Lucene search
+L

11 matches found

EUVD
EUVD
added yesterday6 views

EUVD-2026-45274

Pimcore is an Open Source Data & Experience Management Platform. Prior to 11.5.17 LTS and 12.3.6, the columnConfigAction endpoint in bundles/CustomReportsBundle/src/Controller/Reports/CustomReportController.php passes malicious SQL configuration through CustomReportController:columnConfigAction,...

8.7CVSS5.8AI score0.00027EPSS
Exploits0References4
Veracode
Veracode
added 2026/05/30 8:7 a.m.8 views

SQL Injection

pimcore/pimcore is vulnerable to SQL injection. The vulnerability is due to improper sanitization of user-supplied SQL configuration in the columnConfigAction endpoint, which is concatenated into database queries, allowing an attacker with the reportsconfig permission to execute arbitrary SELECT ...

8.7CVSS6.2AI score0.00027EPSS
Exploits0References3Affected Software1
NOZOMI
NOZOMI
added 2024/09/11 12:0 a.m.7 views

Incorrect authorization for Reports configuration in Guardian/CMC before 24.2.0

Summary An access control vulnerability was discovered in the Reports section due to a specific access restriction not being properly enforced for users with limited privileges. Impact If a logged-in user with reporting privileges learns how to create a specific application request, they might be...

6CVSS5.9AI score0.00221EPSS
Exploits0Affected Software2
BDU FSTEC
BDU FSTEC
added 2023/07/25 12:0 a.m.7 views

The vulnerability of the Reports Configuration sub-component of the Oracle Applications Technology component of the Oracle E-Business Suite allows a perpetrator to access confidential information.

The vulnerability of the Reports Configuration sub-component of the Oracle Applications Technology component in the Oracle E-Business Suite system relates to insufficient validation of input data. Exploiting this vulnerability allows an attacker, operating remotely, to gain access to read, modify...

5CVSS6.4AI score0.00401EPSS
Exploits0References2Affected Software2
OSV
OSV
added 2023/07/18 9:15 p.m.2 views

CVE-2023-22004

Vulnerability in the Oracle Applications Technology product of Oracle E-Business Suite component: Reports Configuration. Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

4.3CVSS7.3AI score0.00401EPSS
Exploits0References1
NVD
NVD
added 2023/07/18 9:15 p.m.23 views

CVE-2023-22004

Vulnerability in the Oracle Applications Technology product of Oracle E-Business Suite component: Reports Configuration. Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

4.3CVSS0.00401EPSS
Exploits0References1
CVE
CVE
added 2023/07/18 8:18 p.m.71 views

CVE-2023-22004

CVE-2023-22004 affects Oracle E-Business Suite, specifically the Reports Configuration component of Oracle Applications Technology. Affected versions are 12.2.3–12.2.12. The flaw allows an unauthenticated attacker with network access via HTTP to compromise Oracle Applications Technology; exploita...

4.3CVSS3.6AI score0.00401EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2023/07/18 12:0 a.m.6 views

Oracle E-Business Suite 安全漏洞

Oracle E-Business Suite E-Business Suite is a set of fully integrated global business management software from Oracle Oracle. The software provides customer relationship management, service management, financial management, and other functions. A security vulnerability exists in the Oracle...

4.3CVSS6.2AI score0.00401EPSS
Exploits0References2
NVD
NVD
added 2014/10/15 3:55 p.m.21 views

CVE-2014-4285

Unspecified vulnerability in the Oracle Applications Technology component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect integrity via unknown vectors related to Reports Configuration...

4.3CVSS5.7AI score0.01887EPSS
Exploits0References4
Prion
Prion
added 2014/10/15 3:55 p.m.15 views

Design/Logic Flaw

Unspecified vulnerability in the Oracle Applications Technology component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect integrity via unknown vectors related to Reports Configuration...

4.3CVSS6.2AI score0.01887EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2014/10/15 3:15 p.m.26 views

CVE-2014-4285

Unspecified vulnerability in the Oracle Applications Technology component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect integrity via unknown vectors related to Reports Configuration...

5.7AI score0.01887EPSS
Exploits0References4
Rows per page
Query Builder