This document provides the text form of the CPUApr2023 Advisory Risk Matrices. Please note that the CVE IDs in this document correspond to the same CVE IDs in the CPUApr2023 Advisory
This page contains the following text format Risk Matrices:
This table provides the text form of the Risk Matrix for Oracle Database Server.
CVE ID | Description |
---|---|
CVE-2022-1471 | Security-in-Depth issue in the Oracle SQLcl (SnakeYAML) component of Oracle Database Server. This vulnerability cannot be exploited in the context of this product. [ Advisory ] |
CVE-2022-45061 | Vulnerability in the Oracle Database OML4PY (Python) component of Oracle Database Server. The supported version that is affected is 21c. Easily exploitable vulnerability allows low privileged attacker having Authenticated User privilege with network access via HTTP to compromise Oracle Database OML4PY (Python). Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Database OML4PY (Python). CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L). ( legend ) [ Advisory ] |
CVE-2022-45143 | Security-in-Depth issue in the Oracle Database (Apache Tomcat) component of Oracle Database Server. This vulnerability cannot be exploited in the context of this product. [ Advisory ] |
CVE-2023-21918 | Vulnerability in the Oracle Database Recovery Manager component of Oracle Database Server. Supported versions that are affected are 19c and 21c. Easily exploitable vulnerability allows high privileged attacker having Local SYSDBA privilege with network access via Oracle Net to compromise Oracle Database Recovery Manager. While the vulnerability is in Oracle Database Recovery Manager, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Database Recovery Manager. CVSS 3.1 Base Score 6.8 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2023-21934 | Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19c and 21c. Difficult to exploit vulnerability allows low privileged attacker having User Account privilege with network access via TLS to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java VM accessible data as well as unauthorized access to critical data or complete access to all Java VM accessible data. CVSS 3.1 Base Score 6.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N). ( legend ) [ Advisory ] |
CVE-2023-24998 | Vulnerability in the Oracle Database Workload Manager (Apache Commons FileUpload) component of Oracle Database Server. The supported version that is affected is 21c. Easily exploitable vulnerability allows low privileged attacker having Authenticated User privilege with network access via HTTP to compromise Oracle Database Workload Manager (Apache Commons FileUpload). Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Database Workload Manager (Apache Commons FileUpload). CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2023-24998 | Vulnerability in the Spatial and Graph (Apache Commons Fileupload) component of Oracle Database Server. Supported versions that are affected are 19c and 21c. Easily exploitable vulnerability allows low privileged attacker having Authenticated User privilege with network access via HTTP to compromise Spatial and Graph (Apache Commons Fileupload). Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Spatial and Graph (Apache Commons Fileupload). CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
This table provides the text form of the Risk Matrix for Oracle Big Data Spatial and Graph.
CVE ID | Description |
---|---|
CVE-2022-45143 | Security-in-Depth issue in Oracle Big Data Spatial and Graph (component: Big Data Graph (Apache Tomcat)). This vulnerability cannot be exploited in the context of this product. [ Advisory ] |
This table provides the text form of the Risk Matrix for Oracle Blockchain Platform.
CVE ID | Description |
---|---|
CVE-2020-35169 | Vulnerability in Oracle Blockchain Platform (component: BCS Console (Dell BSAFE Micro Edition Suite)). Supported versions that are affected are Prior to 21.1.3. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Oracle Blockchain Platform. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Blockchain Platform accessible data as well as unauthorized access to critical data or complete access to all Oracle Blockchain Platform accessible data. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N). ( legend ) [ Advisory ] |
CVE-2020-36518 | Vulnerability in Oracle Blockchain Platform (component: BCS Console (jackson-databind)). Supported versions that are affected are Prior to 21.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Blockchain Platform. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Blockchain Platform. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2020-7712 | Security-in-Depth issue in Oracle Blockchain Platform (component: BCS Console (Apache ZooKeeper)). This vulnerability cannot be exploited in the context of this product. [ Advisory ] |
CVE-2021-23017 | Vulnerability in Oracle Blockchain Platform (component: BCS Console (nginx)). Supported versions that are affected are Prior to 21.1.3. Difficult to exploit vulnerability allows unauthenticated attacker with network access via UDP to compromise Oracle Blockchain Platform. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Blockchain Platform accessible data as well as unauthorized access to critical data or complete access to all Oracle Blockchain Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Blockchain Platform. CVSS 3.1 Base Score 7.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L). ( legend ) [ Advisory ] |
CVE-2021-23337 | Security-in-Depth issue in Oracle Blockchain Platform (component: BCS Console (Lodash)). This vulnerability cannot be exploited in the context of this product. [ Advisory ] |
CVE-2021-28168 | Security-in-Depth issue in Oracle Blockchain Platform (component: BCS Backend (Eclipse Jersey)). This vulnerability cannot be exploited in the context of this product. [ Advisory ] |
CVE-2021-29921 | Security-in-Depth issue in Oracle Blockchain Platform (component: BCS Console (Python)). This vulnerability cannot be exploited in the context of this product. [ Advisory ] |
CVE-2021-36090 | Vulnerability in Oracle Blockchain Platform (component: BCS Console (Apache Commons Compress)). Supported versions that are affected are Prior to 21.1.3. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Blockchain Platform. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Blockchain Platform. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2021-3918 | Security-in-Depth issue in Oracle Blockchain Platform (component: BCS Console (JSON Schema)). This vulnerability cannot be exploited in the context of this product. [ Advisory ] |
CVE-2021-40528 | Security-in-Depth issue in Oracle Blockchain Platform (component: BCS Console (libgcrypt)). This vulnerability cannot be exploited in the context of this product. [ Advisory ] |
CVE-2021-41184 | Security-in-Depth issue in Oracle Blockchain Platform (component: BCS Console (jQueryUI)). This vulnerability cannot be exploited in the context of this product. [ Advisory ] |
CVE-2022-2048 | Security-in-Depth issue in Oracle Blockchain Platform (component: BCS Console (Eclipse Jetty)). This vulnerability cannot be exploited in the context of this product. [ Advisory ] |
CVE-2022-23219 | Security-in-Depth issue in Oracle Blockchain Platform (component: BCS Console (glibc)). This vulnerability cannot be exploited in the context of this product. [ Advisory ] |
CVE-2022-23221 | Security-in-Depth issue in Oracle Blockchain Platform (component: BCS Console (H2 Database)). This vulnerability cannot be exploited in the context of this product. [ Advisory ] |
CVE-2022-25315 | Security-in-Depth issue in Oracle Blockchain Platform (component: BCS Console (LibExpat)). This vulnerability cannot be exploited in the context of this product. [ Advisory ] |
CVE-2022-25647 | Vulnerability in Oracle Blockchain Platform (component: BCS Console (Google Gson)). Supported versions that are affected are Prior to 21.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Blockchain Platform. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Blockchain Platform. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2022-27404 | Security-in-Depth issue in Oracle Blockchain Platform (component: BCS Console (FreeType)). This vulnerability cannot be exploited in the context of this product. [ Advisory ] |
CVE-2022-27782 | Security-in-Depth issue in Oracle Blockchain Platform (component: BCS Console (cURL)). This vulnerability cannot be exploited in the context of this product. [ Advisory ] |
CVE-2022-28327 | Vulnerability in Oracle Blockchain Platform (component: BCS Console (Golang Go)). Supported versions that are affected are Prior to 21.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Blockchain Platform. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Blockchain Platform. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2022-31129 | Security-in-Depth issue in Oracle Blockchain Platform (component: BCS Console (Moment.js)). This vulnerability cannot be exploited in the context of this product. [ Advisory ] |
CVE-2022-3171 | Security-in-Depth issue in Oracle Blockchain Platform (component: BCS Console (Google Protobuf-Java)). This vulnerability cannot be exploited in the context of this product. [ Advisory ] |
CVE-2022-32215 | Vulnerability in Oracle Blockchain Platform (component: BCS Console (Node.js)). Supported versions that are affected are Prior to 21.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Blockchain Platform. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Blockchain Platform accessible data as well as unauthorized read access to a subset of Oracle Blockchain Platform accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N). ( legend ) [ Advisory ] |
CVE-2022-34917 | Security-in-Depth issue in Oracle Blockchain Platform (component: BCS Console (Apache Kafka)). This vulnerability cannot be exploited in the context of this product. [ Advisory ] |
CVE-2022-38752 | Security-in-Depth issue in Oracle Blockchain Platform (component: BCS Console (SnakeYAML)). This vulnerability cannot be exploited in the context of this product. [ Advisory ] |
CVE-2022-40304 | Security-in-Depth issue in Oracle Blockchain Platform (component: BCS Console (libxml2)). This vulnerability cannot be exploited in the context of this product. [ Advisory ] |
CVE-2022-41881 | Security-in-Depth issue in Oracle Blockchain Platform (component: BCS Console (Netty)). This vulnerability cannot be exploited in the context of this product. [ Advisory ] |
CVE-2022-42889 | Security-in-Depth issue in Oracle Blockchain Platform (component: BCS Console (Apache Commons Text)). This vulnerability cannot be exploited in the context of this product. [ Advisory ] |
This table provides the text form of the Risk Matrix for Oracle Essbase.
CVE ID | Description |
---|---|
CVE-2022-39135 | Security-in-Depth issue in Oracle Essbase (component: Build (Apache Calcite)). This vulnerability cannot be exploited in the context of this product. [ Advisory ] |
CVE-2022-46364 | Security-in-Depth issue in Oracle Essbase (component: Essbase Web Platform (Apache CXF)). This vulnerability cannot be exploited in the context of this product. [ Advisory ] |
CVE-2023-0215 | Vulnerability in Oracle Essbase (component: Build (OpenSSL)). The supported version that is affected is 21.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Essbase. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Essbase. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2023-21942 | Vulnerability in Oracle Essbase (component: Security and Provisioning). The supported version that is affected is 21.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Essbase. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Essbase accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N). ( legend ) [ Advisory ] |
CVE-2023-21943 | Vulnerability in Oracle Essbase (component: Security and Provisioning). The supported version that is affected is 21.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Essbase. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Essbase accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N). ( legend ) [ Advisory ] |
CVE-2023-21944 | Vulnerability in Oracle Essbase (component: Security and Provisioning). The supported version that is affected is 21.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Essbase. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Essbase accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N). ( legend ) [ Advisory ] |
CVE-2023-23916 | Security-in-Depth issue in Oracle Essbase (component: Essbase Web Platform (cURL)). This vulnerability cannot be exploited in the context of this product. [ Advisory ] |
This table provides the text form of the Risk Matrix for Oracle GoldenGate.
CVE ID | Description |
---|---|
CVE-2022-23457 | Vulnerability in the Oracle GoldenGate Studio product of Oracle GoldenGate (component: GoldenGate Studio (Enterprise Security API)). The supported version that is affected is Fusion Middleware: 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GoldenGate Studio. Successful attacks of this vulnerability can result in takeover of Oracle GoldenGate Studio. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ] |
CVE-2022-42003 | Vulnerability in Oracle GoldenGate (component: Oracle GoldenGate (jackson-databind)). Supported versions that are affected are Prior to 19.1.0.0.230418 and Prior to 21.10.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle GoldenGate. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle GoldenGate. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2022-45047 | Security-in-Depth issue in Oracle GoldenGate (component: Oracle GoldenGate (Apache Mina SSHD)). This vulnerability cannot be exploited in the context of this product. [ Advisory ] |
This table provides the text form of the Risk Matrix for Oracle Graph Server and Client.
CVE ID | Description |
---|---|
CVE-2022-42003 | Vulnerability in Oracle Graph Server and Client (component: Packaging (jackson-databind)). Supported versions that are affected are Prior to 23.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Graph Server and Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Graph Server and Client. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2022-42889 | Security-in-Depth issue in Oracle Graph Server and Client (component: PGX Java Client (Apache Commons Text)). This vulnerability cannot be exploited in the context of this product. [ Advisory ] |
CVE-2022-45143 | Security-in-Depth issue in Oracle Graph Server and Client (component: Packaging (Apache Tomcat)). This vulnerability cannot be exploited in the context of this product. [ Advisory ] |
This table provides the text form of the Risk Matrix for Oracle NoSQL Database.
CVE ID | Description |
---|---|
CVE-2022-42003 | Vulnerability in Oracle NoSQL Database (component: Administration (jackson-databind)). Supported versions that are affected are Prior to 19.5.32. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle NoSQL Database. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle NoSQL Database. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2022-45047 | Security-in-Depth issue in Oracle NoSQL Database (component: Administration (Apache Mina SSHD)). This vulnerability cannot be exploited in the context of this product. [ Advisory ] |
This table provides the text form of the Risk Matrix for Oracle REST Data Services.
CVE ID | Description |
---|---|
CVE-2023-24998 | Vulnerability in Oracle REST Data Services (component: Oracle REST Data Services (Apache Commons FileUpload)). Supported versions that are affected are Prior to 23.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle REST Data Services. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle REST Data Services. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
This table provides the text form of the Risk Matrix for Oracle SQL Developer.
CVE ID | Description |
---|---|
CVE-2022-1471 | Security-in-Depth issue in Oracle SQL Developer (component: Installation (SnakeYAML)). This vulnerability cannot be exploited in the context of this product. [ Advisory ] |
CVE-2022-26336 | Security-in-Depth issue in Oracle SQL Developer (component: General Infrastructure (Apache POI)). This vulnerability cannot be exploited in the context of this product. [ Advisory ] |
CVE-2022-42003 | Vulnerability in Oracle SQL Developer (component: Infrastructure (jackson-databind)). Supported versions that are affected are Prior to 23.1.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle SQL Developer. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle SQL Developer. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2022-42889 | Security-in-Depth issue in Oracle SQL Developer (component: Installation (Apache Commons Text)). This vulnerability cannot be exploited in the context of this product. [ Advisory ] |
CVE-2022-42890 | Security-in-Depth issue in Oracle SQL Developer (component: General Infrastructure (Apache Batik)). This vulnerability cannot be exploited in the context of this product. [ Advisory ] |
CVE-2022-45047 | Security-in-Depth issue in Oracle SQL Developer (component: Installation (Apache Mina SSHD)). This vulnerability cannot be exploited in the context of this product. [ Advisory ] |
CVE-2023-21969 | Vulnerability in Oracle SQL Developer (component: Installation). Supported versions that are affected are Prior to 23.1.0. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle SQL Developer executes to compromise Oracle SQL Developer. Successful attacks of this vulnerability can result in takeover of Oracle SQL Developer. CVSS 3.1 Base Score 6.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ] |
CVE-2023-25194 | Security-in-Depth issue in Oracle SQL Developer (component: Installation (Apache Kafka)). This vulnerability cannot be exploited in the context of this product. [ Advisory ] |
This table provides the text form of the Risk Matrix for Oracle TimesTen In-Memory Database.
CVE ID | Description |
---|---|
CVE-2022-41715 | Security-in-Depth issue in Oracle TimesTen In-Memory Database (component: Oracle TimesTen In-Memory Database (Go)). This vulnerability cannot be exploited in the context of this product. [ Advisory ] |
This table provides the text form of the Risk Matrix for Oracle Commerce.
CVE ID | Description |
---|---|
CVE-2021-42575 | Vulnerability in the Oracle Commerce Platform product of Oracle Commerce (component: Platform (OWASP Java HTML Sanitizer )). Supported versions that are affected are 11.3.0, 11.3.1 and 11.3.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Platform. Successful attacks of this vulnerability can result in takeover of Oracle Commerce Platform. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ] |
CVE-2022-23437 | Vulnerability in the Oracle Commerce Guided Search product of Oracle Commerce (component: Content Acquisition System, Workbench (Apache Xerces2 Java)). The supported version that is affected is 11.3.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Guided Search. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Commerce Guided Search. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2022-24729 | Vulnerability in the Oracle Commerce Guided Search product of Oracle Commerce (component: Workbench (CKEditor)). The supported version that is affected is 11.3.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Guided Search. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Commerce Guided Search. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2022-40152 | Vulnerability in the Oracle Commerce Guided Search product of Oracle Commerce (component: Content Acquisition System (Apache CXF)). The supported version that is affected is 11.3.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Guided Search. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Commerce Guided Search. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2022-42003 | Vulnerability in the Oracle Commerce Guided Search product of Oracle Commerce (component: Content Acquisition System, Workbench (jackson-databind)). The supported version that is affected is 11.3.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Guided Search. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Commerce Guided Search. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2022-45143 | Vulnerability in the Oracle Commerce Guided Search product of Oracle Commerce (component: Content Acquisition System, Workbench (Apache Tomcat)). The supported version that is affected is 11.3.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Guided Search. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Commerce Guided Search accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). ( legend ) [ Advisory ] |
This table provides the text form of the Risk Matrix for Oracle Communications Applications.
CVE ID | Description |
---|---|
CVE-2019-11287 | Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications Applications (component: Core (Pivotal RabbitMQ)). Supported versions that are affected are 5.5.0-5.5.10 and 6.0.0-6.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Communications Unified Assurance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Unified Assurance. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2020-35168 | Vulnerability in the Oracle Communications IP Service Activator product of Oracle Communications Applications (component: Other (Dell BSAFE Micro Edition Suite)). Supported versions that are affected are 7.4.0 and 7.5.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Oracle Communications IP Service Activator. Successful attacks of this vulnerability can result in takeover of Oracle Communications IP Service Activator. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ] |
CVE-2020-7009 | Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications Applications (component: Core (Elasticsearch)). Supported versions that are affected are 5.5.0-5.5.9 and 6.0.0-6.0.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle Communications Unified Assurance. Successful attacks of this vulnerability can result in takeover of Oracle Communications Unified Assurance. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ] |
CVE-2021-41183 | Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications Applications (component: Vision (jQueryUI)). Supported versions that are affected are 5.5.0-5.5.10 and 6.0.0-6.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Communications Unified Assurance. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Communications Unified Assurance, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Unified Assurance accessible data as well as unauthorized read access to a subset of Oracle Communications Unified Assurance accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). ( legend ) [ Advisory ] |
CVE-2022-1471 | Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications Applications (component: Vision (SnakeYAML)). Supported versions that are affected are 5.5.0-5.5.10 and 6.0.0-6.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Communications Unified Assurance. Successful attacks of this vulnerability can result in takeover of Oracle Communications Unified Assurance. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ] |
CVE-2022-1471 | Vulnerability in the Oracle Communications Unified Inventory Management product of Oracle Communications Applications (component: TMF APIs (SnakeYAML)). Supported versions that are affected are 7.4.1, 7.4.2 and 7.5.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Unified Inventory Management. Successful attacks of this vulnerability can result in takeover of Oracle Communications Unified Inventory Management. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ] |
CVE-2022-29078 | Security-in-Depth issue in the Oracle Communications Unified Assurance product of Oracle Communications Applications (component: Vision (Embedded JavaScript Templates)). This vulnerability cannot be exploited in the context of this product. [ Advisory ] |
CVE-2022-31081 | Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications Applications (component: Core (HTTP::Daemon)). Supported versions that are affected are 5.5.0-5.5.10 and 6.0.0-6.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Communications Unified Assurance. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Unified Assurance accessible data as well as unauthorized read access to a subset of Oracle Communications Unified Assurance accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N). ( legend ) [ Advisory ] |
CVE-2022-31123 | Vulnerability in the Oracle Communications Convergent Charging Controller product of Oracle Communications Applications (component: Common fns (Grafana)). Supported versions that are affected are 12.0.4-12.0.6. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Communications Convergent Charging Controller executes to compromise Oracle Communications Convergent Charging Controller. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Communications Convergent Charging Controller. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ] |
CVE-2022-31123 | Vulnerability in the Oracle Communications Network Charging and Control product of Oracle Communications Applications (component: Common fns (Grafana)). Supported versions that are affected are 12.0.4-12.0.6. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Communications Network Charging and Control executes to compromise Oracle Communications Network Charging and Control. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Communications Network Charging and Control. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ] |
CVE-2022-3171 | Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications Applications (component: Core (Google Protobuf-Java)). Supported versions that are affected are 5.5.0-5.5.9 and 6.0.0-6.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Communications Unified Assurance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Unified Assurance. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2022-36760 | Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications Applications (component: Core (Apache HTTP Server)). Supported versions that are affected are 5.5.0-5.5.10 and 6.0.0-6.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Communications Unified Assurance. While the vulnerability is in Oracle Communications Unified Assurance, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Communications Unified Assurance. CVSS 3.1 Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H). ( legend ) [ Advisory ] |
CVE-2022-37434 | Security-in-Depth issue in the Oracle Communications IP Service Activator product of Oracle Communications Applications (component: Other (zlib)). This vulnerability cannot be exploited in the context of this product. [ Advisory ] |
CVE-2022-39271 | Vulnerability in the Oracle Communications Order and Service Management product of Oracle Communications Applications (component: Security (Traefik)). The supported version that is affected is 7.4.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Order and Service Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Order and Service Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2022-41966 | Vulnerability in the Oracle Communications Unified Inventory Management product of Oracle Communications Applications (component: Security Component (XStream)). Supported versions that are affected are 7.4.0, 7.4.1, 7.4.2 and 7.5.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Unified Inventory Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Unified Inventory Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2022-42004 | Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications Applications (component: Core (Apache Kafka)). Supported versions that are affected are 5.5.0-5.5.10 and 6.0.0-6.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Communications Unified Assurance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Unified Assurance. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2022-46908 | Vulnerability in the Oracle Communications Convergent Charging Controller product of Oracle Communications Applications (component: Common fns (SQLite)). Supported versions that are affected are 6.0.1.0.0 and 12.0.1.0.0-12.0.6.0.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Communications Convergent Charging Controller executes to compromise Oracle Communications Convergent Charging Controller. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Convergent Charging Controller accessible data as well as unauthorized access to critical data or complete access to all Oracle Communications Convergent Charging Controller accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Convergent Charging Controller. CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L). ( legend ) [ Advisory ] |
CVE-2022-46908 | Vulnerability in the Oracle Communications Network Charging and Control product of Oracle Communications Applications (component: Common fns (SQLite)). Supported versions that are affected are 6.0.1.0.0 and 12.0.1.0.0-12.0.6.0.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Communications Network Charging and Control executes to compromise Oracle Communications Network Charging and Control. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Network Charging and Control accessible data as well as unauthorized access to critical data or complete access to all Oracle Communications Network Charging and Control accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Network Charging and Control. CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L). ( legend ) [ Advisory ] |
CVE-2023-0662 | Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications Applications (component: Core (PHP)). Supported versions that are affected are 6.0.0-6.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Communications Unified Assurance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Unified Assurance. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2023-1370 | Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications Applications (component: Vision (json-smart)). Supported versions that are affected are 5.5.0-5.5.10 and 6.0.0-6.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Communications Unified Assurance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Unified Assurance. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
This table provides the text form of the Risk Matrix for Oracle Communications.
CVE ID | Description |
---|---|
CVE-2021-37519 | Vulnerability in the Oracle Communications User Data Repository product of Oracle Communications (component: Patches (memcached)). The supported version that is affected is 12.6.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Communications User Data Repository executes to compromise Oracle Communications User Data Repository. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications User Data Repository. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2021-46848 | Vulnerability in the Oracle Communications Cloud Native Core Policy product of Oracle Communications (component: Policy (GNU Libtasn1)). Supported versions that are affected are 22.4.0-22.4.4 and 23.1.0-23.1.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Communications Cloud Native Core Policy. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Cloud Native Core Policy accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Policy. CVSS 3.1 Base Score 9.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2022-1292 | Vulnerability in the Oracle SD-WAN Edge product of Oracle Communications (component: Management (OpenSSL)). The supported version that is affected is 9.1.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle SD-WAN Edge. Successful attacks of this vulnerability can result in takeover of Oracle SD-WAN Edge. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ] |
CVE-2022-1471 | Vulnerability in the Oracle SD-WAN Edge product of Oracle Communications (component: Core (SnakeYAML)). The supported version that is affected is 9.1.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle SD-WAN Edge. Successful attacks of this vulnerability can result in takeover of Oracle SD-WAN Edge. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ] |
CVE-2022-23491 | Vulnerability in the Oracle Communications Cloud Native Core Automated Test Suite product of Oracle Communications (component: Installation (Certifi)). Supported versions that are affected are 22.3.1 and 22.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Automated Test Suite. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Cloud Native Core Automated Test Suite accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). ( legend ) [ Advisory ] |
CVE-2022-25315 | Vulnerability in the Oracle Communications Diameter Signaling Router product of Oracle Communications (component: Platform (LibExpat)). The supported version that is affected is 8.6.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via XMPP to compromise Oracle Communications Diameter Signaling Router. Successful attacks of this vulnerability can result in takeover of Oracle Communications Diameter Signaling Router. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ] |
CVE-2022-28199 | Vulnerability in the Oracle Communications Session Border Controller product of Oracle Communications (component: Third Party (Dpdk)). Supported versions that are affected are 9.0 and 9.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via TCP/IP to compromise Oracle Communications Session Border Controller. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Session Border Controller as well as unauthorized update, insert or delete access to some of Oracle Communications Session Border Controller accessible data and unauthorized read access to a subset of Oracle Communications Session Border Controller accessible data. CVSS 3.1 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H). ( legend ) [ Advisory ] |
CVE-2022-31123 | Vulnerability in the Oracle Communications Policy Management product of Oracle Communications (component: Core (Grafana)). The supported version that is affected is 12.6.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Communications Policy Management executes to compromise Oracle Communications Policy Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Communications Policy Management. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ] |
CVE-2022-31129 | Vulnerability in the Oracle Communications Services Gatekeeper product of Oracle Communications (component: Third Party (Moment.js)). The supported version that is affected is 7.0.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Services Gatekeeper. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Services Gatekeeper. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2022-31630 | Vulnerability in the Oracle Communications Diameter Signaling Router product of Oracle Communications (component: Platform (PHP)). The supported version that is affected is 8.6.0.0. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Communications Diameter Signaling Router executes to compromise Oracle Communications Diameter Signaling Router. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Diameter Signaling Router accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Diameter Signaling Router. CVSS 3.1 Base Score 7.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2022-31630 | Vulnerability in the Oracle SD-WAN Aware product of Oracle Communications (component: Management (PHP)). The supported version that is affected is 9.0.1.6.0. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle SD-WAN Aware executes to compromise Oracle SD-WAN Aware. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle SD-WAN Aware accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle SD-WAN Aware. CVSS 3.1 Base Score 7.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2022-31692 | Vulnerability in the Oracle Communications Element Manager product of Oracle Communications (component: Authentication (Spring Security)). Supported versions that are affected are 9.0.0 and 9.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via LDAP to compromise Oracle Communications Element Manager. Successful attacks of this vulnerability can result in takeover of Oracle Communications Element Manager. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ] |
CVE-2022-31692 | Vulnerability in the Oracle Communications Session Report Manager product of Oracle Communications (component: Authentication (Spring Security)). Supported versions that are affected are 9.0.0 and 9.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via LDAP to compromise Oracle Communications Session Report Manager. Successful attacks of this vulnerability can result in takeover of Oracle Communications Session Report Manager. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ] |
CVE-2022-31692 | Vulnerability in the Oracle SD-WAN Edge product of Oracle Communications (component: Internal tools (Spring Security)). The supported version that is affected is 9.1.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle SD-WAN Edge. Successful attacks of this vulnerability can result in takeover of Oracle SD-WAN Edge. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ] |
CVE-2022-3171 | Vulnerability in the Oracle Communications Policy Management product of Oracle Communications (component: Core (Google Protobuf-Java)). The supported version that is affected is 12.6.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Policy Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Policy Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2022-35737 | Vulnerability in the Oracle Communications Cloud Native Core Policy product of Oracle Communications (component: Policy (SQLite)). Supported versions that are affected are 22.4.0-22.4.4 and 23.1.0-23.1.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Communications Cloud Native Core Policy. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Policy. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2022-37434 | Vulnerability in the Oracle Communications Core Session Manager product of Oracle Communications (component: Routing (zlib)). Supported versions that are affected are 8.45 and 9.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Communications Core Session Manager. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Core Session Manager as well as unauthorized update, insert or delete access to some of Oracle Communications Core Session Manager accessible data and unauthorized read access to a subset of Oracle Communications Core Session Manager accessible data. CVSS 3.1 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H). ( legend ) [ Advisory ] |
CVE-2022-37434 | Vulnerability in the Oracle Communications Operations Monitor product of Oracle Communications (component: Mediation Engine (glibc)). The supported version that is affected is 5.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TCP/IP to compromise Oracle Communications Operations Monitor. Successful attacks of this vulnerability can result in takeover of Oracle Communications Operations Monitor. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ] |
CVE-2022-37434 | Vulnerability in the Oracle Communications Policy Management product of Oracle Communications (component: Core (zlib)). The supported version that is affected is 12.6.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Policy Management. Successful attacks of this vulnerability can result in takeover of Oracle Communications Policy Management. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ] |
CVE-2022-37434 | Vulnerability in the Oracle Communications Session Border Controller product of Oracle Communications (component: Routing (zlib)). Supported versions that are affected are 9.0 and 9.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Communications Session Border Controller. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Session Border Controller as well as unauthorized update, insert or delete access to some of Oracle Communications Session Border Controller accessible data and unauthorized read access to a subset of Oracle Communications Session Border Controller accessible data. CVSS 3.1 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H). ( legend ) [ Advisory ] |
CVE-2022-37434 | Vulnerability in the Oracle Communications Session Router product of Oracle Communications (component: Routing (zlib)). Supported versions that are affected are 9.0 and 9.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Communications Session Router. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Session Router as well as unauthorized update, insert or delete access to some of Oracle Communications Session Router accessible data and unauthorized read access to a subset of Oracle Communications Session Router accessible data. CVSS 3.1 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H). ( legend ) [ Advisory ] |
CVE-2022-37434 | Vulnerability in the Oracle Communications Subscriber-Aware Load Balancer product of Oracle Communications (component: Routing (zlib)). Supported versions that are affected are 9.0 and 9.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Communications Subscriber-Aware Load Balancer. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Subscriber-Aware Load Balancer as well as unauthorized update, insert or delete access to some of Oracle Communications Subscriber-Aware Load Balancer accessible data and unauthorized read access to a subset of Oracle Communications Subscriber-Aware Load Balancer accessible data. CVSS 3.1 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H). ( legend ) [ Advisory ] |
CVE-2022-37434 | Vulnerability in the Oracle Enterprise Communications Broker product of Oracle Communications (component: Routing (zlib)). Supported versions that are affected are 3.3 and 4.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Enterprise Communications Broker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Enterprise Communications Broker as well as unauthorized update, insert or delete access to some of Oracle Enterprise Communications Broker accessible data and unauthorized read access to a subset of Oracle Enterprise Communications Broker accessible data. CVSS 3.1 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H). ( legend ) [ Advisory ] |
CVE-2022-37434 | Vulnerability in the Oracle Enterprise Session Router product of Oracle Communications (component: Routing (zlib)). The supported version that is affected is 9.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Enterprise Session Router. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Enterprise Session Router as well as unauthorized update, insert or delete access to some of Oracle Enterprise Session Router accessible data and unauthorized read access to a subset of Oracle Enterprise Session Router accessible data. CVSS 3.1 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H). ( legend ) [ Advisory ] |
CVE-2022-37865 | Vulnerability in the Oracle Communications Cloud Native Core Automated Test Suite product of Oracle Communications (component: Installation (Apache Ivy)). Supported versions that are affected are 22.3.1 and 22.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Automated Test Suite. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Cloud Native Core Automated Test Suite accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Automated Test Suite. CVSS 3.1 Base Score 9.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H). ( legend ) [ Advisory ] |
CVE-2022-38752 | Vulnerability in the Oracle Communications Cloud Native Core Service Communication Proxy product of Oracle Communications (component: Install/Upgrade (SnakeYAML)). Supported versions that are affected are 22.3.0 and 22.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Service Communication Proxy. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Service Communication Proxy. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2022-38752 | Vulnerability in the Oracle SD-WAN Edge product of Oracle Communications (component: Internal tools (SnakeYAML)). The supported version that is affected is 9.1.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle SD-WAN Edge. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle SD-WAN Edge. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2022-40151 | Vulnerability in the Oracle Communications Cloud Native Core Binding Support Function product of Oracle Communications (component: Install/Upgrade (XStream)). Supported versions that are affected are 22.4.0-22.4.4 and 23.1.0-23.1.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Communications Cloud Native Core Binding Support Function. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Binding Support Function. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2022-40304 | Vulnerability in the Oracle Communications Cloud Native Core Binding Support Function product of Oracle Communications (component: Install/Upgrade (libxml2)). Supported versions that are affected are 22.4.0-22.4.4, 23.1.0 and 23.1.1. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Communications Cloud Native Core Binding Support Function executes to compromise Oracle Communications Cloud Native Core Binding Support Function. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Binding Support Function. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ] |
CVE-2022-40304 | Vulnerability in the Oracle Communications Cloud Native Core Network Function Cloud Native Environment product of Oracle Communications (component: Configuration (libxml2)). The supported version that is affected is 22.4.0. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Communications Cloud Native Core Network Function Cloud Native Environment executes to compromise Oracle Communications Cloud Native Core Network Function Cloud Native Environment. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Network Function Cloud Native Environment. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ] |
CVE-2022-41881 | Vulnerability in the Oracle Communications Cloud Native Core Binding Support Function product of Oracle Communications (component: Policy (Netty)). Supported versions that are affected are 22.4.0-22.4.4 and 23.1.0-23.1.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Communications Cloud Native Core Binding Support Function. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Binding Support Function. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2022-41966 | Vulnerability in the Oracle Communications Cloud Native Core Binding Support Function product of Oracle Communications (component: Policy (XStream)). Supported versions that are affected are 22.4.0-22.4.4 and 23.1.0-23.1.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Communications Cloud Native Core Binding Support Function. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Binding Support Function. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2022-41966 | Vulnerability in the Oracle Communications Cloud Native Core Console product of Oracle Communications (component: Configuration (XStream)). Supported versions that are affected are 22.4.0 and 22.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Console. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Console. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2022-41966 | Vulnerability in the Oracle Communications Policy Management product of Oracle Communications (component: Core (XStream)). The supported version that is affected is 12.6.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Policy Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Policy Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2022-42003 | Vulnerability in the Oracle Communications Cloud Native Core Service Communication Proxy product of Oracle Communications (component: Install/Upgrade (jackson-databind)). The supported version that is affected is 22.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Service Communication Proxy. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Service Communication Proxy. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2022-42003 | Vulnerability in the Oracle Communications Element Manager product of Oracle Communications (component: BEServer (jackson-databind)). Supported versions that are affected are 9.0.0 and 9.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Communications Element Manager. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Element Manager. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2022-42003 | Vulnerability in the Oracle Communications Policy Management product of Oracle Communications (component: Core (jackson-databind)). The supported version that is affected is 12.6.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Policy Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Policy Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2022-42003 | Vulnerability in the Oracle Communications Session Report Manager product of Oracle Communications (component: BEServer (jackson-databind)). Supported versions that are affected are 9.0.0 and 9.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Communications Session Report Manager. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Session Report Manager. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2022-42003 | Vulnerability in the Oracle SD-WAN Edge product of Oracle Communications (component: Internal tools (jackson-databind)). The supported version that is affected is 9.1.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle SD-WAN Edge. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle SD-WAN Edge. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2022-42252 | Vulnerability in the Management Cloud Engine product of Oracle Communications (component: BEServer (Apache Tomcat)). The supported version that is affected is 22.1.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Management Cloud Engine. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Management Cloud Engine accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). ( legend ) [ Advisory ] |
CVE-2022-42898 | Vulnerability in the Oracle Communications Cloud Native Core Security Edge Protection Proxy product of Oracle Communications (component: Installation and Configuration (Kerberos)). Supported versions that are affected are 23.1.0 and 22.4.1. Easily exploitable vulnerability allows low privileged attacker with network access via Kerberos to compromise Oracle Communications Cloud Native Core Security Edge Protection Proxy. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Security Edge Protection Proxy. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ] |
CVE-2022-43401 | Vulnerability in the Oracle Communications Cloud Native Core Automated Test Suite product of Oracle Communications (component: Installation (Jenkins Script Security)). Supported versions that are affected are 22.3.1 and 22.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Automated Test Suite. While the vulnerability is in Oracle Communications Cloud Native Core Automated Test Suite, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Automated Test Suite. CVSS 3.1 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). ( legend ) [ Advisory ] |
CVE-2022-43402 | Vulnerability in the Oracle Communications Cloud Native Core Automated Test Suite product of Oracle Communications (component: Installation (Jenkins)). Supported versions that are affected are 22.3.1 and 22.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Automated Test Suite. While the vulnerability is in Oracle Communications Cloud Native Core Automated Test Suite, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Automated Test Suite. CVSS 3.1 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). ( legend ) [ Advisory ] |
CVE-2022-4415 | Vulnerability in the Oracle Communications Cloud Native Core Policy product of Oracle Communications (component: Policy (systemd)). Supported versions that are affected are 22.4.0-22.4.4 and 23.1.0-23.1.1. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Communications Cloud Native Core Policy executes to compromise Oracle Communications Cloud Native Core Policy. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Cloud Native Core Policy accessible data. CVSS 3.1 Base Score 5.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). ( legend ) [ Advisory ] |
CVE-2022-45047 | Vulnerability in the Oracle Communications Cloud Native Core Automated Test Suite product of Oracle Communications (component: Installation (Apache Mina SSHD)). Supported versions that are affected are 22.3.1 and 22.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Automated Test Suite. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Automated Test Suite. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ] |
CVE-2022-45047 | Vulnerability in the Oracle Communications Element Manager product of Oracle Communications (component: BEServer (Apache Mina SSHD)). Supported versions that are affected are 9.0.0 and 9.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via SSH to compromise Oracle Communications Element Manager. Successful attacks of this vulnerability can result in takeover of Oracle Communications Element Manager. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ] |
CVE-2022-45047 | Vulnerability in the Oracle Communications Session Report Manager product of Oracle Communications (component: BEServer (Apache Mina SSHD)). Supported versions that are affected are 9.0.0 and 9.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via SSH to compromise Oracle Communications Session Report Manager. Successful attacks of this vulnerability can result in takeover of Oracle Communications Session Report Manager. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ] |
CVE-2022-45047 | Vulnerability in the Management Cloud Engine product of Oracle Communications (component: BEServer (Apache Mina SSHD)). The supported version that is affected is 22.1.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via SSH to compromise Management Cloud Engine. Successful attacks of this vulnerability can result in takeover of Management Cloud Engine. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ] |
CVE-2022-45143 | Vulnerability in the Oracle Communications Cloud Native Core Binding Support Function product of Oracle Communications (component: Policy (Apache Tomcat)). Supported versions that are affected are 22.4.0-22.4.4 and 23.1.0-23.1.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Communications Cloud Native Core Binding Support Function. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Cloud Native Core Binding Support Function accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). ( legend ) [ Advisory ] |
CVE-2022-45143 | Vulnerability in the Oracle Communications Diameter Signaling Router product of Oracle Communications (component: Platform (Apache Tomcat)). The supported version that is affected is 8.6.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Diameter Signaling Router. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Diameter Signaling Router accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). ( legend ) [ Advisory ] |
CVE-2022-45143 | Vulnerability in the Oracle Communications Element Manager product of Oracle Communications (component: BEServer (Apache Tomcat)). Supported versions that are affected are 9.0.0 and 9.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Element Manager. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Element Manager accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). ( legend ) [ Advisory ] |
CVE-2022-45143 | Vulnerability in the Oracle Communications Session Report Manager product of Oracle Communications (component: BEServer (Apache Tomcat)). Supported versions that are affected are 9.0.0 and 9.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Session Report Manager. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Session Report Manager accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). ( legend ) [ Advisory ] |
CVE-2022-45143 | Vulnerability in the Oracle SD-WAN Edge product of Oracle Communications (component: Internal tools (Apache Tomcat)). The supported version that is affected is 9.1.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle SD-WAN Edge. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle SD-WAN Edge accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). ( legend ) [ Advisory ] |
CVE-2022-46364 | Vulnerability in the Oracle Communications Diameter Signaling Router product of Oracle Communications (component: Virtual Network Function Manager (Apache CXF)). The supported version that is affected is 8.6.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Diameter Signaling Router. Successful attacks of this vulnerability can result in takeover of Oracle Communications Diameter Signaling Router. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ] |
CVE-2022-46364 | Vulnerability in the Oracle Communications Element Manager product of Oracle Communications (component: SOAP (Apache CXF)). Supported versions that are affected are 9.0.0 and 9.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Element Manager. Successful attacks of this vulnerability can result in takeover of Oracle Communications Element Manager. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ] |
CVE-2022-46364 | Vulnerability in the Oracle Communications Session Report Manager product of Oracle Communications (component: SOAP (Apache CXF)). Supported versions that are affected are 9.0.0 and 9.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Session Report Manager. Successful attacks of this vulnerability can result in takeover of Oracle Communications Session Report Manager. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ] |
CVE-2022-47629 | Vulnerability in the Oracle Communications Cloud Native Configuration Console product of Oracle Communications (component: Configuration (libksba)). The supported version that is affected is 22.4.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Configuration Console. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Configuration Console. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ] |
CVE-2022-47629 | Vulnerability in the Oracle Communications Cloud Native Core Network Exposure Function product of Oracle Communications (component: Oracle Linux (libksba)). The supported version that is affected is 22.4.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Exposure Function. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Network Exposure Function. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ] |
CVE-2022-47629 | Vulnerability in the Oracle Communications Cloud Native Core Policy product of Oracle Communications (component: Policy (libksba)). Supported versions that are affected are 22.4.0-22.4.4 and 23.1.0-23.1.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Communications Cloud Native Core Policy. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Policy. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ] |
CVE-2022-47629 | Vulnerability in the Oracle Communications Cloud Native Core Security Edge Protection Proxy product of Oracle Communications (component: Configuration (libksba)). The supported version that is affected is 22.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via SSH to compromise Oracle Communications Cloud Native Core Security Edge Protection Proxy. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Security Edge Protection Proxy. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ] |
CVE-2022-47629 | Vulnerability in the Oracle Communications Cloud Native Core Unified Data Repository product of Oracle Communications (component: Signaling (libksba)). Supported versions that are affected are 22.4.1 and 23.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Unified Data Repository. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Unified Data Repository. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ] |
CVE-2023-0361 | Vulnerability in the Oracle Communications Cloud Native Core Network Repository Function product of Oracle Communications (component: Installer (GnuTLS)). The supported version that is affected is 23.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Repository Function. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Cloud Native Core Network Repository Function accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). ( legend ) [ Advisory ] |
CVE-2023-23916 | Vulnerability in the Oracle Communications Cloud Native Configuration Console product of Oracle Communications (component: Configuration (cURL)). Supported versions that are affected are 22.4.1 and 23.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Configuration Console. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Configuration Console. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2023-23916 | Vulnerability in the Oracle Communications Cloud Native Core Network Exposure Function product of Oracle Communications (component: Oracle Linux (cURL)). Supported versions that are affected are 22.4.2 and 23.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Exposure Function. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Network Exposure Function. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2023-23916 | Vulnerability in the Oracle Communications Cloud Native Core Security Edge Protection Proxy product of Oracle Communications (component: Configuration (cURL)). Supported versions that are affected are 23.1.0 and 22.4.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via SSH to compromise Oracle Communications Cloud Native Core Security Edge Protection Proxy. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Security Edge Protection Proxy. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2023-23916 | Vulnerability in the Oracle Communications Cloud Native Core Unified Data Repository product of Oracle Communications (component: Signaling (cURL)). The supported version that is affected is 22.4.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Unified Data Repository. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Unified Data Repository. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2023-23931 | Vulnerability in the Oracle Communications Cloud Native Core Network Exposure Function product of Oracle Communications (component: Platform (Cryptography)). The supported version that is affected is 22.4.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Exposure Function. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Cloud Native Core Network Exposure Function accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Cloud Native Core Network Exposure Function. CVSS 3.1 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L). ( legend ) [ Advisory ] |
CVE-2023-23931 | Vulnerability in the Oracle Communications Cloud Native Core Security Edge Protection Proxy product of Oracle Communications (component: Installation and Configuration (Cryptography)). Supported versions that are affected are 22.4.0 and 23.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TCP to compromise Oracle Communications Cloud Native Core Security Edge Protection Proxy. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Cloud Native Core Security Edge Protection Proxy accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Cloud Native Core Security Edge Protection Proxy. CVSS 3.1 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L). ( legend ) [ Advisory ] |
CVE-2023-24998 | Vulnerability in the Oracle Communications Cloud Native Core Network Exposure Function product of Oracle Communications (component: Platform (Apache Commons FileUpload)). Supported versions that are affected are 22.4.2 and 23.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Exposure Function. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Network Exposure Function. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2023-24998 | Vulnerability in the Oracle Communications Cloud Native Core Security Edge Protection Proxy product of Oracle Communications (component: Configuration (Apache Commons FileUpload)). Supported versions that are affected are 23.1.0 and 22.4.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via TCP to compromise Oracle Communications Cloud Native Core Security Edge Protection Proxy. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Security Edge Protection Proxy. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2023-24998 | Vulnerability in the Oracle Communications Element Manager product of Oracle Communications (component: BEServer (Apache Commons FileUpload)). Supported versions that are affected are 9.0.0 and 9.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Element Manager. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Element Manager. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2023-24998 | Vulnerability in the Oracle Communications Session Report Manager product of Oracle Communications (component: BEServer (Apache Commons FileUpload)). Supported versions that are affected are 9.0.0 and 9.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Session Report Manager. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Session Report Manager. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2023-25577 | Vulnerability in the Oracle Communications Cloud Native Core Policy product of Oracle Communications (component: Policy (Werkzeug)). Supported versions that are affected are 22.4.0-22.4.4 and 23.1.0-23.1.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Communications Cloud Native Core Policy. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Policy. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2023-25613 | Vulnerability in the Oracle Communications Cloud Native Configuration Console product of Oracle Communications (component: Configuration (Apache Kerby)). Supported versions that are affected are 22.4.1 and 23.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Configuration Console. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Configuration Console. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ] |
CVE-2023-25690 | Vulnerability in the Oracle Communications Element Manager product of Oracle Communications (component: FEServer (Apache HTTP Server)). Supported versions that are affected are 9.0.0 and 9.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Element Manager. Successful attacks of this vulnerability can result in takeover of Oracle Communications Element Manager. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ] |
CVE-2023-25690 | Vulnerability in the Oracle Communications Session Report Manager product of Oracle Communications (component: FEServer (Apache HTTP Server)). Supported versions that are affected are 9.0.0 and 9.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Session Report Manager. Successful attacks of this vulnerability can result in takeover of Oracle Communications Session Report Manager. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ] |
CVE-2023-28708 | Vulnerability in the Oracle Communications Policy Management product of Oracle Communications (component: Core (Apache Tomcat)). The supported version that is affected is 12.6.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Policy Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Communications Policy Management accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N). ( legend ) [ Advisory ] |
This table provides the text form of the Risk Matrix for Oracle Construction and Engineering.
CVE ID | Description |
---|---|
CVE-2021-23413 | Vulnerability in the Primavera Unifier product of Oracle Construction and Engineering (component: User Interface (JSZip)). Supported versions that are affected are 18.8.0-18.8.18, 19.12.0-19.12.16, 20.12.0-20.12.16, 21.12.0-21.12.14 and 22.12.0-22.12.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera Unifier. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Primavera Unifier. CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L). ( legend ) [ Advisory ] |
CVE-2022-27404 | Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: Document Viewing using Outside In technology (FreeType)). Supported versions that are affected are 18.8.0-18.8.26, 19.12.0-19.12.21, 20.12.0-20.12.18, 21.12.0-21.12.12 and 22.12.0-22.12.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks of this vulnerability can result in takeover of Primavera P6 Enterprise Project Portfolio Management. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ] |
CVE-2022-27404 | Vulnerability in the Primavera Unifier product of Oracle Construction and Engineering (component: Document Management (FreeType)). Supported versions that are affected are 18.8.0-18.8.18, 19.12.0-19.12.16, 20.12.0-20.12.16, 21.12.0-21.12.14 and 22.12.0-22.12.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera Unifier. Successful attacks of this vulnerability can result in takeover of Primavera Unifier. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ] |
CVE-2022-36033 | Vulnerability in the Primavera Unifier product of Oracle Construction and Engineering (component: User Interface (jsoup)). Supported versions that are affected are 18.8.0-18.8.18, 19.12.0-19.12.16, 20.12.0-20.12.16, 21.12.0-21.12.14 and 22.12.0-22.12.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera Unifier. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera Unifier, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Primavera Unifier accessible data as well as unauthorized read access to a subset of Primavera Unifier accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). ( legend ) [ Advisory ] |
This table provides the text form of the Risk Matrix for Oracle E-Business Suite.
CVE ID | Description |
---|---|
CVE-2023-21959 | Vulnerability in the Oracle iReceivables product of Oracle E-Business Suite (component: Attachments). Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle iReceivables. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle iReceivables accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). ( legend ) [ Advisory ] |
CVE-2023-21973 | Vulnerability in the Oracle iProcurement product of Oracle E-Business Suite (component: E-Content Manager Catalog). Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle iProcurement. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iProcurement, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle iProcurement accessible data as well as unauthorized read access to a subset of Oracle iProcurement accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). ( legend ) [ Advisory ] |
CVE-2023-21978 | Vulnerability in the Oracle Application Object Library product of Oracle E-Business Suite (component: GUI). Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Application Object Library, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Object Library accessible data as well as unauthorized read access to a subset of Oracle Application Object Library accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Application Object Library. CVSS 3.1 Base Score 6.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L). ( legend ) [ Advisory ] |
CVE-2023-21997 | Vulnerability in the Oracle User Management product of Oracle E-Business Suite (component: Proxy User Delegation). Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle User Management. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle User Management accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). ( legend ) [ Advisory ] |
This table provides the text form of the Risk Matrix for Oracle Enterprise Manager.
CVE ID | Description |
---|---|
CVE-2021-36374 | Vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager (component: Load Testing for Web Apps (Apache Ant)). The supported version that is affected is 13.3.0.1. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Application Testing Suite executes to compromise Oracle Application Testing Suite. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Application Testing Suite. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2021-40690 | Vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager (component: Load Testing for Web Apps (Apache Santuario XML Security For Java)). The supported version that is affected is 13.3.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Application Testing Suite. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Application Testing Suite accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). ( legend ) [ Advisory ] |
CVE-2022-23437 | Vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager (component: Load Testing for Web Apps (Apache Xerces2 Java)). The supported version that is affected is 13.3.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Application Testing Suite. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Application Testing Suite. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2022-41966 | Vulnerability in the Oracle Enterprise Manager Ops Center product of Oracle Enterprise Manager (component: Networking (XStream)). The supported version that is affected is 12.4.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Enterprise Manager Ops Center. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Enterprise Manager Ops Center. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
This table provides the text form of the Risk Matrix for Oracle Financial Services Applications.
CVE ID | Description |
---|---|
CVE-2019-12415 | Vulnerability in the Oracle Financial Services Revenue Management and Billing product of Oracle Financial Services Applications (component: Infrastructure (Apache POI)). Supported versions that are affected are 2.7, 2.8 and 2.9. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Financial Services Revenue Management and Billing executes to compromise Oracle Financial Services Revenue Management and Billing. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Financial Services Revenue Management and Billing accessible data. CVSS 3.1 Base Score 5.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). ( legend ) [ Advisory ] |
CVE-2020-11988 | Vulnerability in the Oracle Financial Services Revenue Management and Billing product of Oracle Financial Services Applications (component: Infrastructure (Apache XML Graphics Commons)). Supported versions that are affected are 2.7, 2.8 and 2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Revenue Management and Billing. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Financial Services Revenue Management and Billing accessible data as well as unauthorized update, insert or delete access to some of Oracle Financial Services Revenue Management and Billing accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N). ( legend ) [ Advisory ] |
CVE-2021-29425 | Vulnerability in the Oracle Financial Services Revenue Management and Billing product of Oracle Financial Services Applications (component: Infrastructure (Apache Commons IO)). Supported versions that are affected are 2.7, 2.8, 2.9, 3.0, 3.1, 3.2 and 4.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Revenue Management and Billing. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Revenue Management and Billing accessible data as well as unauthorized read access to a subset of Oracle Financial Services Revenue Management and Billing accessible data. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N). ( legend ) [ Advisory ] |
CVE-2021-36090 | Vulnerability in the Oracle Financial Services Revenue Management and Billing product of Oracle Financial Services Applications (component: Infrastructure (Apache Commons Compress)). Supported versions that are affected are 2.7, 2.8 and 2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Revenue Management and Billing. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Financial Services Revenue Management and Billing. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2021-41184 | Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure (jQueryUI)). Supported versions that are affected are 8.0.7.0, 8.0.8.0, 8.0.9.0, 8.1.0.0, 8.1.1.0, 8.1.2.0, 8.1.2.1 and 8.1.2.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Analytical Applications Infrastructure, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Analytical Applications Infrastructure accessible data as well as unauthorized read access to a subset of Oracle Financial Services Analytical Applications Infrastructure accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). ( legend ) [ Advisory ] |
CVE-2021-41184 | Vulnerability in the Oracle Financial Services Analytical Applications Reconciliation Framework product of Oracle Financial Services Applications (component: Application (jQueryUI)). Supported versions that are affected are 8.0.7.1.2 and 8.1.1.1.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Reconciliation Framework. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Analytical Applications Reconciliation Framework, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Analytical Applications Reconciliation Framework accessible data as well as unauthorized read access to a subset of Oracle Financial Services Analytical Applications Reconciliation Framework accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). ( legend ) [ Advisory ] |
CVE-2021-41184 | Vulnerability in the Oracle Financial Services Asset Liability Management product of Oracle Financial Services Applications (component: Application (jQueryUI)). The supported version that is affected is 8.0.7.8.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Asset Liability Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Asset Liability Management, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Asset Liability Management accessible data as well as unauthorized read access to a subset of Oracle Financial Services Asset Liability Management accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). ( legend ) [ Advisory ] |
CVE-2021-41184 | Vulnerability in the Oracle Financial Services Balance Computation Engine product of Oracle Financial Services Applications (component: Application (jQueryUI)). The supported version that is affected is 8.1.1.1.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Balance Computation Engine. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Balance Computation Engine, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Balance Computation Engine accessible data as well as unauthorized read access to a subset of Oracle Financial Services Balance Computation Engine accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). ( legend ) [ Advisory ] |
CVE-2021-41184 | Vulnerability in the Oracle Financial Services Balance Sheet Planning product of Oracle Financial Services Applications (component: Application (jQueryUI)). The supported version that is affected is 8.0.8.1.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Balance Sheet Planning. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Balance Sheet Planning, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Balance Sheet Planning accessible data as well as unauthorized read access to a subset of Oracle Financial Services Balance Sheet Planning accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). ( legend ) [ Advisory ] |
CVE-2021-41184 | Vulnerability in the Oracle Financial Services Data Governance for US Regulatory Reporting product of Oracle Financial Services Applications (component: Application (jQueryUI)). Supported versions that are affected are 8.1.2.0 and 8.1.2.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Data Governance for US Regulatory Reporting. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Data Governance for US Regulatory Reporting, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Data Governance for US Regulatory Reporting accessible data as well as unauthorized read access to a subset of Oracle Financial Services Data Governance for US Regulatory Reporting accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). ( legend ) [ Advisory ] |
CVE-2021-41184 | Vulnerability in the Oracle Financial Services Data Integration Hub product of Oracle Financial Services Applications (component: Application (jQueryUI)). Supported versions that are affected are 8.1.0.1.4, 8.1.2.2.1 and 8.0.7.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Data Integration Hub. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Data Integration Hub, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Data Integration Hub accessible data as well as unauthorized read access to a subset of Oracle Financial Services Data Integration Hub accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). ( legend ) [ Advisory ] |
CVE-2021-41184 | Vulnerability in the Oracle Financial Services Deposit Insurance Calculations for Liquidity Risk Management product of Oracle Financial Services Applications (component: Application (jQueryUI)). Supported versions that are affected are 8.0.7.3.1 and 8.0.8.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Deposit Insurance Calculations for Liquidity Risk Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Deposit Insurance Calculations for Liquidity Risk Management, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Deposit Insurance Calculations for Liquidity Risk Management accessible data as well as unauthorized read access to a subset of Oracle Financial Services Deposit Insurance Calculations for Liquidity Risk Management accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). ( legend ) [ Advisory ] |
CVE-2021-41184 | Vulnerability in the Oracle Financial Services Enterprise Financial Performance Analytics product of Oracle Financial Services Applications (component: Application (jQueryUI)). The supported version that is affected is 8.0.7.8.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Enterprise Financial Performance Analytics. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Enterprise Financial Performance Analytics, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Enterprise Financial Performance Analytics accessible data as well as unauthorized read access to a subset of Oracle Financial Services Enterprise Financial Performance Analytics accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). ( legend ) [ Advisory ] |
CVE-2021-41184 | Vulnerability in the Oracle Financial Services Funds Transfer Pricing product of Oracle Financial Services Applications (component: Application (jQueryUI)). The supported version that is affected is 8.0.7.8.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Funds Transfer Pricing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Funds Transfer Pricing, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Funds Transfer Pricing accessible data as well as unauthorized read access to a subset of Oracle Financial Services Funds Transfer Pricing accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). ( legend ) [ Advisory ] |
CVE-2021-41184 | Vulnerability in the Oracle Financial Services Loan Loss Forecasting and Provisioning product of Oracle Financial Services Applications (component: Application (jQueryUI)). Supported versions that are affected are 8.0.7.8.1 and 8.0.8.2.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Loan Loss Forecasting and Provisioning. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Loan Loss Forecasting and Provisioning, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Loan Loss Forecasting and Provisioning accessible data as well as unauthorized read access to a subset of Oracle Financial Services Loan Loss Forecasting and Provisioning accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). ( legend ) [ Advisory ] |
CVE-2021-41184 | Vulnerability in the Oracle Financial Services Institutional Performance Analytics product of Oracle Financial Services Applications (component: Application (jQueryUI)). The supported version that is affected is 8.0.7.8.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Institutional Performance Analytics. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Institutional Performance Analytics, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Institutional Performance Analytics accessible data as well as unauthorized read access to a subset of Oracle Financial Services Institutional Performance Analytics accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). ( legend ) [ Advisory ] |
CVE-2021-41184 | Vulnerability in the Oracle Financial Services Liquidity Risk Measurement and Management product of Oracle Financial Services Applications (component: Application (jQueryUI)). Supported versions that are affected are 8.0.7.3.1 and 8.0.8.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Liquidity Risk Measurement and Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Liquidity Risk Measurement and Management, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Liquidity Risk Measurement and Management accessible data as well as unauthorized read access to a subset of Oracle Financial Services Liquidity Risk Measurement and Management accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). ( legend ) [ Advisory ] |
CVE-2021-41184 | Vulnerability in the Oracle Financial Services Profitability Management product of Oracle Financial Services Applications (component: Application (jQueryUI)). The supported version that is affected is 8.0.7.8.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Profitability Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Profitability Management, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Profitability Management accessible data as well as unauthorized read access to a subset of Oracle Financial Services Profitability Management accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). ( legend ) [ Advisory ] |
CVE-2021-41184 | Vulnerability in the Oracle Financial Services Retail Performance Analytics product of Oracle Financial Services Applications (component: Application (jQueryUI)). The supported version that is affected is 8.0.7.8.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Retail Performance Analytics. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Retail Performance Analytics, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Retail Performance Analytics accessible data as well as unauthorized read access to a subset of Oracle Financial Services Retail Performance Analytics accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). ( legend ) [ Advisory ] |
CVE-2021-43859 | Vulnerability in the Oracle Financial Services Revenue Management and Billing product of Oracle Financial Services Applications (component: Infrastructure (XStream)). Supported versions that are affected are 2.7, 2.7.1, 2.8, 2.9, 2.9, 2.9.1, 3.0, 3.1, 3.2 and 4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Revenue Management and Billing. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Financial Services Revenue Management and Billing. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2022-2048 | Vulnerability in the Oracle Banking Corporate Lending Process Management product of Oracle Financial Services Applications (component: Base (Eclipse Jetty)). Supported versions that are affected are 14.4-14.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Corporate Lending Process Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Corporate Lending Process Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2022-22971 | Vulnerability in the Oracle Banking Corporate Lending Process Management product of Oracle Financial Services Applications (component: Base (Spring Framework)). Supported versions that are affected are 14.4-14.7. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending Process Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Corporate Lending Process Management. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2022-22978 | Vulnerability in the Oracle Banking Corporate Lending Process Management product of Oracle Financial Services Applications (component: Base (Spring Security)). Supported versions that are affected are 14.4-14.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Corporate Lending Process Management. Successful attacks of this vulnerability can result in takeover of Oracle Banking Corporate Lending Process Management. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ] |
CVE-2022-22979 | Vulnerability in the Oracle Banking Corporate Lending Process Management product of Oracle Financial Services Applications (component: Base (Spring Cloud Function)). Supported versions that are affected are 14.4-14.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Corporate Lending Process Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Corporate Lending Process Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2022-23437 | Vulnerability in the Oracle Financial Services Revenue Management and Billing product of Oracle Financial Services Applications (component: Infrastructure (Apache Xerces2 Java)). Supported versions that are affected are 2.7, 2.7.1, 2.8, 2.9, 2.9.1, 3.0, 3.1, 3.2 and 4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Revenue Management and Billing. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Financial Services Revenue Management and Billing. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2022-24839 | Vulnerability in the Oracle FLEXCUBE Core Banking product of Oracle Financial Services Applications (component: Securities (NekoHTML)). Supported versions that are affected are 11.6, 11.7, 11.8, 11.10 and 11.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Core Banking. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle FLEXCUBE Core Banking. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2022-25647 | Vulnerability in the Oracle Banking APIs product of Oracle Financial Services Applications (component: IDM - Authentication (Google Gson)). Supported versions that are affected are 18.2, 18.3, 19.1, 19.2, 21.1, 22.1 and 22.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking APIs. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking APIs. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2022-25647 | Vulnerability in the Oracle Banking Corporate Lending product of Oracle Financial Services Applications (component: Core (Google Gson)). Supported versions that are affected are 14.0-14.3 and 14.5-14.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Corporate Lending. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2022-25647 | Vulnerability in the Oracle Banking Digital Experience product of Oracle Financial Services Applications (component: UI General (Google Gson)). Supported versions that are affected are 18.2, 18.3, 19.1, 19.2, 21.1, 22.1 and 22.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Digital Experience. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Digital Experience. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2022-25647 | Vulnerability in the Oracle Banking Payments product of Oracle Financial Services Applications (component: Infrastructure (Google Gson)). Supported versions that are affected are 14.5, 14.6 and 14.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Payments. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2022-25647 | Vulnerability in the Oracle Banking Trade Finance product of Oracle Financial Services Applications (component: Infrastructure (Google Gson)). Supported versions that are affected are 14.5, 14.6 and 14.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Trade Finance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Trade Finance. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2022-25647 | Vulnerability in the Oracle Banking Treasury Management product of Oracle Financial Services Applications (component: Infra Code (Google Gson)). Supported versions that are affected are 14.5, 14.6 and 14.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Treasury Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Treasury Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2022-25647 | Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: Infrastructure (Google Gson)). Supported versions that are affected are 14.0-14.3 and 14.5-14.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle FLEXCUBE Universal Banking. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2022-29577 | Vulnerability in the Oracle Financial Services Regulatory Reporting with AgileREPORTER product of Oracle Financial Services Applications (component: Application (AntiSamy)). The supported version that is affected is 8.1.1.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Regulatory Reporting with AgileREPORTER. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Regulatory Reporting with AgileREPORTER, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Regulatory Reporting with AgileREPORTER accessible data as well as unauthorized read access to a subset of Oracle Financial Services Regulatory Reporting with AgileREPORTER accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). ( legend ) [ Advisory ] |
CVE-2022-3171 | Vulnerability in the Oracle Banking Corporate Lending product of Oracle Financial Services Applications (component: Core (Google Protobuf-Java)). Supported versions that are affected are 14.0-14.3 and 14.5-14.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Corporate Lending. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2022-3171 | Vulnerability in the Oracle Banking Payments product of Oracle Financial Services Applications (component: Infrastructure (Google Protobuf-Java)). Supported versions that are affected are 14.5, 14.6 and 14.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Payments. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2022-3171 | Vulnerability in the Oracle Banking Trade Finance product of Oracle Financial Services Applications (component: Infrastructure (Google Protobuf-Java)). Supported versions that are affected are 14.5, 14.6 and 14.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Trade Finance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Trade Finance. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2022-3171 | Vulnerability in the Oracle Banking Treasury Management product of Oracle Financial Services Applications (component: Infra Code (Google Protobuf-Java)). Supported versions that are affected are 14.5, 14.6 and 14.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Treasury Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Treasury Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2022-3171 | Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: Infrastructure (Google Protobuf-Java)). Supported versions that are affected are 14.0-14.3 and 14.5-14.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle FLEXCUBE Universal Banking. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2022-34169 | Vulnerability in the Oracle Financial Services Revenue Management and Billing product of Oracle Financial Services Applications (component: Infrastructure (Apache Xalan-Java)). Supported versions that are affected are 2.7, 2.7.1, 2.8, 2.9, 2.9.1, 3.0, 3.1, 3.2 and 4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Revenue Management and Billing. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Revenue Management and Billing accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). ( legend ) [ Advisory ] |
CVE-2022-36033 | Vulnerability in the Oracle Banking Digital Experience product of Oracle Financial Services Applications (component: UI General (jsoup)). Supported versions that are affected are 18.2, 18.3, 19.1, 19.2, 21.1, 22.1 and 22.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Digital Experience. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Banking Digital Experience, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Digital Experience accessible data as well as unauthorized read access to a subset of Oracle Banking Digital Experience accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). ( legend ) [ Advisory ] |
CVE-2022-36033 | Vulnerability in the Oracle Banking Trade Finance product of Oracle Financial Services Applications (component: Infrastructure (jsoup)). Supported versions that are affected are 14.5, 14.6 and 14.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Trade Finance. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Banking Trade Finance, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Trade Finance accessible data as well as unauthorized read access to a subset of Oracle Banking Trade Finance accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). ( legend ) [ Advisory ] |
CVE-2022-36033 | Vulnerability in the Oracle Banking Treasury Management product of Oracle Financial Services Applications (component: Infrastructure (jsoup)). Supported versions that are affected are 14.5, 14.6 and 14.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Treasury Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Banking Treasury Management, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Treasury Management accessible data as well as unauthorized read access to a subset of Oracle Banking Treasury Management accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). ( legend ) [ Advisory ] |
CVE-2022-36033 | Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: Infrastructure (jsoup)). Supported versions that are affected are 14.0-14.3 and 14.5-14.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle FLEXCUBE Universal Banking, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). ( legend ) [ Advisory ] |
CVE-2022-38752 | Vulnerability in the Oracle Financial Services Model Management and Governance product of Oracle Financial Services Applications (component: Application (SnakeYAML)). Supported versions that are affected are 8.1.0.0 and 8.1.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Model Management and Governance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Financial Services Model Management and Governance. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2022-40146 | Vulnerability in the Oracle Financial Services Revenue Management and Billing product of Oracle Financial Services Applications (component: Infrastructure (Apache Batik)). Supported versions that are affected are 2.7, 2.7.1, 2.8, 2.9, 2.9.1, 3.0, 3.1, 3.2 and 4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Revenue Management and Billing. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Financial Services Revenue Management and Billing accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). ( legend ) [ Advisory ] |
CVE-2022-41881 | Vulnerability in the Oracle Banking Digital Experience product of Oracle Financial Services Applications (component: UI General (Netty)). Supported versions that are affected are 18.2, 18.3, 19.1, 19.2, 21.1, 22.1 and 22.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Digital Experience. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Digital Experience. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2022-42003 | Vulnerability in the Oracle Banking Digital Experience product of Oracle Financial Services Applications (component: UI General (jackson-databind)). Supported versions that are affected are 18.2, 18.3, 19.1, 19.2, 21.1, 22.1 and 22.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Digital Experience. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Digital Experience. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2022-42003 | Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure (jackson-databind)). Supported versions that are affected are 8.0.7.0, 8.0.8.0, 8.0.9.0, 8.1.0.0, 8.1.1.0, 8.1.2.0, 8.1.2.1 and 8.1.2.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Financial Services Analytical Applications Infrastructure. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2022-42003 | Vulnerability in the Oracle Financial Services Behavior Detection Platform product of Oracle Financial Services Applications (component: Application (jackson-databind)). Supported versions that are affected are 8.0.8.1, 8.1.1.1, 8.1.2.3 and 8.1.2.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Behavior Detection Platform. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Financial Services Behavior Detection Platform. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2022-42003 | Vulnerability in the Oracle Financial Services Enterprise Case Management product of Oracle Financial Services Applications (component: Application (jackson-databind)). Supported versions that are affected are 8.1.2.4, 8.1.2.3, 8.1.1.1 and 8.0.8.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Enterprise Case Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Financial Services Enterprise Case Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2022-42252 | Vulnerability in the Oracle Financial Services Model Management and Governance product of Oracle Financial Services Applications (component: Application (Apache Tomcat)). Supported versions that are affected are 8.1.0.0 and 8.1.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Model Management and Governance. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Model Management and Governance accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). ( legend ) [ Advisory ] |
CVE-2022-42889 | Vulnerability in the Oracle Financial Services Compliance Studio product of Oracle Financial Services Applications (component: Application (Apache Commons Text)). The supported version that is affected is 8.1.2.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Compliance Studio. Successful attacks of this vulnerability can result in takeover of Oracle Financial Services Compliance Studio. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ] |
CVE-2022-42890 | Vulnerability in the Oracle Banking Digital Experience product of Oracle Financial Services Applications (component: UI General (Apache Batik)). Supported versions that are affected are 18.2, 18.3, 19.1, 19.2, 21.1, 22.1 and 22.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Digital Experience. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Digital Experience accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). ( legend ) [ Advisory ] |
CVE-2022-42890 | Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure (Apache Batik)). Supported versions that are affected are 8.0.7.0, 8.0.8.0, 8.0.9.0, 8.1.0.0, 8.1.1.0, 8.1.2.0, 8.1.2.1 and 8.1.2.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Financial Services Analytical Applications Infrastructure accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). ( legend ) [ Advisory ] |
CVE-2022-43680 | Vulnerability in the Oracle Financial Services Currency Transaction Reporting product of Oracle Financial Services Applications (component: Application (LibExpat)). Supported versions that are affected are 8.0.8.1.0, 8.1.1.1.0, 8.1.2.3.0 and 8.1.2.4.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Currency Transaction Reporting. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Financial Services Currency Transaction Reporting. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2022-43680 | Vulnerability in the Oracle Financial Services Behavior Detection Platform product of Oracle Financial Services Applications (component: Third Party (LibExpat)). Supported versions that are affected are 8.0.8.1, 8.1.1.1, 8.1.2.3 and 8.1.2.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Behavior Detection Platform. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Financial Services Behavior Detection Platform. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2022-43680 | Vulnerability in the Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition product of Oracle Financial Services Applications (component: Application (LibExpat)). The supported version that is affected is 8.0.8.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2022-46364 | Vulnerability in the Oracle Banking Digital Experience product of Oracle Financial Services Applications (component: UI General (Apache CXF)). Supported versions that are affected are 21.1, 22.1 and 22.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Digital Experience. Successful attacks of this vulnerability can result in takeover of Oracle Banking Digital Experience. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ] |
CVE-2022-46908 | Vulnerability in the Oracle Financial Services Compliance Studio product of Oracle Financial Services Applications (component: Application (SQLite)). The supported version that is affected is 8.1.2.4. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Financial Services Compliance Studio executes to compromise Oracle Financial Services Compliance Studio. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Compliance Studio accessible data as well as unauthorized access to critical data or complete access to all Oracle Financial Services Compliance Studio accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Financial Services Compliance Studio. CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L). ( legend ) [ Advisory ] |
CVE-2023-21902 | Vulnerability in the Oracle Financial Services Behavior Detection Platform product of Oracle Financial Services Applications (component: Application). The supported version that is affected is 8.0.8.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Behavior Detection Platform. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Financial Services Behavior Detection Platform accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). ( legend ) [ Advisory ] |
CVE-2023-21903 | Vulnerability in the Oracle Banking Virtual Account Management product of Oracle Financial Services Applications (component: OBVAM Internal Tfr Domain). Supported versions that are affected are 14.5, 14.6 and 14.7. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Banking Virtual Account Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Virtual Account Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Banking Virtual Account Management accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Banking Virtual Account Management. CVSS 3.1 Base Score 5.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:L). ( legend ) [ Advisory ] |
CVE-2023-21904 | Vulnerability in the Oracle Banking Virtual Account Management product of Oracle Financial Services Applications (component: OBVAM Trn Journal Domain). Supported versions that are affected are 14.5, 14.6 and 14.7. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Banking Virtual Account Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Virtual Account Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Banking Virtual Account Management accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Banking Virtual Account Management. CVSS 3.1 Base Score 5.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:L). ( legend ) [ Advisory ] |
CVE-2023-21905 | Vulnerability in the Oracle Banking Virtual Account Management product of Oracle Financial Services Applications (component: Routing Hub). Supported versions that are affected are 14.5, 14.6 and 14.7. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Banking Virtual Account Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Banking Virtual Account Management accessible data as well as unauthorized access to critical data or complete access to all Oracle Banking Virtual Account Management accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N). ( legend ) [ Advisory ] |
CVE-2023-21906 | Vulnerability in the Oracle Banking Virtual Account Management product of Oracle Financial Services Applications (component: SMS Module). Supported versions that are affected are 14.5, 14.6 and 14.7. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Banking Virtual Account Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Banking Virtual Account Management accessible data as well as unauthorized access to critical data or complete access to all Oracle Banking Virtual Account Management accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N). ( legend ) [ Advisory ] |
CVE-2023-21907 | Vulnerability in the Oracle Banking Virtual Account Management product of Oracle Financial Services Applications (component: OBVAM Trn Journal Domain). Supported versions that are affected are 14.5, 14.6 and 14.7. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Banking Virtual Account Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Virtual Account Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Banking Virtual Account Management accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Virtual Account Management. CVSS 3.1 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:H). ( legend ) [ Advisory ] |
CVE-2023-21908 | Vulnerability in the Oracle Banking Virtual Account Management product of Oracle Financial Services Applications (component: OBVAM Trn Journal Domain). Supported versions that are affected are 14.5, 14.6 and 14.7. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Banking Virtual Account Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Virtual Account Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Banking Virtual Account Management accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Virtual Account Management. CVSS 3.1 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:H). ( legend ) [ Advisory ] |
CVE-2023-21915 | Vulnerability in the Oracle Banking Payments product of Oracle Financial Services Applications (component: Book/Internal Transfer). Supported versions that are affected are 14.5, 14.6 and 14.7. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Payments accessible data as well as unauthorized read access to a subset of Oracle Banking Payments accessible data. CVSS 3.1 Base Score 4.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N). ( legend ) [ Advisory ] |
CVE-2023-24998 | Vulnerability in the Oracle Banking APIs product of Oracle Financial Services Applications (component: IDM - Authentication (Apache Commons FileUpload)). Supported versions that are affected are 18.2, 18.3, 19.1, 19.2, 21.1, 22.1 and 22.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking APIs. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking APIs. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2023-24998 | Vulnerability in the Oracle Banking Digital Experience product of Oracle Financial Services Applications (component: UI General (Apache Commons FileUpload)). Supported versions that are affected are 18.2, 18.3, 19.1, 19.2, 21.1, 22.1 and 22.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Digital Experience. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Digital Experience. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2023-25194 | Vulnerability in the Oracle Banking APIs product of Oracle Financial Services Applications (component: IDM - Authentication (Apache Kafka)). Supported versions that are affected are 22.1 and 22.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking APIs. Successful attacks of this vulnerability can result in takeover of Oracle Banking APIs. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ] |
CVE-2023-25194 | Vulnerability in the Oracle Banking Digital Experience product of Oracle Financial Services Applications (component: UI General (Apache Kafka)). Supported versions that are affected are 22.1 and 22.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Digital Experience. Successful attacks of this vulnerability can result in takeover of Oracle Banking Digital Experience. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ] |
CVE-2023-25194 | Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure (Apache Kafka)). Supported versions that are affected are 8.0.7.0, 8.0.8.0, 8.0.9.0, 8.1.0.0, 8.1.1.0, 8.1.2.0, 8.1.2.1 and 8.1.2.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks of this vulnerability can result in takeover of Oracle Financial Services Analytical Applications Infrastructure. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ] |
CVE-2023-25194 | Vulnerability in the Oracle Financial Services Behavior Detection Platform product of Oracle Financial Services Applications (component: Application (Apache Kafka)). Supported versions that are affected are 8.0.8.1, 8.1.1.1, 8.1.2.3 and 8.1.2.4. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Behavior Detection Platform. Successful attacks of this vulnerability can result in takeover of Oracle Financial Services Behavior Detection Platform. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ] |
CVE-2023-25194 | Vulnerability in the Oracle Financial Services Regulatory Reporting product of Oracle Financial Services Applications (component: Application (Apache Kafka)). Supported versions that are affected are 8.0.8.1, 8.1.1.1, 8.1.2.3 and 8.1.2.4. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Regulatory Reporting. Successful attacks of this vulnerability can result in takeover of Oracle Financial Services Regulatory Reporting. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ] |
CVE-2023-28708 | Vulnerability in the Oracle Financial Services Crime and Compliance Management Studio product of Oracle Financial Services Applications (component: Studio (Apache Tomcat)). The supported version that is affected is 8.0.8.3.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Crime and Compliance Management Studio. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Financial Services Crime and Compliance Management Studio accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N). ( legend ) [ Advisory ] |
This table provides the text form of the Risk Matrix for Oracle Fusion Middleware.
CVE ID | Description |
---|---|
CVE-2018-14371 | Vulnerability in the Oracle JDeveloper product of Oracle Fusion Middleware (component: ADF Faces (Eclipse Mojarra)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle JDeveloper. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle JDeveloper accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). ( legend ) [ Advisory ] |
CVE-2019-20916 | Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: Third Party (Jython)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Access Manager. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2020-13954 | Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: Samples (Apache CXF)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebCenter Sites, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebCenter Sites accessible data as well as unauthorized read access to a subset of Oracle WebCenter Sites accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). ( legend ) [ Advisory ] |
CVE-2020-25638 | Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core (JBoss Enterprise Application Platform)). The supported version that is affected is 14.1.1.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle WebLogic Server accessible data as well as unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N). ( legend ) [ Advisory ] |
CVE-2020-6950 | Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Third Party (Eclipse Mojarra)). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N). ( legend ) [ Advisory ] |
CVE-2021-22569 | Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Third Party (Google Protobuf-Java)). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle WebLogic Server executes to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2021-31684 | Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Third Party (json-smart)). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2021-34798 | Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: SSL Module (Apache HTTP Server)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle HTTP Server. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2021-36090 | Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Third Party (Apache Commons Compress)). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2021-36374 | Vulnerability in the Oracle Middleware Common Libraries and Tools product of Oracle Fusion Middleware (component: Third Party (Apache Ant)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Middleware Common Libraries and Tools executes to compromise Oracle Middleware Common Libraries and Tools. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Middleware Common Libraries and Tools. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2021-37533 | Vulnerability in the Oracle Middleware Common Libraries and Tools product of Oracle Fusion Middleware (component: Remote Diagnostic Agent (Apache Commons Net)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Middleware Common Libraries and Tools. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Middleware Common Libraries and Tools accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N). ( legend ) [ Advisory ] |
CVE-2022-22965 | Vulnerability in the Oracle Data Integrator product of Oracle Fusion Middleware (component: Third Party (Spring Framework)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Data Integrator. Successful attacks of this vulnerability can result in takeover of Oracle Data Integrator. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ] |
CVE-2022-22965 | Vulnerability in the Oracle Managed File Transfer product of Oracle Fusion Middleware (component: MFT Runtime Server (Spring Framework)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Managed File Transfer. Successful attacks of this vulnerability can result in takeover of Oracle Managed File Transfer. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ] |
CVE-2022-29599 | Vulnerability in the Oracle Middleware Common Libraries and Tools product of Oracle Fusion Middleware (component: Third Party (Apache Maven)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Middleware Common Libraries and Tools. Successful attacks of this vulnerability can result in takeover of Oracle Middleware Common Libraries and Tools. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ] |
CVE-2022-31160 | Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console (jQueryUI)). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle WebLogic Server executes to compromise Oracle WebLogic Server. While the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 3.9 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N). ( legend ) [ Advisory ] |
CVE-2022-33980 | Vulnerability in the Oracle Middleware Common Libraries and Tools product of Oracle Fusion Middleware (component: Third Party (Apache Commons Configuration)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Middleware Common Libraries and Tools. Successful attacks of this vulnerability can result in takeover of Oracle Middleware Common Libraries and Tools. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ] |
CVE-2022-34305 | Vulnerability in the Oracle Managed File Transfer product of Oracle Fusion Middleware (component: MFT Runtime Server (Apache Tomcat)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Managed File Transfer. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Managed File Transfer, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Managed File Transfer accessible data as well as unauthorized read access to a subset of Oracle Managed File Transfer accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). ( legend ) [ Advisory ] |
CVE-2022-36033 | Vulnerability in the Oracle Business Process Management Suite product of Oracle Fusion Middleware (component: Installer (jsoup)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Process Management Suite. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Process Management Suite, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Process Management Suite accessible data as well as unauthorized read access to a subset of Oracle Business Process Management Suite accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). ( legend ) [ Advisory ] |
CVE-2022-36033 | Vulnerability in the Oracle Middleware Common Libraries and Tools product of Oracle Fusion Middleware (component: Third Party (jsoup)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Middleware Common Libraries and Tools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Middleware Common Libraries and Tools, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Middleware Common Libraries and Tools accessible data as well as unauthorized read access to a subset of Oracle Middleware Common Libraries and Tools accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). ( legend ) [ Advisory ] |
CVE-2022-36033 | Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware (component: Security Framework (jsoup)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Portal. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebCenter Portal, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebCenter Portal accessible data as well as unauthorized read access to a subset of Oracle WebCenter Portal accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). ( legend ) [ Advisory ] |
CVE-2022-37434 | Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: SSL Module (zlib)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in takeover of Oracle HTTP Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ] |
CVE-2022-40149 | Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: Build Scripts (Jettison)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Access Manager. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2022-40151 | Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware (component: Security Framework (XStream)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Portal. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebCenter Portal. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2022-40152 | Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Samples (XStream)). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2022-40304 | Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: SSL Module (libxml2)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle HTTP Server executes to compromise Oracle HTTP Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle HTTP Server. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ] |
CVE-2022-41881 | Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Core (Netty)). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Coherence. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Coherence. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2022-41881 | Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware (component: Security Framework (Netty)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Portal. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebCenter Portal. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2022-41966 | Vulnerability in the Oracle SOA Suite product of Oracle Fusion Middleware (component: Security (XStream)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle SOA Suite. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle SOA Suite. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2022-42003 | Vulnerability in the Oracle Business Process Management Suite product of Oracle Fusion Middleware (component: Installer (jackson-databind)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Process Management Suite. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Business Process Management Suite. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2022-42003 | Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Core (jackson-databind)). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Coherence. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Coherence. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2022-42003 | Vulnerability in the Oracle Identity Manager product of Oracle Fusion Middleware (component: Installer (jackson-databind)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Identity Manager. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Identity Manager. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2022-42003 | Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware (component: Security Framework (jackson-databind)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Portal. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebCenter Portal. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2022-42890 | Vulnerability in the Oracle Business Process Management Suite product of Oracle Fusion Middleware (component: Installer (Apache Batik)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Process Management Suite. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Business Process Management Suite accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). ( legend ) [ Advisory ] |
CVE-2022-42890 | Vulnerability in the Oracle Middleware Common Libraries and Tools product of Oracle Fusion Middleware (component: Third Party (Apache Batik)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Middleware Common Libraries and Tools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Middleware Common Libraries and Tools accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). ( legend ) [ Advisory ] |
CVE-2022-43551 | Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: SSL Module (cURL)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle HTTP Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). ( legend ) [ Advisory ] |
CVE-2022-45047 | Vulnerability in the Oracle Business Process Management Suite product of Oracle Fusion Middleware (component: Installer (Apache Mina SSHD)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Process Management Suite. Successful attacks of this vulnerability can result in takeover of Oracle Business Process Management Suite. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ] |
CVE-2022-45685 | Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Third Party (Jettison)). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2022-45693 | Vulnerability in the Oracle Identity Manager product of Oracle Fusion Middleware (component: Third Party (Jettison)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Identity Manager. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Identity Manager. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2022-46908 | Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Third Party (SQLite)). The supported version that is affected is 8.5.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Outside In Technology executes to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Outside In Technology accessible data as well as unauthorized access to critical data or complete access to all Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L). ( legend ) [ Advisory ] |
CVE-2023-21931 | Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). ( legend ) [ Advisory ] |
CVE-2023-21956 | Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Container). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). ( legend ) [ Advisory ] |
CVE-2023-21960 | Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle WebLogic Server. CVSS 3.1 Base Score 5.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L). ( legend ) [ Advisory ] |
CVE-2023-21964 | Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2023-21979 | Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). ( legend ) [ Advisory ] |
CVE-2023-21996 | Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2023-22899 | Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: Third Party (Zip4j)). The supported version that is affected is 12.2.1.4.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Access Manager accessible data. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N). ( legend ) [ Advisory ] |
CVE-2023-24998 | Vulnerability in the Oracle Middleware Common Libraries and Tools product of Oracle Fusion Middleware (component: Third Party (Apache Commons FileUpload)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Middleware Common Libraries and Tools. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Middleware Common Libraries and Tools. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2023-24998 | Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console (Apache Commons FileUpload)). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2023-24998 | Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Third Party (Apache Commons FileUpload)). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
This table provides the text form of the Risk Matrix for Oracle Analytics.
CVE ID | Description |
---|---|
CVE-2018-1000656 | Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Machine Learning (Flask)). The supported version that is affected is 6.4.0.0.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Base Score 4.8 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2019-10086 | Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server (Apache Commons BeanUtils)). The supported version that is affected is 6.4.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L). ( legend ) [ Advisory ] |
CVE-2019-10172 | Security-in-Depth issue in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: BIInfer (Jackson-mapper-asl)). This vulnerability cannot be exploited in the context of this product. [ Advisory ] |
CVE-2020-28052 | Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Web General (Bouncy Castle Java Library)). The supported version that is affected is 12.2.1.4.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in takeover of Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ] |
CVE-2021-23926 | Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Visual Analyzer (Apache POI)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Business Intelligence Enterprise Edition accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Base Score 7.3 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2021-27568 | Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: BI Application Archive (json-smart)). The supported version that is affected is 6.4.0.0.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2021-36090 | Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Content Storage Service (Apache Commons Compress)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2021-4048 | Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Machine Learning (OpenBLAS)). The supported version that is affected is 6.4.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Business Intelligence Enterprise Edition accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Base Score 9.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2021-40690 | Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server (Apache CXF)). The supported version that is affected is 6.4.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). ( legend ) [ Advisory ] |
CVE-2022-1587 | Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server (PCRE2)). The supported version that is affected is 6.4.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Business Intelligence Enterprise Edition accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Base Score 9.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2022-31160 | Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Pod Admin (jQueryUI)). Supported versions that are affected are 5.9.0.0.0 and 6.4.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). ( legend ) [ Advisory ] |
CVE-2022-32215 | Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: BI Lifecycle (Node.js)). The supported version that is affected is 6.4.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N). ( legend ) [ Advisory ] |
CVE-2022-34169 | Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: JAXP (Apache Xalan-J)). The supported version that is affected is 12.2.1.4.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Business Intelligence Enterprise Edition and unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2022-37434 | Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server (zlib)). The supported version that is affected is 6.4.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in takeover of Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ] |
CVE-2022-42003 | Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server (jackson-databind)). The supported version that is affected is 6.4.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2022-42889 | Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: BI Application Archive (Apache Commons Text)). The supported version that is affected is 6.4.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in takeover of Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ] |
CVE-2023-21910 | Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Web General). Supported versions that are affected are 6.4.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). ( legend ) [ Advisory ] |
CVE-2023-21941 | Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Web Server). Supported versions that are affected are 6.4.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle BI Publisher accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). ( legend ) [ Advisory ] |
CVE-2023-21952 | Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server). The supported version that is affected is 6.4.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 5.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N). ( legend ) [ Advisory ] |
CVE-2023-21965 | Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server). The supported version that is affected is 6.4.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 5.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N). ( legend ) [ Advisory ] |
CVE-2023-21970 | Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Security). The supported version that is affected is 6.4.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle BI Publisher accessible data. CVSS 3.1 Base Score 5.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N). ( legend ) [ Advisory ] |
This table provides the text form of the Risk Matrix for Oracle Health Sciences Applications.
CVE ID | Description |
---|---|
CVE-2019-18935 | Vulnerability in the Oracle Argus Insight product of Oracle Health Sciences Applications (component: Core (Telerik UI for ASP.NET AJAX)). Supported versions that are affected are Prior to 8.2.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Argus Insight. Successful attacks of this vulnerability can result in takeover of Oracle Argus Insight. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ] |
CVE-2019-18935 | Vulnerability in the Oracle Argus Safety product of Oracle Health Sciences Applications (component: Core (Telerik UI for ASP.NET AJAX)). Supported versions that are affected are Prior to 8.2.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Argus Safety. Successful attacks of this vulnerability can result in takeover of Oracle Argus Safety. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ] |
CVE-2021-41184 | Vulnerability in the Oracle Health Sciences InForm product of Oracle Health Sciences Applications (component: Core (jQueryUI)). Supported versions that are affected are Prior to 6.3.1.3 and Prior to 7.0.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Health Sciences InForm. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Health Sciences InForm, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Health Sciences InForm accessible data as well as unauthorized read access to a subset of Oracle Health Sciences InForm accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). ( legend ) [ Advisory ] |
CVE-2023-21921 | Vulnerability in the Oracle Health Sciences InForm product of Oracle Health Sciences Applications (component: Core). Supported versions that are affected are Prior to 6.3.1.3 and Prior to 7.0.0.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Health Sciences InForm. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Health Sciences InForm accessible data as well as unauthorized read access to a subset of Oracle Health Sciences InForm accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N). ( legend ) [ Advisory ] |
CVE-2023-21922 | Vulnerability in the Oracle Health Sciences InForm product of Oracle Health Sciences Applications (component: Core). Supported versions that are affected are Prior to 6.3.1.3 and Prior to 7.0.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Health Sciences InForm. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Health Sciences InForm accessible data as well as unauthorized access to critical data or complete access to all Oracle Health Sciences InForm accessible data. CVSS 3.1 Base Score 6.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N). ( legend ) [ Advisory ] |
CVE-2023-21923 | Vulnerability in the Oracle Health Sciences InForm product of Oracle Health Sciences Applications (component: Core). Supported versions that are affected are Prior to 6.3.1.3 and Prior to 7.0.0.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Health Sciences InForm. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Health Sciences InForm accessible data as well as unauthorized access to critical data or complete access to all Oracle Health Sciences InForm accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Health Sciences InForm. CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L). ( legend ) [ Advisory ] |
CVE-2023-21924 | Vulnerability in the Oracle Health Sciences InForm product of Oracle Health Sciences Applications (component: Core). Supported versions that are affected are Prior to 6.3.1.3 and Prior to 7.0.0.1. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Health Sciences InForm. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Health Sciences InForm, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Health Sciences InForm accessible data as well as unauthorized read access to a subset of Oracle Health Sciences InForm accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Health Sciences InForm. CVSS 3.1 Base Score 5.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L). ( legend ) [ Advisory ] |
CVE-2023-21925 | Vulnerability in the Oracle Health Sciences InForm product of Oracle Health Sciences Applications (component: Core). Supported versions that are affected are Prior to 6.3.1.3 and Prior to 7.0.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Health Sciences InForm. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Health Sciences InForm. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). ( legend ) [ Advisory ] |
CVE-2023-21926 | Vulnerability in the Oracle Health Sciences InForm product of Oracle Health Sciences Applications (component: Core). Supported versions that are affected are Prior to 6.3.1.3 and Prior to 7.0.0.1. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Health Sciences InForm executes to compromise Oracle Health Sciences InForm. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Health Sciences InForm accessible data. CVSS 3.1 Base Score 5.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N). ( legend ) [ Advisory ] |
CVE-2023-21993 | Vulnerability in the Oracle Clinical Remote Data Capture product of Oracle Health Sciences Applications (component: Forms). The supported version that is affected is 5.4.0.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Clinical Remote Data Capture. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Clinical Remote Data Capture accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). ( legend ) [ Advisory ] |
This table provides the text form of the Risk Matrix for Oracle HealthCare Applications.
CVE ID | Description |
---|---|
CVE-2022-1471 | Vulnerability in the Oracle Healthcare Translational Research product of Oracle HealthCare Applications (component: DataStudio (SnakeYAML)). Supported versions that are affected are 4.1.0 and 4.1.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Healthcare Translational Research. Successful attacks of this vulnerability can result in takeover of Oracle Healthcare Translational Research. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ] |
CVE-2022-3171 | Vulnerability in the Oracle Healthcare Translational Research product of Oracle HealthCare Applications (component: DataStudio (Google Protobuf-Java)). Supported versions that are affected are 4.1.0 and 4.1.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Healthcare Translational Research. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Healthcare Translational Research. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2022-3479 | Vulnerability in the Oracle Healthcare Translational Research product of Oracle HealthCare Applications (component: DataStudio (NSS)). Supported versions that are affected are 4.1.0 and 4.1.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Healthcare Translational Research. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Healthcare Translational Research. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2022-42003 | Vulnerability in the Oracle Healthcare Translational Research product of Oracle HealthCare Applications (component: User Interface (jackson-databind)). Supported versions that are affected are 4.1.0 and 4.1.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Healthcare Translational Research. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Healthcare Translational Research. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2022-42889 | Vulnerability in the Oracle Healthcare Foundation product of Oracle HealthCare Applications (component: Self Service Analytics (Apache Commons Text)). Supported versions that are affected are 8.1.0, 8.1.1, 8.2.0, 8.2.1 and 8.2.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Healthcare Foundation. Successful attacks of this vulnerability can result in takeover of Oracle Healthcare Foundation. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ] |
CVE-2022-42889 | Vulnerability in the Oracle Healthcare Master Person Index product of Oracle HealthCare Applications (component: Self Service Analytics (Apache Commons Text)). Supported versions that are affected are 5.0.0-5.0.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Healthcare Master Person Index. Successful attacks of this vulnerability can result in takeover of Oracle Healthcare Master Person Index. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ] |
CVE-2022-42898 | Vulnerability in the Oracle Healthcare Translational Research product of Oracle HealthCare Applications (component: DataStudio (Kerberos)). Supported versions that are affected are 4.1.0 and 4.1.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Healthcare Translational Research. Successful attacks of this vulnerability can result in takeover of Oracle Healthcare Translational Research. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ] |
CVE-2022-46908 | Vulnerability in the Oracle Healthcare Translational Research product of Oracle HealthCare Applications (component: DataStudio (SQLite)). Supported versions that are affected are 4.1.0 and 4.1.1. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Healthcare Translational Research executes to compromise Oracle Healthcare Translational Research. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Healthcare Translational Research accessible data as well as unauthorized access to critical data or complete access to all Oracle Healthcare Translational Research accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Healthcare Translational Research. CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L). ( legend ) [ Advisory ] |
CVE-2023-23914 | Vulnerability in the Oracle Healthcare Translational Research product of Oracle HealthCare Applications (component: DataStudio (cURL)). Supported versions that are affected are 4.1.0 and 4.1.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Healthcare Translational Research. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Healthcare Translational Research accessible data as well as unauthorized access to critical data or complete access to all Oracle Healthcare Translational Research accessible data. CVSS 3.1 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N). ( legend ) [ Advisory ] |
CVE-2023-25136 | Vulnerability in the Oracle Healthcare Translational Research product of Oracle HealthCare Applications (component: DataStudio (OpenSSH)). Supported versions that are affected are 4.1.0 and 4.1.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Healthcare Translational Research. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Healthcare Translational Research as well as unauthorized update, insert or delete access to some of Oracle Healthcare Translational Research accessible data. CVSS 3.1 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H). ( legend ) [ Advisory ] |
This table provides the text form of the Risk Matrix for Oracle Hospitality Applications.
CVE ID | Description |
---|---|
CVE-2023-21932 | Vulnerability in the Oracle Hospitality OPERA 5 Property Services product of Oracle Hospitality Applications (component: OXI). The supported version that is affected is 5.6. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Hospitality OPERA 5 Property Services. While the vulnerability is in Oracle Hospitality OPERA 5 Property Services, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality OPERA 5 Property Services accessible data as well as unauthorized update, insert or delete access to some of Oracle Hospitality OPERA 5 Property Services accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hospitality OPERA 5 Property Services. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:L). ( legend ) [ Advisory ] |
This table provides the text form of the Risk Matrix for Oracle Hyperion.
CVE ID | Description |
---|---|
CVE-2021-36374 | Vulnerability in the Oracle Hyperion Infrastructure Technology product of Oracle Hyperion (component: Installation and Configuration (Apache Ant)). The supported version that is affected is 11.2.12. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Hyperion Infrastructure Technology executes to compromise Oracle Hyperion Infrastructure Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Hyperion Infrastructure Technology. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2022-27404 | Vulnerability in the Oracle Hyperion Financial Reporting product of Oracle Hyperion (component: Installation (FreeType)). The supported version that is affected is 11.2.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Hyperion Financial Reporting. Successful attacks of this vulnerability can result in takeover of Oracle Hyperion Financial Reporting. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ] |
This table provides the text form of the Risk Matrix for Oracle iLearning.
CVE ID | Description |
---|---|
CVE-2020-17521 | Vulnerability in Oracle iLearning (component: Installation (Apache Groovy)). The supported version that is affected is 6.3.1. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle iLearning executes to compromise Oracle iLearning. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iLearning accessible data. CVSS 3.1 Base Score 5.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). ( legend ) [ Advisory ] |
CVE-2021-2351 | Vulnerability in Oracle iLearning (component: Installation (JDBC)). The supported version that is affected is 6.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Oracle iLearning. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iLearning, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle iLearning. CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). ( legend ) [ Advisory ] |
CVE-2022-23437 | Vulnerability in Oracle iLearning (component: Installation (Apache Xerces2 Java)). The supported version that is affected is 6.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iLearning. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle iLearning. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
This table provides the text form of the Risk Matrix for Oracle Insurance Applications.
CVE ID | Description |
---|---|
CVE-2019-10086 | Vulnerability in the Oracle Insurance Policy Administration Operational Data Store for Life and Annuity product of Oracle Insurance Applications (component: Logger (Apache Commons BeanUtils)). The supported version that is affected is 1.0.1.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Insurance Policy Administration Operational Data Store for Life and Annuity. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Insurance Policy Administration Operational Data Store for Life and Annuity accessible data as well as unauthorized read access to a subset of Oracle Insurance Policy Administration Operational Data Store for Life and Annuity accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Insurance Policy Administration Operational Data Store for Life and Annuity. CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L). ( legend ) [ Advisory ] |
CVE-2020-11987 | Vulnerability in the Oracle Insurance Policy Administration Operational Data Store for Life and Annuity product of Oracle Insurance Applications (component: Logger (Apache Batik)). The supported version that is affected is 1.0.1.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Insurance Policy Administration Operational Data Store for Life and Annuity. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Insurance Policy Administration Operational Data Store for Life and Annuity accessible data as well as unauthorized update, insert or delete access to some of Oracle Insurance Policy Administration Operational Data Store for Life and Annuity accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N). ( legend ) [ Advisory ] |
CVE-2020-25649 | Vulnerability in the Oracle Insurance Policy Administration Operational Data Store for Life and Annuity product of Oracle Insurance Applications (component: Logger (jackson-databind)). The supported version that is affected is 1.0.1.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Insurance Policy Administration Operational Data Store for Life and Annuity. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Insurance Policy Administration Operational Data Store for Life and Annuity accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). ( legend ) [ Advisory ] |
CVE-2020-35168 | Vulnerability in the Oracle Documaker product of Oracle Insurance Applications (component: Development Tools (Dell BSAFE Micro Edition Suite)). Supported versions that are affected are 12.6.0.0.0, 12.6.2.0.0-12.6.4.0.0, 12.7.0.0.0 and 12.7.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Documaker. Successful attacks of this vulnerability can result in takeover of Oracle Documaker. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ] |
CVE-2021-35043 | Vulnerability in the Oracle Insurance Policy Administration Operational Data Store for Life and Annuity product of Oracle Insurance Applications (component: Logger (AntiSamy)). The supported version that is affected is 1.0.1.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Insurance Policy Administration Operational Data Store for Life and Annuity. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Insurance Policy Administration Operational Data Store for Life and Annuity, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Insurance Policy Administration Operational Data Store for Life and Annuity accessible data as well as unauthorized read access to a subset of Oracle Insurance Policy Administration Operational Data Store for Life and Annuity accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). ( legend ) [ Advisory ] |
CVE-2022-22965 | Vulnerability in the Oracle Insurance Policy Administration Operational Data Store for Life and Annuity product of Oracle Insurance Applications (component: Logger (Spring Framework)). The supported version that is affected is 1.0.1.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Insurance Policy Administration Operational Data Store for Life and Annuity. Successful attacks of this vulnerability can result in takeover of Oracle Insurance Policy Administration Operational Data Store for Life and Annuity. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ] |
CVE-2022-27404 | Vulnerability in the Oracle Documaker product of Oracle Insurance Applications (component: Development Tools (FreeType)). Supported versions that are affected are 12.6.0.0.0, 12.6.2.0.0-12.6.4.0.0, 12.7.0.0.0 and 12.7.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Documaker. Successful attacks of this vulnerability can result in takeover of Oracle Documaker. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ] |
CVE-2022-42003 | Vulnerability in the Oracle Documaker product of Oracle Insurance Applications (component: Development Tools (jackson-databind)). Supported versions that are affected are 12.6.0.0.0, 12.6.2.0.0-12.6.4.0.0, 12.7.0.0.0 and 12.7.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Documaker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Documaker. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2023-24998 | Vulnerability in the Oracle Documaker product of Oracle Insurance Applications (component: Development Tools (Apache Commons FileUpload)). Supported versions that are affected are 12.6.0.0.0, 12.6.2.0.0-12.6.4.0.0, 12.7.0.0.0 and 12.7.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Documaker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Documaker. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
This table provides the text form of the Risk Matrix for Oracle Java SE.
CVE ID | Description |
---|---|
CVE-2023-21930 | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note : This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N). ( legend ) [ Advisory ] |
CVE-2023-21937 | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note : This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). ( legend ) [ Advisory ] |
CVE-2023-21938 | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note : This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). ( legend ) [ Advisory ] |
CVE-2023-21939 | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note : This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N). ( legend ) [ Advisory ] |
CVE-2023-21954 | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note : This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N). ( legend ) [ Advisory ] |
CVE-2023-21967 | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note : This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2023-21968 | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note : This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). ( legend ) [ Advisory ] |
CVE-2023-21986 | Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Native Image). Supported versions that are affected are Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle GraalVM Enterprise Edition executes to compromise Oracle GraalVM Enterprise Edition. While the vulnerability is in Oracle GraalVM Enterprise Edition, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle GraalVM Enterprise Edition accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle GraalVM Enterprise Edition. CVSS 3.1 Base Score 5.7 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L). ( legend ) [ Advisory ] |
CVE-2023-23918 | Security-in-Depth issue in the Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Node (Node.js)). This vulnerability cannot be exploited in the context of this product. [ Advisory ] |
This table provides the text form of the Risk Matrix for Oracle JD Edwards.
CVE ID | Description |
---|---|
CVE-2018-1311 | Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Enterprise Infrastructure (Apache Xerces-C++)). Supported versions that are affected are Prior to 9.2.7.3. Difficult to exploit vulnerability allows unauthenticated attacker with network access via JDENET to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in takeover of JD Edwards EnterpriseOne Tools. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ] |
CVE-2020-15250 | Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Business Logic Infra SEC (jUnit)). Supported versions that are affected are Prior to 9.2.7.3. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where JD Edwards EnterpriseOne Tools executes to compromise JD Edwards EnterpriseOne Tools. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all JD Edwards EnterpriseOne Tools accessible data. CVSS 3.1 Base Score 5.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N). ( legend ) [ Advisory ] |
CVE-2020-8908 | Vulnerability in the JD Edwards EnterpriseOne Orchestrator product of Oracle JD Edwards (component: E1 IOT Orchestrator Security (Google Guava)). Supported versions that are affected are Prior to 9.2.7.3. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where JD Edwards EnterpriseOne Orchestrator executes to compromise JD Edwards EnterpriseOne Orchestrator. Successful attacks of this vulnerability can result in unauthorized read access to a subset of JD Edwards EnterpriseOne Orchestrator accessible data. CVSS 3.1 Base Score 3.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). ( legend ) [ Advisory ] |
CVE-2021-30129 | Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Interoperability SEC (Apache Mina SSHD)). Supported versions that are affected are Prior to 9.2.7.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of JD Edwards EnterpriseOne Tools. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2021-36373 | Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Deployment SEC (Apache Ant)). Supported versions that are affected are Prior to 9.2.7.3. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where JD Edwards EnterpriseOne Tools executes to compromise JD Edwards EnterpriseOne Tools. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of JD Edwards EnterpriseOne Tools. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2021-41973 | Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Interoperability SEC (Apache Mina)). Supported versions that are affected are Prior to 9.2.7.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of JD Edwards EnterpriseOne Tools. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2022-21824 | Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: E1 Dev Platform Tech - Cloud Manager (Node.js)). Supported versions that are affected are Prior to 9.2.7.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of JD Edwards EnterpriseOne Tools as well as unauthorized update, insert or delete access to some of JD Edwards EnterpriseOne Tools accessible data. CVSS 3.1 Base Score 8.2 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H). ( legend ) [ Advisory ] |
CVE-2022-2274 | Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Enterprise Infrastructure SEC (OpenSSL)). Supported versions that are affected are Prior to 9.2.7.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via JDENET to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in takeover of JD Edwards EnterpriseOne Tools. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ] |
CVE-2022-2274 | Vulnerability in the JD Edwards World Security product of Oracle JD Edwards (component: World Software Security (OpenSSL)). The supported version that is affected is A9.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards World Security. Successful attacks of this vulnerability can result in takeover of JD Edwards World Security. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ] |
CVE-2022-25857 | Vulnerability in the JD Edwards EnterpriseOne Orchestrator product of Oracle JD Edwards (component: E1 IOT Orchestrator Security (jruby)). Supported versions that are affected are Prior to 9.2.7.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Orchestrator. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of JD Edwards EnterpriseOne Orchestrator. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2022-28738 | Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: E1 Dev Platform Tech - Cloud Manager (Ruby)). Supported versions that are affected are Prior to 9.2.7.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in takeover of JD Edwards EnterpriseOne Tools. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ] |
CVE-2022-42003 | Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC (jackson-databind)). Supported versions that are affected are Prior to 9.2.7.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of JD Edwards EnterpriseOne Tools. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2023-21927 | Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Interoperability SEC). Supported versions that are affected are Prior to 9.2.7.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). ( legend ) [ Advisory ] |
CVE-2023-21936 | Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Supported versions that are affected are Prior to 9.2.7.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in JD Edwards EnterpriseOne Tools, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of JD Edwards EnterpriseOne Tools accessible data as well as unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). ( legend ) [ Advisory ] |
This table provides the text form of the Risk Matrix for Oracle MySQL.
CVE ID | Description |
---|---|
CVE-2022-31160 | Vulnerability in the MySQL Enterprise Monitor product of Oracle MySQL (component: Monitoring: Server (jQueryUI)). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Enterprise Monitor. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Enterprise Monitor, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Enterprise Monitor accessible data as well as unauthorized read access to a subset of MySQL Enterprise Monitor accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). ( legend ) [ Advisory ] |
CVE-2022-37434 | Security-in-Depth issue in the MySQL Cluster product of Oracle MySQL (component: Cluster: General (zlib)). This vulnerability cannot be exploited in the context of this product. [ Advisory ] |
CVE-2022-37434 | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB (zlib)). Supported versions that are affected are 5.7.41 and prior and 8.0.31 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ] |
CVE-2022-43548 | Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: JS module (Node.js)). Supported versions that are affected are 8.0.32 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Cluster. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ] |
CVE-2022-43551 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Packaging (cURL)). Supported versions that are affected are 5.7.41 and prior and 8.0.32 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). ( legend ) [ Advisory ] |
CVE-2022-45143 | Vulnerability in the MySQL Enterprise Monitor product of Oracle MySQL (component: Monitoring: General (Apache Tomcat)). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Enterprise Monitor. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Enterprise Monitor accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). ( legend ) [ Advisory ] |
CVE-2023-0215 | Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/C++ (OpenSSL)). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2023-0215 | Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/ODBC (OpenSSL)). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2023-0215 | Vulnerability in the MySQL Enterprise Monitor product of Oracle MySQL (component: Monitoring: General (OpenSSL)). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Enterprise Monitor. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Enterprise Monitor. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2023-0215 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Packaging (OpenSSL)). Supported versions that are affected are 5.7.41 and prior and 8.0.32 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2023-0215 | Vulnerability in the MySQL Workbench product of Oracle MySQL (component: Workbench (OpenSSL)). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via MySQL Workbench to compromise MySQL Workbench. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Workbench. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2023-21911 | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2023-21912 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 5.7.41 and prior and 8.0.30 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2023-21913 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2023-21917 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2023-21919 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2023-21920 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2023-21929 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). ( legend ) [ Advisory ] |
CVE-2023-21933 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2023-21935 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2023-21940 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services). Supported versions that are affected are 8.0.32 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2023-21945 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2023-21946 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2023-21947 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services). Supported versions that are affected are 8.0.32 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2023-21953 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Partition). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2023-21955 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Partition). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2023-21962 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2023-21963 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Connection Handling). Supported versions that are affected are 5.7.40 and prior and 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 2.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L). ( legend ) [ Advisory ] |
CVE-2023-21966 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: JSON). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2023-21971 | Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.32 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors as well as unauthorized update, insert or delete access to some of MySQL Connectors accessible data and unauthorized read access to a subset of MySQL Connectors accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:H). ( legend ) [ Advisory ] |
CVE-2023-21972 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2023-21976 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2023-21977 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2023-21980 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Client programs). Supported versions that are affected are 5.7.41 and prior and 8.0.32 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 7.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ] |
CVE-2023-21982 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
This table provides the text form of the Risk Matrix for Oracle PeopleSoft.
CVE ID | Description |
---|---|
CVE-2020-14343 | Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Porting (PyYAML)). Supported versions that are affected are 8.58 and 8.59. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise PeopleTools. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ] |
CVE-2021-37533 | Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Integration Broker (Apache Commons Net)). Supported versions that are affected are 8.58, 8.59 and 8.60. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N). ( legend ) [ Advisory ] |
CVE-2022-34169 | Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Integration Broker (Apache Xalan-Java)). The supported version that is affected is 8.58. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). ( legend ) [ Advisory ] |
CVE-2022-36033 | Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Elastic Search (jsoup)). Supported versions that are affected are 8.58, 8.59 and 8.60. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). ( legend ) [ Advisory ] |
CVE-2022-41881 | Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Elastic Search (Netty)). Supported versions that are affected are 8.58, 8.59 and 8.60. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of PeopleSoft Enterprise PeopleTools. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2022-45047 | Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Webserver (Apache Mina SSHD)). The supported version that is affected is 8.60. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise PeopleTools. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ] |
CVE-2022-45685 | Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Security (Jettison)). Supported versions that are affected are 8.58, 8.59 and 8.60. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of PeopleSoft Enterprise PeopleTools. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2023-21916 | Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Web Server). Supported versions that are affected are 8.58, 8.59 and 8.60. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). ( legend ) [ Advisory ] |
CVE-2023-21981 | Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Elastic Search). Supported versions that are affected are 8.58, 8.59 and 8.60. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 4.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N). ( legend ) [ Advisory ] |
CVE-2023-21992 | Vulnerability in the PeopleSoft Enterprise HCM Human Resources product of Oracle PeopleSoft (component: Administer Workforce). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise HCM Human Resources. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise HCM Human Resources accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise HCM Human Resources accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N). ( legend ) [ Advisory ] |
This table provides the text form of the Risk Matrix for Oracle Retail Applications.
CVE ID | Description |
---|---|
CVE-2020-35168 | Vulnerability in the Oracle Retail Predictive Application Server product of Oracle Retail Applications (component: RPAS Server (Dell BSAFE Micro Edition Suite)). Supported versions that are affected are 15.0.3 and 16.0.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Predictive Application Server. Successful attacks of this vulnerability can result in takeover of Oracle Retail Predictive Application Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ] |
CVE-2021-44832 | Vulnerability in the Oracle Retail Invoice Matching product of Oracle Retail Applications (component: Security (Apache Log4j)). Supported versions that are affected are 15.0.3 and 16.0.3. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Retail Invoice Matching. Successful attacks of this vulnerability can result in takeover of Oracle Retail Invoice Matching. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ] |
CVE-2021-44832 | Vulnerability in the Oracle Retail Price Management product of Oracle Retail Applications (component: Security (Apache Log4j)). Supported versions that are affected are 14.1.3.2, 15.0.3.1 and 16.0.3. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Retail Price Management. Successful attacks of this vulnerability can result in takeover of Oracle Retail Price Management. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ] |
CVE-2022-22971 | Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Internal Operations (Spring Framework)). Supported versions that are affected are 18.0.0.12 and 19.0.0.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Retail Customer Management and Segmentation Foundation. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Retail Customer Management and Segmentation Foundation. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2022-22971 | Vulnerability in the Oracle Retail Fiscal Management product of Oracle Retail Applications (component: Security (Spring Framework)). The supported version that is affected is 14.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Retail Fiscal Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Retail Fiscal Management. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2022-22971 | Vulnerability in the Oracle Retail Xstore Point of Service product of Oracle Retail Applications (component: Xenvironment (Spring Framework)). Supported versions that are affected are 17.0.6, 18.0.5, 19.0.4, 20.0.3 and 21.0.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Retail Xstore Point of Service. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Retail Xstore Point of Service. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2022-23181 | Vulnerability in the Oracle Retail Xstore Point of Service product of Oracle Retail Applications (component: Xenvironment (Apache Tomcat)). Supported versions that are affected are 17.0.6, 18.0.5, 19.0.4, 20.0.3 and 21.0.2. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Retail Xstore Point of Service executes to compromise Oracle Retail Xstore Point of Service. Successful attacks of this vulnerability can result in takeover of Oracle Retail Xstore Point of Service. CVSS 3.1 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ] |
CVE-2022-23437 | Vulnerability in the Oracle Retail Xstore Point of Service product of Oracle Retail Applications (component: Xenvironment (Apache Xerces2 Java)). The supported version that is affected is 17.0.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Xstore Point of Service. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Retail Xstore Point of Service. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2022-3171 | Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Internal Operations (Google Protobuf-Java)). Supported versions that are affected are 18.0.0.12 and 19.0.0.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Customer Management and Segmentation Foundation. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Retail Customer Management and Segmentation Foundation. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2022-33980 | Vulnerability in the Oracle Retail Xstore Point of Service product of Oracle Retail Applications (component: Xenvironment (Apache Commons Configuration)). Supported versions that are affected are 18.0.5, 19.0.4, 20.0.3 and 21.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Xstore Point of Service. Successful attacks of this vulnerability can result in takeover of Oracle Retail Xstore Point of Service. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ] |
CVE-2022-36033 | Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Internal Operations (jsoup)). Supported versions that are affected are 18.0.0.12 and 19.0.0.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Customer Management and Segmentation Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Retail Customer Management and Segmentation Foundation, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Retail Customer Management and Segmentation Foundation accessible data as well as unauthorized read access to a subset of Oracle Retail Customer Management and Segmentation Foundation accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). ( legend ) [ Advisory ] |
CVE-2022-37434 | Vulnerability in the Oracle Retail Predictive Application Server product of Oracle Retail Applications (component: RPAS Server (zlib)). Supported versions that are affected are 15.0.3 and 16.0.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Predictive Application Server. Successful attacks of this vulnerability can result in takeover of Oracle Retail Predictive Application Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ] |
CVE-2022-41966 | Vulnerability in the Oracle Retail Xstore Point of Service product of Oracle Retail Applications (component: Xenvironment (XStream)). Supported versions that are affected are 17.0.6, 18.0.5, 19.0.4, 20.0.3 and 21.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Xstore Point of Service. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Retail Xstore Point of Service. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2022-42003 | Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Internal Operations (jackson-databind)). Supported versions that are affected are 18.0.0.12 and 19.0.0.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Customer Management and Segmentation Foundation. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Retail Customer Management and Segmentation Foundation. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2022-42003 | Vulnerability in the Oracle Retail Merchandising System product of Oracle Retail Applications (component: Foundation (jackson-databind)). The supported version that is affected is 15.0.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Merchandising System. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Retail Merchandising System. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2022-42003 | Vulnerability in the Oracle Retail Sales Audit product of Oracle Retail Applications (component: others (jackson-databind)). The supported version that is affected is 15.0.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Sales Audit. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Retail Sales Audit. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2022-42003 | Vulnerability in the Oracle Retail Xstore Point of Service product of Oracle Retail Applications (component: Xenvironment (jackson-databind)). Supported versions that are affected are 17.0.6, 18.0.5, 19.0.4, 20.0.3 and 21.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Xstore Point of Service. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Retail Xstore Point of Service. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2022-42889 | Vulnerability in the Oracle Retail Merchandising System product of Oracle Retail Applications (component: Security (Apache Commons Text)). Supported versions that are affected are 16.0.2 and 16.0.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Merchandising System. Successful attacks of this vulnerability can result in takeover of Oracle Retail Merchandising System. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ] |
CVE-2022-42889 | Vulnerability in the Oracle Retail Xstore Office Cloud Service product of Oracle Retail Applications (component: DB, Perf, etc (Apache Commons Text)). Supported versions that are affected are 18.0.5, 19.0.4, 20.0.3 and 21.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Xstore Office Cloud Service. Successful attacks of this vulnerability can result in takeover of Oracle Retail Xstore Office Cloud Service. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ] |
CVE-2022-42889 | Vulnerability in the Oracle Retail Xstore Point of Service product of Oracle Retail Applications (component: Point of Sale (Apache Commons Text)). Supported versions that are affected are 18.0.5, 19.0.4, 20.0.3 and 21.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Xstore Point of Service. Successful attacks of this vulnerability can result in takeover of Oracle Retail Xstore Point of Service. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ] |
CVE-2022-42889 | Vulnerability in the Oracle Retail Xstore Point of Service product of Oracle Retail Applications (component: Xenvironment (Apache Commons Text)). Supported versions that are affected are 18.0.5, 19.0.4, 20.0.3 and 21.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Xstore Point of Service. Successful attacks of this vulnerability can result in takeover of Oracle Retail Xstore Point of Service. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ] |
CVE-2022-45047 | Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Internal Operations (Apache Mina SSHD)). The supported version that is affected is 19.0.0.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Customer Management and Segmentation Foundation. Successful attacks of this vulnerability can result in takeover of Oracle Retail Customer Management and Segmentation Foundation. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ] |
This table provides the text form of the Risk Matrix for Oracle Siebel CRM.
CVE ID | Description |
---|---|
CVE-2020-7712 | Vulnerability in the Siebel CRM product of Oracle Siebel CRM (component: Loging (Apache ZooKeeper)). Supported versions that are affected are 22.5 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Siebel CRM. Successful attacks of this vulnerability can result in takeover of Siebel CRM. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ] |
CVE-2021-3712 | Vulnerability in the Siebel CRM product of Oracle Siebel CRM (component: Siebel Core - Server Infrastructure (OpenSSL)). Supported versions that are affected are 22.10 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Siebel CRM. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Siebel CRM accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Siebel CRM. CVSS 3.1 Base Score 7.4 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2021-37695 | Vulnerability in the Siebel CRM product of Oracle Siebel CRM (component: Open UI (CKEditor)). Supported versions that are affected are 21.10 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Siebel CRM. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Siebel CRM, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Siebel CRM accessible data as well as unauthorized read access to a subset of Siebel CRM accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). ( legend ) [ Advisory ] |
CVE-2022-42003 | Vulnerability in the Siebel CRM product of Oracle Siebel CRM (component: EAI (jackson-databind)). Supported versions that are affected are 23.2 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel CRM. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Siebel CRM. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2022-42252 | Vulnerability in the Siebel CRM product of Oracle Siebel CRM (component: Services (Apache Tomcat)). Supported versions that are affected are 23.2 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel CRM. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Siebel CRM accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). ( legend ) [ Advisory ] |
CVE-2023-21909 | Vulnerability in the Siebel CRM product of Oracle Siebel CRM (component: UI Framework). Supported versions that are affected are 23.3 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Siebel CRM. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Siebel CRM accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). ( legend ) [ Advisory ] |
This table provides the text form of the Risk Matrix for Oracle Supply Chain.
CVE ID | Description |
---|---|
CVE-2022-42003 | Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain (component: Security (jackson-databind)). The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Agile PLM. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2022-45143 | Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain (component: Security (Apache Tomcat)). The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Agile PLM accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). ( legend ) [ Advisory ] |
This table provides the text form of the Risk Matrix for Oracle Systems.
CVE ID | Description |
---|---|
CVE-2023-21896 | Vulnerability in the Oracle Solaris product of Oracle Systems (component: NSSwitch). Supported versions that are affected are 10 and 11. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. CVSS 3.1 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ] |
CVE-2023-21928 | Vulnerability in the Oracle Solaris product of Oracle Systems (component: IPS repository daemon). The supported version that is affected is 11. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Solaris accessible data. CVSS 3.1 Base Score 1.8 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N). ( legend ) [ Advisory ] |
CVE-2023-21948 | Vulnerability in the Oracle Solaris product of Oracle Systems (component: Core). The supported version that is affected is 10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ] |
CVE-2023-21984 | Vulnerability in the Oracle Solaris product of Oracle Systems (component: Libraries). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Solaris. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
CVE-2023-21985 | Vulnerability in the Oracle Solaris product of Oracle Systems (component: Utility). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Solaris, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Solaris. CVSS 3.1 Base Score 7.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H). ( legend ) [ Advisory ] |
CVE-2023-22003 | Vulnerability in the Oracle Solaris product of Oracle Systems (component: Utility). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Solaris accessible data. CVSS 3.1 Base Score 3.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N). ( legend ) [ Advisory ] |
This table provides the text form of the Risk Matrix for Oracle Utilities Applications.
CVE ID | Description |
---|---|
CVE-2020-11987 | Security-in-Depth issue in the Oracle Utilities Network Management System product of Oracle Utilities Applications (component: System Wide (Apache Batik)). This vulnerability cannot be exploited in the context of this product. [ Advisory ] |
CVE-2020-13936 | Vulnerability in the Oracle Utilities Application Framework product of Oracle Utilities Applications (component: General (Apache Velocity Engine)). Supported versions that are affected are 4.2.0.3.0, 4.3.0.1.0-4.3.0.6.0, 4.4.0.0.0 and 4.4.0.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Utilities Application Framework. Successful attacks of this vulnerability can result in takeover of Oracle Utilities Application Framework. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ] |
CVE-2021-41184 | Vulnerability in the Oracle Utilities Network Management System product of Oracle Utilities Applications (component: User Interface (jQueryUI)). Supported versions that are affected are 2.3.0.2, 2.4.0.1, 2.5.0.0 and 2.5.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Utilities Network Management System. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Utilities Network Management System, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Utilities Network Management System accessible data as well as unauthorized read access to a subset of Oracle Utilities Network Management System accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). ( legend ) [ Advisory ] |
CVE-2022-23305 | Vulnerability in the Oracle Utilities Application Framework product of Oracle Utilities Applications (component: General (Apache Log4j)). The supported version that is affected is 4.2.0.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Utilities Application Framework. Successful attacks of this vulnerability can result in takeover of Oracle Utilities Application Framework. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ] |
CVE-2022-33980 | Security-in-Depth issue in the Oracle Utilities Network Management System product of Oracle Utilities Applications (component: System Wide (Apache Commons Configuration)). This vulnerability cannot be exploited in the context of this product. [ Advisory ] |
CVE-2022-41966 | Vulnerability in the Oracle Utilities Application Framework product of Oracle Utilities Applications (component: General (XStream)). Supported versions that are affected are 4.2.0.3.0, 4.3.0.1.0-4.3.0.6.0, 4.4.0.0.0, 4.4.0.2.0, 4.4.0.3.0 and 4.5.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Utilities Application Framework. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Utilities Application Framework. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ] |
This table provides the text form of the Risk Matrix for Oracle Virtualization.
CVE ID | Description |
---|---|
CVE-2022-42916 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core (cURL)). Supported versions that are affected are Prior to 6.1.44 and Prior to 7.0.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). ( legend ) [ Advisory ] |
CVE-2023-21987 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.44 and Prior to 7.0.8. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H). ( legend ) [ Advisory ] |
CVE-2023-21988 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.44 and Prior to 7.0.8. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 3.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N). ( legend ) [ Advisory ] |
CVE-2023-21989 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.44 and Prior to 7.0.8. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N). ( legend ) [ Advisory ] |
CVE-2023-21990 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.44 and Prior to 7.0.8. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H). ( legend ) [ Advisory ] |
CVE-2023-21991 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.44 and Prior to 7.0.8. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 3.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N). ( legend ) [ Advisory ] |
CVE-2023-21998 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.44 and Prior to 7.0.8. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data as well as unauthorized read access to a subset of Oracle VM VirtualBox accessible data. Note : This vulnerability applies to Windows VMs only. CVSS 3.1 Base Score 4.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N). ( legend ) [ Advisory ] |
CVE-2023-21999 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.44 and Prior to 7.0.8. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data as well as unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 3.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N). ( legend ) [ Advisory ] |
CVE-2023-22000 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.44 and Prior to 7.0.8. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data as well as unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 4.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N). ( legend ) [ Advisory ] |
CVE-2023-22001 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.44 and Prior to 7.0.8. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data as well as unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 4.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N). ( legend ) [ Advisory ] |
CVE-2023-22002 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.44 and Prior to 7.0.8. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N). ( legend ) [ Advisory ] |