admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2021-07-21 00:01:00 +00:00
parent aa0b6aaf27
commit 530be22a61
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
96 changed files with 1705 additions and 1498 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
2020/10xxx/CVE-2020-10878.json
View File

@ -108,7 +108,9 @@
"name": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
"url": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com//security-alerts/cpujul2021.html"
}
]
}

4
2020/11xxx/CVE-2020-11022.json
View File

@ -250,7 +250,9 @@
"url": "http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html"
},
{
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
"url": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com//security-alerts/cpujul2021.html"
}
]
},

4
2020/11xxx/CVE-2020-11023.json
View File

@ -360,7 +360,9 @@
"url": "http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html"
},
{
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
"url": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com//security-alerts/cpujul2021.html"
}
]
},

4
2020/11xxx/CVE-2020-11080.json
View File

@ -120,7 +120,9 @@
"name": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
"url": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com//security-alerts/cpujul2021.html"
}
]
},

4
2020/11xxx/CVE-2020-11612.json
View File

@ -268,7 +268,9 @@
"name": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
"url": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com//security-alerts/cpujul2021.html"
}
]
}

34
2020/11xxx/CVE-2020-11868.json
View File

@ -52,21 +52,6 @@
},
"references": {
"reference_data": [
{
"url": "http://support.ntp.org/bin/view/Main/NtpBug3592",
"refsource": "MISC",
"name": "http://support.ntp.org/bin/view/Main/NtpBug3592"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1716665",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1716665"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20200424-0002/",
"url": "https://security.netapp.com/advisory/ntap-20200424-0002/"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20200505 [SECURITY] [DLA 2201-1] ntp security update",
@ -88,7 +73,24 @@
"url": "https://security.gentoo.org/glsa/202007-12"
},
{
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
"url": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"url": "http://support.ntp.org/bin/view/Main/NtpBug3592",
"refsource": "MISC",
"name": "http://support.ntp.org/bin/view/Main/NtpBug3592"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1716665",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1716665"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20200424-0002/",
"url": "https://security.netapp.com/advisory/ntap-20200424-0002/"
}
]
},

4
2020/11xxx/CVE-2020-11973.json
View File

@ -70,7 +70,9 @@
"name": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
"url": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com//security-alerts/cpujul2021.html"
}
]
},

4
2020/11xxx/CVE-2020-11979.json
View File

@ -136,7 +136,9 @@
"url": "https://lists.apache.org/thread.html/rbfe9ba28b74f39f46ec1bbbac3bef313f35017cf3aac13841a84483a@%3Cdev.creadur.apache.org%3E"
},
{
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
"url": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com//security-alerts/cpujul2021.html"
}
]
}

4
2020/11xxx/CVE-2020-11987.json
View File

@ -75,7 +75,9 @@
"name": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
"url": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com//security-alerts/cpujul2021.html"
}
]
},

4
2020/11xxx/CVE-2020-11988.json
View File

@ -75,7 +75,9 @@
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22HESSYU7T4D6GGENUVEX3X3H6FGBECH/"
},
{
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
"url": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com//security-alerts/cpujul2021.html"
}
]
},

4
2020/11xxx/CVE-2020-11998.json
View File

@ -70,7 +70,9 @@
"name": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
"url": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com//security-alerts/cpujul2021.html"
}
]
},

4
2020/12xxx/CVE-2020-12723.json
View File

@ -113,7 +113,9 @@
"name": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
"url": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com//security-alerts/cpujul2021.html"
}
]
}

4
2020/13xxx/CVE-2020-13934.json
View File

@ -100,7 +100,9 @@
"name": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
"url": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com//security-alerts/cpujul2021.html"
}
]
},

4
2020/13xxx/CVE-2020-13935.json
View File

@ -110,7 +110,9 @@
"name": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
"url": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com//security-alerts/cpujul2021.html"
}
]
},

4
2020/13xxx/CVE-2020-13949.json
View File

@ -500,7 +500,9 @@
"url": "https://security.gentoo.org/glsa/202107-32"
},
{
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
"url": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com//security-alerts/cpujul2021.html"
}
]
},

4
2020/13xxx/CVE-2020-13956.json
View File

@ -260,7 +260,9 @@
"url": "https://lists.apache.org/thread.html/rc0863892ccfd9fd0d0ae10091f24ee769fb39b8957fe4ebabfc11f17@%3Cdev.jackrabbit.apache.org%3E"
},
{
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
"url": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com//security-alerts/cpujul2021.html"
}
]
},

4
2020/14xxx/CVE-2020-14060.json
View File

@ -88,7 +88,9 @@
"name": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
"url": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com//security-alerts/cpujul2021.html"
}
]
}

4
2020/14xxx/CVE-2020-14061.json
View File

@ -88,7 +88,9 @@
"name": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
"url": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com//security-alerts/cpujul2021.html"
}
]
}

4
2020/14xxx/CVE-2020-14062.json
View File

@ -88,7 +88,9 @@
"name": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
"url": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com//security-alerts/cpujul2021.html"
}
]
}

4
2020/14xxx/CVE-2020-14195.json
View File

@ -83,7 +83,9 @@
"name": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
"url": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com//security-alerts/cpujul2021.html"
}
]
}

4
2020/15xxx/CVE-2020-15389.json
View File

@ -83,7 +83,9 @@
"url": "https://www.debian.org/security/2021/dsa-4882"
},
{
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
"url": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com//security-alerts/cpujul2021.html"
}
]
}

4
2020/17xxx/CVE-2020-17521.json
View File

@ -89,7 +89,9 @@
"name": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
"url": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com//security-alerts/cpujul2021.html"
}
]
},

4
2020/17xxx/CVE-2020-17527.json
View File

@ -180,7 +180,9 @@
"url": "https://security.netapp.com/advisory/ntap-20201210-0003/"
},
{
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
"url": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com//security-alerts/cpujul2021.html"
}
]
},

4
2020/17xxx/CVE-2020-17530.json
View File

@ -75,7 +75,9 @@
"name": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
"url": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com//security-alerts/cpujul2021.html"
}
]
},

4
2020/1xxx/CVE-2020-1941.json
View File

@ -80,7 +80,9 @@
"name": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
"url": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com//security-alerts/cpujul2021.html"
}
]
},

4
2020/1xxx/CVE-2020-1945.json
View File

@ -290,7 +290,9 @@
"url": "https://lists.apache.org/thread.html/rbfe9ba28b74f39f46ec1bbbac3bef313f35017cf3aac13841a84483a@%3Cdev.creadur.apache.org%3E"
},
{
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
"url": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com//security-alerts/cpujul2021.html"
}
]
},

4
2020/1xxx/CVE-2020-1967.json
View File

@ -218,7 +218,9 @@
"url": "https://www.tenable.com/security/tns-2021-10"
},
{
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
"url": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com//security-alerts/cpujul2021.html"
}
]
}

4
2020/1xxx/CVE-2020-1968.json
View File

@ -98,7 +98,9 @@
"name": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
"url": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com//security-alerts/cpujul2021.html"
}
]
}

4
2020/1xxx/CVE-2020-1971.json
View File

@ -171,7 +171,9 @@
"url": "https://security.netapp.com/advisory/ntap-20210513-0002/"
},
{
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
"url": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com//security-alerts/cpujul2021.html"
}
]
}

4
2020/24xxx/CVE-2020-24553.json
View File

@ -98,7 +98,9 @@
"url": "https://security.netapp.com/advisory/ntap-20200924-0003/"
},
{
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
"url": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com//security-alerts/cpujul2021.html"
}
]
}

4
2020/24xxx/CVE-2020-24616.json
View File

@ -83,7 +83,9 @@
"name": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
"url": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com//security-alerts/cpujul2021.html"
}
]
}

4
2020/24xxx/CVE-2020-24750.json
View File

@ -83,7 +83,9 @@
"name": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
"url": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com//security-alerts/cpujul2021.html"
}
]
}

4
2020/25xxx/CVE-2020-25638.json
View File

@ -60,7 +60,9 @@
"url": "https://www.debian.org/security/2021/dsa-4908"
},
{
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
"url": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com//security-alerts/cpujul2021.html"
}
]
},

4
2020/25xxx/CVE-2020-25648.json
View File

@ -75,7 +75,9 @@
"url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E"
},
{
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
"url": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com//security-alerts/cpujul2021.html"
}
]
},

4
2020/25xxx/CVE-2020-25649.json
View File

@ -345,7 +345,9 @@
"url": "https://lists.apache.org/thread.html/r8764bb835bcb8e311c882ff91dd3949c9824e905e880930be56f6ba3@%3Cuser.spark.apache.org%3E"
},
{
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
"url": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com//security-alerts/cpujul2021.html"
}
]
},

4
2020/26xxx/CVE-2020-26217.json
View File

@ -120,7 +120,9 @@
"url": "https://security.netapp.com/advisory/ntap-20210409-0004/"
},
{
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
"url": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com//security-alerts/cpujul2021.html"
}
]
},

6
2020/26xxx/CVE-2020-26870.json
View File

@ -74,11 +74,13 @@
},
{
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-26870",
"refsource":"MS",
"refsource": "MS",
"name": "Visual Studio Remote Code Execution Vulnerability"
},
{
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
"url": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com//security-alerts/cpujul2021.html"
}
]
}

4
2020/27xxx/CVE-2020-27193.json
View File

@ -73,7 +73,9 @@
"url": "https://ckeditor.com/blog/CKEditor-4.15.1-with-a-security-patch-released/"
},
{
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
"url": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com//security-alerts/cpujul2021.html"
}
]
}

4
2020/27xxx/CVE-2020-27216.json
View File

@ -747,7 +747,9 @@
"name": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
"url": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com//security-alerts/cpujul2021.html"
}
]
}

4
2020/27xxx/CVE-2020-27218.json
View File

@ -624,7 +624,9 @@
"url": "https://lists.apache.org/thread.html/rfa34d2a3e423421a4a1354cf457edba2ce78cee2d3ebd8aab151a559@%3Cdev.kafka.apache.org%3E"
},
{
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
"url": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com//security-alerts/cpujul2021.html"
}
]
}

8
2020/27xxx/CVE-2020-27783.json
View File

@ -69,6 +69,11 @@
"name": "FEDORA-2020-307946cfb6",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JKG67GPGTV23KADT4D4GK4RMHSO4CIQL/"
},
{
"url": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"refsource": "MISC",
"name": "https://advisory.checkmarx.net/advisory/CX-2020-4286",
@ -78,9 +83,6 @@
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20210521-0003/",
"url": "https://security.netapp.com/advisory/ntap-20210521-0003/"
},
{
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
}
]
},

4
2020/27xxx/CVE-2020-27814.json
View File

@ -70,7 +70,9 @@
"url": "https://www.debian.org/security/2021/dsa-4882"
},
{
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
"url": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com//security-alerts/cpujul2021.html"
}
]
},

4
2020/27xxx/CVE-2020-27841.json
View File

@ -75,7 +75,9 @@
"name": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
"url": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com//security-alerts/cpujul2021.html"
}
]
},

4
2020/27xxx/CVE-2020-27842.json
View File

@ -70,7 +70,9 @@
"name": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
"url": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com//security-alerts/cpujul2021.html"
}
]
},

4
2020/27xxx/CVE-2020-27843.json
View File

@ -70,7 +70,9 @@
"name": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
"url": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com//security-alerts/cpujul2021.html"
}
]
},

4
2020/27xxx/CVE-2020-27844.json
View File

@ -65,7 +65,9 @@
"name": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
"url": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com//security-alerts/cpujul2021.html"
}
]
},

4
2020/27xxx/CVE-2020-27845.json
View File

@ -75,7 +75,9 @@
"name": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
"url": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com//security-alerts/cpujul2021.html"
}
]
},

4
2020/28xxx/CVE-2020-28052.json
View File

@ -108,7 +108,9 @@
"url": "https://www.synopsys.com/blogs/software-security/cve-2020-28052-bouncy-castle/"
},
{
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
"url": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com//security-alerts/cpujul2021.html"
}
]
}

4
2020/28xxx/CVE-2020-28196.json
View File

@ -113,7 +113,9 @@
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E"
},
{
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
"url": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com//security-alerts/cpujul2021.html"
}
]
}

8
2020/28xxx/CVE-2020-28500.json
View File

@ -86,13 +86,15 @@
"url": "https://github.com/lodash/lodash/pull/5065",
"name": "https://github.com/lodash/lodash/pull/5065"
},
{
"url": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20210312-0006/",
"url": "https://security.netapp.com/advisory/ntap-20210312-0006/"
},
{
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
}
]
},

14
2020/28xxx/CVE-2020-28928.json
View File

@ -57,11 +57,6 @@
"refsource": "MISC",
"name": "https://musl.libc.org/releases.html"
},
{
"refsource": "CONFIRM",
"name": "http://www.openwall.com/lists/oss-security/2020/11/20/4",
"url": "http://www.openwall.com/lists/oss-security/2020/11/20/4"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20201130 [SECURITY] [DLA 2474-1] musl security update",
@ -93,7 +88,14 @@
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKQ3RVSMVZNZNO4D65W2CZZ4DMYFZN2Q/"
},
{
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
"url": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"refsource": "CONFIRM",
"name": "http://www.openwall.com/lists/oss-security/2020/11/20/4",
"url": "http://www.openwall.com/lists/oss-security/2020/11/20/4"
}
]
}

14
2020/29xxx/CVE-2020-29582.json
View File

@ -57,18 +57,20 @@
"refsource": "MISC",
"name": "https://blog.jetbrains.com"
},
{
"refsource": "MISC",
"name": "https://blog.jetbrains.com/blog/2021/02/03/jetbrains-security-bulletin-q4-2020/",
"url": "https://blog.jetbrains.com/blog/2021/02/03/jetbrains-security-bulletin-q4-2020/"
},
{
"refsource": "MLIST",
"name": "[kafka-users] 20210617 vulnerabilities",
"url": "https://lists.apache.org/thread.html/r2721aba31a8562639c4b937150897e24f78f747cdbda8641c0f659fe@%3Cusers.kafka.apache.org%3E"
},
{
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
"url": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"refsource": "MISC",
"name": "https://blog.jetbrains.com/blog/2021/02/03/jetbrains-security-bulletin-q4-2020/",
"url": "https://blog.jetbrains.com/blog/2021/02/03/jetbrains-security-bulletin-q4-2020/"
}
]
}

28
2020/2xxx/CVE-2020-2604.json
View File

@ -64,11 +64,6 @@
},
"references": {
"reference_data": [
{
"url": "https://www.oracle.com/security-alerts/cpujan2020.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"refsource": "REDHAT",
"name": "RHSA-2020:0128",
@ -84,11 +79,6 @@
"name": "RHSA-2020:0196",
"url": "https://access.redhat.com/errata/RHSA-2020:0196"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20200122-0003/",
"url": "https://security.netapp.com/advisory/ntap-20200122-0003/"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2020:0113",
@ -170,9 +160,9 @@
"url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00034.html"
},
{
"refsource": "CONFIRM",
"name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10315",
"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10315"
"url": "https://www.oracle.com/security-alerts/cpujan2020.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"refsource": "GENTOO",
@ -183,7 +173,17 @@
"url": "https://www.oracle.com/security-alerts/cpujul2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpujul2021.html"
}
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20200122-0003/",
"url": "https://security.netapp.com/advisory/ntap-20200122-0003/"
},
{
"refsource": "CONFIRM",
"name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10315",
"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10315"
}
]
}
}

4
2020/35xxx/CVE-2020-35490.json
View File

@ -78,7 +78,9 @@
"url": "https://security.netapp.com/advisory/ntap-20210122-0005/"
},
{
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
"url": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com//security-alerts/cpujul2021.html"
}
]
}

4
2020/35xxx/CVE-2020-35491.json
View File

@ -78,7 +78,9 @@
"url": "https://security.netapp.com/advisory/ntap-20210122-0005/"
},
{
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
"url": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com//security-alerts/cpujul2021.html"
}
]
}

4
2020/35xxx/CVE-2020-35728.json
View File

@ -78,7 +78,9 @@
"url": "https://security.netapp.com/advisory/ntap-20210129-0007/"
},
{
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
"url": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com//security-alerts/cpujul2021.html"
}
]
}

4
2020/36xxx/CVE-2020-36179.json
View File

@ -83,7 +83,9 @@
"url": "https://security.netapp.com/advisory/ntap-20210205-0005/"
},
{
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
"url": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com//security-alerts/cpujul2021.html"
}
]
}

4
2020/36xxx/CVE-2020-36180.json
View File

@ -78,7 +78,9 @@
"url": "https://security.netapp.com/advisory/ntap-20210205-0005/"
},
{
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
"url": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com//security-alerts/cpujul2021.html"
}
]
}

4
2020/36xxx/CVE-2020-36181.json
View File

@ -78,7 +78,9 @@
"url": "https://security.netapp.com/advisory/ntap-20210205-0005/"
},
{
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
"url": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com//security-alerts/cpujul2021.html"
}
]
}

4
2020/36xxx/CVE-2020-36182.json
View File

@ -78,7 +78,9 @@
"url": "https://security.netapp.com/advisory/ntap-20210205-0005/"
},
{
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
"url": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com//security-alerts/cpujul2021.html"
}
]
}

4
2020/36xxx/CVE-2020-36183.json
View File

@ -78,7 +78,9 @@
"url": "https://security.netapp.com/advisory/ntap-20210205-0005/"
},
{
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
"url": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com//security-alerts/cpujul2021.html"
}
]
}

4
2020/36xxx/CVE-2020-36184.json
View File

@ -78,7 +78,9 @@
"url": "https://security.netapp.com/advisory/ntap-20210205-0005/"
},
{
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
"url": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com//security-alerts/cpujul2021.html"
}
]
}

4
2020/36xxx/CVE-2020-36185.json
View File

@ -78,7 +78,9 @@
"url": "https://security.netapp.com/advisory/ntap-20210205-0005/"
},
{
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
"url": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com//security-alerts/cpujul2021.html"
}
]
}

4
2020/36xxx/CVE-2020-36186.json
View File

@ -78,7 +78,9 @@
"url": "https://security.netapp.com/advisory/ntap-20210205-0005/"
},
{
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
"url": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com//security-alerts/cpujul2021.html"
}
]
}

4
2020/36xxx/CVE-2020-36187.json
View File

@ -78,7 +78,9 @@
"url": "https://security.netapp.com/advisory/ntap-20210205-0005/"
},
{
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
"url": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com//security-alerts/cpujul2021.html"
}
]
}

4
2020/36xxx/CVE-2020-36188.json
View File

@ -78,7 +78,9 @@
"url": "https://security.netapp.com/advisory/ntap-20210205-0005/"
},
{
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
"url": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com//security-alerts/cpujul2021.html"
}
]
}

4
2020/36xxx/CVE-2020-36189.json
View File

@ -78,7 +78,9 @@
"url": "https://security.netapp.com/advisory/ntap-20210205-0005/"
},
{
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
"url": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com//security-alerts/cpujul2021.html"
}
]
}

4
2020/5xxx/CVE-2020-5258.json
View File

@ -117,7 +117,9 @@
"url": "https://lists.apache.org/thread.html/r665fcc152bd0fec9f71511a6c2435ff24d3a71386b01b1a6df326fd3@%3Cusers.qpid.apache.org%3E"
},
{
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
"url": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com//security-alerts/cpujul2021.html"
}
]
},

4
2020/5xxx/CVE-2020-5397.json
View File

@ -80,7 +80,9 @@
"name": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
"url": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com//security-alerts/cpujul2021.html"
}
]
},

4
2020/5xxx/CVE-2020-5398.json
View File

@ -270,7 +270,9 @@
"url": "https://lists.apache.org/thread.html/r27552d2fa10d96f2810c50d16ad1fd1899e37796c81a0c5e7585a02d@%3Cdev.rocketmq.apache.org%3E"
},
{
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
"url": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com//security-alerts/cpujul2021.html"
}
]
},

4
2020/5xxx/CVE-2020-5413.json
View File

@ -85,7 +85,9 @@
"name": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
"url": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com//security-alerts/cpujul2021.html"
}
]
},

4
2020/5xxx/CVE-2020-5421.json
View File

@ -175,7 +175,9 @@
"url": "https://security.netapp.com/advisory/ntap-20210513-0009/"
},
{
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
"url": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com//security-alerts/cpujul2021.html"
}
]
},

4
2020/7xxx/CVE-2020-7016.json
View File

@ -55,7 +55,9 @@
"name": "https://discuss.elastic.co/t/elastic-stack-6-8-11-and-7-8-1-security-update/242786"
},
{
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
"url": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com//security-alerts/cpujul2021.html"
}
]
},

6
2021/2xxx/CVE-2021-2244.json
View File

@ -43,7 +43,7 @@
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Hyperion Analytic Provider Services product of Oracle Hyperion (component: JAPI) and Essbase Analytic Provider Services product of Oracle Essbase (component: JAPI). Supported versions that are affected are Hyperion Analytic Provider Services 11.1.2.4 and 12.2.1.4, and Essbase Analytic Provider Services 21.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Hyperion Analytic Provider Services. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Hyperion Analytic Provider Services, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Hyperion Analytic Provider Services. CVSS 3.1 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)."
"value": "Vulnerability in the Hyperion Analytic Provider Services product of Oracle Hyperion (component: JAPI) and Essbase Analytic Provider Services product of Oracle Essbase (component: JAPI). Supported versions that are affected are Hyperion Analytic Provider Services 11.1.2.4 and 12.2.1.4, and Essbase Analytic Provider Services 21.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Hyperion Analytic Provider Services. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Hyperion Analytic Provider Services, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Hyperion Analytic Provider Services. CVSS 3.1 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)."
}
]
},
@ -77,7 +77,7 @@
"url": "https://www.oracle.com/security-alerts/cpujul2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpujul2021.html"
}
}
]
}
}
}

143
2021/2xxx/CVE-2021-2323.json
View File

@ -1,75 +1,78 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2021-2323"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FLEXCUBE Universal Banking",
"version": {
"version_data": [
{
"version_value": "12.3",
"version_affected": "="
},
{
"version_value": "12.4",
"version_affected": "="
},
{
"version_value": "14.0-14.4",
"version_affected": "="
}
]
}
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2021-2323",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FLEXCUBE Universal Banking",
"version": {
"version_data": [
{
"version_value": "12.3",
"version_affected": "="
},
{
"version_value": "12.4",
"version_affected": "="
},
{
"version_value": "14.0-14.4",
"version_affected": "="
}
]
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: Flex-Branch). Supported versions that are affected are 12.3, 12.4, 14.0-14.4 and . Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Universal Banking accessible data. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)."
}
]
},
"impact": {
"cvss": {
"baseScore": "5.9",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Universal Banking accessible data."
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.oracle.com/security-alerts/cpujul2021.html"
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: Flex-Branch). Supported versions that are affected are 12.3, 12.4, 14.0-14.4 and . Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Universal Banking accessible data. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)."
}
]
},
"impact": {
"cvss": {
"baseScore": "5.9",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Universal Banking accessible data."
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.oracle.com/security-alerts/cpujul2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpujul2021.html"
}
]
}
}

135
2021/2xxx/CVE-2021-2324.json
View File

@ -1,71 +1,74 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2021-2324"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FLEXCUBE Universal Banking",
"version": {
"version_data": [
{
"version_value": "12.0-12.4",
"version_affected": "="
},
{
"version_value": "14.0-14.4",
"version_affected": "="
}
]
}
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2021-2324",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FLEXCUBE Universal Banking",
"version": {
"version_data": [
{
"version_value": "12.0-12.4",
"version_affected": "="
},
{
"version_value": "14.0-14.4",
"version_affected": "="
}
]
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: Loans And Deposits). Supported versions that are affected are 12.0-12.4, 14.0-14.4 and . Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data. CVSS 3.1 Base Score 4.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N)."
}
]
},
"impact": {
"cvss": {
"baseScore": "4.6",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data."
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.oracle.com/security-alerts/cpujul2021.html"
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: Loans And Deposits). Supported versions that are affected are 12.0-12.4, 14.0-14.4 and . Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data. CVSS 3.1 Base Score 4.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N)."
}
]
},
"impact": {
"cvss": {
"baseScore": "4.6",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data."
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.oracle.com/security-alerts/cpujul2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpujul2021.html"
}
]
}
}

135
2021/2xxx/CVE-2021-2326.json
View File

@ -1,71 +1,74 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2021-2326"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Database - Enterprise Edition",
"version": {
"version_data": [
{
"version_value": "12.2.0.1",
"version_affected": "="
},
{
"version_value": "19c",
"version_affected": "="
}
]
}
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2021-2326",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Database - Enterprise Edition",
"version": {
"version_data": [
{
"version_value": "12.2.0.1",
"version_affected": "="
},
{
"version_value": "19c",
"version_affected": "="
}
]
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Database Vault component of Oracle Database Server. Supported versions that are affected are 12.2.0.1 and 19c. Easily exploitable vulnerability allows high privileged attacker having DBA privilege with network access via Oracle Net to compromise Database Vault. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Database Vault accessible data. CVSS 3.1 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N)."
}
]
},
"impact": {
"cvss": {
"baseScore": "2.7",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows high privileged attacker having DBA privilege with network access via Oracle Net to compromise Database Vault. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Database Vault accessible data."
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.oracle.com/security-alerts/cpujul2021.html"
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Database Vault component of Oracle Database Server. Supported versions that are affected are 12.2.0.1 and 19c. Easily exploitable vulnerability allows high privileged attacker having DBA privilege with network access via Oracle Net to compromise Database Vault. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Database Vault accessible data. CVSS 3.1 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N)."
}
]
},
"impact": {
"cvss": {
"baseScore": "2.7",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows high privileged attacker having DBA privilege with network access via Oracle Net to compromise Database Vault. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Database Vault accessible data."
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.oracle.com/security-alerts/cpujul2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpujul2021.html"
}
]
}
}

143
2021/2xxx/CVE-2021-2328.json
View File

@ -1,75 +1,78 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2021-2328"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Text",
"version": {
"version_data": [
{
"version_value": "12.1.0.2",
"version_affected": "="
},
{
"version_value": "12.2.0.1",
"version_affected": "="
},
{
"version_value": "19c",
"version_affected": "="
}
]
}
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2021-2328",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Text",
"version": {
"version_data": [
{
"version_value": "12.1.0.2",
"version_affected": "="
},
{
"version_value": "12.2.0.1",
"version_affected": "="
},
{
"version_value": "19c",
"version_affected": "="
}
]
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Oracle Text component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Easily exploitable vulnerability allows high privileged attacker having Create Any Procedure, Alter Any Table privilege with network access via Oracle Net to compromise Oracle Text. Successful attacks of this vulnerability can result in takeover of Oracle Text. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)."
}
]
},
"impact": {
"cvss": {
"baseScore": "7.2",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows high privileged attacker having Create Any Procedure, Alter Any Table privilege with network access via Oracle Net to compromise Oracle Text. Successful attacks of this vulnerability can result in takeover of Oracle Text."
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.oracle.com/security-alerts/cpujul2021.html"
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Oracle Text component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Easily exploitable vulnerability allows high privileged attacker having Create Any Procedure, Alter Any Table privilege with network access via Oracle Net to compromise Oracle Text. Successful attacks of this vulnerability can result in takeover of Oracle Text. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)."
}
]
},
"impact": {
"cvss": {
"baseScore": "7.2",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows high privileged attacker having Create Any Procedure, Alter Any Table privilege with network access via Oracle Net to compromise Oracle Text. Successful attacks of this vulnerability can result in takeover of Oracle Text."
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.oracle.com/security-alerts/cpujul2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpujul2021.html"
}
]
}
}

143
2021/2xxx/CVE-2021-2329.json
View File

@ -1,75 +1,78 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2021-2329"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Database - Enterprise Edition",
"version": {
"version_data": [
{
"version_value": "12.1.0.2",
"version_affected": "="
},
{
"version_value": "12.2.0.1",
"version_affected": "="
},
{
"version_value": "19c",
"version_affected": "="
}
]
}
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2021-2329",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Database - Enterprise Edition",
"version": {
"version_data": [
{
"version_value": "12.1.0.2",
"version_affected": "="
},
{
"version_value": "12.2.0.1",
"version_affected": "="
},
{
"version_value": "19c",
"version_affected": "="
}
]
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Oracle XML DB component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Easily exploitable vulnerability allows high privileged attacker having Create Any Procedure, Create Public Synonym privilege with network access via Oracle Net to compromise Oracle XML DB. Successful attacks of this vulnerability can result in takeover of Oracle XML DB. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)."
}
]
},
"impact": {
"cvss": {
"baseScore": "7.2",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows high privileged attacker having Create Any Procedure, Create Public Synonym privilege with network access via Oracle Net to compromise Oracle XML DB. Successful attacks of this vulnerability can result in takeover of Oracle XML DB."
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.oracle.com/security-alerts/cpujul2021.html"
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Oracle XML DB component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Easily exploitable vulnerability allows high privileged attacker having Create Any Procedure, Create Public Synonym privilege with network access via Oracle Net to compromise Oracle XML DB. Successful attacks of this vulnerability can result in takeover of Oracle XML DB. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)."
}
]
},
"impact": {
"cvss": {
"baseScore": "7.2",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows high privileged attacker having Create Any Procedure, Create Public Synonym privilege with network access via Oracle Net to compromise Oracle XML DB. Successful attacks of this vulnerability can result in takeover of Oracle XML DB."
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.oracle.com/security-alerts/cpujul2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpujul2021.html"
}
]
}
}

127
2021/2xxx/CVE-2021-2330.json
View File

@ -1,67 +1,70 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2021-2330"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Database - Enterprise Edition",
"version": {
"version_data": [
{
"version_value": "19c",
"version_affected": "="
}
]
}
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2021-2330",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Database - Enterprise Edition",
"version": {
"version_data": [
{
"version_value": "19c",
"version_affected": "="
}
]
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Core RDBMS component of Oracle Database Server. The supported version that is affected is 19c. Easily exploitable vulnerability allows low privileged attacker having Create Table privilege with network access via Oracle Net to compromise Core RDBMS. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Core RDBMS. CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L)."
}
]
},
"impact": {
"cvss": {
"baseScore": "4.3",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows low privileged attacker having Create Table privilege with network access via Oracle Net to compromise Core RDBMS. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Core RDBMS."
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.oracle.com/security-alerts/cpujul2021.html"
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Core RDBMS component of Oracle Database Server. The supported version that is affected is 19c. Easily exploitable vulnerability allows low privileged attacker having Create Table privilege with network access via Oracle Net to compromise Core RDBMS. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Core RDBMS. CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L)."
}
]
},
"impact": {
"cvss": {
"baseScore": "4.3",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows low privileged attacker having Create Table privilege with network access via Oracle Net to compromise Core RDBMS. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Core RDBMS."
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.oracle.com/security-alerts/cpujul2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpujul2021.html"
}
]
}
}

143
2021/2xxx/CVE-2021-2333.json
View File

@ -1,75 +1,78 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2021-2333"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Database - Enterprise Edition",
"version": {
"version_data": [
{
"version_value": "12.1.0.2",
"version_affected": "="
},
{
"version_value": "12.2.0.1",
"version_affected": "="
},
{
"version_value": "19c",
"version_affected": "="
}
]
}
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2021-2333",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Database - Enterprise Edition",
"version": {
"version_data": [
{
"version_value": "12.1.0.2",
"version_affected": "="
},
{
"version_value": "12.2.0.1",
"version_affected": "="
},
{
"version_value": "19c",
"version_affected": "="
}
]
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Oracle XML DB component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Easily exploitable vulnerability allows high privileged attacker having Alter User privilege with network access via Oracle Net to compromise Oracle XML DB. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle XML DB accessible data. CVSS 3.1 Base Score 4.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N)."
}
]
},
"impact": {
"cvss": {
"baseScore": "4.9",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows high privileged attacker having Alter User privilege with network access via Oracle Net to compromise Oracle XML DB. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle XML DB accessible data."
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.oracle.com/security-alerts/cpujul2021.html"
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Oracle XML DB component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Easily exploitable vulnerability allows high privileged attacker having Alter User privilege with network access via Oracle Net to compromise Oracle XML DB. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle XML DB accessible data. CVSS 3.1 Base Score 4.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N)."
}
]
},
"impact": {
"cvss": {
"baseScore": "4.9",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows high privileged attacker having Alter User privilege with network access via Oracle Net to compromise Oracle XML DB. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle XML DB accessible data."
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.oracle.com/security-alerts/cpujul2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpujul2021.html"
}
]
}
}

127
2021/2xxx/CVE-2021-2448.json
View File

@ -1,67 +1,70 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2021-2448"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Financial Services Crime and Compliance Investigation Hub",
"version": {
"version_data": [
{
"version_value": "20.1.2",
"version_affected": "="
}
]
}
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2021-2448",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Financial Services Crime and Compliance Investigation Hub",
"version": {
"version_data": [
{
"version_value": "20.1.2",
"version_affected": "="
}
]
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Oracle Financial Services Crime and Compliance Investigation Hub product of Oracle Financial Services Applications (component: Reports). The supported version that is affected is 20.1.2. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Financial Services Crime and Compliance Investigation Hub executes to compromise Oracle Financial Services Crime and Compliance Investigation Hub. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Crime and Compliance Investigation Hub, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Crime and Compliance Investigation Hub accessible data as well as unauthorized read access to a subset of Oracle Financial Services Crime and Compliance Investigation Hub accessible data. CVSS 3.1 Base Score 3.7 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N)."
}
]
},
"impact": {
"cvss": {
"baseScore": "3.7",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Financial Services Crime and Compliance Investigation Hub executes to compromise Oracle Financial Services Crime and Compliance Investigation Hub. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Crime and Compliance Investigation Hub, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Crime and Compliance Investigation Hub accessible data as well as unauthorized read access to a subset of Oracle Financial Services Crime and Compliance Investigation Hub accessible data."
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.oracle.com/security-alerts/cpujul2021.html"
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Oracle Financial Services Crime and Compliance Investigation Hub product of Oracle Financial Services Applications (component: Reports). The supported version that is affected is 20.1.2. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Financial Services Crime and Compliance Investigation Hub executes to compromise Oracle Financial Services Crime and Compliance Investigation Hub. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Crime and Compliance Investigation Hub, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Crime and Compliance Investigation Hub accessible data as well as unauthorized read access to a subset of Oracle Financial Services Crime and Compliance Investigation Hub accessible data. CVSS 3.1 Base Score 3.7 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N)."
}
]
},
"impact": {
"cvss": {
"baseScore": "3.7",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Financial Services Crime and Compliance Investigation Hub executes to compromise Oracle Financial Services Crime and Compliance Investigation Hub. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Crime and Compliance Investigation Hub, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Crime and Compliance Investigation Hub accessible data as well as unauthorized read access to a subset of Oracle Financial Services Crime and Compliance Investigation Hub accessible data."
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.oracle.com/security-alerts/cpujul2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpujul2021.html"
}
]
}
}

127
2021/2xxx/CVE-2021-2449.json
View File

@ -1,67 +1,70 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2021-2449"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Outside In Technology",
"version": {
"version_data": [
{
"version_value": "8.5.5",
"version_affected": "="
}
]
}
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2021-2449",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Outside In Technology",
"version": {
"version_data": [
{
"version_value": "8.5.5",
"version_affected": "="
}
]
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.5. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS Base Score depend on the software that uses Outside In Technology. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology, but if data is not received over a network the CVSS score may be lower. CVSS 3.1 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N)."
}
]
},
"impact": {
"cvss": {
"baseScore": "dep",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data."
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.oracle.com/security-alerts/cpujul2021.html"
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.5. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS Base Score depend on the software that uses Outside In Technology. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology, but if data is not received over a network the CVSS score may be lower. CVSS 3.1 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N)."
}
]
},
"impact": {
"cvss": {
"baseScore": "dep",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data."
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.oracle.com/security-alerts/cpujul2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpujul2021.html"
}
]
}
}

127
2021/2xxx/CVE-2021-2450.json
View File

@ -1,67 +1,70 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2021-2450"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Outside In Technology",
"version": {
"version_data": [
{
"version_value": "8.5.5",
"version_affected": "="
}
]
}
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2021-2450",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Outside In Technology",
"version": {
"version_data": [
{
"version_value": "8.5.5",
"version_affected": "="
}
]
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.5. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS Base Score depend on the software that uses Outside In Technology. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology, but if data is not received over a network the CVSS score may be lower. CVSS 3.1 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N)."
}
]
},
"impact": {
"cvss": {
"baseScore": "dep",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data."
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.oracle.com/security-alerts/cpujul2021.html"
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.5. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS Base Score depend on the software that uses Outside In Technology. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology, but if data is not received over a network the CVSS score may be lower. CVSS 3.1 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N)."
}
]
},
"impact": {
"cvss": {
"baseScore": "dep",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data."
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.oracle.com/security-alerts/cpujul2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpujul2021.html"
}
]
}
}

127
2021/2xxx/CVE-2021-2451.json
View File

@ -1,67 +1,70 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2021-2451"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Outside In Technology",
"version": {
"version_data": [
{
"version_value": "8.5.5",
"version_affected": "="
}
]
}
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2021-2451",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Outside In Technology",
"version": {
"version_data": [
{
"version_value": "8.5.5",
"version_affected": "="
}
]
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.5. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS Base Score depend on the software that uses Outside In Technology. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology, but if data is not received over a network the CVSS score may be lower. CVSS 3.1 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N)."
}
]
},
"impact": {
"cvss": {
"baseScore": "dep",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data."
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.oracle.com/security-alerts/cpujul2021.html"
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.5. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS Base Score depend on the software that uses Outside In Technology. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology, but if data is not received over a network the CVSS score may be lower. CVSS 3.1 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N)."
}
]
},
"impact": {
"cvss": {
"baseScore": "dep",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data."
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.oracle.com/security-alerts/cpujul2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpujul2021.html"
}
]
}
}

127
2021/2xxx/CVE-2021-2452.json
View File

@ -1,67 +1,70 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2021-2452"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Outside In Technology",
"version": {
"version_data": [
{
"version_value": "8.5.5",
"version_affected": "="
}
]
}
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2021-2452",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Outside In Technology",
"version": {
"version_data": [
{
"version_value": "8.5.5",
"version_affected": "="
}
]
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.5. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS Base Score depend on the software that uses Outside In Technology. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology, but if data is not received over a network the CVSS score may be lower. CVSS 3.1 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N)."
}
]
},
"impact": {
"cvss": {
"baseScore": "dep",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data."
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.oracle.com/security-alerts/cpujul2021.html"
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.5. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS Base Score depend on the software that uses Outside In Technology. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology, but if data is not received over a network the CVSS score may be lower. CVSS 3.1 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N)."
}
]
},
"impact": {
"cvss": {
"baseScore": "dep",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data."
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.oracle.com/security-alerts/cpujul2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpujul2021.html"
}
]
}
}

127
2021/2xxx/CVE-2021-2453.json
View File

@ -1,67 +1,70 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2021-2453"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Outside In Technology",
"version": {
"version_data": [
{
"version_value": "8.5.5",
"version_affected": "="
}
]
}
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2021-2453",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Outside In Technology",
"version": {
"version_data": [
{
"version_value": "8.5.5",
"version_affected": "="
}
]
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.5. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS Base Score depend on the software that uses Outside In Technology. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology, but if data is not received over a network the CVSS score may be lower. CVSS 3.1 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N)."
}
]
},
"impact": {
"cvss": {
"baseScore": "dep",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data."
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.oracle.com/security-alerts/cpujul2021.html"
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.5. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS Base Score depend on the software that uses Outside In Technology. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology, but if data is not received over a network the CVSS score may be lower. CVSS 3.1 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N)."
}
]
},
"impact": {
"cvss": {
"baseScore": "dep",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data."
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.oracle.com/security-alerts/cpujul2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpujul2021.html"
}
]
}
}

127
2021/2xxx/CVE-2021-2454.json
View File

@ -1,67 +1,70 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2021-2454"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VM VirtualBox",
"version": {
"version_data": [
{
"version_value": "6.1.24",
"version_affected": "<"
}
]
}
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2021-2454",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VM VirtualBox",
"version": {
"version_data": [
{
"version_value": "6.1.24",
"version_affected": "<"
}
]
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.24. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)."
}
]
},
"impact": {
"cvss": {
"baseScore": "7.0",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox."
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.oracle.com/security-alerts/cpujul2021.html"
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.24. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)."
}
]
},
"impact": {
"cvss": {
"baseScore": "7.0",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox."
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.oracle.com/security-alerts/cpujul2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpujul2021.html"
}
]
}
}

127
2021/2xxx/CVE-2021-2455.json
View File

@ -1,67 +1,70 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2021-2455"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PeopleSoft Enterprise HCM Shared Components",
"version": {
"version_data": [
{
"version_value": "9.2",
"version_affected": "="
}
]
}
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2021-2455",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PeopleSoft Enterprise HCM Shared Components",
"version": {
"version_data": [
{
"version_value": "9.2",
"version_affected": "="
}
]
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the PeopleSoft Enterprise HCM Shared Components product of Oracle PeopleSoft (component: Person Search). The supported version that is affected is 9.2. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise HCM Shared Components. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all PeopleSoft Enterprise HCM Shared Components accessible data as well as unauthorized access to critical data or complete access to all PeopleSoft Enterprise HCM Shared Components accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N)."
}
]
},
"impact": {
"cvss": {
"baseScore": "6.5",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise HCM Shared Components. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all PeopleSoft Enterprise HCM Shared Components accessible data as well as unauthorized access to critical data or complete access to all PeopleSoft Enterprise HCM Shared Components accessible data."
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.oracle.com/security-alerts/cpujul2021.html"
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the PeopleSoft Enterprise HCM Shared Components product of Oracle PeopleSoft (component: Person Search). The supported version that is affected is 9.2. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise HCM Shared Components. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all PeopleSoft Enterprise HCM Shared Components accessible data as well as unauthorized access to critical data or complete access to all PeopleSoft Enterprise HCM Shared Components accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N)."
}
]
},
"impact": {
"cvss": {
"baseScore": "6.5",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise HCM Shared Components. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all PeopleSoft Enterprise HCM Shared Components accessible data as well as unauthorized access to critical data or complete access to all PeopleSoft Enterprise HCM Shared Components accessible data."
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.oracle.com/security-alerts/cpujul2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpujul2021.html"
}
]
}
}

127
2021/2xxx/CVE-2021-2456.json
View File

@ -1,67 +1,70 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2021-2456"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Business Intelligence Enterprise Edition",
"version": {
"version_data": [
{
"version_value": "12.2.1.4.0",
"version_affected": "="
}
]
}
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2021-2456",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Business Intelligence Enterprise Edition",
"version": {
"version_data": [
{
"version_value": "12.2.1.4.0",
"version_affected": "="
}
]
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Web General). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in takeover of Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)."
}
]
},
"impact": {
"cvss": {
"baseScore": "9.8",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in takeover of Oracle Business Intelligence Enterprise Edition."
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.oracle.com/security-alerts/cpujul2021.html"
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Web General). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in takeover of Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)."
}
]
},
"impact": {
"cvss": {
"baseScore": "9.8",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in takeover of Oracle Business Intelligence Enterprise Edition."
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.oracle.com/security-alerts/cpujul2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpujul2021.html"
}
]
}
}

127
2021/2xxx/CVE-2021-2457.json
View File

@ -1,67 +1,70 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2021-2457"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Identity Manager",
"version": {
"version_data": [
{
"version_value": "11.1.2.3.0",
"version_affected": "="
}
]
}
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2021-2457",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Identity Manager",
"version": {
"version_data": [
{
"version_value": "11.1.2.3.0",
"version_affected": "="
}
]
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: Request Management & Workflow). The supported version that is affected is 11.1.2.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Identity Manager. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Identity Manager accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)."
}
]
},
"impact": {
"cvss": {
"baseScore": "5.3",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Identity Manager. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Identity Manager accessible data."
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.oracle.com/security-alerts/cpujul2021.html"
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: Request Management & Workflow). The supported version that is affected is 11.1.2.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Identity Manager. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Identity Manager accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)."
}
]
},
"impact": {
"cvss": {
"baseScore": "5.3",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Identity Manager. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Identity Manager accessible data."
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.oracle.com/security-alerts/cpujul2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpujul2021.html"
}
]
}
}

151
2021/2xxx/CVE-2021-2458.json
View File

@ -1,79 +1,82 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2021-2458"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Identity Manager",
"version": {
"version_data": [
{
"version_value": "11.1.2.2.0",
"version_affected": "="
},
{
"version_value": "11.1.2.3.0",
"version_affected": "="
},
{
"version_value": "12.2.1.3.0",
"version_affected": "="
},
{
"version_value": "12.2.1.4.0",
"version_affected": "="
}
]
}
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2021-2458",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Identity Manager",
"version": {
"version_data": [
{
"version_value": "11.1.2.2.0",
"version_affected": "="
},
{
"version_value": "11.1.2.3.0",
"version_affected": "="
},
{
"version_value": "12.2.1.3.0",
"version_affected": "="
},
{
"version_value": "12.2.1.4.0",
"version_affected": "="
}
]
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: Identity Console). Supported versions that are affected are 11.1.2.2.0, 11.1.2.3.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Identity Manager. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Identity Manager, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Identity Manager accessible data as well as unauthorized update, insert or delete access to some of Identity Manager accessible data. CVSS 3.1 Base Score 7.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N)."
}
]
},
"impact": {
"cvss": {
"baseScore": "7.6",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Identity Manager. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Identity Manager, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Identity Manager accessible data as well as unauthorized update, insert or delete access to some of Identity Manager accessible data."
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.oracle.com/security-alerts/cpujul2021.html"
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: Identity Console). Supported versions that are affected are 11.1.2.2.0, 11.1.2.3.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Identity Manager. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Identity Manager, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Identity Manager accessible data as well as unauthorized update, insert or delete access to some of Identity Manager accessible data. CVSS 3.1 Base Score 7.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N)."
}
]
},
"impact": {
"cvss": {
"baseScore": "7.6",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Identity Manager. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Identity Manager, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Identity Manager accessible data as well as unauthorized update, insert or delete access to some of Identity Manager accessible data."
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.oracle.com/security-alerts/cpujul2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpujul2021.html"
}
]
}
}

127
2021/2xxx/CVE-2021-2460.json
View File

@ -1,67 +1,70 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2021-2460"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Application Express (APEX)",
"version": {
"version_data": [
{
"version_value": "21.1.0.00.04",
"version_affected": "<"
}
]
}
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2021-2460",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Application Express (APEX)",
"version": {
"version_data": [
{
"version_value": "21.1.0.00.04",
"version_affected": "<"
}
]
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Oracle Application Express Data Reporter component of Oracle Database Server. The supported version that is affected is Prior to 21.1.0.00.04. Easily exploitable vulnerability allows low privileged attacker having Valid User Account privilege with network access via HTTP to compromise Oracle Application Express Data Reporter. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Application Express Data Reporter, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Express Data Reporter accessible data as well as unauthorized read access to a subset of Oracle Application Express Data Reporter accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)."
}
]
},
"impact": {
"cvss": {
"baseScore": "5.4",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows low privileged attacker having Valid User Account privilege with network access via HTTP to compromise Oracle Application Express Data Reporter. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Application Express Data Reporter, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Express Data Reporter accessible data as well as unauthorized read access to a subset of Oracle Application Express Data Reporter accessible data."
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.oracle.com/security-alerts/cpujul2021.html"
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Oracle Application Express Data Reporter component of Oracle Database Server. The supported version that is affected is Prior to 21.1.0.00.04. Easily exploitable vulnerability allows low privileged attacker having Valid User Account privilege with network access via HTTP to compromise Oracle Application Express Data Reporter. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Application Express Data Reporter, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Express Data Reporter accessible data as well as unauthorized read access to a subset of Oracle Application Express Data Reporter accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)."
}
]
},
"impact": {
"cvss": {
"baseScore": "5.4",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows low privileged attacker having Valid User Account privilege with network access via HTTP to compromise Oracle Application Express Data Reporter. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Application Express Data Reporter, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Express Data Reporter accessible data as well as unauthorized read access to a subset of Oracle Application Express Data Reporter accessible data."
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.oracle.com/security-alerts/cpujul2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpujul2021.html"
}
]
}
}

151
2021/2xxx/CVE-2021-2462.json
View File

@ -1,79 +1,82 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2021-2462"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Commerce Service Center",
"version": {
"version_data": [
{
"version_value": "11.0.0",
"version_affected": "="
},
{
"version_value": "11.1.0",
"version_affected": "="
},
{
"version_value": "11.2.0",
"version_affected": "="
},
{
"version_value": "11.3.0-11.3.2",
"version_affected": "="
}
]
}
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2021-2462",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Commerce Service Center",
"version": {
"version_data": [
{
"version_value": "11.0.0",
"version_affected": "="
},
{
"version_value": "11.1.0",
"version_affected": "="
},
{
"version_value": "11.2.0",
"version_affected": "="
},
{
"version_value": "11.3.0-11.3.2",
"version_affected": "="
}
]
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Oracle Commerce Service Center product of Oracle Commerce (component: Commerce Service Center). Supported versions that are affected are 11.0.0, 11.1.0, 11.2.0 and 11.3.0-11.3.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Service Center. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Commerce Service Center, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Commerce Service Center accessible data as well as unauthorized read access to a subset of Oracle Commerce Service Center accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)."
}
]
},
"impact": {
"cvss": {
"baseScore": "6.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Service Center. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Commerce Service Center, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Commerce Service Center accessible data as well as unauthorized read access to a subset of Oracle Commerce Service Center accessible data."
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.oracle.com/security-alerts/cpujul2021.html"
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Oracle Commerce Service Center product of Oracle Commerce (component: Commerce Service Center). Supported versions that are affected are 11.0.0, 11.1.0, 11.2.0 and 11.3.0-11.3.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Service Center. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Commerce Service Center, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Commerce Service Center accessible data as well as unauthorized read access to a subset of Oracle Commerce Service Center accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)."
}
]
},
"impact": {
"cvss": {
"baseScore": "6.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Service Center. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Commerce Service Center, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Commerce Service Center accessible data as well as unauthorized read access to a subset of Oracle Commerce Service Center accessible data."
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.oracle.com/security-alerts/cpujul2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpujul2021.html"
}
]
}
}

151
2021/2xxx/CVE-2021-2463.json
View File

@ -1,79 +1,82 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2021-2463"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Commerce Platform",
"version": {
"version_data": [
{
"version_value": "11.0.0",
"version_affected": "="
},
{
"version_value": "11.1.0",
"version_affected": "="
},
{
"version_value": "11.2.0",
"version_affected": "="
},
{
"version_value": "11.3.0-11.3.2",
"version_affected": "="
}
]
}
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2021-2463",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Commerce Platform",
"version": {
"version_data": [
{
"version_value": "11.0.0",
"version_affected": "="
},
{
"version_value": "11.1.0",
"version_affected": "="
},
{
"version_value": "11.2.0",
"version_affected": "="
},
{
"version_value": "11.3.0-11.3.2",
"version_affected": "="
}
]
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Oracle Commerce Platform product of Oracle Commerce (component: Dynamo Application Framework). Supported versions that are affected are 11.0.0, 11.1.0, 11.2.0 and 11.3.0-11.3.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Platform. Successful attacks of this vulnerability can result in takeover of Oracle Commerce Platform. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)."
}
]
},
"impact": {
"cvss": {
"baseScore": "9.8",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Platform. Successful attacks of this vulnerability can result in takeover of Oracle Commerce Platform."
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.oracle.com/security-alerts/cpujul2021.html"
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Oracle Commerce Platform product of Oracle Commerce (component: Dynamo Application Framework). Supported versions that are affected are 11.0.0, 11.1.0, 11.2.0 and 11.3.0-11.3.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Platform. Successful attacks of this vulnerability can result in takeover of Oracle Commerce Platform. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)."
}
]
},
"impact": {
"cvss": {
"baseScore": "9.8",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Platform. Successful attacks of this vulnerability can result in takeover of Oracle Commerce Platform."
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.oracle.com/security-alerts/cpujul2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpujul2021.html"
}
]
}
}

2
2021/32xxx/CVE-2021-32751.json
View File

@ -35,7 +35,7 @@
"description_data": [
{
"lang": "eng",
"value": "Gradle is a build tool with a focus on build automation. In versions prior to 7.2, start scripts generated by the `application` plugin and the `gradlew` script are both vulnerable to arbitrary code execution when an attacker is able to change environment variables for the user running the script. This may impact those who use `gradlew` on Unix-like systems or use the scripts generated by Gradle in thieir application on Unix-like systems. For this vulnerability to be exploitable, an attacker needs to be able to set the value of particular environment variables and have those environment variables be seen by the vulnerable scripts. This issue has been patched in Gradle 7.2 by removing the use of `eval` and requiring the use of the `bash` shell.\n\nThere are a few workarounds available. For CI/CD systems using the Gradle build tool, one may ensure that untrusted users are unable to change environment variables for the user that executes `gradlew`. If one is unable to upgrade to Gradle 7.2, one may generate a new `gradlew` script with Gradle 7.2 and use it for older versions of Gradle. Fpplications using start scripts generated by Gradle, one may ensure that untrusted users are unable to change environment variables for the user that executes the start script. A vulnerable start script could be manually patched to remove the use of `eval` or the use of environment variables that affect the application's command-line. If the application is simple enough, one may be able to avoid the use of the start scripts by running the application directly with Java command."
"value": "Gradle is a build tool with a focus on build automation. In versions prior to 7.2, start scripts generated by the `application` plugin and the `gradlew` script are both vulnerable to arbitrary code execution when an attacker is able to change environment variables for the user running the script. This may impact those who use `gradlew` on Unix-like systems or use the scripts generated by Gradle in thieir application on Unix-like systems. For this vulnerability to be exploitable, an attacker needs to be able to set the value of particular environment variables and have those environment variables be seen by the vulnerable scripts. This issue has been patched in Gradle 7.2 by removing the use of `eval` and requiring the use of the `bash` shell. There are a few workarounds available. For CI/CD systems using the Gradle build tool, one may ensure that untrusted users are unable to change environment variables for the user that executes `gradlew`. If one is unable to upgrade to Gradle 7.2, one may generate a new `gradlew` script with Gradle 7.2 and use it for older versions of Gradle. Fpplications using start scripts generated by Gradle, one may ensure that untrusted users are unable to change environment variables for the user that executes the start script. A vulnerable start script could be manually patched to remove the use of `eval` or the use of environment variables that affect the application's command-line. If the application is simple enough, one may be able to avoid the use of the start scripts by running the application directly with Java command."
}
]
},