Oracle Siebel Server <= 23.4 (July 2023 CPU)

The versions of Oracle Siebel CRM installed on the remote host are affected by multiple vulnerabilities as referenced in the July 2023 CPU advisory. - Vulnerability in the Siebel CRM product of Oracle Siebel CRM component: EAI SnakeYAML. Supported versions that are affected are 23.4 and prior...

Oracle Siebel Server <= 24.2 (July 2024 CPU)

The versions of Oracle Siebel CRM installed on the remote host are affected by multiple vulnerabilities as referenced in the July 2024 CPU advisory. - Vulnerability in the Siebel CRM End User product of Oracle Siebel CRM component: EAI, UI Apache Tomcat. Supported versions that are affected are...

CVE-2024-10905

IdentityIQ 8.4 and all 8.4 patch levels prior to 8.4p2, IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p5, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p8, and all prior versions allow HTTP/HTTPS access to static content in the IdentityIQ application directory that should be protected...

CVE-2024-10905 IdentityIQ Improper Access Control VulnerabilityIdentityIQ Improper Access Control Vulnerability

IdentityIQ 8.4 and all 8.4 patch levels prior to 8.4p2, IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p5, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p8, and all prior versions allow HTTP/HTTPS access to static content in the IdentityIQ application directory that should be protected...

CVE-2024-9681 HSTS subdomain overwrites parent cache entry

When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than otherwise intended. This affects curl using applications that enable HSTS and use URLs with the insecure HTTP:// scheme and perform transfers with host...

CVE-2024-21283

Vulnerability in the PeopleSoft Enterprise HCM Global Payroll Core product of Oracle PeopleSoft component: Global Payroll for Core. Supported versions that are affected are 9.2.48-9.2.50. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise...

CVE-2024-21285

Vulnerability in the Oracle Banking Liquidity Management product of Oracle Financial Services Applications component: Reports. The supported version that is affected is 14.5.0.12.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle...

CVE-2024-21279

Vulnerability in the Oracle Sourcing product of Oracle E-Business Suite component: Auctions. Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Sourcing. Successful attacks of...

CVE-2024-21282

Vulnerability in the Oracle Financials product of Oracle E-Business Suite component: Common Components. Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financials. Successful...

CVE-2024-21277

Vulnerability in the Oracle MES for Process Manufacturing product of Oracle E-Business Suite component: Device Integration. Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle ME...

CVE-2024-21275

Vulnerability in the Oracle Quoting product of Oracle E-Business Suite component: User Interface. Supported versions that are affected are 12.2.7-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Quoting. Successful attacks ...

CVE-2024-21270

Vulnerability in the Oracle Common Applications Calendar product of Oracle E-Business Suite component: Tasks. Supported versions that are affected are 12.2.6-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Common...

CVE-2024-21269

Vulnerability in the Oracle Incentive Compensation product of Oracle E-Business Suite component: Compensation Plan. Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Incentive...

CVE-2024-21250

Vulnerability in the Oracle Process Manufacturing Product Development product of Oracle E-Business Suite component: Quality Manager Specification. Supported versions that are affected are 12.2.13-12.2.14. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP...

CVE-2024-21242

Vulnerability in the XML Database component of Oracle Database Server. Supported versions that are affected are 19.3-19.24, 21.3-21.15 and 23.4-23.5. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via HTTP to compromise XML...

CVE-2024-21215

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Core. Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server...

CVE-2024-21214

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft component: Query. Supported versions that are affected are 8.59, 8.60 and 8.61. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise...

CVE-2024-21206

Vulnerability in the Oracle Enterprise Command Center Framework product of Oracle E-Business Suite component: Diagnostics. Supported versions that are affected are ECC:11-13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Enterpri...

CVE-2024-21191

Vulnerability in the Oracle Enterprise Manager Fusion Middleware Control product of Oracle Fusion Middleware component: FMW Control Plugin. The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to...

PT-2024-7010 · Oracle · Oracle Common Applications Calendar +1

Name of the Vulnerable Software and Affected Versions: Oracle E-Business Suite versions 12.2.6 through 12.2.13 Description: The issue is related to a vulnerability in the Oracle Common Applications Calendar product, specifically in the Tasks component. This vulnerability can be easily exploited b...