14 matches found
CVE-2022-21251
CVE-2022-21251 affects Oracle E-Business Suite Installed Base (component: Instance Main) with affected versions 12.2.3–12.2.11. The vulnerability allows an unauthenticated, network-based attacker (via HTTP) to cause a hang or repeatable crash of Oracle Installed Base (DO S) as described in multip...
CVE-2021-2023
CVE-2021-2023 affects Oracle E-Business Suite installed base APIs. Affected versions: 12.1.1–12.1.3 and 12.2.3–12.2.9. Vulnerability allows an unauthenticated attacker, over HTTP, to compromise Oracle Installed Base; attacks require human interaction and can lead to unauthorized update/insert/del...
CVE-2021-2231
CVE-2021-2231 affects Oracle E‑Business Suite, Oracle Installed Base (API component) version 12.1.3. The vulnerability is exploitable remotely over HTTP by a low‑privileged attacker, potentially leading to unauthorized data creation/deletion/modification or full access to Oracle Installed Base da...
CVE-2024-20941
The CVE-2024-20941 vulnerability affects Oracle E-Business Suite, specifically the Oracle Installed Base component (HTML UI) in versions 12.2.3–12.2.13. An unauthenticated attacker with network access over HTTP can potentially compromise Installed Base, with impacts including unauthorized update/...
CVE-2024-21072
CVE-2024-21072 affects Oracle E-Business Suite Installed Base, Data Provider UI (versions 12.2.3–12.2.13). An unauthenticated attacker with network access via HTTP can compromise Oracle Installed Base; attacks require human interaction and may lead to unauthorized update/insert/delete and read ac...
CVE-2024-20933
CVE-2024-20933 affects Oracle E-Business Suite – Oracle Installed Base (Engineering Change Order) with affected versions 12.2.3–12.2.13. The vulnerability allows an unauthenticated attacker over HTTP to compromise Oracle Installed Base, with attacks requiring user interaction, and potentially lea...
CVE-2024-20958
CVE-2024-20958 affects Oracle E-Business Suite, specifically Oracle Installed Base (Engineering Change Order) in versions 12.2.3–12.2.13. The root cause is insufficient input validation in Engineering Change Order within Installed Base, enabling a low-privilege, network-accessible attacker to lev...
CVE-2024-21258
CVE-2024-21258 affects Oracle E-Business Suite, specifically the Installed Base product's User Interface. The issue lies in insufficient input validation in the UI component, with affected versions 12.2.3–12.2.14. An unauthenticated attacker with network access via HTTP can read a subset of Oracl...
CVE-2019-3024
The CVE-2019-3024 issue affects Oracle E-Business Suite Installed Base, Engineering Change Order component, in versions 12.2.3–12.2.9. The vulnerability allows an unauthenticated, network-accessible attacker to interact via HTTP, with user interaction required for exploitation, potentially enabli...
CVE-2017-3361
CVE-2017-3361 affects Oracle E-Business Suite, specifically the installed base UI component. Affected are 12.1.1, 12.1.2 and 12.1.3. The vulnerability enables an unauthenticated attacker with network access via HTTP to compromise Oracle Installed Base, with successful attacks potentially granting...
CVE-2020-14822
CVE-2020-14822 affects Oracle E-Business Suite Installed Base APIs. Affected are Oracle E-Business Suite versions 12.1.1–12.1.3 and 12.2.3–12.2.10. The vulnerability is exploitable over HTTP by an unauthenticated, network-reachable attacker and, per the entry, requires user interaction, with pote...
CVE-2024-20935
CVE-2024-20935 affects Oracle E-Business Suite, specifically the Oracle Installed Base component (Engineering Change Order). Affected versions are 12.2.3–12.2.13. The vulnerability allows an unauthenticated attacker, with network access via HTTP, to compromise data and perform unauthorized update...
CVE-2016-3534
CVE-2016-3534 concerns Oracle E-Business Suite’s Installed Base component (Oracle E-Business Suite 12.1.x, 12.2.x) where an unspecified issue related to Engineering Change Order could allow a remote attacker to affect integrity. Multiple sources summarize the vulnerability as an open-redirect cla...
CVE-2024-20934
CVE-2024-20934 affects Oracle E-Business Suite, Oracle Installed Base (Engineering Change Order) with versions 12.2.3–12.2.13. The vulnerability permits an unauthenticated, network-exposed attacker (HTTP) to manipulate or read Oracle Installed Base data, requiring user interaction for exploitatio...