28 matches found
CVE-2022-21468
CVE-2022-21468 affects Oracle E-Business Suite’s Oracle Applications Framework (OA Framework), specifically the Popups component. Affected versions are 12.2.4–12.2.11 . The vulnerability allows an unauthenticated attacker to compromise OA Framework via HTTP with network access; exploitation requi...
CVE-2017-3528
CVE-2017-3528 affects Oracle E-Business Suite (Oracle Applications Framework, Popup windows) with open redirect in 12.1.3 and 12.2.x (up to 12.2.6). Exploitation requires unauthenticated HTTP access and user interaction; the redirect parameter can point to an attacker-controlled domain, enabling ...
CVE-2022-21477
CVE-2022-21477 affects Oracle E-Business Suite’s Oracle Applications Framework (Attachments, File Upload). Affected versions are 12.2.6–12.2.11. The issue allows a low-privilege, network-accessible attacker over HTTP to compromise the framework; successful attacks require user interaction and may...
CVE-2022-21566
CVE-2022-21566 affects Oracle E-Business Suite, specifically the Oracle Applications Framework Diagnostics component. Affected versions are 12.2.9–12.2.11. It allows unauthenticated, network-based access via HTTP, risking unauthorized data access within Oracle Applications Framework. MITRE/ATT&CK...
CVE-2022-21636
CVE-2022-21636 affects Oracle E-Business Suite’s Oracle Applications Framework (Session Management). Across multiple sources, affected versions are 12.2.6–12.2.11. The vulnerability allows a low-privilege, network-accessible attacker (via HTTP) to access or potentially exfiltrate data within Orac...
CVE-2021-2200
CVE-2021-2200 affects Oracle E-Business Suite, specifically the Oracle Applications Framework Home page in version 12.2.10. The vulnerability is described as easily exploitable via unauthenticated HTTP access, enabling an attacker to compromise the Oracle Applications Framework and potentially pe...
CVE-2021-2380
CVE-2021-2380 affects Oracle E-Business Suite, specifically the Oracle Applications Framework (Attachments / File Upload). Affected are EBS versions 12.1.3 and 12.2.3-12.2.10. The vulnerability allows a low-privileged, network-accessible attacker (via HTTP) to compromise the Oracle Applications F...
CVE-2023-22042
CVE-2023-22042 affects Oracle E-Business Suite, specifically the Diagnostics component of Oracle Applications Framework. Affected versions are 12.2.3–12.3.12. The issue allows an unauthenticated attacker with network access via HTTP to compromise the framework, with human interaction required, po...
CVE-2024-21080
CVE-2024-21080: In Oracle E-Business Suite, the Oracle Applications Framework REST Services have a vulnerability due to insufficient input validation. Affects 12.2.9–12.2.13; an attacker with network access over HTTP and low privileges can potentially access confidential data or data within the R...
CVE-2025-30718
CVE-2025-30718 affects Oracle E-Business Suite, Oracle Applications Framework, specifically the Attachments/File Upload component. Affected versions are 12.2.3–12.2.14. The issue allows a low-privileged, network-accessible attacker (HTTP) to read and modify Oracle Applications Framework data, pot...
CVE-2018-2971
CVE-2018-2971 affects Oracle E-Business Suite’s Applications Framework (OA Framework) REST Services. Affected versions: 12.1.3, 12.2.3–12.2.7. Vulnerability allows low-privilege, network-access attacker (HTTP) to read a subset of OA Framework data. CVSSv3 base score 4.3 (Confidentiality impact: L...
CVE-2018-3243
CVE-2018-3243 affects Oracle E-Business Suite OA Framework. Affected versions are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6. The vulnerability allows unauthenticated remote access via HTTP to Oracle Applications Framework, with human interaction required for exploitation, potentially leading to unau...
CVE-2021-2477
CVE-2021-2477 affects Oracle E-Business Suite, Oracle Applications Framework (Session Management). Affected: 12.1.3 and 12.2.3–12.2.10. An unauthenticated, network-accessible attacker over HTTP can cause partial denial of service to the framework. CVSS v3.1 base 5.3 (A). Documents corroborate; no...
CVE-2019-2682
CVE-2019-2682 affects Oracle E-Business Suite Applications Framework (OA Framework) with the Attachments / File Upload subcomponent. Affected versions: 12.1.3, 12.2.3–12.2.8. Description: unauthenticated attacker with network access over HTTP can compromise OA Framework; attacks require human int...
CVE-2020-2890
The CVE-2020-2890 entry concerns Oracle E-Business Suite’s Oracle Applications Framework (Diagnostics). Affected are 12.1.3 and 12.2.3–12.2.9. The flaw allows an unauthenticated remote attacker, over HTTP, to compromise the Oracle Applications Framework. Attacks require human interaction and can ...
CVE-2025-30711
CVE-2025-30711 affects Oracle E-Business Suite, Oracle Applications Framework (Attachments, File Upload). Affected: 12.2.3–12.2.14. Vulnerability allows a low-privileged attacker with network access via HTTP to compromise the framework, with human interaction required. Impact per sources: unautho...
CVE-2020-14590
CVE-2020-14590 is a vulnerability in Oracle E-Business Suite’s Oracle Applications Framework (OA Framework), specifically the Page Request component. Affected versions are 12.1.3 and 12.2.3–12.2.9. The issue allows a high-privilege attacker with network access over HTTP to read a subset of OA Fra...
CVE-2020-14746
CVE-2020-14746 affects Oracle E-Business Suite, Oracle Applications Framework (Popup windows). Vulnerable versions: 12.1.3 and 12.2.3–12.2.10. An unauthenticated attacker with network access over HTTP can exploit this, with user interaction required, to potentially perform unauthorized updates, i...
CVE-2020-2666
CVE-2020-2666 affects Oracle E-Business Suite, Oracle Applications Framework within the Attachments/File Upload component. Affects 12.2.5–12.2.9 and can be exploited by an unauthenticated remote attacker over HTTPS to cause unauthorized update/insert/delete of Oracle Applications Framework data. ...
CVE-2016-3447
CVE-2016-3447 affects Oracle E-Business Suite OA Framework (OAF Core) across 12.1.3, 12.2.3, 12.2.4, and 12.2.5. The vulnerability is described as unspecified in OAF Core that could be exploited remotely to affect confidentiality and integrity. Connected documents confirm OAF Core is the vulnerab...
CVE-2020-14534
The CVE-2020-14534 entry concerns Oracle E-Business Suite’s OA Framework (Popups) in version 12.2.9. A vulnerability allows an unauthenticated attacker who can reach Oracle Applications Framework over HTTP to compromise it, with human interaction required. The impact described includes potential ...
CVE-2020-14610
The CVE-2020-14610 entry describes a vulnerability in Oracle E-Business Suite’s Oracle Applications Framework (OA Framework), specifically in the Attachments / File Upload component. Affected product/version is Oracle E-Business Suite OA Framework with version 12.2.9. The flaw is exploitable over...
CVE-2020-2566
CVE-2020-2566 affects Oracle E-Business Suite’s Oracle Applications Framework (Attachments / File Upload). Affected versions are 12.1.3 and 12.2.3–12.2.9. The flaw resides in the Oracle Applications Framework component handling file uploads, enabling an unauthenticated attacker with network acces...
CVE-2020-2866
CVE-2020-2866 affects Oracle E-Business Suite, Oracle Applications Framework (Attachments / File Upload). Affected versions are 12.2.5–12.2.9. The vulnerability allows an unauthenticated attacker with network access over HTTP to compromise the framework, potentially enabling unauthorized update/i...
CVE-2025-50071
CVE-2025-50071 is a vulnerability in Oracle E-Business Suite, specifically Oracle Applications Framework (Web Utilities). Affected versions are 12.2.3–12.2.14. A low-privileged, network-accessible attacker (via HTTP) can compromise the framework, potentially enabling unauthorized update/insert/de...
CVE-2025-53064
Oracle E-Business Suite OA Framework Personalization is affected in versions 12.2.3–12.2.14. The vulnerability enables a low-privilege, unauthenticated attacker with HTTP access to cause unauthorized updates/inserts/deletes to OA Framework data. The Oct 2025 CPU advisories from Oracle (and NCSC/R...
CVE-2026-34298
CVE-2026-34298 affects Oracle Applications Framework within Oracle E-Business Suite, Personalization component. Affected: E-Business Suite versions 12.2.9–12.2.15. The vulnerability arises in the Personalization feature, enabling a high-privilege attacker with network access via HTTP to perform u...
CVE-2025-53071
CVE-2025-53071 affects Oracle E-Business Suite OA Framework Upload Attachments in versions 12.2.3–12.2.14. The vulnerability allows a low-privileged, network-accessing attacker over HTTP to cause unauthorized updates to OA Framework data. CVSS v3.1 base score 4.3 (I=L, A=N, C=N). No exploit detai...