-
Notifications
You must be signed in to change notification settings - Fork 778
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
a5e8000
commit 7750fc5
Showing
57 changed files
with
887 additions
and
5 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
### [CVE-2005-1046](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1046) | ||
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) | ||
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) | ||
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) | ||
|
||
### Description | ||
|
||
Buffer overflow in the kimgio library for KDE 3.4.0 allows remote attackers to execute arbitrary code via a crafted PCX image file. | ||
|
||
### POC | ||
|
||
#### Reference | ||
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5802 | ||
|
||
#### Github | ||
No PoCs found on GitHub currently. | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
### [CVE-2012-6606](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6606) | ||
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) | ||
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) | ||
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) | ||
|
||
### Description | ||
|
||
Palo Alto Networks GlobalProtect before 1.1.7, and NetConnect, does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof portal servers and obtain sensitive information via a crafted certificate. | ||
|
||
### POC | ||
|
||
#### Reference | ||
No PoCs from references. | ||
|
||
#### Github | ||
- https://github.com/BagheeraAltered/EPSSRiskRegister | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
### [CVE-2023-31728](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31728) | ||
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) | ||
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) | ||
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) | ||
|
||
### Description | ||
|
||
Teltonika RUT240 devices with firmware before 07.04.2, when bridge mode is used, sometimes make SSH and HTTP services available on the IPv6 WAN interface even though the UI shows that they are only available on the LAN interface. | ||
|
||
### POC | ||
|
||
#### Reference | ||
No PoCs from references. | ||
|
||
#### Github | ||
- https://github.com/fkie-cad/nvd-json-data-feeds | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
### [CVE-2023-4537](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4537) | ||
![](https://img.shields.io/static/v1?label=Product&message=ERP%20XL&color=blue) | ||
![](https://img.shields.io/static/v1?label=Version&message=2020.2.2%3C%3D%202023.2%20&color=brighgreen) | ||
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-311%20Missing%20Encryption%20of%20Sensitive%20Data&color=brighgreen) | ||
|
||
### Description | ||
|
||
Comarch ERP XL client is vulnerable to MS SQL protocol downgrade request from a server side, what could lead to an unencrypted communication vulnerable to data interception and modification.This issue affects ERP XL: from 2020.2.2 through 2023.2. | ||
|
||
### POC | ||
|
||
#### Reference | ||
No PoCs from references. | ||
|
||
#### Github | ||
- https://github.com/defragmentator/mitmsqlproxy | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
### [CVE-2023-4538](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4538) | ||
![](https://img.shields.io/static/v1?label=Product&message=ERP%20XL&color=blue) | ||
![](https://img.shields.io/static/v1?label=Version&message=2020.2.2%3C%3D%202023.2%20&color=brighgreen) | ||
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-522%20Insufficiently%20Protected%20Credentials&color=brighgreen) | ||
|
||
### Description | ||
|
||
The database access credentials configured during installation are stored in a special table, and are encrypted with a shared key, same among all Comarch ERP XL client installations. This could allow an attacker with access to that table to retrieve plain text passwords.This issue affects ERP XL: from 2020.2.2 through 2023.2. | ||
|
||
### POC | ||
|
||
#### Reference | ||
No PoCs from references. | ||
|
||
#### Github | ||
- https://github.com/defragmentator/mitmsqlproxy | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
### [CVE-2023-4539](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4539) | ||
![](https://img.shields.io/static/v1?label=Product&message=ERP%20XL&color=blue) | ||
![](https://img.shields.io/static/v1?label=Version&message=2020.2.2%3C%3D%202023.2%20&color=brighgreen) | ||
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-798%20Use%20of%20Hard-coded%20Credentials&color=brighgreen) | ||
|
||
### Description | ||
|
||
Use of a hard-coded password for a special database account created during Comarch ERP XL installation allows an attacker to retrieve embedded sensitive data stored in the database. The password is same among all Comarch ERP XL installations. This issue affects ERP XL: from 2020.2.2 through 2023.2. | ||
|
||
### POC | ||
|
||
#### Reference | ||
No PoCs from references. | ||
|
||
#### Github | ||
- https://github.com/defragmentator/mitmsqlproxy | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,32 @@ | ||
### [CVE-2024-20931](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20931) | ||
![](https://img.shields.io/static/v1?label=Product&message=WebLogic%20Server&color=blue) | ||
![](https://img.shields.io/static/v1?label=Version&message=%3D%2012.2.1.4.0%20&color=brighgreen) | ||
![](https://img.shields.io/static/v1?label=Vulnerability&message=Easily%20exploitable%20vulnerability%20allows%20unauthenticated%20attacker%20with%20network%20access%20via%20T3%2C%20IIOP%20to%20compromise%20Oracle%20WebLogic%20Server.%20%20Successful%20attacks%20of%20this%20vulnerability%20can%20result%20in%20%20unauthorized%20access%20to%20critical%20data%20or%20complete%20access%20to%20all%20Oracle%20WebLogic%20Server%20accessible%20data.&color=brighgreen) | ||
|
||
### Description | ||
|
||
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). | ||
|
||
### POC | ||
|
||
#### Reference | ||
No PoCs from references. | ||
|
||
#### Github | ||
- https://github.com/ATonysan/CVE-2024-20931_weblogic | ||
- https://github.com/GlassyAmadeus/CVE-2024-20931 | ||
- https://github.com/Leocodefocus/CVE-2024-20931-Poc | ||
- https://github.com/Marco-zcl/POC | ||
- https://github.com/ZonghaoLi777/githubTrending | ||
- https://github.com/aneasystone/github-trending | ||
- https://github.com/dinosn/CVE-2024-20931 | ||
- https://github.com/jafshare/GithubTrending | ||
- https://github.com/johe123qwe/github-trending | ||
- https://github.com/labesterOct/CVE-2024-20931 | ||
- https://github.com/netlas-io/netlas-dorks | ||
- https://github.com/nomi-sec/PoC-in-GitHub | ||
- https://github.com/sampsonv/github-trending | ||
- https://github.com/tanjiti/sec_profile | ||
- https://github.com/wy876/POC | ||
- https://github.com/zhaoxiaoha/github-trending | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
### [CVE-2024-20937](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20937) | ||
![](https://img.shields.io/static/v1?label=Product&message=JD%20Edwards%20EnterpriseOne%20Tools&color=blue) | ||
![](https://img.shields.io/static/v1?label=Version&message=*%3C%209.2.8.1%20&color=brighgreen) | ||
![](https://img.shields.io/static/v1?label=Vulnerability&message=Easily%20exploitable%20vulnerability%20allows%20low%20privileged%20attacker%20with%20network%20access%20via%20HTTP%20to%20compromise%20JD%20Edwards%20EnterpriseOne%20Tools.%20%20Successful%20attacks%20of%20this%20vulnerability%20can%20result%20in%20%20unauthorized%20read%20access%20to%20a%20subset%20of%20JD%20Edwards%20EnterpriseOne%20Tools%20accessible%20data.&color=brighgreen) | ||
|
||
### Description | ||
|
||
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Monitoring and Diagnostics SEC). Supported versions that are affected are Prior to 9.2.8.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). | ||
|
||
### POC | ||
|
||
#### Reference | ||
No PoCs from references. | ||
|
||
#### Github | ||
- https://github.com/fkie-cad/nvd-json-data-feeds | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
### [CVE-2024-20939](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20939) | ||
![](https://img.shields.io/static/v1?label=Product&message=CRM%20Technical%20Foundation&color=blue) | ||
![](https://img.shields.io/static/v1?label=Version&message=12.2.3%3C%3D%2012.2.13%20&color=brighgreen) | ||
![](https://img.shields.io/static/v1?label=Vulnerability&message=Easily%20exploitable%20vulnerability%20allows%20low%20privileged%20attacker%20with%20network%20access%20via%20HTTP%20to%20compromise%20Oracle%20CRM%20Technical%20Foundation.%20%20Successful%20attacks%20of%20this%20vulnerability%20can%20result%20in%20unauthorized%20ability%20to%20cause%20a%20partial%20denial%20of%20service%20(partial%20DOS)%20of%20Oracle%20CRM%20Technical%20Foundation.&color=brighgreen) | ||
|
||
### Description | ||
|
||
Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Admin Console). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle CRM Technical Foundation. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle CRM Technical Foundation. CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L). | ||
|
||
### POC | ||
|
||
#### Reference | ||
No PoCs from references. | ||
|
||
#### Github | ||
- https://github.com/fkie-cad/nvd-json-data-feeds | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
### [CVE-2024-20941](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20941) | ||
![](https://img.shields.io/static/v1?label=Product&message=Installed%20Base&color=blue) | ||
![](https://img.shields.io/static/v1?label=Version&message=12.2.3%3C%3D%2012.2.13%20&color=brighgreen) | ||
![](https://img.shields.io/static/v1?label=Vulnerability&message=Easily%20exploitable%20vulnerability%20allows%20unauthenticated%20attacker%20with%20network%20access%20via%20HTTP%20to%20compromise%20Oracle%20Installed%20Base.%20%20Successful%20attacks%20require%20human%20interaction%20from%20a%20person%20other%20than%20the%20attacker%20and%20while%20the%20vulnerability%20is%20in%20Oracle%20Installed%20Base%2C%20attacks%20may%20significantly%20impact%20additional%20products%20(scope%20change).%20Successful%20attacks%20of%20this%20vulnerability%20can%20result%20in%20%20unauthorized%20update%2C%20insert%20or%20delete%20access%20to%20some%20of%20Oracle%20Installed%20Base%20accessible%20data%20as%20well%20as%20%20unauthorized%20read%20access%20to%20a%20subset%20of%20Oracle%20Installed%20Base%20accessible%20data.&color=brighgreen) | ||
|
||
### Description | ||
|
||
Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite (component: HTML UI). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Installed Base. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Installed Base, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Installed Base accessible data as well as unauthorized read access to a subset of Oracle Installed Base accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). | ||
|
||
### POC | ||
|
||
#### Reference | ||
No PoCs from references. | ||
|
||
#### Github | ||
- https://github.com/fkie-cad/nvd-json-data-feeds | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
### [CVE-2024-20943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20943) | ||
![](https://img.shields.io/static/v1?label=Product&message=Knowledge%20Management&color=blue) | ||
![](https://img.shields.io/static/v1?label=Version&message=12.2.3%3C%3D%2012.2.13%20&color=brighgreen) | ||
![](https://img.shields.io/static/v1?label=Vulnerability&message=Easily%20exploitable%20vulnerability%20allows%20low%20privileged%20attacker%20with%20network%20access%20via%20HTTP%20to%20compromise%20Oracle%20Knowledge%20Management.%20%20Successful%20attacks%20require%20human%20interaction%20from%20a%20person%20other%20than%20the%20attacker%20and%20while%20the%20vulnerability%20is%20in%20Oracle%20Knowledge%20Management%2C%20attacks%20may%20significantly%20impact%20additional%20products%20(scope%20change).%20Successful%20attacks%20of%20this%20vulnerability%20can%20result%20in%20%20unauthorized%20update%2C%20insert%20or%20delete%20access%20to%20some%20of%20Oracle%20Knowledge%20Management%20accessible%20data%20as%20well%20as%20%20unauthorized%20read%20access%20to%20a%20subset%20of%20Oracle%20Knowledge%20Management%20accessible%20data.&color=brighgreen) | ||
|
||
### Description | ||
|
||
Vulnerability in the Oracle Knowledge Management product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Knowledge Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Knowledge Management, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Knowledge Management accessible data as well as unauthorized read access to a subset of Oracle Knowledge Management accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). | ||
|
||
### POC | ||
|
||
#### Reference | ||
No PoCs from references. | ||
|
||
#### Github | ||
- https://github.com/fkie-cad/nvd-json-data-feeds | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
### [CVE-2024-20945](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20945) | ||
![](https://img.shields.io/static/v1?label=Product&message=Java%20SE%20JDK%20and%20JRE&color=blue) | ||
![](https://img.shields.io/static/v1?label=Version&message=%3D%20Oracle%20Java%20SE%3A8u391%20&color=brighgreen) | ||
![](https://img.shields.io/static/v1?label=Vulnerability&message=Difficult%20to%20exploit%20vulnerability%20allows%20low%20privileged%20attacker%20with%20logon%20to%20the%20infrastructure%20where%20Oracle%20Java%20SE%2C%20Oracle%20GraalVM%20for%20JDK%2C%20Oracle%20GraalVM%20Enterprise%20Edition%20executes%20to%20compromise%20Oracle%20Java%20SE%2C%20Oracle%20GraalVM%20for%20JDK%2C%20Oracle%20GraalVM%20Enterprise%20Edition.%20%20Successful%20attacks%20of%20this%20vulnerability%20can%20result%20in%20%20unauthorized%20access%20to%20critical%20data%20or%20complete%20access%20to%20all%20Oracle%20Java%20SE%2C%20Oracle%20GraalVM%20for%20JDK%2C%20Oracle%20GraalVM%20Enterprise%20Edition%20accessible%20data.&color=brighgreen) | ||
|
||
### Description | ||
|
||
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition executes to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N). | ||
|
||
### POC | ||
|
||
#### Reference | ||
No PoCs from references. | ||
|
||
#### Github | ||
- https://github.com/fkie-cad/nvd-json-data-feeds | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
### [CVE-2024-20947](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20947) | ||
![](https://img.shields.io/static/v1?label=Product&message=Common%20Applications&color=blue) | ||
![](https://img.shields.io/static/v1?label=Version&message=12.2.3%3C%3D%2012.2.13%20&color=brighgreen) | ||
![](https://img.shields.io/static/v1?label=Vulnerability&message=Easily%20exploitable%20vulnerability%20allows%20low%20privileged%20attacker%20with%20network%20access%20via%20HTTP%20to%20compromise%20Oracle%20Common%20Applications.%20%20Successful%20attacks%20require%20human%20interaction%20from%20a%20person%20other%20than%20the%20attacker%20and%20while%20the%20vulnerability%20is%20in%20Oracle%20Common%20Applications%2C%20attacks%20may%20significantly%20impact%20additional%20products%20(scope%20change).%20Successful%20attacks%20of%20this%20vulnerability%20can%20result%20in%20%20unauthorized%20update%2C%20insert%20or%20delete%20access%20to%20some%20of%20Oracle%20Common%20Applications%20accessible%20data%20as%20well%20as%20%20unauthorized%20read%20access%20to%20a%20subset%20of%20Oracle%20Common%20Applications%20accessible%20data.&color=brighgreen) | ||
|
||
### Description | ||
|
||
Vulnerability in the Oracle Common Applications product of Oracle E-Business Suite (component: CRM User Management Framework). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Common Applications. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Common Applications, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Common Applications accessible data as well as unauthorized read access to a subset of Oracle Common Applications accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). | ||
|
||
### POC | ||
|
||
#### Reference | ||
No PoCs from references. | ||
|
||
#### Github | ||
- https://github.com/fkie-cad/nvd-json-data-feeds | ||
|
Oops, something went wrong.