U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): Oracle Forms
  • Search Type: Search All
  • CPE Name Search: false
  • CPE Vendor: cpe:/:oracle
There are 23 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2023-21993

Vulnerability in the Oracle Clinical Remote Data Capture product of Oracle Health Sciences Applications (component: Forms). The supported version that is affected is 5.4.0.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Clinical Remote Data Capture. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Clinical Remote Data Capture accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).

Published: April 18, 2023; 4:15:18 PM -0400
V3.1: 6.5 MEDIUM
V2.0:(not available)
CVE-2019-2886

Vulnerability in the Oracle Forms product of Oracle Fusion Middleware (component: Services). The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Forms. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Forms, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Forms accessible data as well as unauthorized read access to a subset of Oracle Forms accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).

Published: October 16, 2019; 2:15:26 PM -0400
V3.1: 6.1 MEDIUM
V2.0: 5.8 MEDIUM
CVE-2017-10324

Vulnerability in the Oracle Applications Technology Stack component of Oracle E-Business Suite (subcomponent: Oracle Forms). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Applications Technology Stack. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Applications Technology Stack accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).

Published: October 19, 2017; 1:29:03 PM -0400
V3.0: 5.3 MEDIUM
V2.0: 5.0 MEDIUM
CVE-2017-10066

Vulnerability in the Oracle Applications Technology Stack component of Oracle E-Business Suite (subcomponent: Oracle Forms). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Applications Technology Stack. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications Technology Stack accessible data. CVSS 3.0 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).

Published: October 19, 2017; 1:29:00 PM -0400
V3.0: 5.3 MEDIUM
V2.0: 5.0 MEDIUM
CVE-2015-0420

Unspecified vulnerability in the Oracle Forms component in Oracle Fusion Middleware 11.1.1.7 and 11.1.2.2 allows remote attackers to affect confidentiality via unknown vectors related to Forms Services.

Published: January 21, 2015; 2:59:08 PM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2014-4278

Unspecified vulnerability in the Oracle Applications Technology Stack component in Oracle E-Business Suite 12.0.6, 12.1.3, 12.2.2, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Oracle Forms.

Published: October 15, 2014; 11:55:06 AM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2013-3772

Unspecified vulnerability in the Oracle WebCenter Content component in Oracle Fusion Middleware 10.1.3.5.1, 11.1.1.6.0, and 11.1.1.7.0 allows remote attackers to affect integrity via unknown vectors related to Web Forms.

Published: July 17, 2013; 9:41:16 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2012-1710

Unspecified vulnerability in the Oracle WebCenter Forms Recognition component in Oracle Fusion Middleware 10.1.3.5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Designer, a different vulnerability than CVE-2012-1709.

Published: May 03, 2012; 6:55:02 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2012-1709

Unspecified vulnerability in the Oracle WebCenter Forms Recognition component in Oracle Fusion Middleware 10.1.3.5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Designer, a different vulnerability than CVE-2012-1710.

Published: May 03, 2012; 6:55:02 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2012-0073

Unspecified vulnerability in the Oracle Forms component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect integrity via unknown vectors.

Published: January 18, 2012; 5:55:04 PM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2010-2396

Unspecified vulnerability in the Forms component in Oracle Fusion Middleware 10.1.2.3 allows remote attackers to affect integrity via unknown vectors.

Published: October 13, 2010; 8:00:21 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2008-7235

Unspecified vulnerability in the Oracle Forms component in Oracle Application Server 10.1.2.2 and E-Business Suite 12.0.3 allows remote attackers to affect integrity via unknown vectors, aka AS04.

Published: September 14, 2009; 10:30:00 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2007-4467

Multiple stack-based buffer overflows in the Oracle JInitiator ActiveX control (beans.ocx) 1.1.8.16 and earlier, as used by Oracle Forms applications from Oracle and third parties, allow remote attackers to execute arbitrary code via unspecified "initialization parameters." NOTE: it was later reported that 1.1.8.3 through 1.1.8.25, and probably 1.1.5.x and 1.1.7.x, are affected.

Published: August 30, 2007; 8:17:00 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2006-5358

Unspecified vulnerability in Oracle Forms component in Oracle Application Server 9.0.4.3 and 10.1.2.0.2 has unknown impact and remote attack vectors, aka Vuln# FORM01.

Published: October 17, 2006; 9:07:00 PM -0400
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2006-5360

Unspecified vulnerability in Oracle Forms component in Oracle Application Server 9.0.4.2 has unknown impact and remote attack vectors, aka Vuln# FORM03.

Published: October 17, 2006; 9:07:00 PM -0400
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2006-5365

Unspecified vulnerability in Oracle Forms in Oracle Application Server 9.0.4.3 and 10.1.2.0.2, and E-Business Suite and Applications 11.5.10CU2, has unknown impact and remote attack vectors, aka Vuln# FORM02.

Published: October 17, 2006; 9:07:00 PM -0400
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2006-0284

Multiple unspecified vulnerabilities in Oracle Application Server 9.0.4.2 and 10.1.2.0.2, and E-Business Suite and Applications 11.5.10, have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) FORM01 and (2) FORM02 in the Oracle Forms component.

Published: January 18, 2006; 6:03:00 AM -0500
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2005-3207

The forms servlet (f90servlet) in Oracle Forms 4.5.10.22 allows remote attackers to cause a denial of service (TNS listener stop) via a userid parameter that contains a STOP command.

Published: October 14, 2005; 6:02:00 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2005-2372

Oracle Forms 4.5 through 10g starts form executables from arbitrary directories and executes them as the Oracle or System user, which allows attackers to execute arbitrary code by uploading a malicious .fmx file and referencing it using an absolute pathname argument in the (1) form or (2) module parameters to f90servlet.

Published: July 26, 2005; 12:00:00 AM -0400
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2005-2293

Oracle Formsbuilder 9.0.4 stores database usernames and passwords in a temporary file, which is not deleted after it is used, which allows local users to obtain sensitive information.

Published: July 18, 2005; 12:00:00 AM -0400
V3.1: 5.5 MEDIUM
V2.0: 2.1 LOW