Oracle Installed Base vulnerabilities
14 known vulnerabilities affecting oracle/installed_base.
Total CVEs
14
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH3MEDIUM11
Vulnerabilities
Page 1 of 1
CVE-2024-21258MEDIUMCVSS 5.3≥ 12.2.3, ≤ 12.2.142024-10-15
CVE-2024-21258 [MEDIUM] CWE-922 CVE-2024-21258: Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite (component: User Inter
Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite (component: User Interface). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Installed Base. Successful attacks of this vulnerability can result in u
nvd
CVE-2024-21072MEDIUMCVSS 6.1≥ 12.2.3, ≤ 12.2.132024-04-16
CVE-2024-21072 [MEDIUM] CVE-2024-21072: Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite (component: Data Provi
Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite (component: Data Provider UI). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Installed Base. Successful attacks require human interaction from a person oth
nvd
CVE-2024-20941MEDIUMCVSS 6.1≥ 12.2.3, ≤ 12.2.132024-02-17
CVE-2024-20941 [MEDIUM] CWE-125 CVE-2024-20941: Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite (component: HTML UI).
Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite (component: HTML UI). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Installed Base. Successful attacks require human interaction from a person other
nvd
CVE-2024-20958MEDIUMCVSS 5.4≥ 12.2.3, ≤ 12.2.132024-02-17
CVE-2024-20958 [MEDIUM] CVE-2024-20958: Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite (component: Engineerin
Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite (component: Engineering Change Order). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Installed Base. Successful attacks require human interaction from a per
nvd
CVE-2024-20933MEDIUMCVSS 6.1≥ 12.2.3, ≤ 12.2.132024-02-17
CVE-2024-20933 [MEDIUM] CWE-352 CVE-2024-20933: Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite (component: Engineerin
Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite (component: Engineering Change Order). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Installed Base. Successful attacks require human interaction f
nvd
CVE-2024-20935MEDIUMCVSS 6.1≥ 12.2.3, ≤ 12.2.132024-02-17
CVE-2024-20935 [MEDIUM] CVE-2024-20935: Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite (component: Engineerin
Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite (component: Engineering Change Order). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Installed Base. Successful attacks require human interaction from a pe
nvd
CVE-2024-20934MEDIUMCVSS 6.1≥ 12.2.3, ≤ 12.2.132024-01-16
CVE-2024-20934 [MEDIUM] CWE-352 CVE-2024-20934: Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite (component: Engineerin
Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite (component: Engineering Change Order). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Installed Base. Successful attacks require human interaction f
nvd
CVE-2022-21251HIGHCVSS 7.5≥ 12.2.3, ≤ 12.2.112022-01-19
CVE-2022-21251 [HIGH] CVE-2022-21251: Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite (component: Instance M
Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite (component: Instance Main). Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Installed Base. Successful attacks of this vulnerability can result in unauthorized
nvd
CVE-2021-2231HIGHCVSS 8.1v12.1.32021-04-22
CVE-2021-2231 [HIGH] CVE-2021-2231: Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite (component: APIs). The
Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite (component: APIs). The supported version that is affected is 12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Installed Base. Successful attacks of this vulnerability can result in unauthorized creation, deletion
nvd
CVE-2021-2023MEDIUMCVSS 4.7≥ 12.1.1, ≤ 12.1.3≥ 12.2.3, ≤ 12.2.92021-01-20
CVE-2021-2023 [MEDIUM] CVE-2021-2023: Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite (component: APIs). Sup
Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite (component: APIs). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Installed Base. Successful attacks require human interaction from a person
nvd
CVE-2020-14822MEDIUMCVSS 4.7≥ 12.1.1, ≤ 12.1.3≥ 12.2.3, ≤ 12.2.102020-10-21
CVE-2020-14822 [MEDIUM] CVE-2020-14822: Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite (component: APIs). Sup
Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite (component: APIs). Supported versions that are affected are 12.1.1 - 12.1.3 and 12.2.3 - 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Installed Base. Successful attacks require human interaction from a
nvd
CVE-2019-3024MEDIUMCVSS 4.7≥ 12.2.3, ≤ 12.2.92019-10-16
CVE-2019-3024 [MEDIUM] CVE-2019-3024: Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite (component: Engineerin
Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite (component: Engineering Change Order). Supported versions that are affected are 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Installed Base. Successful attacks require human interaction from a perso
nvd
CVE-2017-3361HIGHCVSS 8.2v12.1.1v12.1.2+1 more2017-01-27
CVE-2017-3361 [HIGH] CVE-2017-3361: Vulnerability in the Oracle Installed Base component of Oracle E-Business Suite (subcomponent: User
Vulnerability in the Oracle Installed Base component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Installed Base. Successful attacks require human interaction from a p
cvelistv5nvd
CVE-2016-3534MEDIUMCVSS 4.7v12.1.1v12.1.2+4 more2016-07-21
CVE-2016-3534 [MEDIUM] CVE-2016-3534: Unspecified vulnerability in the Oracle Installed Base component in Oracle E-Business Suite 12.1.1,
Unspecified vulnerability in the Oracle Installed Base component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect integrity via vectors related to Engineering Change Order. NOTE: the previous information is from the July 2016 CPU. Oracle has not commented on third-party claims that this issue invol
nvd