CVE-2024-21020

Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite component: LOV. Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

CVE-2024-20990

Vulnerability in the Oracle Applications Technology product of Oracle E-Business Suite component: Templates. Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Applications...

CVE-2024-21095

CVE-2024-21095 affects Oracle Primavera P6 Enterprise Project Portfolio Management (Web Access component). Affected versions: 19.12.0–19.12.22, 20.12.0–20.12.21, 21.12.0–21.12.18, 22.12.0–22.12.12, and 23.12.0–23.12.2. Root cause: insufficient input validation in the Web Access module, enabling a...

CVE-2024-21081

Oracle E-Business Suite, Oracle Partner Management component Attribute Admin Setup (versions 12.2.3–12.2.13) remains vulnerable to CVE-2024-21081. The issue permits an unauthenticated attacker with network access via HTTP to compromise Oracle Partner Management, with human interaction required, p...

CVE-2024-21073

CVE-2024-21073 affects Oracle E-Business Suite Oracle Trade Management, component Claim LOV. The issue arises from insufficient input validation in Claim LOV, allowing unauthenticated remote attacker over HTTP to access or compromise Oracle Trade Management, with impact on data confidentiality (p...

CVE-2024-21024

CVE-2024-21024 affects Oracle E-Business Suite, specifically the LOV component in Oracle Complex Maintenance, Repair, and Overhaul. Affected versions are 12.2.3–12.2.13. The issue stems from insufficient input validation in LOV, allowing a remote, unauthenticated attacker with network access via ...

CVE-2024-20989

Oracle Hospitality Simphony (Simphony POS) is affected in versions 19.1.0–19.5.4 due to insufficient input validation in the POS component. The vulnerability allows a remote, unauthenticated attacker with network access (HTTP) to modify, add, or delete data and potentially gain unauthorized acces...

PT-2024-3741 · Oracle · Oracle E-Business Suite

Name of the Vulnerable Software and Affected Versions: Oracle E-Business Suite versions 12.2.3 through 12.2.13 Description: The issue is related to insufficient input validation in the LOV component of Oracle Complex Maintenance, Repair, and Overhaul. This easily exploitable vulnerability allows ...

PT-2024-3073 · Oracle · Oracle Hospitality Simphony

Name of the Vulnerable Software and Affected Versions: Oracle Hospitality Simphony versions 19.1.0 through 19.5.4 Description: The issue is related to insufficient input validation in the Simphony Enterprise Server component. It allows a low-privileged attacker with network access via HTTP to...

PT-2024-3746 · Oracle · Oracle Complex Maintenance

Name of the Vulnerable Software and Affected Versions: Oracle Complex Maintenance, Repair, and Overhaul versions 12.2.3 through 12.2.13 Description: The issue exists due to insufficient input validation in the LOV component of the Oracle Complex Maintenance, Repair, and Overhaul product, part of...

PT-2024-3732 · Oracle · Oracle Complex Maintenance

Name of the Vulnerable Software and Affected Versions: Oracle Complex Maintenance, Repair, and Overhaul versions 12.2.3 through 12.2.13 Description: The issue is related to insufficient input validation in the LOV component of Oracle Complex Maintenance, Repair, and Overhaul, allowing an...

PT-2024-3725 · Oracle · Oracle Complex Maintenance

Name of the Vulnerable Software and Affected Versions: Oracle Complex Maintenance, Repair, and Overhaul versions 12.2.3 through 12.2.13 Description: The issue is related to insufficient input validation in the LOV component of Oracle Complex Maintenance, Repair, and Overhaul, allowing an...

PT-2024-3131 · Oracle · Oracle Bi Publisher

Name of the Vulnerable Software and Affected Versions: Oracle BI Publisher versions 7.0.0.0.0 and 12.2.1.4.0 Description: The issue is related to insufficient input validation in the XML Services component of Oracle BI Publisher, allowing an unauthenticated attacker with network access via HTTP t...

PT-2024-3721 · Oracle · Oracle Complex Maintenance

Name of the Vulnerable Software and Affected Versions: Oracle Complex Maintenance, Repair, and Overhaul versions 12.2.3 through 12.2.13 Description: The issue exists due to insufficient input validation in the LOV component of the Oracle Complex Maintenance, Repair, and Overhaul application. This...

CVE-2024-20980

Vulnerability in the Oracle BI Publisher product of Oracle Analytics component: Web Server. Supported versions that are affected are 6.4.0.0.0 and 7.0.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle BI Publisher. Successful...

CVE-2024-20956

Vulnerability in the Oracle Agile Product Lifecycle Management for Process product of Oracle Supply Chain component: Installation. Supported versions that are affected are Prior to 6.2.4.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise...

CVE-2024-20941

Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite component: HTML UI. Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Installed Base. Successful...

CVE-2024-20935

Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite component: Engineering Change Order. Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Installed...

CVE-2024-20937

Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards component: Monitoring and Diagnostics SEC. Supported versions that are affected are Prior to 9.2.8.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD...

CVE-2024-20929

Vulnerability in the Oracle Application Object Library product of Oracle E-Business Suite component: DB Privileges. Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Applicati...