https://securityvulnerability.io/vulnerability/CVE-2024-21286,Unauthorized Access to Sensitive Data in PeopleSoft ELM,"A vulnerability exists in the PeopleSoft Enterprise ELM product from Oracle, specifically affecting version 9.2. This security issue allows an attacker with low privileges and network access via HTTP to potentially compromise the Enterprise Learning Management system. Although the exploit requires human interaction from another person, the implications extend beyond the immediate product, possibly affecting additional systems. Successful exploitation could lead to unauthorized access, allowing the attacker to update, insert, or delete data and gain unauthorized read access to certain datasets within PeopleSoft Enterprise ELM. Organizations relying on this software need to take proactive measures to mitigate risks associated with this vulnerability.",Oracle,Peoplesoft Enterprise Elm Enterprise Learning Management,5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-10-15T19:53:03.774Z,0
CVE-2024-21192,https://securityvulnerability.io/vulnerability/CVE-2024-21192,Vulnerability in Oracle Fusion Middleware’s WebLogic Management Component,"A vulnerability exists in Oracle Enterprise Manager for Fusion Middleware, specifically within the WebLogic Management component. This flaw enables an attacker, who possesses login credentials, to exploit the system easily. It allows unauthorized access to sensitive information or total control over data accessible through the Oracle Enterprise Manager for Fusion Middleware. Such breaches pose a significant risk to organizations relying on Oracle's solutions for their enterprise operations.",Oracle,Oracle Enterprise Manager For Fusion Middleware,4.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-10-15T19:52:35.130Z,0
CVE-2024-21191,https://securityvulnerability.io/vulnerability/CVE-2024-21191,Exploitable Vulnerability in Oracle Enterprise Manager Fusion Middleware Control,"A vulnerability exists within the Oracle Enterprise Manager Fusion Middleware Control product, specifically in the FMW Control Plugin. This flaw enables a low-privileged attacker with network access via HTTP to initiate exploitation attempts, requiring human interaction from another individual to succeed. Despite being located in the Fusion Middleware Control, any successful exploitation could lead to unauthorized access to sensitive data or even total access to all data within the Oracle Enterprise Manager Fusion Middleware Control. Additionally, there may be unauthorized capabilities for updating, inserting, or deleting critical data, which could pose significant risks to other products in the ecosystem.",Oracle,Oracle Enterprise Manager Fusion Middleware Control,7.6,HIGH,0.00046999999904073775,false,,false,false,false,,,false,false,,2024-10-15T19:52:34.801Z,0
CVE-2024-21149,https://securityvulnerability.io/vulnerability/CVE-2024-21149,Weakness in Oracle E-Business Suite's Enterprise Asset Management Component,"A significant vulnerability exists within the Oracle E-Business Suite, specifically affecting the Enterprise Asset Management component. Supported versions from 12.2.11 to 12.2.13 are vulnerable due to a flaw that allows a low privileged attacker with network access via HTTP the ability to compromise the application. This vulnerability can lead to unauthorized creation, deletion, or modification of critical data, as well as the potential for full access to all data that is accessible within the Oracle Enterprise Asset Management system. Organizations should prioritize patching to mitigate risks to data confidentiality and integrity.",Oracle,Enterprise Asset Management,8.1,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-07-16T23:15:00.000Z,0
CVE-2024-21067,https://securityvulnerability.io/vulnerability/CVE-2024-21067,Vulnerability in Oracle Enterprise Manager Base Platform Host Management,"A vulnerability has been identified in the Oracle Enterprise Manager Base Platform within the Host Management component. This flaw affects version 13.5.0.0 and allows low privileged attackers, who have access to the underlying infrastructure, to compromise the functionalities of the Oracle Enterprise Manager Base Platform. While the vulnerability is contained within this specific product, it poses a risk of significantly affecting additional products within the environment. Successful exploitation can lead to the takeover of the Oracle Enterprise Manager Base Platform, potentially impacting confidentiality, integrity, and availability of the affected systems.",Oracle,Enterprise Manager Base Platform,8.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-04-16T22:15:00.000Z,0
CVE-2024-20917,https://securityvulnerability.io/vulnerability/CVE-2024-20917,Vulnerability in Oracle Enterprise Manager Base Platform Log Management Component,"A vulnerability exists in the Log Management component of Oracle's Enterprise Manager Base Platform that could be exploited by an unauthenticated attacker with network access via HTTP. This vulnerability requires interaction from a user other than the attacker to be successfully exploited. While the primary impact is on the Oracle Enterprise Manager Base Platform, there may be significant implications for other connected products. Successful exploitation can lead to unauthorized access to sensitive data, including the ability to read, modify, or delete critical information. Additionally, it gives the attacker the potential to initiate a partial denial of service, disrupting the functionality of the Oracle Enterprise Manager Base Platform.",Oracle,Enterprise Manager Base Platform,7.5,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-02-17T01:50:09.948Z,0
CVE-2024-20916,https://securityvulnerability.io/vulnerability/CVE-2024-20916,Vulnerability in Oracle Enterprise Manager Base Platform Component: Event Management,"A vulnerability exists within the Oracle Enterprise Manager Base Platform, specifically related to the Event Management component. This vulnerability affects version 13.5.0.0, enabling a high privileged attacker with access to the physical communication segment of the hardware to exploit the Oracle Enterprise Manager Base Platform. Successful exploitation can lead to unauthorized creation, deletion, or modification of critical data, as well as gaining unauthorized access to all data accessible by the Oracle Enterprise Manager Base Platform. Additionally, the attacker may cause a partial denial of service, impacting the system's functionality. Given the potential wide-reaching implications of this vulnerability, surrounding products may also face heightened risks.",Oracle,Enterprise Manager Base Platform,8.3,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-01-16T21:41:14.656Z,0
CVE-2022-21623,https://securityvulnerability.io/vulnerability/CVE-2022-21623,Unauthenticated Access Vulnerability in Oracle Enterprise Manager,"An unauthenticated access vulnerability exists within the Application Config Console of Oracle's Enterprise Manager Base Platform. This flaw allows attackers with network access via HTTP to exploit it easily, leading to unauthorized creation, deletion, or modification of critical data. These actions can affect all data accessible through the Enterprise Manager Base Platform, posing a significant risk to organizations utilizing these versions.",Oracle,Enterprise Manager Base Platform,7.5,HIGH,0.00044999999227002263,false,,false,false,false,,,false,false,,2022-10-18T00:00:00.000Z,0
CVE-2022-21536,https://securityvulnerability.io/vulnerability/CVE-2022-21536,Unauthorized Access Vulnerability in Oracle Enterprise Manager Base Platform,"This vulnerability in Oracle's Enterprise Manager Base Platform allows an unauthenticated attacker with network access to exploit the system via HTTP. If successful, the attacker can compromise the integrity and availability of the Enterprise Manager, potentially leading to unauthorized control over the affected environment. Supported versions, specifically 13.4.0.0 and 13.5.0.0, are exposed, emphasizing the importance of monitoring and securing these products to prevent malicious activities.",Oracle,Enterprise Manager Base Platform,8.1,HIGH,0.00044999999227002263,false,,false,false,false,,,false,false,,2022-07-19T21:07:23.000Z,0
CVE-2022-21516,https://securityvulnerability.io/vulnerability/CVE-2022-21516,Unauthenticated Access Vulnerability in Oracle Enterprise Manager Base Platform,"An unauthenticated access vulnerability exists in the Oracle Enterprise Manager Base Platform. This flaw allows an attacker with network access via HTTP to compromise the platform, leading to unauthorized modifications and reading of data. Attackers may exploit this vulnerability to execute unauthorized updates, inserts, or deletions on accessible data, and can also partially disrupt the service's availability. It affects specific versions of the Enterprise Manager and poses significant security risks.",Oracle,Enterprise Manager Base Platform,7.3,HIGH,0.00044999999227002263,false,,false,false,false,,,false,false,,2022-07-19T21:06:52.000Z,0
CVE-2022-21481,https://securityvulnerability.io/vulnerability/CVE-2022-21481,Vulnerability in Oracle PeopleSoft FIN Cash Management Component,"A vulnerability exists in the PeopleSoft Enterprise FIN Cash Management product from Oracle, which allows low privileged attackers with network access to compromise the system through HTTP. Exploiting this flaw requires human interaction from a different user, increasing the risk of unauthorized data manipulations. Attackers may gain the ability to insert, update, or delete data, along with unauthorized read access to specific financial data. This vulnerability may not only affect the Cash Management product but could also have broader implications on other related components.",Oracle,Peoplesoft Enterprise Fin Cash Management,5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2022-04-19T20:38:28.000Z,0
CVE-2022-21469,https://securityvulnerability.io/vulnerability/CVE-2022-21469,Unauthenticated Access Vulnerability in Oracle Enterprise Manager UI Framework,"An unauthenticated access vulnerability exists within the UI Framework of Oracle's Enterprise Manager Base Platform. This flaw allows an attacker with network access to exploit the system through HTTP. While the vulnerability is specifically in the Enterprise Manager Base Platform, its exploitation may have broader implications for other connected products. Successful exploitation requires user interaction from someone other than the attacker, leading to unauthorized ability to update, insert, or delete sensitive data in the platform. Organizations using versions 13.4.0.0 and 13.5.0.0 should be aware of these risks and take appropriate measures to mitigate potential impacts.",Oracle,Enterprise Manager Base Platform,4.7,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2022-04-19T20:38:09.000Z,0
CVE-2022-21392,https://securityvulnerability.io/vulnerability/CVE-2022-21392,Unauthorized Access Vulnerability in Oracle Enterprise Manager,"The vulnerability in Oracle's Enterprise Manager Base Platform allows attackers with low privileges and network access to exploit the system through HTTP. This exploitation can lead to unauthorized access to critical data and potential control over all accessible data, enabling attackers to update, insert, or delete information within the Enterprise Manager system. Organizations using affected versions 13.4.0.0 and 13.5.0.0 must take immediate action to secure their environments.",Oracle,Enterprise Manager Base Platform,8.8,HIGH,0.00044999999227002263,false,,false,false,true,2023-12-08T20:13:23.000Z,true,false,false,,2022-01-19T11:26:39.000Z,0
CVE-2021-2137,https://securityvulnerability.io/vulnerability/CVE-2021-2137,Oracle Enterprise Manager Base Platform Policy Framework Vulnerability,"This vulnerability allows an attacker with low privileges and network access via HTTP to exploit the Policy Framework component of Oracle's Enterprise Manager Base Platform. Successful attacks enable the attacker to take control over the platform, resulting in potential unauthorized access and manipulation of sensitive information. The affected versions, 13.4.0.0 and 13.5.0.0, highlight the necessity for prompt updates to mitigate risks associated with this vulnerability.",Oracle,Enterprise Manager Base Platform,8.8,HIGH,0.00395999988541007,false,,false,false,false,,,false,false,,2021-10-20T10:49:32.000Z,0
CVE-2021-2386,https://securityvulnerability.io/vulnerability/CVE-2021-2386,Low Privileged Access Vulnerability in Primavera P6 Enterprise Project Portfolio Management by Oracle,"A vulnerability exists in the Primavera P6 Enterprise Project Portfolio Management software from Oracle, specifically within the Web Access component. This flaw allows a low privileged attacker with network access via HTTP to potentially gain unauthorized read access to certain data within the application. Affected versions are 20.12.0 through 20.12.3, which may expose sensitive information due to this security weakness.",Oracle,Primavera P6 Enterprise Project Portfolio Management,4.3,MEDIUM,0.0005699999746866524,false,,false,false,false,,,false,false,,2021-07-20T22:44:01.000Z,0
CVE-2021-2366,https://securityvulnerability.io/vulnerability/CVE-2021-2366,Web Access Vulnerability in Primavera P6 Enterprise Project Portfolio Management from Oracle,"A vulnerability exists in Oracle's Primavera P6 Enterprise Project Portfolio Management that allows low privileged attackers with network access through HTTP to exploit the system. This vulnerability, found in the Web Access component, could lead to unauthorized updates, inserts, or deletions of accessible data, as well as unauthorized reading of certain data. Successful exploitation poses a significant risk to data integrity and confidentiality across the affected products.",Oracle,Primavera P6 Enterprise Project Portfolio Management,6.4,MEDIUM,0.0005699999746866524,false,,false,false,false,,,false,false,,2021-07-20T22:43:43.000Z,0
CVE-2021-2233,https://securityvulnerability.io/vulnerability/CVE-2021-2233,Vulnerability in Oracle E-Business Suite's Enterprise Asset Management Component,"A vulnerability exists in the Oracle Enterprise Asset Management component of Oracle E-Business Suite, impacting several supported versions. This flaw allows an attacker with low privileges and network access via HTTP to compromise the system. Exploitation of this vulnerability can lead to unauthorized creation, deletion, or modification of critical data, providing an attacker with access to all data within the Enterprise Asset Management system. This can severely impact both the confidentiality and integrity of the data.",Oracle,Enterprise Asset Management,8.1,HIGH,0.0009399999980814755,false,,false,false,false,,,false,false,,2021-04-22T21:53:54.000Z,0
CVE-2021-2134,https://securityvulnerability.io/vulnerability/CVE-2021-2134,Remote Code Execution Vulnerability in Oracle Enterprise Manager,"A vulnerability in Oracle's Enterprise Manager for Fusion Middleware allows attackers with low privileges and network access to exploit the FMW Control Plugin. This can lead to unauthorized actions that may result in significant disruption, including a denial of service, causing the application to freeze or crash frequently.",Oracle,Enterprise Manager For Fusion Middleware,6.5,MEDIUM,0.000590000010561198,false,,false,false,false,,,false,false,,2021-04-22T21:53:44.000Z,0
CVE-2021-2008,https://securityvulnerability.io/vulnerability/CVE-2021-2008,Exploitable Vulnerability in Oracle Enterprise Manager for Fusion Middleware,"A vulnerability exists in the Enterprise Manager for Fusion Middleware that enables an unauthenticated attacker to potentially compromise the system through HTTP access. This flaw allows attackers to gain unauthorized read, update, insert, or delete access to sensitive data. The vulnerability also opens the door to causing a partial denial of service, affecting the performance and availability of the Enterprise Manager application. Affected versions include 11.1.1.9 and 12.2.1.3, highlighting the necessity for users to apply the relevant security updates.",Oracle,Enterprise Manager For Fusion Middleware,7.3,HIGH,0.0009399999980814755,false,,false,false,false,,,false,false,,2021-04-22T21:53:43.000Z,0
CVE-2021-2053,https://securityvulnerability.io/vulnerability/CVE-2021-2053,Unauthenticated Access Vulnerability in Oracle Enterprise Manager UI Framework,"A vulnerability exists in the UI Framework of Oracle's Enterprise Manager Base Platform that allows an unauthenticated attacker to exploit the system via HTTP. While this vulnerability primarily affects version 13.4.0.0, it poses risks that could extend beyond Enterprise Manager itself. Successful exploitation requires user interaction, leading to unauthorized manipulation of the platform's data—enabling attackers to potentially access, modify, or delete sensitive information. This breach can have significant consequences for organizations reliant on this management tool.",Oracle,Enterprise Manager Base Platform,6.1,MEDIUM,0.0015399999683722854,false,,false,false,false,,,false,false,,2021-04-22T21:53:43.000Z,0
CVE-2020-2982,https://securityvulnerability.io/vulnerability/CVE-2020-2982,Vulnerability in Oracle Enterprise Manager Base Platform Affects Data Security,"The vulnerability found in the Oracle Enterprise Manager Base Platform allows low-privileged attackers with network access via HTTP to exploit the system. This can lead to unauthorized access to sensitive data, enabling attackers to read, modify, insert, or delete information in the Enterprise Manager Base Platform. Organizations using affected versions 13.3.0.0 and 13.4.0.0 should take immediate action to assess their security posture and mitigate potential risks.",Oracle,Enterprise Manager Base Platform,7.1,HIGH,0.0008900000248104334,false,,false,false,false,,,false,false,,2020-07-15T17:34:36.000Z,0