Oracle E-Business Suite vulnerabilities
327 known vulnerabilities affecting oracle/e-business_suite.
Total CVEs
327
CISA KEV
1
actively exploited
Public exploits
5
Exploited in wild
1
Severity breakdown
CRITICAL54HIGH47MEDIUM184LOW42
Vulnerabilities
Page 5 of 17
CVE-2016-0456MEDIUMCVSS 5.0v12.1v12.22016-01-21
CVE-2016-0456 [MEDIUM] CVE-2016-0456: Unspecified vulnerability in the Application Mgmt Pack for E-Business Suite component in Oracle E-Bu
Unspecified vulnerability in the Application Mgmt Pack for E-Business Suite component in Oracle E-Business Suite 12.1 and 12.2 allows remote attackers to affect confidentiality via vectors related to REST Framework, a different vulnerability than CVE-2016-0457. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-part
nvd
CVE-2016-0515MEDIUMCVSS 6.4v11.5.10.22016-01-21
CVE-2016-0515 [MEDIUM] CVE-2016-0515: Unspecified vulnerability in the Oracle CRM Technical Foundation component in Oracle E-Business Suit
Unspecified vulnerability in the Oracle CRM Technical Foundation component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect confidentiality and integrity via vectors related to BIS Common Components, a different vulnerability than CVE-2016-0514.
nvd
CVE-2016-0454LOWCVSS 2.1v12.1v12.22016-01-21
CVE-2016-0454 [LOW] CVE-2016-0454: Unspecified vulnerability in the Oracle Mobile Application Servlet component in Oracle E-Business Su
Unspecified vulnerability in the Oracle Mobile Application Servlet component in Oracle E-Business Suite 12.1 and 12.2 allows local users to affect confidentiality via vectors related to MWA Server Manager.
nvd
CVE-2015-4926LOWCVSS 2.6v11.5.10.2v12.1+1 more2016-01-21
CVE-2015-4926 [LOW] CVE-2015-4926: Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite
Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2, 12.1, and 12.2 allows remote attackers to affect integrity via vectors related to UIX.
nvd
CVE-2015-4798CRITICALCVSS 10.0v11.5.10.22015-10-21
CVE-2015-4798 [CRITICAL] CVE-2015-4798: Unspecified vulnerability in the Oracle Applications Technology Stack component in Oracle E-Business
Unspecified vulnerability in the Oracle Applications Technology Stack component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to DB Listener, a different vulnerability than CVE-2015-4839.
nvd
CVE-2015-4839CRITICALCVSS 10.0v11.5.10.22015-10-21
CVE-2015-4839 [CRITICAL] CVE-2015-4839: Unspecified vulnerability in the Oracle Applications Technology Stack component in Oracle E-Business
Unspecified vulnerability in the Oracle Applications Technology Stack component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to DB Listener, a different vulnerability than CVE-2015-4798.
nvd
CVE-2015-4854MEDIUMCVSS 4.3v12.0.6v12.1.3+2 more2015-10-21
CVE-2015-4854 [MEDIUM] CVE-2015-4854: Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Su
Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.0.6, 12.1.3, 12.2.3, and 12.2.4 allows remote attackers to affect integrity via unknown vectors related to Single Signon. NOTE: the previous information is from the October 2015 CPU. Oracle has not commented on third-party claims that this issue is a cro
nvd
CVE-2015-4849MEDIUMCVSS 6.8v11.5.10.2v12.0.6+3 more2015-10-21
CVE-2015-4849 [MEDIUM] CVE-2015-4849: Unspecified vulnerability in the Oracle Payments component in Oracle E-Business Suite 11.5.10.2, 12.
Unspecified vulnerability in the Oracle Payments component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Punch-in. NOTE: the previous information is from the October 2015 CPU. Oracle has not commented on third-party claims t
nvd
CVE-2015-4884MEDIUMCVSS 5.0v11.5.10.2v12.0.6+3 more2015-10-21
CVE-2015-4884 [MEDIUM] CVE-2015-4884: Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Su
Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality via unknown vectors related to Single Signon.
nvd
CVE-2015-4886MEDIUMCVSS 6.4v11.5.10.2v12.0.6+3 more2015-10-21
CVE-2015-4886 [MEDIUM] CVE-2015-4886: Unspecified vulnerability in the Oracle Report Manager component in Oracle E-Business Suite 11.5.10.
Unspecified vulnerability in the Oracle Report Manager component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Reports Security. NOTE: the previous information is from the October 2015 CPU. Oracle has not commented on third-party claims th
nvd
CVE-2015-4851MEDIUMCVSS 6.8v12.0.6v12.1.3+2 more2015-10-21
CVE-2015-4851 [MEDIUM] CVE-2015-4851: Unspecified vulnerability in the Oracle iSupplier Portal component in Oracle E-Business Suite 12.0.6
Unspecified vulnerability in the Oracle iSupplier Portal component in Oracle E-Business Suite 12.0.6, 12.1.3, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to XML input. NOTE: the previous information is from the October 2015 CPU. Oracle has not commented on third-party claims that this i
nvd
CVE-2015-4898MEDIUMCVSS 4.0v11.5.10.2v12.0.6+3 more2015-10-21
CVE-2015-4898 [MEDIUM] CVE-2015-4898: Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite
Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.3, and 12.2.4 allows remote authenticated users to affect integrity via vectors related to Diagnostics and DMZ.
nvd
CVE-2015-4762MEDIUMCVSS 4.0v12.2.3v12.2.42015-10-21
CVE-2015-4762 [MEDIUM] CVE-2015-4762: Unspecified vulnerability in the Oracle Applications DBA component in Oracle E-Business Suite 12.2.3
Unspecified vulnerability in the Oracle Applications DBA component in Oracle E-Business Suite 12.2.3 and 12.2.4 allows remote authenticated users to affect confidentiality via unknown vectors related to Online patching.
nvd
CVE-2015-4845MEDIUMCVSS 4.3v11.5.10.2v12.0.6+3 more2015-10-21
CVE-2015-4845 [MEDIUM] CVE-2015-4845: Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Su
Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality via vectors related to Java APIs - AOL/J. NOTE: the previous information is from the October 2015 CPU. Oracle has not commented on third-party claims that this i
nvd
CVE-2015-4865LOWCVSS 2.1v12.1.3v12.2.3+1 more2015-10-21
CVE-2015-4865 [LOW] CVE-2015-4865: Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite
Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 12.1.3, 12.2.3, and 12.2.4 allows remote authenticated users to affect confidentiality via vectors related to Business Objects - BC4J.
nvd
CVE-2015-4846LOWCVSS 3.6v11.5.10.2v12.0.6+3 more2015-10-21
CVE-2015-4846 [LOW] CVE-2015-4846: Unspecified vulnerability in the Oracle Applications Manager component in Oracle E-Business Suite 11
Unspecified vulnerability in the Oracle Applications Manager component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.3, and 12.2.4 allows remote authenticated users to affect confidentiality and integrity via vectors related to SQL Extensions. NOTE: the previous information is from the October 2015 CPU. Oracle has not commented on third-party claims
nvd
CVE-2015-2610MEDIUMCVSS 4.3v12.0.6v12.1.3+2 more2015-07-16
CVE-2015-2610 [MEDIUM] CVE-2015-2610: Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite
Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 12.0.6, 12.1.3, 12.2.3, and 12.2.4 allows remote attackers to affect integrity via unknown vectors related to Popup windows.
nvd
CVE-2015-4743MEDIUMCVSS 4.0v12.2.32015-07-16
CVE-2015-4743 [MEDIUM] CVE-2015-4743: Unspecified vulnerability in the Oracle Applications DBA component in Oracle E-Business Suite 12.2.3
Unspecified vulnerability in the Oracle Applications DBA component in Oracle E-Business Suite 12.2.3 allows remote authenticated users to affect confidentiality via unknown vectors related to AD Utilities.
nvd
CVE-2015-2652MEDIUMCVSS 5.0v10.2v11.5+6 more2015-07-16
CVE-2015-2652 [MEDIUM] CVE-2015-2652: Unspecified vulnerability in the Oracle Marketing component in Oracle E-Business Suite 11.5.10.2, 12
Unspecified vulnerability in the Oracle Marketing component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, 12.1.3, 12.2.3, and 12.2.4 allows remote attackers to affect integrity via unknown vectors related to Web Management.
nvd
CVE-2015-2615MEDIUMCVSS 5.0v12.0.6v12.1.3+1 more2015-07-16
CVE-2015-2615 [MEDIUM] CVE-2015-2615: Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite
Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 12.0.6, 12.1.3, and 12.2.3 allows remote attackers to affect confidentiality via unknown vectors related to Portal.
nvd