Lucene search
K
OracleApplications Framework

28 matches found

CVE
CVE
added 2022/04/19 8:38 p.m.120 views

CVE-2022-21468

CVE-2022-21468 affects Oracle E-Business Suite’s Oracle Applications Framework (OA Framework), specifically the Popups component. Affected versions are 12.2.4–12.2.11 . The vulnerability allows an unauthenticated attacker to compromise OA Framework via HTTP with network access; exploitation requi...

6.1CVSS5.6AI score0.00857EPSS
CVE
CVE
added 2017/04/24 7:0 p.m.104 views

CVE-2017-3528

CVE-2017-3528 affects Oracle E-Business Suite (Oracle Applications Framework, Popup windows) with open redirect in 12.1.3 and 12.2.x (up to 12.2.6). Exploitation requires unauthenticated HTTP access and user interaction; the redirect parameter can point to an attacker-controlled domain, enabling ...

5.8CVSS4.2AI score0.14558EPSS
CVE
CVE
added 2022/04/19 8:38 p.m.101 views

CVE-2022-21477

CVE-2022-21477 affects Oracle E-Business Suite’s Oracle Applications Framework (Attachments, File Upload). Affected versions are 12.2.6–12.2.11. The issue allows a low-privilege, network-accessible attacker over HTTP to compromise the framework; successful attacks require user interaction and may...

5.4CVSS5AI score0.00498EPSS
CVE
CVE
added 2022/07/19 9:8 p.m.73 views

CVE-2022-21566

CVE-2022-21566 affects Oracle E-Business Suite, specifically the Oracle Applications Framework Diagnostics component. Affected versions are 12.2.9–12.2.11. It allows unauthenticated, network-based access via HTTP, risking unauthorized data access within Oracle Applications Framework. MITRE/ATT&CK...

7.5CVSS7.7AI score0.00906EPSS
CVE
CVE
added 2022/10/18 12:0 a.m.73 views

CVE-2022-21636

CVE-2022-21636 affects Oracle E-Business Suite’s Oracle Applications Framework (Session Management). Across multiple sources, affected versions are 12.2.6–12.2.11. The vulnerability allows a low-privilege, network-accessible attacker (via HTTP) to access or potentially exfiltrate data within Orac...

6.5CVSS6.4AI score0.00679EPSS
CVE
CVE
added 2021/04/22 9:53 p.m.72 views

CVE-2021-2200

CVE-2021-2200 affects Oracle E-Business Suite, specifically the Oracle Applications Framework Home page in version 12.2.10. The vulnerability is described as easily exploitable via unauthenticated HTTP access, enabling an attacker to compromise the Oracle Applications Framework and potentially pe...

9.1CVSS8.5AI score0.01191EPSS
CVE
CVE
added 2021/07/20 10:43 p.m.70 views

CVE-2021-2380

CVE-2021-2380 affects Oracle E-Business Suite, specifically the Oracle Applications Framework (Attachments / File Upload). Affected are EBS versions 12.1.3 and 12.2.3-12.2.10. The vulnerability allows a low-privileged, network-accessible attacker (via HTTP) to compromise the Oracle Applications F...

7.6CVSS7.5AI score0.0069EPSS
CVE
CVE
added 2023/07/18 8:18 p.m.70 views

CVE-2023-22042

CVE-2023-22042 affects Oracle E-Business Suite, specifically the Diagnostics component of Oracle Applications Framework. Affected versions are 12.2.3–12.3.12. The issue allows an unauthenticated attacker with network access via HTTP to compromise the framework, with human interaction required, po...

6.1CVSS5.8AI score0.00363EPSS
CVE
CVE
added 2024/04/16 9:26 p.m.66 views

CVE-2024-21080

CVE-2024-21080: In Oracle E-Business Suite, the Oracle Applications Framework REST Services have a vulnerability due to insufficient input validation. Affects 12.2.9–12.2.13; an attacker with network access over HTTP and low privileges can potentially access confidential data or data within the R...

6.5CVSS7.1AI score0.00509EPSS
CVE
CVE
added 2025/04/15 8:31 p.m.66 views

CVE-2025-30718

CVE-2025-30718 affects Oracle E-Business Suite, Oracle Applications Framework, specifically the Attachments/File Upload component. Affected versions are 12.2.3–12.2.14. The issue allows a low-privileged, network-accessible attacker (HTTP) to read and modify Oracle Applications Framework data, pot...

5.4CVSS4.5AI score0.00289EPSS
CVE
CVE
added 2018/10/17 1:0 a.m.64 views

CVE-2018-2971

CVE-2018-2971 affects Oracle E-Business Suite’s Applications Framework (OA Framework) REST Services. Affected versions: 12.1.3, 12.2.3–12.2.7. Vulnerability allows low-privilege, network-access attacker (HTTP) to read a subset of OA Framework data. CVSSv3 base score 4.3 (Confidentiality impact: L...

4.3CVSS3.7AI score0.01476EPSS
CVE
CVE
added 2018/10/17 1:0 a.m.61 views

CVE-2018-3243

CVE-2018-3243 affects Oracle E-Business Suite OA Framework. Affected versions are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6. The vulnerability allows unauthenticated remote access via HTTP to Oracle Applications Framework, with human interaction required for exploitation, potentially leading to unau...

8.2CVSS7.8AI score0.02051EPSS
CVE
CVE
added 2021/10/20 10:49 a.m.58 views

CVE-2021-2477

CVE-2021-2477 affects Oracle E-Business Suite, Oracle Applications Framework (Session Management). Affected: 12.1.3 and 12.2.3–12.2.10. An unauthenticated, network-accessible attacker over HTTP can cause partial denial of service to the framework. CVSS v3.1 base 5.3 (A). Documents corroborate; no...

5.3CVSS4.9AI score0.01416EPSS
CVE
CVE
added 2019/04/23 6:16 p.m.57 views

CVE-2019-2682

CVE-2019-2682 affects Oracle E-Business Suite Applications Framework (OA Framework) with the Attachments / File Upload subcomponent. Affected versions: 12.1.3, 12.2.3–12.2.8. Description: unauthenticated attacker with network access over HTTP can compromise OA Framework; attacks require human int...

8.2CVSS8.1AI score0.01287EPSS
CVE
CVE
added 2020/04/15 1:29 p.m.56 views

CVE-2020-2890

The CVE-2020-2890 entry concerns Oracle E-Business Suite’s Oracle Applications Framework (Diagnostics). Affected are 12.1.3 and 12.2.3–12.2.9. The flaw allows an unauthenticated remote attacker, over HTTP, to compromise the Oracle Applications Framework. Attacks require human interaction and can ...

8.2CVSS8.2AI score0.01461EPSS
CVE
CVE
added 2025/04/15 8:31 p.m.56 views

CVE-2025-30711

CVE-2025-30711 affects Oracle E-Business Suite, Oracle Applications Framework (Attachments, File Upload). Affected: 12.2.3–12.2.14. Vulnerability allows a low-privileged attacker with network access via HTTP to compromise the framework, with human interaction required. Impact per sources: unautho...

5.4CVSS4.8AI score0.00317EPSS
CVE
CVE
added 2020/07/15 5:34 p.m.55 views

CVE-2020-14590

CVE-2020-14590 is a vulnerability in Oracle E-Business Suite’s Oracle Applications Framework (OA Framework), specifically the Page Request component. Affected versions are 12.1.3 and 12.2.3–12.2.9. The issue allows a high-privilege attacker with network access over HTTP to read a subset of OA Fra...

4CVSS3.2AI score0.00968EPSS
CVE
CVE
added 2020/10/21 2:4 p.m.55 views

CVE-2020-14746

CVE-2020-14746 affects Oracle E-Business Suite, Oracle Applications Framework (Popup windows). Vulnerable versions: 12.1.3 and 12.2.3–12.2.10. An unauthenticated attacker with network access over HTTP can exploit this, with user interaction required, to potentially perform unauthorized updates, i...

5.8CVSS4.4AI score0.01154EPSS
CVE
CVE
added 2020/01/15 4:34 p.m.55 views

CVE-2020-2666

CVE-2020-2666 affects Oracle E-Business Suite, Oracle Applications Framework within the Attachments/File Upload component. Affects 12.2.5–12.2.9 and can be exploited by an unauthenticated remote attacker over HTTPS to cause unauthorized update/insert/delete of Oracle Applications Framework data. ...

5.3CVSS5.2AI score0.01287EPSS
CVE
CVE
added 2016/04/21 10:0 a.m.54 views

CVE-2016-3447

CVE-2016-3447 affects Oracle E-Business Suite OA Framework (OAF Core) across 12.1.3, 12.2.3, 12.2.4, and 12.2.5. The vulnerability is described as unspecified in OAF Core that could be exploited remotely to affect confidentiality and integrity. Connected documents confirm OAF Core is the vulnerab...

6.9CVSS6.2AI score0.01245EPSS
CVE
CVE
added 2020/07/15 5:34 p.m.51 views

CVE-2020-14534

The CVE-2020-14534 entry concerns Oracle E-Business Suite’s OA Framework (Popups) in version 12.2.9. A vulnerability allows an unauthenticated attacker who can reach Oracle Applications Framework over HTTP to compromise it, with human interaction required. The impact described includes potential ...

8.2CVSS8.3AI score0.01432EPSS
CVE
CVE
added 2020/07/15 5:34 p.m.50 views

CVE-2020-14610

The CVE-2020-14610 entry describes a vulnerability in Oracle E-Business Suite’s Oracle Applications Framework (OA Framework), specifically in the Attachments / File Upload component. Affected product/version is Oracle E-Business Suite OA Framework with version 12.2.9. The flaw is exploitable over...

7.6CVSS7.7AI score0.00929EPSS
CVE
CVE
added 2020/01/15 4:34 p.m.50 views

CVE-2020-2566

CVE-2020-2566 affects Oracle E-Business Suite’s Oracle Applications Framework (Attachments / File Upload). Affected versions are 12.1.3 and 12.2.3–12.2.9. The flaw resides in the Oracle Applications Framework component handling file uploads, enabling an unauthenticated attacker with network acces...

4.7CVSS4.6AI score0.01064EPSS
CVE
CVE
added 2020/04/15 1:29 p.m.50 views

CVE-2020-2866

CVE-2020-2866 affects Oracle E-Business Suite, Oracle Applications Framework (Attachments / File Upload). Affected versions are 12.2.5–12.2.9. The vulnerability allows an unauthenticated attacker with network access over HTTP to compromise the framework, potentially enabling unauthorized update/i...

5.3CVSS4.8AI score0.01061EPSS
CVE
CVE
added 2025/07/15 7:27 p.m.24 views

CVE-2025-50071

CVE-2025-50071 is a vulnerability in Oracle E-Business Suite, specifically Oracle Applications Framework (Web Utilities). Affected versions are 12.2.3–12.2.14. A low-privileged, network-accessible attacker (via HTTP) can compromise the framework, potentially enabling unauthorized update/insert/de...

6.4CVSS6.2AI score0.00251EPSS
CVE
CVE
added 2025/10/21 8:3 p.m.16 views

CVE-2025-53064

Oracle E-Business Suite OA Framework Personalization is affected in versions 12.2.3–12.2.14. The vulnerability enables a low-privilege, unauthenticated attacker with HTTP access to cause unauthorized updates/inserts/deletes to OA Framework data. The Oct 2025 CPU advisories from Oracle (and NCSC/R...

4.3CVSS4.9AI score0.0022EPSS
CVE
CVE
added 2026/04/21 8:35 p.m.15 views

CVE-2026-34298

CVE-2026-34298 affects Oracle Applications Framework within Oracle E-Business Suite, Personalization component. Affected: E-Business Suite versions 12.2.9–12.2.15. The vulnerability arises in the Personalization feature, enabling a high-privilege attacker with network access via HTTP to perform u...

4.7CVSS5.7AI score0.00218EPSS
CVE
CVE
added 2025/10/21 8:3 p.m.14 views

CVE-2025-53071

CVE-2025-53071 affects Oracle E-Business Suite OA Framework Upload Attachments in versions 12.2.3–12.2.14. The vulnerability allows a low-privileged, network-accessing attacker over HTTP to cause unauthorized updates to OA Framework data. CVSS v3.1 base score 4.3 (I=L, A=N, C=N). No exploit detai...

4.3CVSS4.9AI score0.0022EPSS