Lucene search
K

429 matches found

CVE
CVE
added 2024/07/16 10:39 p.m.60 views

CVE-2024-21143

CVE-2024-21143 affects Oracle E-Business Suite, Oracle iStore (User Management) versions 12.2.3–12.2.13. An unauthenticated attacker with network access via HTTP can read data from Oracle iStore. The CVE is corroborated across multiple sources (NVD, RH, Nessus plugin), with a MEDIUM severity (CVS...

5.3CVSS4.1AI score0.00399EPSS
Exploits0References1Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/01/24 12:0 a.m.5 views

The vulnerability of the ECC sub-component of the Oracle iStore component in the Oracle E-Business Suite system allows a perpetrator to gain access to read, modify, add, or delete data.

The vulnerability of the ECC sub-component of the Oracle iStore component in the Oracle E-Business Suite exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain access to read, modify, add, or delete data using the HTTP...

6.4CVSS6.8AI score0.00309EPSS
Exploits0References3Affected Software2
NCSC
NCSC
added 2024/01/18 12:0 a.m.5 views

Vulnerabilities fixed in Oracle E-Business Suite

Oracle has fixed vulnerabilities in E-Business suite and components. A malicious party could exploit the vulnerabilities to perform attacks that could result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Manipulation of data Access to sensitive data Oracle...

6.5CVSS6.3AI score0.00493EPSS
Exploits0
NVD
NVD
added 2024/01/16 10:15 p.m.25 views

CVE-2024-20938

Vulnerability in the Oracle iStore product of Oracle E-Business Suite component: ECC. Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iStore. Successful attacks require huma...

6.1CVSS5.8AI score0.00309EPSS
Exploits0References1
OSV
OSV
added 2024/01/16 10:15 p.m.2 views

CVE-2024-20938

Vulnerability in the Oracle iStore product of Oracle E-Business Suite component: ECC. Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iStore. Successful attacks require huma...

6.1CVSS7.3AI score0.00309EPSS
Exploits0References1
Prion
Prion
added 2024/01/16 10:15 p.m.12 views

Design/Logic Flaw

Vulnerability in the Oracle iStore product of Oracle E-Business Suite component: ECC. Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iStore. Successful attacks require huma...

5.8CVSS6.5AI score0.00309EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2024/01/16 9:41 p.m.52 views

CVE-2024-20938

The CVE-2024-20938 flaw affects Oracle E-Business Suite’s Oracle iStore component (ECC) in versions 12.2.3–12.2.13. An unauthenticated attacker with network access over HTTP can compromise iStore, with successful attacks requiring user interaction and potentially impacting related products. The i...

6.1CVSS5.8AI score0.00309EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/01/16 12:0 a.m.3 views

PT-2024-1232 · Oracle · Oracle E-Business Suite +1

Name of the Vulnerable Software and Affected Versions: Oracle E-Business Suite component: ECC versions 12.2.3 through 12.2.13 Description: The issue is related to insufficient input validation in the Oracle iStore product, allowing an unauthenticated attacker with network access via HTTP to...

6.4CVSS6AI score0.00309EPSS
Exploits0References8
CNNVD
CNNVD
added 2024/01/16 12:0 a.m.4 views

Oracle E-Business Suite Security Vulnerability

Oracle E-Business Suite E-Business Suite is a fully integrated set of global business management software from Oracle USA. The software provides customer relationship management, service management, financial management, and other capabilities. iStore is one of the e-business applications that...

6.1CVSS6.7AI score0.00309EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/02/15 5:46 a.m.4 views

SUSE CVE-2012-3138

Unspecified vulnerability in the Oracle iStore component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect integrity via unknown vectors related to Web interface...

4.3CVSS6.7AI score0.01046EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2022/04/11 12:0 a.m.5 views

The vulnerability of the User Interface component of the Oracle iStore system, a system for creating, managing, and personalizing online stores, allows a malicious actor to gain unauthorized access to read, modify, or delete data.

The vulnerability of the User Interface component of the Oracle iStore system, which is used for creating, managing, and personalizing online stores, is related to insufficient validation of input data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorize...

6.1CVSS6.8AI score0.00706EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/01/19 12:15 p.m.4 views

CVE-2022-21354

Vulnerability in the Oracle iStore product of Oracle E-Business Suite component: User Interface. Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iStore. Successful attacks...

6.1CVSS6.9AI score0.00706EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2022/01/19 12:15 p.m.25 views

CVE-2022-21354

Vulnerability in the Oracle iStore product of Oracle E-Business Suite component: User Interface. Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iStore. Successful attacks...

6.1CVSS0.00706EPSS
Exploits0References1
Prion
Prion
added 2022/01/19 12:15 p.m.18 views

Design/Logic Flaw

Vulnerability in the Oracle iStore product of Oracle E-Business Suite component: User Interface. Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iStore. Successful attacks...

5.8CVSS5.9AI score0.00706EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2022/01/19 11:25 a.m.13 views

CVE-2022-21354

Vulnerability in the Oracle iStore product of Oracle E-Business Suite component: User Interface. Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iStore. Successful attacks...

6.1CVSS6.3AI score0.00706EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/01/19 11:25 a.m.29 views

CVE-2022-21354

Vulnerability in the Oracle iStore product of Oracle E-Business Suite component: User Interface. Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iStore. Successful attacks...

6.1CVSS6.1AI score0.00706EPSS
Exploits0References1
CVE
CVE
added 2022/01/19 11:25 a.m.77 views

CVE-2022-21354

CVE-2022-21354 affects Oracle E-Business Suite iStore UI (versions 12.2.3–12.2.11). An unauthenticated attacker can access over HTTP and, with user interaction, may update/insert/delete and read Oracle iStore data. The issue is confirmed by multiple sources (NVD, Red Hat, NCSC) and is listed with...

6.1CVSS5.8AI score0.00706EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2022/01/19 12:0 a.m.4 views

Oracle E-Business Suite 安全漏洞

Oracle E-Business Suite E-Business Suite is a set of fully integrated global business management software from Oracle Oracle. The software provides customer relationship management, service management, financial management, and other functions. A security vulnerability exists in the Oracle iStore...

6.1CVSS7AI score0.00706EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2021/05/19 12:0 a.m.9 views

The vulnerability of the Shopping Cart sub-component of the Oracle iStore component in the Oracle E-Business Suite system, which allows a malicious individual to gain unauthorized access to the device.

The vulnerability of the Shopping Cart sub-component of the Oracle iStore component in the Oracle E-Business Suite system’s business automation solution is related to code errors. Exploiting this vulnerability may allow an attacker, operating remotely, to gain unauthorized access to the device...

8.5CVSS6.9AI score0.00987EPSS
Exploits0References3Affected Software1
Check Point Advisories
Check Point Advisories
added 2021/05/18 12:0 a.m.2 views

Oracle E-Business Suite iStore Information Disclosure (CVE-2021-2182)

An information disclosure vulnerability exists in the iStore component in Oracle E-Business Suite. The vulnerability is due to the use of untrusted user input from requests when constructing HTML output in the JSP that handles updating of user personal information...

5.8CVSS7.8AI score0.00933EPSS
Exploits0
Rows per page
Query Builder