Oracle Configurator vulnerabilities

CVE-2026-21972 [MEDIUM] CVE-2026-21972: Vulnerability in the Oracle Configurator product of Oracle E-Business Suite (component: User Interfa Vulnerability in the Oracle Configurator product of Oracle E-Business Suite (component: User Interface). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Configurator. Successful attacks of this vulnerability can result in unauthorized

CVE-2025-61884 [HIGH] CWE-22 CVE-2025-61884: Vulnerability in the Oracle Configurator product of Oracle E-Business Suite (component: Runtime UI). Vulnerability in the Oracle Configurator product of Oracle E-Business Suite (component: Runtime UI). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Configurator. Successful attacks of this vulnerability can result in unauthorized

CVE-2025-30728 [HIGH] CWE-284 CVE-2025-30728: Vulnerability in the Oracle Configurator product of Oracle E-Business Suite (component: Core). Supp Vulnerability in the Oracle Configurator product of Oracle E-Business Suite (component: Core). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Configurator. Successful attacks of this vulnerability can result in unauthorized acce

CVE-2025-30720 [MEDIUM] CVE-2025-30720: Vulnerability in the Oracle Configurator product of Oracle E-Business Suite (component: Orders). Su Vulnerability in the Oracle Configurator product of Oracle E-Business Suite (component: Orders). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Configurator. Successful attacks require human interaction from a person other than the at

CVE-2022-21255 [HIGH] CVE-2022-21255: Vulnerability in the Oracle Configurator product of Oracle E-Business Suite (component: UI Servlet). Vulnerability in the Oracle Configurator product of Oracle E-Business Suite (component: UI Servlet). Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Configurator. Successful attacks of this vulnerability can result in unauthorized creatio

CVE-2021-2078 [HIGH] CVE-2021-2078: Vulnerability in the Oracle Configurator product of Oracle Supply Chain (component: UI Servlet). Sup Vulnerability in the Oracle Configurator product of Oracle Supply Chain (component: UI Servlet). Supported versions that are affected are 12.1 and 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Configurator. Successful attacks require human interaction from a person other than the attacke

CVE-2021-2079 [HIGH] CVE-2021-2079: Vulnerability in the Oracle Configurator product of Oracle Supply Chain (component: UI Servlet). Sup Vulnerability in the Oracle Configurator product of Oracle Supply Chain (component: UI Servlet). Supported versions that are affected are 12.1 and 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Configurator. Successful attacks require human interaction from a person other than the attacke

CVE-2021-2080 [HIGH] CVE-2021-2080: Vulnerability in the Oracle Configurator product of Oracle Supply Chain (component: UI Servlet). Sup Vulnerability in the Oracle Configurator product of Oracle Supply Chain (component: UI Servlet). Supported versions that are affected are 12.1 and 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Configurator. Successful attacks require human interaction from a person other than the attacke

CVE-2020-14669 [HIGH] CVE-2020-14669: Vulnerability in the Oracle Configurator product of Oracle Supply Chain (component: UI Servlet). Sup Vulnerability in the Oracle Configurator product of Oracle Supply Chain (component: UI Servlet). Supported versions that are affected are 12.1 and 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Configurator. Successful attacks require human interaction from a person other than the attac

CVE-2020-2865 [MEDIUM] CVE-2020-2865: Vulnerability in the Oracle Configurator product of Oracle Supply Chain (component: Installation). S Vulnerability in the Oracle Configurator product of Oracle Supply Chain (component: Installation). Supported versions that are affected are 12.1 and 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Configurator. Successful attacks of this vulnerability can result in unauthorized read acce

CVE-2019-2567 [HIGH] CVE-2019-2567: Vulnerability in the Oracle Configurator component of Oracle Supply Chain Products Suite (subcompone Vulnerability in the Oracle Configurator component of Oracle Supply Chain Products Suite (subcomponent: Active Model Generation). Supported versions that are affected are 12.1 and 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Configurator. Successful attacks of this vulnerability can res

CVE-2016-3438 [HIGH] CVE-2016-3438: Unspecified vulnerability in the Oracle Configurator component in Oracle Supply Chain Products Suite Unspecified vulnerability in the Oracle Configurator component in Oracle Supply Chain Products Suite 12.0.6, 12.1, and 12.2 allows remote attackers to affect confidentiality and integrity via vectors related to JRAD Heartbeat. NOTE: the previous information is from the April 2016 CPU. Oracle has not commented on third-party claims that that this issue involves

CVE-2016-0541 [MEDIUM] CVE-2016-0541: Unspecified vulnerability in the Oracle Configurator component in Oracle Supply Chain Products Suite Unspecified vulnerability in the Oracle Configurator component in Oracle Supply Chain Products Suite 11.5.10.2, 12.1, and 12.2 allows remote attackers to affect confidentiality via unknown vectors related to UI Servlet, a different vulnerability than CVE-2016-0540.

CVE-2016-0540 [MEDIUM] CVE-2016-0540: Unspecified vulnerability in the Oracle Configurator component in Oracle Supply Chain Products Suite Unspecified vulnerability in the Oracle Configurator component in Oracle Supply Chain Products Suite 11.5.10.2, 12.1, and 12.2 allows remote attackers to affect confidentiality via unknown vectors related to UI Servlet, a different vulnerability than CVE-2016-0541.

CVE-2002-1639 [HIGH] CVE-2002-1639: Oracle Configurator before 11.5.7.17.32 and 11.5.6.16.53 allows remote attackers to obtain sensitive Oracle Configurator before 11.5.7.17.32 and 11.5.6.16.53 allows remote attackers to obtain sensitive information via a request to the oracle.apps.cz.servlet.UiServlet servlet with the test parameter set to "version" or "host".

CVE-2002-1640 [MEDIUM] CVE-2002-1640: Multiple cross-site scripting (XSS) vulnerabilities in Oracle Configurator before 11.5.7.17.32 and 1 Multiple cross-site scripting (XSS) vulnerabilities in Oracle Configurator before 11.5.7.17.32 and 11.5.6.16.53 allows remote attackers to inject arbitrary web script or HTML via (1) Text Features in the DHTML UI or (2) the test parameter to the oracle.apps.cz.servlet.UiServlet servlet.