120 matches found
CVE-2019-2567
Vulnerability in the Oracle Configurator component of Oracle Supply Chain Products Suite subcomponent: Active Model Generation. Supported versions that are affected are 12.1 and 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracl...
Design/Logic Flaw
Vulnerability in the Oracle Configurator component of Oracle Supply Chain Products Suite subcomponent: Active Model Generation. Supported versions that are affected are 12.1 and 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracl...
CVE-2019-2567
Vulnerability in the Oracle Configurator component of Oracle Supply Chain Products Suite subcomponent: Active Model Generation. Supported versions that are affected are 12.1 and 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracl...
CVE-2019-2567
CVE-2019-2567 affects Oracle Configurator (Active Model Generation) in Oracle Supply Chain Products Suite. Affected: 12.1 and 12.2. Issue: unauthenticated attacker over HTTP can gain unauthorized access to Oracle Configurator data. CVSSv3 base score 7.5 (High) with confidentiality impact. Connect...
Unspecified Vulnerability in Oracle Supply Chain Products Suite Configurator Component
Oracle Supply Chain Products Suite is a suite of supply chain solutions from Oracle Corporation, of which Oracle Configurator is a configuration component that integrates order management, quoting and selling. An unspecified vulnerability in the JRAD Heartbeat subcomponent of the Oracle...
CVE-2016-3438
Unspecified vulnerability in the Oracle Configurator component in Oracle Supply Chain Products Suite 12.0.6, 12.1, and 12.2 allows remote attackers to affect confidentiality and integrity via vectors related to JRAD Heartbeat. NOTE: the previous information is from the April 2016 CPU. Oracle has...
CVE-2016-3438
Unspecified vulnerability in the Oracle Configurator component in Oracle Supply Chain Products Suite 12.0.6, 12.1, and 12.2 allows remote attackers to affect confidentiality and integrity via vectors related to JRAD Heartbeat. NOTE: the previous information is from the April 2016 CPU. Oracle has...
Cross site scripting
Unspecified vulnerability in the Oracle Configurator component in Oracle Supply Chain Products Suite 12.0.6, 12.1, and 12.2 allows remote attackers to affect confidentiality and integrity via vectors related to JRAD Heartbeat. NOTE: the previous information is from the April 2016 CPU. Oracle has...
CVE-2016-3438
Unspecified vulnerability in the Oracle Configurator component in Oracle Supply Chain Products Suite 12.0.6, 12.1, and 12.2 allows remote attackers to affect confidentiality and integrity via vectors related to JRAD Heartbeat. NOTE: the previous information is from the April 2016 CPU. Oracle has...
CVE-2016-0541
Unspecified vulnerability in the Oracle Configurator component in Oracle Supply Chain Products Suite 11.5.10.2, 12.1, and 12.2 allows remote attackers to affect confidentiality via unknown vectors related to UI Servlet, a different vulnerability than CVE-2016-0540...
CVE-2016-0540
Unspecified vulnerability in the Oracle Configurator component in Oracle Supply Chain Products Suite 11.5.10.2, 12.1, and 12.2 allows remote attackers to affect confidentiality via unknown vectors related to UI Servlet, a different vulnerability than CVE-2016-0541...
Design/Logic Flaw
Unspecified vulnerability in the Oracle Configurator component in Oracle Supply Chain Products Suite 11.5.10.2, 12.1, and 12.2 allows remote attackers to affect confidentiality via unknown vectors related to UI Servlet, a different vulnerability than CVE-2016-0540...
CVE-2016-0541
CVE-2016-0541 affects Oracle Supply Chain Products Suite components: Oracle Configurator UI Servlet, with versions 11.5.10.2, 12.1, and 12.2. The issue is described as a data-access vulnerability that allows remote attackers to access sensitive data, compromising confidentiality via unknown vecto...
CVE-2007-3866
Multiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.10CU2 and 12.0.1 allow remote attackers to have an unknown impact via a Oracle Configurator APPS02, b Oracle iExpenses APPS03, c Oracle Application Object Library APPS09, and 1 APPS12, 2 APPS13, and 3 APPS14 in d Oracle Payables...
Design/Logic Flaw
Multiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.10CU2 and 12.0.1 allow remote attackers to have an unknown impact via a Oracle Configurator APPS02, b Oracle iExpenses APPS03, c Oracle Application Object Library APPS09, and 1 APPS12, 2 APPS13, and 3 APPS14 in d Oracle Payables...
CVE-2007-3866
Multiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.10CU2 and 12.0.1 allow remote attackers to have an unknown impact via a Oracle Configurator APPS02, b Oracle iExpenses APPS03, c Oracle Application Object Library APPS09, and 1 APPS12, 2 APPS13, and 3 APPS14 in d Oracle Payables...
CVE-2002-1640
Multiple cross-site scripting XSS vulnerabilities in Oracle Configurator before 11.5.7.17.32 and 11.5.6.16.53 allows remote attackers to inject arbitrary web script or HTML via 1 Text Features in the DHTML UI or 2 the test parameter to the oracle.apps.cz.servlet.UiServlet servlet...
Oracle Configurator discloses version and host information via "test" argument passed to servlet
Overview A servlet component of Oracle Configurator may post sensitive version and host information to any Web user that makes a crafted request to the server. Description Oracle Configurator is an Internet application used to configure Oracle Application and Database Servers. If a user sends a...
CVE-2002-1639
Oracle Configurator before 11.5.7.17.32 and 11.5.6.16.53 allows remote attackers to obtain sensitive information via a request to the oracle.apps.cz.servlet.UiServlet servlet with the test parameter set to "version" or "host"...
CVE-2002-1640
Multiple cross-site scripting XSS vulnerabilities in Oracle Configurator before 11.5.7.17.32 and 11.5.6.16.53 allows remote attackers to inject arbitrary web script or HTML via 1 Text Features in the DHTML UI or 2 the test parameter to the oracle.apps.cz.servlet.UiServlet servlet...