429 matches found
CVE-2024-21143
CVE-2024-21143 affects Oracle E-Business Suite, Oracle iStore (User Management) versions 12.2.3–12.2.13. An unauthenticated attacker with network access via HTTP can read data from Oracle iStore. The CVE is corroborated across multiple sources (NVD, RH, Nessus plugin), with a MEDIUM severity (CVS...
The vulnerability of the ECC sub-component of the Oracle iStore component in the Oracle E-Business Suite system allows a perpetrator to gain access to read, modify, add, or delete data.
The vulnerability of the ECC sub-component of the Oracle iStore component in the Oracle E-Business Suite exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain access to read, modify, add, or delete data using the HTTP...
Vulnerabilities fixed in Oracle E-Business Suite
Oracle has fixed vulnerabilities in E-Business suite and components. A malicious party could exploit the vulnerabilities to perform attacks that could result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Manipulation of data Access to sensitive data Oracle...
CVE-2024-20938
Vulnerability in the Oracle iStore product of Oracle E-Business Suite component: ECC. Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iStore. Successful attacks require huma...
CVE-2024-20938
Vulnerability in the Oracle iStore product of Oracle E-Business Suite component: ECC. Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iStore. Successful attacks require huma...
Design/Logic Flaw
Vulnerability in the Oracle iStore product of Oracle E-Business Suite component: ECC. Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iStore. Successful attacks require huma...
CVE-2024-20938
The CVE-2024-20938 flaw affects Oracle E-Business Suite’s Oracle iStore component (ECC) in versions 12.2.3–12.2.13. An unauthenticated attacker with network access over HTTP can compromise iStore, with successful attacks requiring user interaction and potentially impacting related products. The i...
PT-2024-1232 · Oracle · Oracle E-Business Suite +1
Name of the Vulnerable Software and Affected Versions: Oracle E-Business Suite component: ECC versions 12.2.3 through 12.2.13 Description: The issue is related to insufficient input validation in the Oracle iStore product, allowing an unauthenticated attacker with network access via HTTP to...
Oracle E-Business Suite Security Vulnerability
Oracle E-Business Suite E-Business Suite is a fully integrated set of global business management software from Oracle USA. The software provides customer relationship management, service management, financial management, and other capabilities. iStore is one of the e-business applications that...
SUSE CVE-2012-3138
Unspecified vulnerability in the Oracle iStore component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect integrity via unknown vectors related to Web interface...
The vulnerability of the User Interface component of the Oracle iStore system, a system for creating, managing, and personalizing online stores, allows a malicious actor to gain unauthorized access to read, modify, or delete data.
The vulnerability of the User Interface component of the Oracle iStore system, which is used for creating, managing, and personalizing online stores, is related to insufficient validation of input data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorize...
CVE-2022-21354
Vulnerability in the Oracle iStore product of Oracle E-Business Suite component: User Interface. Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iStore. Successful attacks...
CVE-2022-21354
Vulnerability in the Oracle iStore product of Oracle E-Business Suite component: User Interface. Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iStore. Successful attacks...
Design/Logic Flaw
Vulnerability in the Oracle iStore product of Oracle E-Business Suite component: User Interface. Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iStore. Successful attacks...
CVE-2022-21354
Vulnerability in the Oracle iStore product of Oracle E-Business Suite component: User Interface. Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iStore. Successful attacks...
CVE-2022-21354
Vulnerability in the Oracle iStore product of Oracle E-Business Suite component: User Interface. Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iStore. Successful attacks...
CVE-2022-21354
CVE-2022-21354 affects Oracle E-Business Suite iStore UI (versions 12.2.3–12.2.11). An unauthenticated attacker can access over HTTP and, with user interaction, may update/insert/delete and read Oracle iStore data. The issue is confirmed by multiple sources (NVD, Red Hat, NCSC) and is listed with...
Oracle E-Business Suite 安全漏洞
Oracle E-Business Suite E-Business Suite is a set of fully integrated global business management software from Oracle Oracle. The software provides customer relationship management, service management, financial management, and other functions. A security vulnerability exists in the Oracle iStore...
The vulnerability of the Shopping Cart sub-component of the Oracle iStore component in the Oracle E-Business Suite system, which allows a malicious individual to gain unauthorized access to the device.
The vulnerability of the Shopping Cart sub-component of the Oracle iStore component in the Oracle E-Business Suite system’s business automation solution is related to code errors. Exploiting this vulnerability may allow an attacker, operating remotely, to gain unauthorized access to the device...
Oracle E-Business Suite iStore Information Disclosure (CVE-2021-2182)
An information disclosure vulnerability exists in the iStore component in Oracle E-Business Suite. The vulnerability is due to the use of untrusted user input from requests when constructing HTML output in the JSP that handles updating of user personal information...