PT-2024-7155 · Oracle · Oracle Installed Base +1

Name of the Vulnerable Software and Affected Versions: Oracle E-Business Suite versions 12.2.3 through 12.2.14 Description: The issue is related to insufficient input validation in the User Interface component of the Oracle Installed Base product. This allows an unauthenticated attacker with...

PT-2024-18841 · Oracle · Oracle Service Bus

Name of the Vulnerable Software and Affected Versions: Oracle Service Bus version 12.2.1.4.0 Description: The issue allows a low-privileged attacker with network access via HTTP to compromise Oracle Service Bus, resulting in unauthorized access to critical data or complete access to all Oracle...

CVE-2024-28811

An issue was discovered in Infinera hiT 7300 5.60.50. A web application allows a remote privileged attacker to execute applications contained in a specific OS directory via HTTP invocations...

Cisco Device HTTP Device Manager Access

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cisco Device HTTP Device Manager Access', 'Description' = %q This module gathers data from a Cisco device router or switch with the device manage...

VulnCheck KEV: CVE-2023-21932

Vulnerability in the Oracle Hospitality OPERA 5 Property Services product of Oracle Hospitality Applications component: OXI. The supported version that is affected is 5.6. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle...

Oracle WebCenter Sites (Jul 2024 CPU)

The 12.2.1.4.0 versions of WebCenter Sites installed on the remote host are affected by multiple vulnerabilities as referenced in the July 2024 CPU advisory. - Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware component: WebCenter Sites Spring Security. The supported...

CVE-2024-21150

Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards component: Web Runtime SEC. Supported versions that are affected are Prior to 9.2.8.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards...

CVE-2024-21148

Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite component: Personalization. Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Application...

CVE-2024-21128

Vulnerability in the Oracle Application Object Library product of Oracle E-Business Suite component: APIs. Supported versions that are affected are 12.2.6-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Application Object...

CVE-2024-21155

Oracle ZFS Storage Appliance Kit (Oracle) UI vulnerability (CVE-2024-21155) affects version 8.8. Root cause is insufficient input validation in the User Interface. An unauthenticated attacker with network access via HTTP can read data from the UI, with human interaction required for exploitation....

CVE-2024-21109

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are Prior to 7.0.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle VM VirtualBox. Successful...

CVE-2024-21100

Vulnerability in the Oracle Commerce Platform product of Oracle Commerce component: Platform. Supported versions that are affected are 11.3.0, 11.3.1 and 11.3.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Platform...

CVE-2024-21099

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics component: Data Visualization. The supported version that is affected is 7.0.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle...

CVE-2024-21092

Vulnerability in the Oracle Agile Product Lifecycle Management for Process product of Oracle Supply Chain component: Product Quality Management. The supported version that is affected is 6.2.4.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to...

CVE-2024-21091

Vulnerability in the Oracle Agile Product Lifecycle Management for Process product of Oracle Supply Chain component: Data Import. The supported version that is affected is 6.2.4.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle...

CVE-2024-21088

Vulnerability in the Oracle Production Scheduling product of Oracle E-Business Suite component: Import Utility. Supported versions that are affected are 12.2.4-12.2.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Production...

CVE-2024-21083

Vulnerability in the Oracle BI Publisher product of Oracle Analytics component: Script Engine. Supported versions that are affected are 7.0.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle BI Publisher...

CVE-2024-21070

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft component: Search Framework. Supported versions that are affected are 8.59, 8.60 and 8.61. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft...

CVE-2024-21046

Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite component: LOV. Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

CVE-2024-21043

Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite component: LOV. Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...