Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
oracle applications framework vulnerabilities and exploits
(subscribe to this query)
4.7
CVSSv3
CVE-2020-14716
Vulnerability in the Oracle Common Applications product of Oracle E-Business Suite (component: CRM User Management Framework). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access v...
Oracle Common Applications 12.1.3
Oracle Common Applications
8.2
CVSSv3
CVE-2020-14534
Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Popups). The supported version that is affected is 12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Applicat...
Oracle Applications Framework 12.2.9
2.7
CVSSv3
CVE-2020-14590
Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Page Request). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to com...
Oracle Applications Framework 12.1.3
Oracle Applications Framework
7.6
CVSSv3
CVE-2020-14610
Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Attachments / File Upload). The supported version that is affected is 12.2.9. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromi...
Oracle Applications Framework 12.2.9
4.7
CVSSv3
CVE-2020-14717
Vulnerability in the Oracle Common Applications product of Oracle E-Business Suite (component: CRM User Management Framework). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access v...
Oracle Common Applications 12.1.3
Oracle Common Applications
6.3
CVSSv3
CVE-2020-1945
Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory bac...
Apache Ant
Canonical Ubuntu Linux 19.10
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Opensuse Leap 15.2
Oracle Flexcube Investor Servicing 12.3.0
Oracle Flexcube Investor Servicing 12.1.0
Oracle Flexcube Private Banking 12.1.0
Oracle Primavera Unifier 16.2
Oracle Retail Integration Bus 14.1
Oracle Flexcube Private Banking 12.0.0
Oracle Retail Store Inventory Management 14.1
Oracle Primavera Unifier 16.1
Oracle Enterprise Repository 11.1.1.7.0
Oracle Retail Service Backbone 15.0
Oracle Retail Integration Bus 15.0
Oracle Retail Back Office 14.1
Oracle Retail Back Office 14.0
Oracle Utilities Framework 4.2.0.3.0
Oracle Utilities Framework 4.2.0.2.0
Oracle Utilities Framework 2.2.0.0.0
Oracle Flexcube Investor Servicing 12.4.0
9.8
CVSSv3
CVE-2020-10683
dom4j prior to 2.0.3 and 2.1.x prior to 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j...
Dom4j Project Dom4j
Oracle Insurance Policy Administration J2ee 10.2.0
Oracle Insurance Rules Palette 10.2.0
Oracle Retail Integration Bus 15.0
Oracle Webcenter Portal 12.2.1.3.0
Oracle Webcenter Portal 11.1.1.9.0
Oracle Utilities Framework 4.2.0.3.0
Oracle Utilities Framework 4.2.0.2.0
Oracle Utilities Framework 2.2.0.0.0
Oracle Flexcube Core Banking 11.7.0
Oracle Business Process Management Suite 12.2.1.3.0
Oracle Endeca Information Discovery Integrator 3.2.0
Oracle Application Testing Suite 13.3.0.1
Oracle Retail Order Broker 15.0
Oracle Retail Order Broker 16.0
Oracle Retail Integration Bus 16.0
Oracle Retail Customer Management And Segmentation Foundation 16.0
Oracle Retail Customer Management And Segmentation Foundation 17.0
Oracle Retail Customer Management And Segmentation Foundation 18.0
Oracle Enterprise Data Quality 12.2.1.3.0
Oracle Data Integrator 12.2.1.3.0
Oracle Utilities Framework 4.4.0.0.0
6.1
CVSSv3
CVE-2020-11022
In jQuery versions greater than or equal to 1.2 and prior to 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuer...
Jquery Jquery
Drupal Drupal
Debian Debian Linux 9.0
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Oracle Weblogic Server 12.1.3.0.0
Oracle Jdeveloper 11.1.1.9.0
Oracle Retail Back Office 14.1
Oracle Retail Back Office 14.0
Oracle Peoplesoft Enterprise Peopletools 8.56
Oracle Weblogic Server 10.3.6.0.0
Oracle Communications Webrtc Session Controller 7.2
Oracle Weblogic Server 12.2.1.3.0
Oracle Agile Product Lifecycle Management For Process 6.2.0.0
Oracle Peoplesoft Enterprise Peopletools 8.57
Oracle Application Testing Suite 13.3.0.1
Oracle Retail Returns Management 14.0
Oracle Retail Returns Management 14.1
Oracle Jdeveloper 12.2.1.3.0
Oracle Policy Automation Connector For Siebel 10.4.6
Oracle Financial Services Market Risk Measurement And Management 8.0.6
13 Github repositories
3.7
CVSSv3
CVE-2020-9488
Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. Fixed in Apache Log4j 2.12.3 and 2.13.1
Apache Log4j
Oracle Flexcube Private Banking 12.1.0
Oracle Retail Integration Bus 14.1
Oracle Flexcube Private Banking 12.0.0
Oracle Flexcube Core Banking 5.2.0
Oracle Retail Integration Bus 15.0
Oracle Peoplesoft Enterprise Peopletools 8.56
Oracle Weblogic Server 10.3.6.0.0
Oracle Utilities Framework 4.2.0.3.0
Oracle Utilities Framework 4.2.0.2.0
Oracle Utilities Framework 2.2.0.0.0
Oracle Peoplesoft Enterprise Peopletools 8.57
Oracle Retail Integration Bus 16.0
Oracle Primavera Unifier 18.8
Oracle Retail Customer Management And Segmentation Foundation 16.0
Oracle Retail Customer Management And Segmentation Foundation 17.0
Oracle Retail Customer Management And Segmentation Foundation 18.0
Oracle Policy Automation Connector For Siebel 10.4.6
Oracle Data Integrator 12.2.1.3.0
Oracle Jd Edwards World Security A9.4
Oracle Financial Services Market Risk Measurement And Management 8.0.6
Oracle Utilities Framework 4.4.0.0.0
3 Github repositories
1 Article
8.2
CVSSv3
CVE-2020-2890
Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Diagnostics). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to comp...
Oracle Applications Framework 12.1.3
Oracle Applications Framework
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-6267
XML injection
CVE-2024-37673
CVE-2024-6266
CVE-2024-30078
arbitrary
CVE-2024-36886
CVE-2024-5346
template injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »