Oracle E-Business Suite vulnerabilities

CVE-2025-50090 [MEDIUM] CWE-352 CVE-2025-50090: Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Pe Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Personalization). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Applications Framework. Successful attacks require human interac

CVE-2025-30727 [CRITICAL] CWE-306 CVE-2025-30727: Vulnerability in the Oracle Scripting product of Oracle E-Business Suite (component: iSurvey Module) Vulnerability in the Oracle Scripting product of Oracle E-Business Suite (component: iSurvey Module). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Scripting. Successful attacks of this vulnerability can result in takeover

CVE-2025-21506 [HIGH] CWE-863 CVE-2025-21506: Vulnerability in the Oracle Project Foundation product of Oracle E-Business Suite (component: Techno Vulnerability in the Oracle Project Foundation product of Oracle E-Business Suite (component: Technology Foundation). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Project Foundation. Successful attacks of this vulnerability can

CVE-2025-21516 [HIGH] CWE-863 CVE-2025-21516: Vulnerability in the Oracle Customer Care product of Oracle E-Business Suite (component: Service Req Vulnerability in the Oracle Customer Care product of Oracle E-Business Suite (component: Service Requests). Supported versions that are affected are 12.2.5-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Customer Care. Successful attacks of this vulnerability can result in unau

CVE-2025-21489 [MEDIUM] CWE-352 CVE-2025-21489: Vulnerability in the Oracle Advanced Outbound Telephony product of Oracle E-Business Suite (componen Vulnerability in the Oracle Advanced Outbound Telephony product of Oracle E-Business Suite (component: Region Mapping). Supported versions that are affected are 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Advanced Outbound Telephony. Successful attacks require hum

CVE-2024-21265 [HIGH] CWE-863 CVE-2024-21265: Vulnerability in the Oracle Site Hub product of Oracle E-Business Suite (component: Site Hierarchy F Vulnerability in the Oracle Site Hub product of Oracle E-Business Suite (component: Site Hierarchy Flows). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Site Hub. Successful attacks of this vulnerability can result in unauthoriz

CVE-2024-21269 [HIGH] CWE-863 CVE-2024-21269: Vulnerability in the Oracle Incentive Compensation product of Oracle E-Business Suite (component: Co Vulnerability in the Oracle Incentive Compensation product of Oracle E-Business Suite (component: Compensation Plan). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Incentive Compensation. Successful attacks of this vulnerability

CVE-2024-21277 [HIGH] CWE-863 CVE-2024-21277: Vulnerability in the Oracle MES for Process Manufacturing product of Oracle E-Business Suite (compon Vulnerability in the Oracle MES for Process Manufacturing product of Oracle E-Business Suite (component: Device Integration). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle MES for Process Manufacturing. Successful attacks of thi

CVE-2024-21266 [HIGH] CWE-863 CVE-2024-21266: Vulnerability in the Oracle Advanced Pricing product of Oracle E-Business Suite (component: Price Li Vulnerability in the Oracle Advanced Pricing product of Oracle E-Business Suite (component: Price List). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Advanced Pricing. Successful attacks of this vulnerability can result in unau

CVE-2024-21276 [HIGH] CWE-863 CVE-2024-21276: Vulnerability in the Oracle Work in Process product of Oracle E-Business Suite (component: Messages) Vulnerability in the Oracle Work in Process product of Oracle E-Business Suite (component: Messages). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Work in Process. Successful attacks of this vulnerability can result in unauthor

CVE-2024-21267 [HIGH] CWE-863 CVE-2024-21267: Vulnerability in the Oracle Cost Management product of Oracle E-Business Suite (component: Cost Plan Vulnerability in the Oracle Cost Management product of Oracle E-Business Suite (component: Cost Planning). Supported versions that are affected are 12.2.12-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Cost Management. Successful attacks of this vulnerability can result in un

CVE-2024-21279 [HIGH] CWE-863 CVE-2024-21279: Vulnerability in the Oracle Sourcing product of Oracle E-Business Suite (component: Auctions). Supp Vulnerability in the Oracle Sourcing product of Oracle E-Business Suite (component: Auctions). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Sourcing. Successful attacks of this vulnerability can result in unauthorized creation,

CVE-2024-21270 [HIGH] CWE-863 CVE-2024-21270: Vulnerability in the Oracle Common Applications Calendar product of Oracle E-Business Suite (compone Vulnerability in the Oracle Common Applications Calendar product of Oracle E-Business Suite (component: Tasks). Supported versions that are affected are 12.2.6-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Common Applications Calendar. Successful attacks of this vulnerability

CVE-2024-21282 [HIGH] CWE-863 CVE-2024-21282: Vulnerability in the Oracle Financials product of Oracle E-Business Suite (component: Common Compone Vulnerability in the Oracle Financials product of Oracle E-Business Suite (component: Common Components). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financials. Successful attacks of this vulnerability can result in unauthori

CVE-2024-21268 [HIGH] CWE-863 CVE-2024-21268: Vulnerability in the Oracle Applications Manager product of Oracle E-Business Suite (component: Diag Vulnerability in the Oracle Applications Manager product of Oracle E-Business Suite (component: Diagnostics). Supported versions that are affected are 12.2.11-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Applications Manager. Successful attacks of this vulnerability can resu

CVE-2024-21275 [HIGH] CWE-863 CVE-2024-21275: Vulnerability in the Oracle Quoting product of Oracle E-Business Suite (component: User Interface). Vulnerability in the Oracle Quoting product of Oracle E-Business Suite (component: User Interface). Supported versions that are affected are 12.2.7-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Quoting. Successful attacks of this vulnerability can result in unauthorized creati

CVE-2024-21271 [HIGH] CWE-863 CVE-2024-21271: Vulnerability in the Oracle Field Service product of Oracle E-Business Suite (component: Field Servi Vulnerability in the Oracle Field Service product of Oracle E-Business Suite (component: Field Service Engineer Portal). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Field Service. Successful attacks of this vulnerability can r

CVE-2024-21278 [HIGH] CWE-863 CVE-2024-21278: Vulnerability in the Oracle Contract Lifecycle Management for Public Sector product of Oracle E-Busi Vulnerability in the Oracle Contract Lifecycle Management for Public Sector product of Oracle E-Business Suite (component: Award Processes). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Contract Lifecycle Management for Public

CVE-2024-21148 [MEDIUM] CVE-2024-21148: Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Pe Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Personalization). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Applications Framework. Successful attacks require human interaction fr

CVE-2024-21088 [HIGH] CWE-444 CVE-2024-21088: Vulnerability in the Oracle Production Scheduling product of Oracle E-Business Suite (component: Imp Vulnerability in the Oracle Production Scheduling product of Oracle E-Business Suite (component: Import Utility). Supported versions that are affected are 12.2.4-12.2.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Production Scheduling. Successful attacks of this vulnerability can