33 matches found
CVE-2024-21128
CVE-2024-21128 affects Oracle E-Business Suite, Oracle Application Object Library APIs. Affected: EBS 12.2.6–12.2.13. Root cause: insufficient input validation in APIs; enables a low-privilege, network-accessible attacker (via HTTP) to compromise data after requiring user interaction. Impact: una...
CVE-2017-10246
CVE-2017-10246 affects Oracle E-Business Suite’s Oracle Application Object Library (AOL), subcomponent iHelp. Affected versions: 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6. The vulnerability enables unauthenticated, network-accessible HTTP attackers to access or modify AOL data, per CVSS3.0 base scor...
CVE-2024-20929
The CVE-2024-20929 entry concerns Oracle E-Business Suite’s Oracle Application Object Library (AOL) with the vulnerable DB Privileges component. Affected versions are 12.2.3–12.2.13. It is exploitable by an unauthenticated attacker over HTTP with network access, enabling unauthorized update/inser...
CVE-2021-2314
CVE-2021-2314 affects Oracle E-Business Suite — Oracle Application Object Library (Profiles) in versions 12.1.3 and 12.2.3–12.2.10. The issue, caused by a vulnerability in the Profiles component, permits a low-privileged, network-accessible attacker over HTTP to obtain unauthorized access to or m...
CVE-2024-20915
CVE-2024-20915 affects Oracle E-Business Suite’s Oracle Application Object Library (AOL), Login - SSO component. Affected: AOL in E-Business Suite versions 12.2.3–12.2.13. Issue: insufficient input validation in the Login - SSO path allows an unauthenticated, network-accessible attacker (via HTTP...
CVE-2025-30732
The CVE refers to Oracle E-Business Suite, Oracle Application Object Library (AOL) Core, affected in 12.2.3–12.2.14. An unauthenticated attacker with network access via HTTP can compromise AOL, with human interaction required, potentially enabling unauthorized update/insert/delete and read access...
CVE-2017-3556
The CVE-2017-3556 entry concerns Oracle E-Business Suite’s Oracle Application Object Library (AOL) File Management vulnerability. Public sources in the connected documents confirm affected software: Oracle E-Business Suite, versions 12.2.3 through 12.2.6 (also 12.1.3 is listed, but details focus ...
CVE-2025-30726
CVE-2025-30726 affects Oracle E-Business Suite, Oracle Application Object Library (AOL) Core, in versions 12.2.3–12.2.14. An unauthenticated attacker with network access over HTTP can read a subset of AOL data. The vulnerability is documented with a CVSS v3.1 base score of 5.3 (Confidentiality). ...
CVE-2008-2586
CVE-2008-2586 affects Oracle E-Business Suite 12.0.4 via the Oracle Application Object Library. The initial description notes unknown impact; NVD risk data shows a CVSS v2 base score of 4.0 (Medium), with network access but only single-user authentication required. The connected documents corrobo...
CVE-2025-30730
The CVE-2025-30730 entry concerns Oracle E-Business Suite’s Oracle Application Object Library (Core), affected in versions 12.2.5–12.2.14. The vulnerability enables an unauthenticated attacker with network access via HTTP to cause a hang or a frequently repeatable crash (complete DoS) of Oracle A...
CVE-2017-10331
CVE-2017-10331 affects Oracle E-Business Suite’s Oracle Application Object Library (Diagnostics). Affects 12.1.3 and 12.2.x releases up to 12.2.7. The vulnerability allows an unauthenticated attacker with network access via HTTP to read a subset of Oracle AOL data. Root cause and specific exploit...
CVE-2020-14554
CVE-2020-14554 affects Oracle E-Business Suite Oracle Application Object Library (AOL) Diagnostics. Affected: AOL in EBS versions 12.1.3 and 12.2.3–12.2.8. Vulnerability allows unauthenticated, network-accessed HTTP exploitation with user interaction required, potentially enabling unauthorized up...
CVE-2017-10244
CVE-2017-10244 affects Oracle E-Business Suite Application Object Library (Attachments). The flaw allows an unauthenticated, network-based attacker to read documents stored in AOL via HTTP, as described in the CVE entry and corroborated by Oracle CPUJuly2017 and ThreatPost coverage. Affected vers...
CVE-2023-21978
CVE-2023-21978 affects Oracle E-Business Suite, specifically the Oracle Application Object Library GUI component. Affected versions are 12.2.3–12.2.11. The underlying issue is insufficient input validation in the GUI of the Oracle Application Object Library, allowing a low-privileged, network-acc...
CVE-2017-10328
CVE-2017-10328 affects Oracle E-Business Suite’s Oracle Application Object Library (AOL) Diagnostics subcomponent. Affected versions include 12.1.3 and 12.2.x up to 12.2.7. The vulnerability is exploitable by an unauthenticated attacker over HTTP, potentially allowing access to Oracle AOL data. C...
CVE-2018-3138
CVE-2018-3138 affects Oracle E-Business Suite’s Oracle Application Object Library (AOL), specifically the Attachments / File Upload subcomponent. Affected versions include 12.1.3 and 12.2.x (12.2.3–12.2.7). The vulnerability allows unauthenticated, network-based access via HTTP to AOL, with explo...
CVE-2020-14840
CVE-2020-14840 affects Oracle E-Business Suite, specifically the Oracle Application Object Library (Diagnostics) component. Affects versions 12.1.3 and 12.2.3–12.2.10. The vulnerability allows an unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library...
CVE-2019-3027
The CVE-2019-3027 entry concerns Oracle E-Business Suite’s Oracle Application Object Library (AOL), Login Help component. Affected versions are 12.2.5–12.2.9. The vulnerability is exploitable by an unauthenticated attacker over HTTP with network access, potentially enabling partial denial of serv...
CVE-2017-10177
CVE-2017-10177 is a vulnerability in the Oracle Application Object Library (AOL) component of Oracle E-Business Suite, specifically in the Flexfields subcomponent, affecting version 12.2.6. The issue allows a low-privileged, network-authenticated attacker (HTTP) to compromise AOL, potentially ena...
CVE-2019-2761
CVE-2019-2761 affects Oracle E-Business Suite, specifically the Application Object Library’s Attachments/File Upload subcomponent. Affects versions 12.1.3 and 12.2.3–12.2.8. The vulnerability is an unauthenticated, network-accessible issue over HTTP that can lead to unauthorized read access to a ...
CVE-2016-0520
CVE-2016-0520 is described as an unspecified vulnerability in Oracle E-Business Suite 11.5.10.2, affecting the Oracle Application Object Library component via Java APIs and allowing remote attackers to compromise integrity. The description does not specify the root cause beyond a Java API-related...
CVE-2016-0589
Technical details about CVE-2016-0589 are not provided in the supplied documents. Connected records mention Oracle E-Business Suite components but do not specify affected versions, root cause, exploit vectors, or fixes. Monitor for updates.
CVE-2019-2621
CVE-2019-2621 affects Oracle E-Business Suite’s Oracle Application Object Library (AOL), specifically the Diagnostics subcomponent. Affected versions include 12.1.3 and 12.2.x releases up to 12.2.8. The vulnerability allows an unauthenticated attacker who can reach AOL over HTTP to compromise dat...
CVE-2008-2606
CVE-2008-2606 affects Oracle E-Business Suite 12.0.4 components with the Oracle Application Object Library over HTTP. In the Oracle E-Business Suite risk matrix, this vulnerability is listed under CVE-2008-2606 with a base score around 4.0 (Network) and requires a valid session for exploitation, ...
CVE-2016-0586
CVE-2016-0586 affects Oracle E-Business Suite 11.5.10.2 via the Oracle Application Object Library iHelp component. The vulnerability is described as unspecified, with remote attackers able to affect integrity through unknown vectors related to iHelp. The Connected documents corroborate the produc...
CVE-2020-14635
CVE-2020-14635 affects Oracle E-Business Suite Application Object Library (AOL), Logging component. Affects 12.2.5–12.2.9; an unauthenticated, network-accessible attacker over HTTP can read a subset of AOL data due to the underlying issue described in the CVE. Multiple sources (NVD, RH Red Hat, C...
CVE-2016-0576
CVE-2016-0576 concerns an unspecified vulnerability in the Oracle Application Object Library ICX LOVs component of Oracle E-Business Suite 11.5.10.2. The description states it can allow remote attackers to affect confidentiality and integrity via vectors related to ICX LOVs. The connected documen...
CVE-2016-0585
CVE-2016-0585 is described as an unspecified vulnerability in Oracle E‑Business Suite’s Oracle Application Object Library ICX Error component (11.5.10.2) that can affect availability via remote attacker interaction. Connected sources identify the ICX Error component as involved but do not provide...
CVE-2017-3246
The CVE-2017-3246 entry refers to a vulnerability in the Oracle Application Object Library (Patching) within Oracle E-Business Suite. Affected supported versions include 12.1.3, 12.2.3, 12.2.4, 12.2.5, and 12.2.6. The issue is described as easily exploitable by a high-privilege attacker who has l...
CVE-2016-3545
Affected product: Oracle E-Business Suite (Applications Object Library, AOL) in 12.1.3, 12.2.3, 12.2.4, 12.2.5. Vulnerability: Web-based help screens subcomponent allows remote disclosure of confidential data. Root cause details are not specified in the provided documents. Publicly known remediat...
CVE-2016-0697
CVE-2016-0697 affects Oracle E-Business Suite’s Oracle Application Object Library (AOL) component, specifically in versions 12.1.3, 12.2.3, 12.2.4, and 12.2.5. The vulnerability is described as unspecified, allowing local users to impact confidentiality and integrity via unknown vectors. The prov...
CVE-2018-3244
CVE-2018-3244 affects the Oracle Application Object Library (AOL) in Oracle E-Business Suite, specifically the Attachments / File Upload subcomponent, with affected versions 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. The vulnerability permits an unauthenticated attacker reachable via HTTP...
CVE-2016-3434
CVE-2016-3434 affects Oracle E-Business Suite through the Oracle Application Object Library (AOL) in versions 12.1.3, 12.2.3, 12.2.4, and 12.2.5. The root cause is an unspecified vulnerability in the Logout subcomponent of AOL that could allow a remote attacker to compromise data integrity via th...