cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-21048,https://securityvulnerability.io/vulnerability/CVE-2024-21048,XML Input Vulnerability in Oracle Web Applications Desktop Integrator,"An XML input vulnerability exists in the Oracle Web Applications Desktop Integrator component of Oracle E-Business Suite, affecting versions 12.2.3 through 12.2.13. This flaw allows low privileged attackers to exploit the system with network access via HTTP. Successful exploitation may lead to unauthorized read access, exposing sensitive data within the Oracle Web Applications Desktop Integrator. Organizations using the affected versions should implement the necessary mitigations as soon as possible to protect their systems.",Oracle,Web Applications Desktop Integrator,4.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-04-16T22:15:00.000Z,0
CVE-2024-20907,https://securityvulnerability.io/vulnerability/CVE-2024-20907,Oracle Web Applications Desktop Integrator Vulnerability Affects Multiple Products,"Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: File download).  Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator.  Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Web Applications Desktop Integrator, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Web Applications Desktop Integrator accessible data as well as  unauthorized read access to a subset of Oracle Web Applications Desktop Integrator accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",Oracle,Web Applications Desktop Integrator,6.1,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-02-17T02:15:00.000Z,0
CVE-2023-22037,https://securityvulnerability.io/vulnerability/CVE-2023-22037,Remote Code Execution Vulnerability in Oracle E-Business Suite Web Applications,"A vulnerability exists in the Oracle Web Applications Desktop Integrator component of the Oracle E-Business Suite that permits a low-privileged attacker with network access to potentially compromise the system. This exploitation requires the interaction of another individual, leading to unauthorized updates, inserts, or deletions of accessible data. Furthermore, the attacker may gain unauthorized read access to certain data and inflict a partial denial of service on the application. The scope of the attack may extend beyond the Web Applications Desktop Integrator to impact additional products.",Oracle,Web Applications Desktop Integrator,6.5,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2023-07-18T21:15:00.000Z,0
CVE-2023-21847,https://securityvulnerability.io/vulnerability/CVE-2023-21847,Vulnerability in Oracle Web Applications Desktop Integrator Affects Oracle E-Business Suite,"A vulnerability exists in Oracle Web Applications Desktop Integrator affecting the Oracle E-Business Suite, specifically allowing low privileged attackers with network access via HTTP to compromise the application. Exploitation requires human interaction from a user other than the attacker, and though the vulnerability is contained within the Web Applications Desktop Integrator, its ramifications can extend to other products. Successful attacks can lead to unauthorized updates, inserts, or deletions, as well as unauthorized read access to certain accessible data within the application.",Oracle,Web Applications Desktop Integrator,5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2023-01-18T00:15:00.000Z,0
CVE-2022-21587,https://securityvulnerability.io/vulnerability/CVE-2022-21587,Unauthenticated File Upload Vulnerability in Oracle E-Business Suite,"A vulnerability exists in the Oracle Web Applications Desktop Integrator within Oracle E-Business Suite that allows an unauthenticated attacker with network access via HTTP to execute arbitrary file uploads. This flaw can be exploited easily by malicious actors to gain unauthorized control over the Oracle Web Applications Desktop Integrator, potentially leading to severe impacts on confidentiality, integrity, and system availability. The affected versions range from 12.2.3 to 12.2.11, necessitating immediate remediation efforts to mitigate risks associated with this vulnerability.",Oracle,Web Applications Desktop Integrator,9.8,CRITICAL,0.6589199900627136,true,2023-02-02T00:00:00.000Z,false,true,true,2023-02-02T00:00:00.000Z,true,false,false,,2022-10-18T00:00:00.000Z,0
CVE-2022-39428,https://securityvulnerability.io/vulnerability/CVE-2022-39428,Unauthenticated Access Vulnerability in Oracle E-Business Suite's Web Applications Desktop Integrator,"The Oracle Web Applications Desktop Integrator within the Oracle E-Business Suite is susceptible to an unauthenticated access vulnerability, allowing attackers with network access through HTTP to compromise the application. This vulnerability affects supported versions from 12.2.3 to 12.2.11. If successfully exploited, it can lead to complete takeover of the integrator, putting confidential information and system integrity at risk.",Oracle,Web Applications Desktop Integrator,9.8,CRITICAL,0.00044999999227002263,false,,false,false,false,,,false,false,,2022-10-18T00:00:00.000Z,0
CVE-2021-2434,https://securityvulnerability.io/vulnerability/CVE-2021-2434,Vulnerability in Oracle E-Business Suite's Application Service,"An improper access control vulnerability exists in the Oracle Web Applications Desktop Integrator component of the Oracle E-Business Suite. This issue affects several versions, including 12.1.3 and 12.2.3 through 12.2.10. A low-privileged attacker can exploit this vulnerability through HTTP to gain unauthorized access, leading to the potential creation, deletion, or modification of critical data accessible by the Oracle Web Applications Desktop Integrator. This could significantly impact the integrity and confidentiality of sensitive information within vulnerable installations.",Oracle,Web Applications Desktop Integrator,8.1,HIGH,0.0009399999980814755,false,,false,false,false,,,false,false,,2021-07-20T22:44:43.000Z,0
CVE-2020-2591,https://securityvulnerability.io/vulnerability/CVE-2020-2591,Vulnerability in Oracle E-Business Suite Affecting Web Applications Desktop Integrator,"This vulnerability in the Oracle Web Applications Desktop Integrator allows an unauthenticated attacker to exploit the system via HTTPS. Successful exploitation requires human interaction from another individual, potentially leading to unauthorized access to sensitive data. The impact of this vulnerability extends beyond the Web Applications Desktop Integrator itself, posing risks to additional components within the Oracle E-Business Suite. Attackers may gain full access to all data accessible through this interface, enabling unauthorized modifications such as updates, insertions, or deletions of critical information.",Oracle,Web Applications Desktop Integrator,8.2,HIGH,0.002369999885559082,false,,false,false,false,,,false,false,,2020-01-15T16:34:02.000Z,0
CVE-2017-10323,https://securityvulnerability.io/vulnerability/CVE-2017-10323,,"Vulnerability in the Oracle Web Applications Desktop Integrator component of Oracle E-Business Suite (subcomponent: Application Service). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Web Applications Desktop Integrator, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Web Applications Desktop Integrator accessible data as well as unauthorized update, insert or delete access to some of Oracle Web Applications Desktop Integrator accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",Oracle,Web Applications Desktop Integrator,8.2,HIGH,0.0014700000174343586,false,,false,false,false,,,false,false,,2017-10-19T17:00:00.000Z,0
CVE-2016-3522,https://securityvulnerability.io/vulnerability/CVE-2016-3522,,"Unspecified vulnerability in the Oracle Web Applications Desktop Integrator component in Oracle E-Business Suite 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentiality and integrity via vectors related to Application Service.",Oracle,Web Applications Desktop Integrator,8.2,HIGH,0.001500000013038516,false,,false,false,false,,,false,false,,2016-07-21T10:00:00.000Z,0
CVE-2016-3523,https://securityvulnerability.io/vulnerability/CVE-2016-3523,,"Unspecified vulnerability in the Oracle Web Applications Desktop Integrator component in Oracle E-Business Suite 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect integrity via vectors related to Application Service.",Oracle,Web Applications Desktop Integrator,4.7,MEDIUM,0.0017000000225380063,false,,false,false,false,,,false,false,,2016-07-21T10:00:00.000Z,0