Search Results (Refine Search)
- CPE Product Version: cpe:/a:oracle:e-business_suite:12.2.3
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2015-4886 |
Unspecified vulnerability in the Oracle Report Manager component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Reports Security. NOTE: the previous information is from the October 2015 CPU. Oracle has not commented on third-party claims that this issue is an XML External Entity (XXE) vulnerability, which allows remote attackers to read arbitrary files, cause a denial of service, or conduct SMB Relay attacks via a crafted DTD in an XML request involving the OA_HTML/copxml servlet. Published: October 21, 2015; 7:59:48 PM -0400 |
V3.x:(not available) V2.0: 6.4 MEDIUM |
CVE-2015-4884 |
Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality via unknown vectors related to Single Signon. Published: October 21, 2015; 7:59:47 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2015-4865 |
Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 12.1.3, 12.2.3, and 12.2.4 allows remote authenticated users to affect confidentiality via vectors related to Business Objects - BC4J. Published: October 21, 2015; 7:59:29 PM -0400 |
V3.x:(not available) V2.0: 2.1 LOW |
CVE-2015-4854 |
Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.0.6, 12.1.3, 12.2.3, and 12.2.4 allows remote attackers to affect integrity via unknown vectors related to Single Signon. NOTE: the previous information is from the October 2015 CPU. Oracle has not commented on third-party claims that this issue is a cross-site scripting (XSS) vulnerability, which allows remote attackers to inject arbitrary web script or HTML via the Domain parameter in the CfgOCIReturn servlet. Published: October 21, 2015; 7:59:20 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2015-4851 |
Unspecified vulnerability in the Oracle iSupplier Portal component in Oracle E-Business Suite 12.0.6, 12.1.3, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to XML input. NOTE: the previous information is from the October 2015 CPU. Oracle has not commented on third-party claims that this issue is an XML External Entity (XXE) vulnerability, which allows remote attackers to read arbitrary files, cause a denial of service, or conduct SMB Relay attacks via a crafted DTD in an XML request to OA_HTML/oramipp_lpr. Published: October 21, 2015; 7:59:19 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2015-4849 |
Unspecified vulnerability in the Oracle Payments component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Punch-in. NOTE: the previous information is from the October 2015 CPU. Oracle has not commented on third-party claims that this issue is an XML External Entity (XXE) vulnerability, which allows remote attackers to cause a denial of service or conduct SMB Relay attacks via a crafted DTD in an XML request to OA_HTML/IspPunchInServlet. Published: October 21, 2015; 7:59:17 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2015-4846 |
Unspecified vulnerability in the Oracle Applications Manager component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.3, and 12.2.4 allows remote authenticated users to affect confidentiality and integrity via vectors related to SQL Extensions. NOTE: the previous information is from the October 2015 CPU. Oracle has not commented on third-party claims that this issue is a SQL injection vulnerability, which allows remote authenticated users to execute arbitrary SQL commands via a request involving the afamexts.sql SQL extension. Published: October 21, 2015; 7:59:14 PM -0400 |
V3.x:(not available) V2.0: 3.6 LOW |
CVE-2015-4845 |
Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality via vectors related to Java APIs - AOL/J. NOTE: the previous information is from the October 2015 CPU. Oracle has not commented on third-party claims that this issue allows remote attackers to enumerate database users via a series of requests to Aoljtest.js. Published: October 21, 2015; 7:59:13 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2015-4762 |
Unspecified vulnerability in the Oracle Applications DBA component in Oracle E-Business Suite 12.2.3 and 12.2.4 allows remote authenticated users to affect confidentiality via unknown vectors related to Online patching. Published: October 21, 2015; 5:59:07 PM -0400 |
V3.x:(not available) V2.0: 4.0 MEDIUM |
CVE-2015-4765 |
Unspecified vulnerability in the Oracle Applications Manager component in Oracle E-Business Suite 12.1.3, 12.2.3, and 12.2.4 allows remote authenticated users to affect integrity via vectors related to OAM Dashboard. Published: July 16, 2015; 7:00:57 AM -0400 |
V3.x:(not available) V2.0: 3.5 LOW |
CVE-2015-4743 |
Unspecified vulnerability in the Oracle Applications DBA component in Oracle E-Business Suite 12.2.3 allows remote authenticated users to affect confidentiality via unknown vectors related to AD Utilities. Published: July 16, 2015; 7:00:37 AM -0400 |
V3.x:(not available) V2.0: 4.0 MEDIUM |
CVE-2015-4728 |
Unspecified vulnerability in the Oracle Sourcing component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, and 12.2.4 allows remote authenticated users to affect confidentiality via unknown vectors related to Bid/Quote creation. Published: July 16, 2015; 7:00:25 AM -0400 |
V3.x:(not available) V2.0: 4.0 MEDIUM |
CVE-2015-2652 |
Unspecified vulnerability in the Oracle Marketing component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, 12.1.3, 12.2.3, and 12.2.4 allows remote attackers to affect integrity via unknown vectors related to Web Management. Published: July 16, 2015; 7:00:11 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2015-2645 |
Unspecified vulnerability in the Oracle Web Applications Desktop Integrator component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.3, and 12.2.4 allows remote authenticated users to affect integrity via unknown vectors. Published: July 16, 2015; 7:00:05 AM -0400 |
V3.x:(not available) V2.0: 3.5 LOW |
CVE-2015-2618 |
Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.3, and 12.2.4 allows remote authenticated users to affect integrity via unknown vectors related to Input validation. Published: July 16, 2015; 6:59:41 AM -0400 |
V3.x:(not available) V2.0: 2.1 LOW |
CVE-2015-2615 |
Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 12.0.6, 12.1.3, and 12.2.3 allows remote attackers to affect confidentiality via unknown vectors related to Portal. Published: July 16, 2015; 6:59:39 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2015-2610 |
Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 12.0.6, 12.1.3, 12.2.3, and 12.2.4 allows remote attackers to affect integrity via unknown vectors related to Popup windows. Published: July 16, 2015; 6:59:34 AM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2015-1926 |
Unspecified vulnerability in the Oracle WebCenter Portal component in Oracle Fusion Middleware 11.1.1.8.0 and 11.1.1.9.0, and the Oracle Applications Framework component in Oracle E-Business Suite 12.2.3 and 12.2.4, allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Portal. Published: July 16, 2015; 6:59:06 AM -0400 |
V3.x:(not available) V2.0: 5.5 MEDIUM |
CVE-2015-0447 |
Unspecified vulnerability in the Oracle Applications Technology Stack component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality via vectors related to Configurator DMZ rules. Published: April 16, 2015; 12:59:07 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2015-0404 |
Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.2, 12.2.3, and 12.2.4 allows remote attackers to affect integrity via unknown vectors related to Error Messages. Published: January 21, 2015; 1:59:46 PM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |