Oracle Time And Labor vulnerabilities
5 known vulnerabilities affecting oracle/time_and_labor.
Total CVEs
5
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
HIGH3MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2021-2415HIGHCVSS 8.1≥ 12.1.1, ≤ 12.1.3≥ 12.2.3, ≤ 12.2.102021-07-21
CVE-2021-2415 [HIGH] CVE-2021-2415: Vulnerability in the Oracle Time and Labor product of Oracle E-Business Suite (component: Timecard).
Vulnerability in the Oracle Time and Labor product of Oracle E-Business Suite (component: Timecard). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Time and Labor. Successful attacks of this vulnerability can result in un
nvd
CVE-2020-6950MEDIUMCVSS 6.5PoC≥ 12.2.6, ≤ 12.2.112021-06-02
CVE-2020-6950 [MEDIUM] CWE-22 CVE-2020-6950: Directory traversal in Eclipse Mojarra before 2.3.14 allows attackers to read arbitrary files via th
Directory traversal in Eclipse Mojarra before 2.3.14 allows attackers to read arbitrary files via the loc parameter or con parameter.
nvd
CVE-2021-2239HIGHCVSS 8.1≥ 12.1.1, ≤ 12.1.3≥ 12.2.3, ≤ 12.2.102021-04-22
CVE-2021-2239 [HIGH] CVE-2021-2239: Vulnerability in the Oracle Time and Labor product of Oracle E-Business Suite (component: Timecard).
Vulnerability in the Oracle Time and Labor product of Oracle E-Business Suite (component: Timecard). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Time and Labor. Successful attacks of this vulnerability can result in un
nvd
CVE-2019-17091MEDIUMCVSS 6.1≥ 12.2.6, ≤ 12.2.112019-10-02
CVE-2019-17091 [MEDIUM] CWE-79 CVE-2019-17091: faces/context/PartialViewContextImpl.java in Eclipse Mojarra, as used in Mojarra for Eclipse EE4J be
faces/context/PartialViewContextImpl.java in Eclipse Mojarra, as used in Mojarra for Eclipse EE4J before 2.3.10 and Mojarra JavaServer Faces before 2.2.20, allows Reflected XSS because a client window field is mishandled.
nvd
CVE-2019-10086HIGHCVSS 7.3≥ 12.2.6, ≤ 12.2.112019-08-20
CVE-2019-10086 [HIGH] CWE-502 CVE-2019-10086: In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressi
In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean.
nvd