cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2025-21558,https://securityvulnerability.io/vulnerability/CVE-2025-21558,Vulnerability in Primavera P6 Enterprise Project Portfolio Management by Oracle,"A vulnerability has been identified in Oracle's Primavera P6 Enterprise Project Portfolio Management, specifically within the Web Access component. This flaw allows low-privileged attackers with network access via HTTP to exploit the system, requiring human interaction from a third party. Although primarily affecting Primavera P6, successful exploitation could have broader implications for associated products. Attackers may gain unauthorized capabilities to update, insert, delete, or read sensitive data within the system, compromising both confidentiality and integrity of the accessible data.",Oracle,Primavera P6 Enterprise Project Portfolio Management,5.4,MEDIUM,0.01,false,false,false,false,false,false,false,2025-01-21T20:53:19.286Z,0
CVE-2025-21537,https://securityvulnerability.io/vulnerability/CVE-2025-21537,SQL Injection Vulnerability in Oracle PeopleSoft Cash Management,"A SQL Injection vulnerability exists in the Oracle PeopleSoft Enterprise FIN Cash Management product affecting version 9.2. This flaw can be exploited by low-privileged attackers with network access via HTTP, allowing unauthorized manipulation of data. Successful exploitation could lead to unauthorized updates, insertions, deletions, and reading of sensitive data, compromising both confidentiality and integrity within the application. Organizations using this version are advised to apply security patches promptly to safeguard against potential breaches.",Oracle,Peoplesoft Enterprise Fin Cash Management,5.4,MEDIUM,0.01,false,false,false,false,false,false,false,2025-01-21T20:53:11.110Z,0
CVE-2025-21528,https://securityvulnerability.io/vulnerability/CVE-2025-21528,Unauthenticated Access Vulnerability in Primavera P6 by Oracle,"A vulnerability exists in Oracle's Primavera P6 Enterprise Project Portfolio Management that permits unauthenticated attackers with network access via HTTP to exploit the system. This flaw enables unauthorized updates, inserts, or deletions of accessible data given that some level of human interaction from a non-attacker is required. The affected versions include multiple releases from 20.12 to 23.12, making it crucial for users to assess their installation for potential risks.",Oracle,Primavera P6 Enterprise Project Portfolio Management,4.3,MEDIUM,0.01,false,false,false,false,false,false,false,2025-01-21T20:53:07.485Z,0
CVE-2025-21526,https://securityvulnerability.io/vulnerability/CVE-2025-21526,Web Access Vulnerability in Oracle Primavera P6 Enterprise Project Portfolio Management,"A vulnerability exists in Oracle's Primavera P6 Enterprise Project Portfolio Management affecting specific versions of the Web Access component. This weakness allows low-privileged attackers with network access to compromise the application, necessitating human interaction for exploitation. Resulting attacks can lead to unauthorized updates, deletions, or access to sensitive data within Primavera P6. Additionally, successful exploitation may extend beyond the primary product, affecting other related systems. It is crucial to apply recommended security patches to mitigate risks associated with this vulnerability.",Oracle,Primavera P6 Enterprise Project Portfolio Management,5.4,MEDIUM,0.01,false,false,false,false,false,false,false,2025-01-21T20:53:06.692Z,0
CVE-2024-21286,https://securityvulnerability.io/vulnerability/CVE-2024-21286,Unauthorized Access to Sensitive Data in PeopleSoft ELM,"A vulnerability exists in the PeopleSoft Enterprise ELM product from Oracle, specifically affecting version 9.2. This security issue allows an attacker with low privileges and network access via HTTP to potentially compromise the Enterprise Learning Management system. Although the exploit requires human interaction from another person, the implications extend beyond the immediate product, possibly affecting additional systems. Successful exploitation could lead to unauthorized access, allowing the attacker to update, insert, or delete data and gain unauthorized read access to certain datasets within PeopleSoft Enterprise ELM. Organizations relying on this software need to take proactive measures to mitigate risks associated with this vulnerability.",Oracle,Peoplesoft Enterprise Elm Enterprise Learning Management,5.4,MEDIUM,0.00044999999227002263,false,false,false,false,,false,false,2024-10-15T19:53:03.774Z,0
CVE-2024-21192,https://securityvulnerability.io/vulnerability/CVE-2024-21192,Vulnerability in Oracle Fusion Middleware’s WebLogic Management Component,"A vulnerability exists in Oracle Enterprise Manager for Fusion Middleware, specifically within the WebLogic Management component. This flaw enables an attacker, who possesses login credentials, to exploit the system easily. It allows unauthorized access to sensitive information or total control over data accessible through the Oracle Enterprise Manager for Fusion Middleware. Such breaches pose a significant risk to organizations relying on Oracle's solutions for their enterprise operations.",Oracle,Oracle Enterprise Manager For Fusion Middleware,4.4,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-10-15T19:52:35.130Z,0
CVE-2024-21191,https://securityvulnerability.io/vulnerability/CVE-2024-21191,Exploitable Vulnerability in Oracle Enterprise Manager Fusion Middleware Control,"A vulnerability exists within the Oracle Enterprise Manager Fusion Middleware Control product, specifically in the FMW Control Plugin. This flaw enables a low-privileged attacker with network access via HTTP to initiate exploitation attempts, requiring human interaction from another individual to succeed. Despite being located in the Fusion Middleware Control, any successful exploitation could lead to unauthorized access to sensitive data or even total access to all data within the Oracle Enterprise Manager Fusion Middleware Control. Additionally, there may be unauthorized capabilities for updating, inserting, or deleting critical data, which could pose significant risks to other products in the ecosystem.",Oracle,Oracle Enterprise Manager Fusion Middleware Control,7.6,HIGH,0.00046999999904073775,false,false,false,false,,false,false,2024-10-15T19:52:34.801Z,0
CVE-2024-21149,https://securityvulnerability.io/vulnerability/CVE-2024-21149,Weakness in Oracle E-Business Suite's Enterprise Asset Management Component,"A significant vulnerability exists within the Oracle E-Business Suite, specifically affecting the Enterprise Asset Management component. Supported versions from 12.2.11 to 12.2.13 are vulnerable due to a flaw that allows a low privileged attacker with network access via HTTP the ability to compromise the application. This vulnerability can lead to unauthorized creation, deletion, or modification of critical data, as well as the potential for full access to all data that is accessible within the Oracle Enterprise Asset Management system. Organizations should prioritize patching to mitigate risks to data confidentiality and integrity.",Oracle,Enterprise Asset Management,8.1,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2024-07-16T23:15:00.000Z,0
CVE-2024-21067,https://securityvulnerability.io/vulnerability/CVE-2024-21067,Vulnerability in Oracle Enterprise Manager Base Platform Host Management,"A vulnerability has been identified in the Oracle Enterprise Manager Base Platform within the Host Management component. This flaw affects version 13.5.0.0 and allows low privileged attackers, who have access to the underlying infrastructure, to compromise the functionalities of the Oracle Enterprise Manager Base Platform. While the vulnerability is contained within this specific product, it poses a risk of significantly affecting additional products within the environment. Successful exploitation can lead to the takeover of the Oracle Enterprise Manager Base Platform, potentially impacting confidentiality, integrity, and availability of the affected systems.",Oracle,Enterprise Manager Base Platform,8.8,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2024-04-16T22:15:00.000Z,0
CVE-2024-20917,https://securityvulnerability.io/vulnerability/CVE-2024-20917,Vulnerability in Oracle Enterprise Manager Base Platform Log Management Component,"A vulnerability exists in the Log Management component of Oracle's Enterprise Manager Base Platform that could be exploited by an unauthenticated attacker with network access via HTTP. This vulnerability requires interaction from a user other than the attacker to be successfully exploited. While the primary impact is on the Oracle Enterprise Manager Base Platform, there may be significant implications for other connected products. Successful exploitation can lead to unauthorized access to sensitive data, including the ability to read, modify, or delete critical information. Additionally, it gives the attacker the potential to initiate a partial denial of service, disrupting the functionality of the Oracle Enterprise Manager Base Platform.",Oracle,Enterprise Manager Base Platform,7.5,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2024-02-17T01:50:09.948Z,0
CVE-2024-20916,https://securityvulnerability.io/vulnerability/CVE-2024-20916,Vulnerability in Oracle Enterprise Manager Base Platform Component: Event Management,"A vulnerability exists within the Oracle Enterprise Manager Base Platform, specifically related to the Event Management component. This vulnerability affects version 13.5.0.0, enabling a high privileged attacker with access to the physical communication segment of the hardware to exploit the Oracle Enterprise Manager Base Platform. Successful exploitation can lead to unauthorized creation, deletion, or modification of critical data, as well as gaining unauthorized access to all data accessible by the Oracle Enterprise Manager Base Platform. Additionally, the attacker may cause a partial denial of service, impacting the system's functionality. Given the potential wide-reaching implications of this vulnerability, surrounding products may also face heightened risks.",Oracle,Enterprise Manager Base Platform,8.3,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2024-01-16T21:41:14.656Z,0
CVE-2022-21623,https://securityvulnerability.io/vulnerability/CVE-2022-21623,,"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Application Config Console). Supported versions that are affected are 13.4.0.0 and 13.5.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Enterprise Manager Base Platform accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).",Oracle,Enterprise Manager Base Platform,7.5,HIGH,0.00044999999227002263,false,false,false,false,,false,false,2022-10-18T00:00:00.000Z,0
CVE-2022-21536,https://securityvulnerability.io/vulnerability/CVE-2022-21536,,"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Policy Framework). Supported versions that are affected are 13.4.0.0 and 13.5.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in takeover of Enterprise Manager Base Platform. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).",Oracle,Enterprise Manager Base Platform,8.1,HIGH,0.00044999999227002263,false,false,false,false,,false,false,2022-07-19T21:07:23.000Z,0
CVE-2022-21516,https://securityvulnerability.io/vulnerability/CVE-2022-21516,,"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Manager Install). Supported versions that are affected are 13.4.0.0 and 13.5.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data as well as unauthorized read access to a subset of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).",Oracle,Enterprise Manager Base Platform,7.3,HIGH,0.00044999999227002263,false,false,false,false,,false,false,2022-07-19T21:06:52.000Z,0
CVE-2022-21481,https://securityvulnerability.io/vulnerability/CVE-2022-21481,,"Vulnerability in the PeopleSoft Enterprise FIN Cash Management product of Oracle PeopleSoft (component: Financial Gateway). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise FIN Cash Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise FIN Cash Management, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise FIN Cash Management accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise FIN Cash Management accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).",Oracle,Peoplesoft Enterprise Fin Cash Management,5.4,MEDIUM,0.00044999999227002263,false,false,false,false,,false,false,2022-04-19T20:38:28.000Z,0
CVE-2022-21469,https://securityvulnerability.io/vulnerability/CVE-2022-21469,,"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: UI Framework). Supported versions that are affected are 13.4.0.0 and 13.5.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Enterprise Manager Base Platform, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data. CVSS 3.1 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N).",Oracle,Enterprise Manager Base Platform,4.7,MEDIUM,0.00044999999227002263,false,false,false,false,,false,false,2022-04-19T20:38:09.000Z,0
CVE-2022-21392,https://securityvulnerability.io/vulnerability/CVE-2022-21392,,"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Policy Framework). Supported versions that are affected are 13.4.0.0 and 13.5.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data. CVSS 3.1 Base Score 8.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).",Oracle,Enterprise Manager Base Platform,8.8,HIGH,0.00044999999227002263,false,false,false,true,true,false,false,2022-01-19T11:26:39.000Z,0
CVE-2021-2137,https://securityvulnerability.io/vulnerability/CVE-2021-2137,,"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Policy Framework). Supported versions that are affected are 13.4.0.0 and 13.5.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in takeover of Enterprise Manager Base Platform. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).",Oracle,Enterprise Manager Base Platform,8.8,HIGH,0.00395999988541007,false,false,false,false,,false,false,2021-10-20T10:49:32.000Z,0
CVE-2021-2386,https://securityvulnerability.io/vulnerability/CVE-2021-2386,,Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: Web Access). Supported versions that are affected are 20.12.0-20.12.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Primavera P6 Enterprise Project Portfolio Management accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).,Oracle,Primavera P6 Enterprise Project Portfolio Management,4.3,MEDIUM,0.0005699999746866524,false,false,false,false,,false,false,2021-07-20T22:44:01.000Z,0
CVE-2021-2366,https://securityvulnerability.io/vulnerability/CVE-2021-2366,,"Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: Web Access). Supported versions that are affected are 17.12.0-17.12.20, 18.8.0-18.8.23, 19.12.0-19.12.14 and 20.12.0-20.12.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. While the vulnerability is in Primavera P6 Enterprise Project Portfolio Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Primavera P6 Enterprise Project Portfolio Management accessible data as well as unauthorized read access to a subset of Primavera P6 Enterprise Project Portfolio Management accessible data. CVSS 3.1 Base Score 6.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N).",Oracle,Primavera P6 Enterprise Project Portfolio Management,6.4,MEDIUM,0.0005699999746866524,false,false,false,false,,false,false,2021-07-20T22:43:43.000Z,0
CVE-2021-2233,https://securityvulnerability.io/vulnerability/CVE-2021-2233,,"Vulnerability in the Oracle Enterprise Asset Management product of Oracle E-Business Suite (component: Setup). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Enterprise Asset Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Enterprise Asset Management accessible data as well as unauthorized access to critical data or complete access to all Oracle Enterprise Asset Management accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).",Oracle,Enterprise Asset Management,8.1,HIGH,0.0009399999980814755,false,false,false,false,,false,false,2021-04-22T21:53:54.000Z,0
CVE-2021-2134,https://securityvulnerability.io/vulnerability/CVE-2021-2134,,Vulnerability in the Enterprise Manager for Fusion Middleware product of Oracle Enterprise Manager (component: FMW Control Plugin). The supported version that is affected is 12.2.1.4. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Enterprise Manager for Fusion Middleware. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Enterprise Manager for Fusion Middleware. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).,Oracle,Enterprise Manager For Fusion Middleware,6.5,MEDIUM,0.000590000010561198,false,false,false,false,,false,false,2021-04-22T21:53:44.000Z,0
CVE-2021-2008,https://securityvulnerability.io/vulnerability/CVE-2021-2008,,"Vulnerability in the Enterprise Manager for Fusion Middleware product of Oracle Enterprise Manager (component: FMW Control Plugin). The supported version that is affected are 11.1.1.9 and 12.2.1.3 Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Enterprise Manager for Fusion Middleware. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Enterprise Manager for Fusion Middleware accessible data as well as unauthorized read access to a subset of Enterprise Manager for Fusion Middleware accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager for Fusion Middleware. CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).",Oracle,Enterprise Manager For Fusion Middleware,7.3,HIGH,0.0009399999980814755,false,false,false,false,,false,false,2021-04-22T21:53:43.000Z,0
CVE-2021-2053,https://securityvulnerability.io/vulnerability/CVE-2021-2053,,"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: UI Framework). The supported version that is affected is 13.4.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Enterprise Manager Base Platform, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data as well as unauthorized read access to a subset of Enterprise Manager Base Platform accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",Oracle,Enterprise Manager Base Platform,6.1,MEDIUM,0.0015399999683722854,false,false,false,false,,false,false,2021-04-22T21:53:43.000Z,0
CVE-2020-2982,https://securityvulnerability.io/vulnerability/CVE-2020-2982,,"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Config Management). Supported versions that are affected are 13.3.0.0 and 13.4.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N).",Oracle,Enterprise Manager Base Platform,7.1,HIGH,0.0008900000248104334,false,false,false,false,,false,false,2020-07-15T17:34:36.000Z,0