cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-21271,https://securityvulnerability.io/vulnerability/CVE-2024-21271,Unpatched Vulnerability in Oracle Field Service Portal allows Low-Privileged Attacks,"A vulnerability exists in the Oracle Field Service component of Oracle E-Business Suite, primarily impacting versions 12.2.3 to 12.2.13. This vulnerability enables low-privileged attackers with network access via HTTP to exploit weaknesses in the system. When successfully executed, this vulnerability can lead to unauthorized creation, deletion, or modification of sensitive data. Attackers may gain unauthorized access to critical data and the ability to manipulate all accessible information within Oracle Field Service. Organizations utilizing the affected versions are urged to implement appropriate security patches to mitigate these risks and safeguard their data integrity.",Oracle,Oracle Field Service,8.1,HIGH,0.0004799999878741801,false,,false,false,false,,,false,false,,2024-10-15T19:52:58.214Z,0
CVE-2023-21853,https://securityvulnerability.io/vulnerability/CVE-2023-21853,Unauthorized Data Access in Oracle Mobile Field Service by Oracle,"An unauthenticated network-based vulnerability exists in Oracle Mobile Field Service, part of Oracle E-Business Suite. This issue impacts versions 12.2.3 to 12.2.12, allowing attackers to gain unauthorized access to create, delete, or modify essential data. With proper exploitation, sensitive information can be compromised, making it crucial for users to update their systems accordingly to mitigate potential risks.",Oracle,Mobile Field Service,7.5,HIGH,0.00044999999227002263,false,,false,false,false,,,false,false,,2023-01-18T00:15:00.000Z,0
CVE-2021-35570,https://securityvulnerability.io/vulnerability/CVE-2021-35570,Unauthorized Access Vulnerability in Oracle E-Business Suite Mobile Field Service,"An easily exploitable vulnerability in the Oracle Mobile Field Service component of the Oracle E-Business Suite allows low privileged attackers with network access through HTTP to compromise the system. Successful exploitation of this vulnerability can lead to unauthorized creation, deletion, or modification of critical data, resulting in the potential exposure of all accessible data in Oracle Mobile Field Service.",Oracle,Mobile Field Service,8.1,HIGH,0.0008900000248104334,false,,false,false,false,,,false,false,,2021-10-20T10:50:17.000Z,0
CVE-2021-2362,https://securityvulnerability.io/vulnerability/CVE-2021-2362,Weakness in Oracle E-Business Suite's Wireless Component,"A security vulnerability in the wireless component of Oracle Field Service within the Oracle E-Business Suite allows a low-privileged attacker to exploit network access via HTTP. This exploitation could lead to unauthorized actions such as creating, deleting, or modifying critical data. Affected versions include 12.1.1 through 12.1.3, posing significant risks to confidentiality and integrity of data within the Oracle Field Service environment.",Oracle,Field Service,8.1,HIGH,0.0009399999980814755,false,,false,false,false,,,false,false,,2021-07-20T22:43:39.000Z,0
CVE-2020-2603,https://securityvulnerability.io/vulnerability/CVE-2020-2603,Vulnerability in Oracle Field Service of Oracle E-Business Suite,"A vulnerability exists in the Oracle Field Service component of Oracle E-Business Suite that allows an unauthenticated attacker with network access via HTTPS to compromise the service. Exploitation of this issue requires human interaction from a user other than the attacker. Attackers may gain unauthorized access to update, insert, or delete data within Oracle Field Service, as well as unauthorized read access to certain data sets. This vulnerability can have a significant impact not only on Oracle Field Service but also on interrelated products.",Oracle,Field Service,6.1,MEDIUM,0.0008299999753944576,false,,false,false,false,,,false,false,,2020-01-15T16:34:03.000Z,0
CVE-2019-2930,https://securityvulnerability.io/vulnerability/CVE-2019-2930,Unauthenticated Access Vulnerability in Oracle Field Service by Oracle,"This vulnerability exists in Oracle Field Service, part of the Oracle E-Business Suite, enabling an unauthenticated attacker with network access through HTTP to exploit the system. The attack requires human interaction from a user other than the attacker, potentially leading to unauthorized updates, inserts, or deletions of sensitive data within Oracle Field Service. While the primary focus is on this component, successful exploitation could affect additional integrated products.",Oracle,Field Service,4.7,MEDIUM,0.0008299999753944576,false,,false,false,false,,,false,false,,2019-10-16T17:40:54.000Z,0
CVE-2019-2828,https://securityvulnerability.io/vulnerability/CVE-2019-2828,Unauthenticated Remote Access Vulnerability in Oracle E-Business Suite Wireless Component,"An easily exploitable vulnerability exists in the Wireless component of the Oracle Field Service within the Oracle E-Business Suite, impacting versions from 12.1.1 to 12.2.8. An unauthenticated attacker can gain access via HTTP, requiring human interaction from another user. While primarily affecting the Oracle Field Service, successful exploitation can have significant repercussions on additional products within the suite, leading to potential unauthorized control and exposure of sensitive data. Organizations utilizing the affected versions should prioritize patching to mitigate potential attacks.",Oracle,Field Service,9.6,CRITICAL,0.004780000075697899,false,,false,false,false,,,false,false,,2019-07-23T23:15:00.000Z,0
CVE-2019-2485,https://securityvulnerability.io/vulnerability/CVE-2019-2485,,"Vulnerability in the Oracle Mobile Field Service component of Oracle E-Business Suite (subcomponent: Administration). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 and 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Mobile Field Service. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Mobile Field Service, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Mobile Field Service accessible data. CVSS 3.0 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N).",Oracle,Mobile Field Service,4.7,MEDIUM,0.0006699999794363976,false,,false,false,false,,,false,false,,2019-01-16T19:00:00.000Z,0
CVE-2017-10413,https://securityvulnerability.io/vulnerability/CVE-2017-10413,,"Vulnerability in the Oracle Mobile Field Service component of Oracle E-Business Suite (subcomponent: Multiplatform Based on HTML5). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Mobile Field Service. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Mobile Field Service, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Mobile Field Service accessible data as well as unauthorized update, insert or delete access to some of Oracle Mobile Field Service accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",Oracle,Mobile Field Service,8.2,HIGH,0.001970000099390745,false,,false,false,false,,,false,false,,2017-10-19T17:00:00.000Z,0
CVE-2017-10170,https://securityvulnerability.io/vulnerability/CVE-2017-10170,,"Vulnerability in the Oracle Field Service component of Oracle E-Business Suite (subcomponent: Wireless/WAP). Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Field Service. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Field Service, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Field Service accessible data as well as unauthorized update, insert or delete access to some of Oracle Field Service accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",Oracle,Field Service,8.2,HIGH,0.0014700000174343586,false,,false,false,false,,,false,false,,2017-08-08T15:00:00.000Z,0
CVE-2017-10184,https://securityvulnerability.io/vulnerability/CVE-2017-10184,,"Vulnerability in the Oracle Field Service component of Oracle E-Business Suite (subcomponent: Wireless/WAP). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Field Service. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Field Service accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).",Oracle,Field Service,5.3,MEDIUM,0.0013099999632686377,false,,false,false,false,,,false,false,,2017-08-08T15:00:00.000Z,0
CVE-2016-3466,https://securityvulnerability.io/vulnerability/CVE-2016-3466,,"Unspecified vulnerability in the Oracle Field Service component in Oracle E-Business Suite 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and integrity via vectors related to Wireless.",Oracle,Field Service,9.1,CRITICAL,0.003010000102221966,false,,false,false,false,,,false,false,,2016-04-21T10:00:00.000Z,0
CVE-2016-0542,https://securityvulnerability.io/vulnerability/CVE-2016-0542,,"Unspecified vulnerability in the Oracle Field Service component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect integrity via unknown vectors related to Field Service Map.",Oracle,Field Service,,,0.001449999981559813,false,,false,false,false,,,false,false,,2016-01-21T02:00:00.000Z,0