Lucene search
K
OracleApplication Object Library

33 matches found

CVE
CVE
added 2024/07/16 10:39 p.m.91 views

CVE-2024-21128

CVE-2024-21128 affects Oracle E-Business Suite, Oracle Application Object Library APIs. Affected: EBS 12.2.6–12.2.13. Root cause: insufficient input validation in APIs; enables a low-privilege, network-accessible attacker (via HTTP) to compromise data after requiring user interaction. Impact: una...

5.4CVSS4.8AI score0.00308EPSS
CVE
CVE
added 2017/08/08 3:0 p.m.80 views

CVE-2017-10246

CVE-2017-10246 affects Oracle E-Business Suite’s Oracle Application Object Library (AOL), subcomponent iHelp. Affected versions: 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6. The vulnerability enables unauthenticated, network-accessible HTTP attackers to access or modify AOL data, per CVSS3.0 base scor...

8.2CVSS7.9AI score0.13937EPSS
Web
CVE
CVE
added 2024/02/17 1:50 a.m.74 views

CVE-2024-20929

The CVE-2024-20929 entry concerns Oracle E-Business Suite’s Oracle Application Object Library (AOL) with the vulnerable DB Privileges component. Affected versions are 12.2.3–12.2.13. It is exploitable by an unauthenticated attacker over HTTP with network access, enabling unauthorized update/inser...

6.5CVSS5.8AI score0.00322EPSS
CVE
CVE
added 2021/04/22 9:54 p.m.70 views

CVE-2021-2314

CVE-2021-2314 affects Oracle E-Business Suite — Oracle Application Object Library (Profiles) in versions 12.1.3 and 12.2.3–12.2.10. The issue, caused by a vulnerability in the Profiles component, permits a low-privileged, network-accessible attacker over HTTP to obtain unauthorized access to or m...

8.1CVSS8.1AI score0.00987EPSS
CVE
CVE
added 2024/02/17 1:50 a.m.69 views

CVE-2024-20915

CVE-2024-20915 affects Oracle E-Business Suite’s Oracle Application Object Library (AOL), Login - SSO component. Affected: AOL in E-Business Suite versions 12.2.3–12.2.13. Issue: insufficient input validation in the Login - SSO path allows an unauthenticated, network-accessible attacker (via HTTP...

5.3CVSS4.9AI score0.00493EPSS
CVE
CVE
added 2025/04/15 8:31 p.m.68 views

CVE-2025-30732

The CVE refers to Oracle E-Business Suite, Oracle Application Object Library (AOL) Core, affected in 12.2.3–12.2.14. An unauthenticated attacker with network access via HTTP can compromise AOL, with human interaction required, potentially enabling unauthorized update/insert/delete and read access...

6.1CVSS5.5AI score0.00207EPSS
CVE
CVE
added 2017/04/24 7:0 p.m.67 views

CVE-2017-3556

The CVE-2017-3556 entry concerns Oracle E-Business Suite’s Oracle Application Object Library (AOL) File Management vulnerability. Public sources in the connected documents confirm affected software: Oracle E-Business Suite, versions 12.2.3 through 12.2.6 (also 12.1.3 is listed, but details focus ...

5.3CVSS4AI score0.02106EPSS
CVE
CVE
added 2025/04/15 8:31 p.m.65 views

CVE-2025-30726

CVE-2025-30726 affects Oracle E-Business Suite, Oracle Application Object Library (AOL) Core, in versions 12.2.3–12.2.14. An unauthenticated attacker with network access over HTTP can read a subset of AOL data. The vulnerability is documented with a CVSS v3.1 base score of 5.3 (Confidentiality). ...

5.3CVSS4.1AI score0.00263EPSS
CVE
CVE
added 2008/07/15 11:0 p.m.64 views

CVE-2008-2586

CVE-2008-2586 affects Oracle E-Business Suite 12.0.4 via the Oracle Application Object Library. The initial description notes unknown impact; NVD risk data shows a CVSS v2 base score of 4.0 (Medium), with network access but only single-user authentication required. The connected documents corrobo...

4CVSS5.8AI score0.01204EPSS
CVE
CVE
added 2025/04/15 8:31 p.m.64 views

CVE-2025-30730

The CVE-2025-30730 entry concerns Oracle E-Business Suite’s Oracle Application Object Library (Core), affected in versions 12.2.5–12.2.14. The vulnerability enables an unauthenticated attacker with network access via HTTP to cause a hang or a frequently repeatable crash (complete DoS) of Oracle A...

7.5CVSS6.8AI score0.0037EPSS
CVE
CVE
added 2017/10/19 5:0 p.m.63 views

CVE-2017-10331

CVE-2017-10331 affects Oracle E-Business Suite’s Oracle Application Object Library (Diagnostics). Affects 12.1.3 and 12.2.x releases up to 12.2.7. The vulnerability allows an unauthenticated attacker with network access via HTTP to read a subset of Oracle AOL data. Root cause and specific exploit...

5.3CVSS4.4AI score0.01985EPSS
CVE
CVE
added 2020/07/15 5:34 p.m.63 views

CVE-2020-14554

CVE-2020-14554 affects Oracle E-Business Suite Oracle Application Object Library (AOL) Diagnostics. Affected: AOL in EBS versions 12.1.3 and 12.2.3–12.2.8. Vulnerability allows unauthenticated, network-accessed HTTP exploitation with user interaction required, potentially enabling unauthorized up...

4.7CVSS4.4AI score0.00985EPSS
CVE
CVE
added 2017/08/08 3:0 p.m.62 views

CVE-2017-10244

CVE-2017-10244 affects Oracle E-Business Suite Application Object Library (Attachments). The flaw allows an unauthenticated, network-based attacker to read documents stored in AOL via HTTP, as described in the CVE entry and corroborated by Oracle CPUJuly2017 and ThreatPost coverage. Affected vers...

5.3CVSS4.8AI score0.01985EPSS
CVE
CVE
added 2023/04/18 7:54 p.m.62 views

CVE-2023-21978

CVE-2023-21978 affects Oracle E-Business Suite, specifically the Oracle Application Object Library GUI component. Affected versions are 12.2.3–12.2.11. The underlying issue is insufficient input validation in the GUI of the Oracle Application Object Library, allowing a low-privileged, network-acc...

6.5CVSS6.5AI score0.00376EPSS
CVE
CVE
added 2017/10/19 5:0 p.m.60 views

CVE-2017-10328

CVE-2017-10328 affects Oracle E-Business Suite’s Oracle Application Object Library (AOL) Diagnostics subcomponent. Affected versions include 12.1.3 and 12.2.x up to 12.2.7. The vulnerability is exploitable by an unauthenticated attacker over HTTP, potentially allowing access to Oracle AOL data. C...

7.5CVSS7.2AI score0.02533EPSS
CVE
CVE
added 2018/10/17 1:0 a.m.60 views

CVE-2018-3138

CVE-2018-3138 affects Oracle E-Business Suite’s Oracle Application Object Library (AOL), specifically the Attachments / File Upload subcomponent. Affected versions include 12.1.3 and 12.2.x (12.2.3–12.2.7). The vulnerability allows unauthenticated, network-based access via HTTP to AOL, with explo...

8.2CVSS7.8AI score0.02009EPSS
CVE
CVE
added 2020/10/21 2:4 p.m.59 views

CVE-2020-14840

CVE-2020-14840 affects Oracle E-Business Suite, specifically the Oracle Application Object Library (Diagnostics) component. Affects versions 12.1.3 and 12.2.3–12.2.10. The vulnerability allows an unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library...

4.7CVSS4.4AI score0.00973EPSS
CVE
CVE
added 2019/10/16 5:40 p.m.58 views

CVE-2019-3027

The CVE-2019-3027 entry concerns Oracle E-Business Suite’s Oracle Application Object Library (AOL), Login Help component. Affected versions are 12.2.5–12.2.9. The vulnerability is exploitable by an unauthenticated attacker over HTTP with network access, potentially enabling partial denial of serv...

5.3CVSS5AI score0.01563EPSS
CVE
CVE
added 2017/08/08 3:0 p.m.57 views

CVE-2017-10177

CVE-2017-10177 is a vulnerability in the Oracle Application Object Library (AOL) component of Oracle E-Business Suite, specifically in the Flexfields subcomponent, affecting version 12.2.6. The issue allows a low-privileged, network-authenticated attacker (HTTP) to compromise AOL, potentially ena...

8.1CVSS7.9AI score0.01952EPSS
CVE
CVE
added 2019/07/23 10:31 p.m.57 views

CVE-2019-2761

CVE-2019-2761 affects Oracle E-Business Suite, specifically the Application Object Library’s Attachments/File Upload subcomponent. Affects versions 12.1.3 and 12.2.3–12.2.8. The vulnerability is an unauthenticated, network-accessible issue over HTTP that can lead to unauthorized read access to a ...

4.3CVSS3.8AI score0.01105EPSS
CVE
CVE
added 2016/01/21 2:0 a.m.54 views

CVE-2016-0520

CVE-2016-0520 is described as an unspecified vulnerability in Oracle E-Business Suite 11.5.10.2, affecting the Oracle Application Object Library component via Java APIs and allowing remote attackers to compromise integrity. The description does not specify the root cause beyond a Java API-related...

4.3CVSS5.1AI score0.01514EPSS
CVE
CVE
added 2016/01/21 2:0 a.m.54 views

CVE-2016-0589

Technical details about CVE-2016-0589 are not provided in the supplied documents. Connected records mention Oracle E-Business Suite components but do not specify affected versions, root cause, exploit vectors, or fixes. Monitor for updates.

6.4CVSS5.2AI score0.01817EPSS
CVE
CVE
added 2019/04/23 6:16 p.m.54 views

CVE-2019-2621

CVE-2019-2621 affects Oracle E-Business Suite’s Oracle Application Object Library (AOL), specifically the Diagnostics subcomponent. Affected versions include 12.1.3 and 12.2.x releases up to 12.2.8. The vulnerability allows an unauthenticated attacker who can reach AOL over HTTP to compromise dat...

4.7CVSS4.5AI score0.01043EPSS
CVE
CVE
added 2008/07/15 11:0 p.m.53 views

CVE-2008-2606

CVE-2008-2606 affects Oracle E-Business Suite 12.0.4 components with the Oracle Application Object Library over HTTP. In the Oracle E-Business Suite risk matrix, this vulnerability is listed under CVE-2008-2606 with a base score around 4.0 (Network) and requires a valid session for exploitation, ...

6.5CVSS5.8AI score0.0137EPSS
CVE
CVE
added 2016/01/21 2:0 a.m.53 views

CVE-2016-0586

CVE-2016-0586 affects Oracle E-Business Suite 11.5.10.2 via the Oracle Application Object Library iHelp component. The vulnerability is described as unspecified, with remote attackers able to affect integrity through unknown vectors related to iHelp. The Connected documents corroborate the produc...

4.3CVSS5.1AI score0.01508EPSS
CVE
CVE
added 2020/07/15 5:34 p.m.52 views

CVE-2020-14635

CVE-2020-14635 affects Oracle E-Business Suite Application Object Library (AOL), Logging component. Affects 12.2.5–12.2.9; an unauthenticated, network-accessible attacker over HTTP can read a subset of AOL data due to the underlying issue described in the CVE. Multiple sources (NVD, RH Red Hat, C...

5.3CVSS4.7AI score0.01205EPSS
CVE
CVE
added 2016/01/21 2:0 a.m.51 views

CVE-2016-0576

CVE-2016-0576 concerns an unspecified vulnerability in the Oracle Application Object Library ICX LOVs component of Oracle E-Business Suite 11.5.10.2. The description states it can allow remote attackers to affect confidentiality and integrity via vectors related to ICX LOVs. The connected documen...

6.4CVSS4.9AI score0.01748EPSS
CVE
CVE
added 2016/01/21 2:0 a.m.51 views

CVE-2016-0585

CVE-2016-0585 is described as an unspecified vulnerability in Oracle E‑Business Suite’s Oracle Application Object Library ICX Error component (11.5.10.2) that can affect availability via remote attacker interaction. Connected sources identify the ICX Error component as involved but do not provide...

5CVSS5.2AI score0.01829EPSS
CVE
CVE
added 2017/01/27 10:1 p.m.51 views

CVE-2017-3246

The CVE-2017-3246 entry refers to a vulnerability in the Oracle Application Object Library (Patching) within Oracle E-Business Suite. Affected supported versions include 12.1.3, 12.2.3, 12.2.4, 12.2.5, and 12.2.6. The issue is described as easily exploitable by a high-privilege attacker who has l...

6CVSS6AI score0.00407EPSS
CVE
CVE
added 2016/07/21 10:0 a.m.50 views

CVE-2016-3545

Affected product: Oracle E-Business Suite (Applications Object Library, AOL) in 12.1.3, 12.2.3, 12.2.4, 12.2.5. Vulnerability: Web-based help screens subcomponent allows remote disclosure of confidential data. Root cause details are not specified in the provided documents. Publicly known remediat...

5.3CVSS5.2AI score0.02305EPSS
CVE
CVE
added 2016/04/21 10:0 a.m.47 views

CVE-2016-0697

CVE-2016-0697 affects Oracle E-Business Suite’s Oracle Application Object Library (AOL) component, specifically in versions 12.1.3, 12.2.3, 12.2.4, and 12.2.5. The vulnerability is described as unspecified, allowing local users to impact confidentiality and integrity via unknown vectors. The prov...

6CVSS5.7AI score0.00742EPSS
CVE
CVE
added 2018/10/17 1:0 a.m.47 views

CVE-2018-3244

CVE-2018-3244 affects the Oracle Application Object Library (AOL) in Oracle E-Business Suite, specifically the Attachments / File Upload subcomponent, with affected versions 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. The vulnerability permits an unauthenticated attacker reachable via HTTP...

5.3CVSS4.9AI score0.01943EPSS
CVE
CVE
added 2016/04/21 10:0 a.m.41 views

CVE-2016-3434

CVE-2016-3434 affects Oracle E-Business Suite through the Oracle Application Object Library (AOL) in versions 12.1.3, 12.2.3, 12.2.4, and 12.2.5. The root cause is an unspecified vulnerability in the Logout subcomponent of AOL that could allow a remote attacker to compromise data integrity via th...

4.7CVSS4.9AI score0.01207EPSS