334 matches found
CVE-2024-21261
Vulnerability in Oracle Application Express component: General. Supported versions that are affected are 23.2 and 24.1. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Application Express. While the vulnerability is in Oracle...
CVE-2024-21261
Oracle Application Express (APEX) General component is affected in versions 23.2 and 24.1. The issue stems from insufficient input validation in the General component, allowing a low-privileged, network-accessible attacker (via HTTP) to perform unauthorized updates, inserts, deletes, and read acc...
PT-2024-7157 · Oracle · Oracle Application Express
Name of the Vulnerable Software and Affected Versions: Oracle Application Express versions 23.2 through 24.1 Description: The issue is related to insufficient input validation in the General component of Oracle Application Express. It allows a low-privileged attacker with network access via HTTP ...
Oracle Application Express 安全漏洞
Oracle Application Express is a low-code development platform from Oracle Corporation USA. A security vulnerability exists in Oracle Application Express versions 23.2 and 24.1. An attacker could exploit the vulnerability to update, insert, or delete accessible data...
The vulnerability of the Application Express component in the Oracle Application Express development environment allows a hacker to gain full control over the application.
The vulnerability of the Application Express development environment for Oracle Application Express is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to gain full control over the application using the HTTP protocol...
The vulnerability of the Application Express component in the Oracle Application Express development environment allows access to data modification, addition, deletion, or partial service disruption.
The vulnerability of the Application Express development environment for Oracle Application Express is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker operating remotely to gain access to modify, add, or delete data, or cause a partial service...
Unspecified Vulnerability in Oracle Application Expresses
Oracle Application Express is the United States Oracle Oracle, a low-code development platform. A security vulnerability exists in the Application Express Customers Plugin for Oracle Application Express, which can be exploited by an attacker to cause the Application Express Customers Plugin to be...
Unspecified Vulnerability in Oracle Application Expresses (CNVD-2023-78671)
Oracle Application Express is the United States Oracle Oracle, a low-code development platform. A security vulnerability in Application Express Administration in Oracle Application Express can be exploited by an attacker to cause unauthorized update, insertion, or deletion access to certain...
The vulnerability of the Application Express Customers Plugin component in the Oracle Application Express development environment allows a attacker to read data and modify it.
The vulnerability of the Application Express Customers Plugin component in the Oracle Application Express development environment exists due to insufficient validation of input data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain access to modify, add, or delet...
CVE-2023-21983
Vulnerability in the Application Express Administration product of Oracle Application Express component: None. Supported versions that are affected are Application Express Administration: 18.2-22.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to...
CVE-2023-21975
Vulnerability in the Application Express Customers Plugin product of Oracle Application Express component: User Account. Supported versions that are affected are Application Express Customers Plugin: 18.2-22.2. Easily exploitable vulnerability allows low privileged attacker with network access vi...
CVE-2023-21975
Vulnerability in the Application Express Customers Plugin product of Oracle Application Express component: User Account. Supported versions that are affected are Application Express Customers Plugin: 18.2-22.2. Easily exploitable vulnerability allows low privileged attacker with network access vi...
CVE-2023-21983
Vulnerability in the Application Express Administration product of Oracle Application Express component: None. Supported versions that are affected are Application Express Administration: 18.2-22.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to...
Code injection
Vulnerability in the Application Express Team Calendar Plugin product of Oracle Application Express component: User Account. Supported versions that are affected are Application Express Team Calendar Plugin: 18.2-22.1. Easily exploitable vulnerability allows low privileged attacker with network...
Code injection
Vulnerability in the Application Express Customers Plugin product of Oracle Application Express component: User Account. Supported versions that are affected are Application Express Customers Plugin: 18.2-22.2. Easily exploitable vulnerability allows low privileged attacker with network access vi...
Code injection
Vulnerability in the Application Express Administration product of Oracle Application Express component: None. Supported versions that are affected are Application Express Administration: 18.2-22.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to...
CVE-2023-21983
Oracle Application Express (APEX) Application Express Administration is affected for versions 18.2–22.2. The vulnerability allows an unauthenticated attacker over HTTP with network access to force unauthorized updates/deletes/inserts to certain Administration data, read access to a subset of data...
CVE-2023-21975
The CVE-2023-21975 affects Oracle Application Express, specifically the Application Express Customers Plugin (component: User Account) with vulnerable versions 18.2–22.2. The root cause is insufficient input validation in the Customers Plugin, enabling a remote attacker to modify, add, or delete ...
CVE-2023-21974
The CVE-2023-21974 entry maps to Oracle Application Express Team Calendar Plugin (versions 18.2–22.1). The vulnerability stems from insufficient input validation in the plugin’s User Account component, allowing a low-privileged attacker with network access via HTTP to compromise the plugin, with ...
Oracle Application Express 安全漏洞
Oracle Application Express is the United States Oracle Oracle, a low-code development platform. A security vulnerability in Application Express Administration in Oracle Application Express can be exploited by an attacker to cause unauthorized update, insertion, or deletion access to certain...