cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-22035,https://securityvulnerability.io/vulnerability/CVE-2023-22035,Unauthenticated Network Vulnerability in Oracle E-Business Suite's iSurvey Module,"An unauthenticated vulnerability exists in the Oracle E-Business Suite's iSurvey Module, affecting versions 12.2.3 to 12.2.12. This vulnerability allows an attacker with network access via HTTP to exploit Oracle Scripting without authentication. Successful exploitation requires a user to unknowingly interact, potentially leading to unauthorized actions such as updates, inserts, or deletions of data, while also permitting unauthorized read access to certain data sets. Despite the focus on Oracle Scripting, the implications of this vulnerability may extend to other interconnected products, increasing the risk profile for users.",Oracle,Scripting,6.1,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2023-07-18T21:15:00.000Z,0
CVE-2021-2091,https://securityvulnerability.io/vulnerability/CVE-2021-2091,Unauthenticated Access Vulnerability in Oracle E-Business Suite Scripting Product,"An unauthenticated access vulnerability exists in the Oracle Scripting component of the Oracle E-Business Suite. The flaw allows an attacker with network access via HTTP to exploit the Oracle Scripting functionality. Although the vulnerability is contained within Oracle Scripting, successful exploitation could allow unauthorized access to sensitive data, granting attackers the ability to read, modify, or delete information. The attacker's success hinges upon human interaction, which enhances the potential risk significantly as it can impact not only the Scripting component but other interconnected products.",Oracle,Scripting,8.2,HIGH,0.0020699999295175076,false,,false,false,false,,,false,false,,2021-01-20T14:50:09.000Z,0
CVE-2021-2029,https://securityvulnerability.io/vulnerability/CVE-2021-2029,Unauthenticated Remote Code Execution Vulnerability in Oracle E-Business Suite Scripting,"A vulnerability exists in the Oracle Scripting component of Oracle E-Business Suite, which can be exploited by an unauthenticated attacker with network access via HTTP. The vulnerability allows for the potential takeover of Oracle Scripting, potentially jeopardizing confidentiality, integrity, and availability of the system. Supported versions affected include 12.1.1 through 12.1.3 and 12.2.3 through 12.2.8. Organizations using these versions should promptly apply patches and assess their security posture.",Oracle,Scripting,9.8,CRITICAL,0.004170000087469816,false,,false,false,false,,,false,false,,2021-01-20T14:50:03.000Z,0
CVE-2020-2879,https://securityvulnerability.io/vulnerability/CVE-2020-2879,Unauthenticated Access Vulnerability in Oracle E-Business Suite Scripting Tool,"The Oracle Scripting feature within Oracle E-Business Suite is susceptible to an unauthenticated access vulnerability. An attacker with network access via HTTP may exploit this flaw, enabling unauthorized access to sensitive data. Even though the attack requires human interaction from a third party to be successful, it poses a significant risk. Successful exploitation could lead to unauthorized data access, along with potential to alter, delete, or insert information within Oracle Scripting. This vulnerability impacts various versions of Oracle E-Business Suite, highlighting the necessity for organizations to implement robust cybersecurity measures to safeguard their systems.",Oracle,Scripting,8.2,HIGH,0.0019199999514967203,false,,false,false,false,,,false,false,,2020-04-15T13:29:50.000Z,0
CVE-2020-2817,https://securityvulnerability.io/vulnerability/CVE-2020-2817,Unauthenticated Data Access Vulnerability in Oracle E-Business Suite Scripting,"The vulnerability in Oracle E-Business Suite's Scripting component exposes systems to significant risks. An unauthenticated attacker with HTTP access can exploit this weakness, potentially gaining unauthorized entry to critical data. Exploitation requires user interaction from an unwitting individual, which raises concerns about social engineering attacks. Although primarily affecting Oracle Scripting, the consequences of successful exploitation may extend to other dependent applications, allowing for unauthorized modifications, deletions, or insertions of sensitive data, hence jeopardizing overall data integrity.",Oracle,Scripting,8.2,HIGH,0.0019199999514967203,false,,false,false,false,,,false,false,,2020-04-15T13:29:47.000Z,0
CVE-2018-2997,https://securityvulnerability.io/vulnerability/CVE-2018-2997,,"Vulnerability in the Oracle Scripting component of Oracle E-Business Suite (subcomponent: Script Author). Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Scripting. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Scripting, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Scripting accessible data as well as unauthorized update, insert or delete access to some of Oracle Scripting accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",Oracle,Scripting,8.2,HIGH,0.0014700000174343586,false,,false,false,false,,,false,false,,2018-07-18T13:00:00.000Z,0
CVE-2017-3549,https://securityvulnerability.io/vulnerability/CVE-2017-3549,,"Vulnerability in the Oracle Scripting component of Oracle E-Business Suite (subcomponent: Scripting Administration). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily ""exploitable"" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Scripting. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Scripting accessible data as well as unauthorized access to critical data or complete access to all Oracle Scripting accessible data. CVSS 3.0 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).",Oracle,Scripting,9.1,CRITICAL,0.04769999906420708,false,,false,false,false,,,false,false,,2017-04-24T19:00:00.000Z,0