Lucene search
+L

161 matches found

cve
cve
added 2020/01/15 4:34 p.m.58 views

CVE-2020-2673

CVE-2020-2673 affects Oracle Application Testing Suite (Oracle Flow Builder) with affected versions 12.5.0.3, 13.1.0.1, 13.2.0.1 and 13.3.0.1. The vulnerability allows an unauthenticated attacker over HTTP to access critical data or take full control of the Oracle ATS exposed data, per CVSSv3.0 b...

7.5CVSS7.2AI score0.01816EPSS
Exploits0References1Affected Software1
cvelist
cvelist
added 2020/01/15 4:34 p.m.32 views

CVE-2020-2673

Vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager component: Oracle Flow Builder. Supported versions that are affected are 12.5.0.3, 13.1.0.1, 13.2.0.1 and 13.3.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via...

7.5CVSS7.6AI score0.01816EPSS
Exploits0References1
symantec
symantec
added 2020/01/10 12:0 a.m.88 views

Oracle January 2020 Critical Patch Update Multiple Vulnerabilities

Description Oracle has released advance notification regarding the January 2020 Critical Patch Update CPU to be released on January 14, 2020. The update addresses 333 vulnerabilities affecting the following software: Oracle Database Server, versions 12.2.0.1, 18c, 19c Oracle Communications Design...

1.2AI score
Exploits0References1Affected Software88
nvd
nvd
added 2019/07/23 11:15 p.m.27 views

CVE-2019-2727

Vulnerability in the Oracle Application Testing Suite component of Oracle Enterprise Manager Products Suite subcomponent: Load Testing for Web Apps. The supported version that is affected is 13.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to...

7.5CVSS6.2AI score0.01218EPSS
Exploits0References1
osv
osv
added 2019/07/23 11:15 p.m.4 views

CVE-2019-2727

Vulnerability in the Oracle Application Testing Suite component of Oracle Enterprise Manager Products Suite subcomponent: Load Testing for Web Apps. The supported version that is affected is 13.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to...

7.3CVSS7.1AI score0.01218EPSS
Exploits0References1
prion
prion
added 2019/07/23 11:15 p.m.20 views

Design/Logic Flaw

Vulnerability in the Oracle Application Testing Suite component of Oracle Enterprise Manager Products Suite subcomponent: Load Testing for Web Apps. The supported version that is affected is 13.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to...

7.5CVSS6.6AI score0.01218EPSS
Exploits0References1Affected Software1
cve
cve
added 2019/07/23 10:31 p.m.67 views

CVE-2019-2727

Oracle Application Testing Suite (subcomponent: Load Testing for Web Apps) in Oracle Enterprise Manager Products Suite, version 13.3, is affected by CVE-2019-2727. The vulnerability allows unauthenticated, network-based access via HTTP to compromise data: unauthorized update/insert/delete and rea...

7.5CVSS6.8AI score0.01218EPSS
Exploits0References1Affected Software1
cvelist
cvelist
added 2019/07/23 10:31 p.m.30 views

CVE-2019-2727

Vulnerability in the Oracle Application Testing Suite component of Oracle Enterprise Manager Products Suite subcomponent: Load Testing for Web Apps. The supported version that is affected is 13.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to...

7AI score0.01218EPSS
Exploits0References1
zdt
zdt
added 2019/05/28 12:0 a.m.166 views

Oracle Application Testing Suite WebLogic Server Administration Console War Deployment Exploit

This Metasploit module abuses a feature in WebLogic Server's Administration Console to install a malicious Java application in order to gain remote code execution. Authentication is required, however by default, Oracle ships with a "oats" account that you could log in with, which grants you...

7.1CVSS0.2AI score0.30876EPSS
Exploits4
packetstorm
packetstorm
added 2019/05/24 12:0 a.m.103 views

Oracle Application Testing Suite WebLogic Server Administration Console War Deployment

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Oracle Application Testing Suite WebLogic Server Administration Console War Deployment', 'Description' = %q This module abuses a feature in...

7.1CVSS0.30876EPSS
Exploits4
metasploit
metasploit
added 2019/05/07 7:56 p.m.44 views

Oracle Application Testing Suite Post-Auth DownloadServlet Directory Traversal

This module exploits a vulnerability in Oracle Application Testing Suite OATS. In the Load Testing interface, a remote user can abuse the custom report template selector, and cause the DownloadServlet class to read any file on the server as SYSTEM. Since the Oracle application contains multiple...

6.3CVSS8AI score0.05503EPSS
Exploits3
nvd
nvd
added 2019/04/23 7:32 p.m.51 views

CVE-2019-2557

Vulnerability in the Oracle Application Testing Suite component of Oracle Enterprise Manager Products Suite subcomponent: Load Testing for Web Apps. The supported version that is affected is 13.3.0.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to...

6.5CVSS5.4AI score0.05503EPSS
Exploits3References1
prion
prion
added 2019/04/23 7:32 p.m.14 views

Design/Logic Flaw

Vulnerability in the Oracle Application Testing Suite component of Oracle Enterprise Manager Products Suite subcomponent: Load Testing for Web Apps. The supported version that is affected is 13.3.0.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to...

6.5CVSS5.4AI score0.05503EPSS
Exploits3References1Affected Software1
cve
cve
added 2019/04/23 6:16 p.m.63 views

CVE-2019-2557

CVE-2019-2557 affects the Oracle Application Testing Suite (OATS) Load Testing for Web Apps, specifically version 13.3.0.1. The Red Hat/Oracle records describe a post-auth vulnerability in the DownloadServlet used to serve templates (mapped at /download). An authenticated (post-auth) attacker can...

6.5CVSS5.4AI score0.05503EPSS
Exploits3References1Affected Software1
vulnrichment
vulnrichment
added 2019/04/23 6:16 p.m.9 views

CVE-2019-2557

Vulnerability in the Oracle Application Testing Suite component of Oracle Enterprise Manager Products Suite subcomponent: Load Testing for Web Apps. The supported version that is affected is 13.3.0.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to...

6.1AI score0.05503EPSS
Exploits3References1
cvelist
cvelist
added 2019/04/23 6:16 p.m.50 views

CVE-2019-2557

Vulnerability in the Oracle Application Testing Suite component of Oracle Enterprise Manager Products Suite subcomponent: Load Testing for Web Apps. The supported version that is affected is 13.3.0.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to...

5.6AI score0.05503EPSS
Exploits3References1
attackerkb
attackerkb
added 2019/04/23 12:0 a.m.30 views

Oracle Application Testing Suite DownloadServlet Directory Traversal Remote Code Execution

Oracle Application Testing Suite versions 13.3.0.1 and prior are vulnerable to a directory traversal attack. An attacker could leverage this to steal sensitive credentials, decrypt them, gain privileges, and get remote code execution. Recent assessments: wchen-r7 at May 09, 2019 5:57pm UTC...

6.5CVSS7.9AI score0.05503EPSS
Exploits3References3
openvas
openvas
added 2019/01/29 12:0 a.m.9 views

Oracle Application Testing Suite Detection (Windows SMB Login)

SMB login-based detection of Oracle Application Testing Suite. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.9AI score
Exploits0References1
nessus
nessus
added 2019/01/21 12:0 a.m.122 views

Oracle Application Testing Suite Multiple Vulnerabilities (Jan 2019 CPU)

The version of Oracle Application Testing Suite installed on the remote host is affected by multiple vulnerabilities : - Enterprise Manager Base Platform Agent Next Gen Jython component of Oracle Enterprise Manager Products Suite is easily exploited and can allow an unauthenticated attacker the...

9.8CVSS7.2AI score0.49268EPSS
Exploits4References11
cnvd
cnvd
added 2019/01/18 12:0 a.m.10 views

Unspecified Vulnerability in Oracle Enterprise Manager Products Suite (CNVD-2019-37391)

Oracle Enterprise Manager Products Suite is a set of Oracle's on-premise management platform. Application Testing Suite is one of the application testing components. A security vulnerability exists in the Application Testing Suite component of Oracle Enterprise Manager Products Suite. An attacker...

6.5CVSS8.8AI score0.01454EPSS
Exploits1References1
Rows per page
Query Builder