Lucene search
K

3672 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2021/12/15 10:55 a.m.22 views

Security Bulletin: Oracle Database Server Vulnerability Affects IBM Emptoris Contract Management (CVE-2021-2335)

Summary An Oracle database server vulnerability was addressed by IBM Emptoris Contract Management. Vulnerability Details CVEID: CVE-2021-2335 DESCRIPTION: An unspecified vulnerability in Oracle Database Server related to the Database - Enterprise Edition Data Redaction component could allow an...

3.5CVSS3.8AI score0.00607EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/15 10:53 a.m.17 views

Security Bulletin: Oracle Database Server Vulnerability Affects IBM Emptoris Sourcing (CVE-2021-2334)

Summary An Oracle database server vulnerability was addressed in IBM Emptoris Sourcing. Vulnerability Details CVEID: CVE-2021-2334 DESCRIPTION: An unspecified vulnerability in Oracle Database Server related to the Database - Enterprise Edition Data Redaction component could allow an authenticated...

3.5CVSS3.8AI score0.00729EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/15 10:51 a.m.23 views

Security Bulletin: Oracle Database Server Vulnerability Affects IBM Emptoris Strategic Supply Management Platform (CVE-2021-2334)

Summary An Oracle database server vulnerability was addressed in IBM Emptoris Strategic Supply Management Platform. Vulnerability Details CVEID: CVE-2021-2334 DESCRIPTION: An unspecified vulnerability in Oracle Database Server related to the Database - Enterprise Edition Data Redaction component...

3.5CVSS3.8AI score0.00729EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/15 10:51 a.m.17 views

Security Bulletin: Oracle Database Server Vulnerability Affects IBM Emptoris Contract Management (CVE-2021-2334)

Summary An Oracle database server vulnerability has been addressed in IBM Emptoris Contract Management. Vulnerability Details CVEID: CVE-2021-2334 DESCRIPTION: An unspecified vulnerability in Oracle Database Server related to the Database - Enterprise Edition Data Redaction component could allow ...

3.5CVSS3.9AI score0.00729EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/15 10:50 a.m.16 views

Security Bulletin: Oracle Database Server Vulnerability Affects IBM Emptoris Program Management (CVE-2021-2334)

Summary An Oracle database server vulnerability was addressed in IBM Emptoris Program Management. Vulnerability Details CVEID: CVE-2021-2334 DESCRIPTION: An unspecified vulnerability in Oracle Database Server related to the Database - Enterprise Edition Data Redaction component could allow an...

3.5CVSS3.8AI score0.00729EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/15 10:47 a.m.17 views

Security Bulletin: Oracle Database Server Vulnerability Affects IBM Emptoris Contract Management (CVE-2021-2336)

Summary An Oracle database server vulnerability was addressed in IBM Emptoris Contract Management. Vulnerability Details CVEID: CVE-2021-2336 DESCRIPTION: An unspecified vulnerability in Oracle Database Server related to the Database - Enterprise Edition Data Redaction component could allow an...

3.5CVSS3.8AI score0.00607EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/15 10:46 a.m.16 views

Security Bulletin: Oracle Database Server Vulnerability Affects IBM Emptoris Supplier Lifecycle Mgmt (CVE-2021-2336)

Summary An Oracle database server vulnerability was addressed in IBM Emptoris Supplier Lifecycle Management. Vulnerability Details CVEID: CVE-2021-2336 DESCRIPTION: An unspecified vulnerability in Oracle Database Server related to the Database - Enterprise Edition Data Redaction component could...

3.5CVSS3.8AI score0.00607EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/15 10:44 a.m.20 views

Security Bulletin: Oracle Database Server Vulnerability Affects IBM Emptoris Program Management (CVE-2021-2336)

Summary An Oracle database server vulnerability was addressed in IBM Emptoris Program Management. Vulnerability Details CVEID: CVE-2021-2336 DESCRIPTION: An unspecified vulnerability in Oracle Database Server related to the Database - Enterprise Edition Data Redaction component could allow an...

3.5CVSS3.8AI score0.00607EPSS
Exploits0Affected Software1
OSV
OSV
added 2021/12/14 4:15 p.m.2 views

CVE-2021-42064

If configured to use an Oracle database and if a query is created using the flexible search java api with a parameterized "in" clause, SAP Commerce - versions 1905, 2005, 2105, 2011, allows attacker to execute crafted database queries, exposing backend database. The vulnerability is present if th...

9.8CVSS7.4AI score
Exploits0References2
NVD
NVD
added 2021/12/14 4:15 p.m.22 views

CVE-2021-42064

If configured to use an Oracle database and if a query is created using the flexible search java api with a parameterized "in" clause, SAP Commerce - versions 1905, 2005, 2105, 2011, allows attacker to execute crafted database queries, exposing backend database. The vulnerability is present if th...

9.8CVSS0.01091EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2021/12/14 4:15 p.m.2 views

CVE-2021-42064

If configured to use an Oracle database and if a query is created using the flexible search java api with a parameterized "in" clause, SAP Commerce - versions 1905, 2005, 2105, 2011, allows attacker to execute crafted database queries, exposing backend database. The vulnerability is present if th...

9.8CVSS7.4AI score0.01091EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2021/12/14 4:15 p.m.13 views

Code injection

If configured to use an Oracle database and if a query is created using the flexible search java api with a parameterized "in" clause, SAP Commerce - versions 1905, 2005, 2105, 2011, allows attacker to execute crafted database queries, exposing backend database. The vulnerability is present if th...

6.8CVSS9AI score0.01091EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2021/12/14 3:44 p.m.17 views

CVE-2021-42064

If configured to use an Oracle database and if a query is created using the flexible search java api with a parameterized "in" clause, SAP Commerce - versions 1905, 2005, 2105, 2011, allows attacker to execute crafted database queries, exposing backend database. The vulnerability is present if th...

9.4AI score0.01091EPSS
Exploits0References2
CVE
CVE
added 2021/12/14 3:44 p.m.58 views

CVE-2021-42064

SAP Commerce (versions 1905, 2005, 2105, 2011) is vulnerable when configured to use Oracle DB and a query is built with the Flexible Search Java API using a parameterized IN clause that accepts more than 1000 values. The root cause is not explicitly described beyond this parameterized IN clause b...

9.8CVSS9.1AI score0.01091EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2021/12/14 12:0 a.m.4 views

SAP Commerce SQL注入漏洞

SAP Commerce is a set of cloud-based e-commerce platform from Germany's SAP. It supports sales management, marketing management, order management, and operations management. SAP Commerce suffers from an SQL injection vulnerability that stems from the software's lack of effective filtering and...

9.8CVSS8.6AI score0.01091EPSS
Exploits0References4
0day.today
0day.today
added 2021/12/13 12:0 a.m.292 views

Oracle Database Protection Mechanism Bypass Vulnerability

Due to insecure fallback behavior, a man-in-the-middle attacker can bypass NNE's protection against man-in-the-middle attacks and hijack authenticated connections. In some configurations, a full man-in-the-middle attack is possible. Oracle Database versions 19c, 12.2.0.1, and 12.1.0.2 are affecte...

8.3CVSS8AI score0.025EPSS
Exploits5
0day.today
0day.today
added 2021/12/13 12:0 a.m.197 views

Oracle Database Weak NNE Integrity Key Derivation Vulnerability

NNE's integrity protection mechanism deliberately weakens the key used for computing per-packet message authentication codes MACs. Oracle Database versions 19c, 12.2.0.1, and 12.1.0.2 are affected. Product: Database Manufacturer: Oracle Affected Versions: 12.1.0.2, 12.2.0.1, 19c Tested Versions:...

8.3CVSS8.4AI score0.025EPSS
Exploits5
Packet Storm
Packet Storm
added 2021/12/13 12:0 a.m.269 views

Oracle Database Protection Mechanism Bypass

Advisory ID: SYSS-2021-061 Product: Database Manufacturer: Oracle Affected Versions: 12.1.0.2, 12.2.0.1, 19c Tested Versions: 18c Vulnerability Type: Protection Mechanism Failure CWE-693 Risk Level: High Solution Status: Fixed Manufacturer Notification: 2021-03-17 Solution Date: 2021-08-07 Public...

8.3CVSS0.2AI score0.025EPSS
Exploits5
Packet Storm
Packet Storm
added 2021/12/13 12:0 a.m.221 views

Oracle Database Weak NNE Integrity Key Derivation

Advisory ID: SYSS-2021-062 Product: Database Manufacturer: Oracle Affected Versions: 12.1.0.2, 12.2.0.1, 19c Tested Versions: 18c Vulnerability Type: Inadequate Encryption Strength CWE-326 Risk Level: Medium Solution Status: Fixed Manufacturer Notification: 2021-03-17 Solution Date: 2021-08-07...

8.3CVSS0.3AI score0.025EPSS
Exploits5
IBM Security Bulletins
IBM Security Bulletins
added 2021/11/11 11:2 a.m.16 views

Security Bulletin: Oracle Database Server Vulnerability Affects IBM Emptoris Sourcing (CVE-2021-2438)

Summary An Oracle Database Server security vulnerability has been addressed in IBM Emptoris Sourcing. Vulnerability Details CVEID: CVE-2021-2438 DESCRIPTION: An unspecified vulnerability in Oracle Database Server related to the Java VM component could allow an authenticated attacker to cause a...

4.3CVSS4.7AI score0.0084EPSS
Exploits0Affected Software1
Rows per page
Query Builder