cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-21997,https://securityvulnerability.io/vulnerability/CVE-2023-21997,User Management Vulnerability in Oracle E-Business Suite,"A vulnerability within the Oracle User Management component of the Oracle E-Business Suite allows low-privileged attackers to exploit network access via HTTP. This can lead to unauthorized read access to a limited set of sensitive data in the User Management system, potentially compromising the integrity and confidentiality of the affected applications. With versions from 12.2.3 to 12.2.12 susceptible, organizations using these are advised to apply security patches promptly to mitigate risks associated with this flaw.",Oracle,User Management,4.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2023-04-18T20:15:00.000Z,0
CVE-2022-21500,https://securityvulnerability.io/vulnerability/CVE-2022-21500,Unauthenticated Access Vulnerability in Oracle E-Business Suite Manage Proxies,"A vulnerability in Oracle E-Business Suite's Manage Proxies component allows an unauthenticated attacker with network access via HTTP to potentially compromise the system. While the attacker requires self-registration for authentication, successful exploitation can lead to unauthorized access to sensitive information. Users of Oracle E-Business Suite 12.2 are encouraged to refer to relevant security alerts and patch documents to mitigate risks associated with this vulnerability, as version 12.1 remains unaffected.",Oracle,User Management,7.5,HIGH,0.5098400115966797,false,,false,false,true,2024-06-09T11:59:45.000Z,true,false,false,,2022-05-20T00:15:00.000Z,0
CVE-2021-2017,https://securityvulnerability.io/vulnerability/CVE-2021-2017,Unauthorized Data Access in Oracle E-Business Suite's User Management Component,"The vulnerability in Oracle User Management, part of Oracle E-Business Suite, allows low privileged attackers with network access through HTTP to potentially compromise user management functionalities. Attackers exploiting this flaw may gain unauthorized read access to various subsets of data within the product. The affected versions include 12.1.3 and ranges from 12.2.3 to 12.2.10, making it essential for users to apply security patches and protective measures to safeguard sensitive information.",Oracle,User Management,4.3,MEDIUM,0.0005699999746866524,false,,false,false,false,,,false,false,,2021-01-20T14:50:01.000Z,0
CVE-2018-3236,https://securityvulnerability.io/vulnerability/CVE-2018-3236,,"Vulnerability in the Oracle User Management component of Oracle E-Business Suite (subcomponent: Reports). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle User Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle User Management accessible data as well as unauthorized access to critical data or complete access to all Oracle User Management accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N).",Oracle,User Management,6.5,MEDIUM,0.0010900000343099236,false,,false,false,false,,,false,false,,2018-10-17T01:00:00.000Z,0
CVE-2018-2691,https://securityvulnerability.io/vulnerability/CVE-2018-2691,,"Vulnerability in the Oracle User Management component of Oracle E-Business Suite (subcomponent: Proxy User Delegation). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle User Management. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle User Management accessible data as well as unauthorized read access to a subset of Oracle User Management accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N).",Oracle,User Management,5.4,MEDIUM,0.0008099999977275729,false,,false,false,false,,,false,false,,2018-01-18T02:00:00.000Z,0
CVE-2018-2684,https://securityvulnerability.io/vulnerability/CVE-2018-2684,,"Vulnerability in the Oracle User Management component of Oracle E-Business Suite (subcomponent: Registration Process). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle User Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle User Management accessible data. CVSS 3.0 Base Score 4.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N).",Oracle,User Management,4.9,MEDIUM,0.0009599999757483602,false,,false,false,false,,,false,false,,2018-01-18T02:00:00.000Z,0
CVE-2017-3515,https://securityvulnerability.io/vulnerability/CVE-2017-3515,,"Vulnerability in the Oracle User Management component of Oracle E-Business Suite (subcomponent: User Name/Password Management). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily ""exploitable"" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle User Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle User Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle User Management accessible data. CVSS 3.0 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N).",Oracle,User Management,5.4,MEDIUM,0.0015699999639764428,false,,false,false,false,,,false,false,,2017-04-24T19:00:00.000Z,0
CVE-2016-5385,https://securityvulnerability.io/vulnerability/CVE-2016-5385,,"PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, as demonstrated by (1) an application that makes a getenv('HTTP_PROXY') call or (2) a CGI configuration of PHP, aka an ""httpoxy"" issue.",Oracle,"Enterprise Manager Ops Center,Communications User Data Repository,Linux",8.1,HIGH,0.9401500225067139,false,,false,false,false,,,false,false,,2016-07-19T01:00:00.000Z,0