From c98436fb0ac263ce794342bdc025eaa51dd490a1 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 22 Apr 2021 22:01:23 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2021/2xxx/CVE-2021-2224.json | 127 +++++++++++++++-------------- 2021/2xxx/CVE-2021-2225.json | 127 +++++++++++++++-------------- 2021/2xxx/CVE-2021-2226.json | 135 ++++++++++++++++--------------- 2021/2xxx/CVE-2021-2227.json | 127 +++++++++++++++-------------- 2021/2xxx/CVE-2021-2228.json | 135 ++++++++++++++++--------------- 2021/2xxx/CVE-2021-2229.json | 127 +++++++++++++++-------------- 2021/2xxx/CVE-2021-2230.json | 127 +++++++++++++++-------------- 2021/2xxx/CVE-2021-2231.json | 127 +++++++++++++++-------------- 2021/2xxx/CVE-2021-2232.json | 127 +++++++++++++++-------------- 2021/2xxx/CVE-2021-2233.json | 135 ++++++++++++++++--------------- 2021/2xxx/CVE-2021-2234.json | 151 ++++++++++++++++++----------------- 2021/2xxx/CVE-2021-2235.json | 127 +++++++++++++++-------------- 2021/2xxx/CVE-2021-2236.json | 127 +++++++++++++++-------------- 2021/2xxx/CVE-2021-2237.json | 127 +++++++++++++++-------------- 2021/2xxx/CVE-2021-2238.json | 127 +++++++++++++++-------------- 2021/2xxx/CVE-2021-2239.json | 135 ++++++++++++++++--------------- 2021/2xxx/CVE-2021-2240.json | 127 +++++++++++++++-------------- 2021/2xxx/CVE-2021-2241.json | 127 +++++++++++++++-------------- 2021/2xxx/CVE-2021-2242.json | 127 +++++++++++++++-------------- 2021/2xxx/CVE-2021-2244.json | 135 ++++++++++++++++--------------- 2021/2xxx/CVE-2021-2245.json | 135 ++++++++++++++++--------------- 2021/2xxx/CVE-2021-2246.json | 127 +++++++++++++++-------------- 2021/2xxx/CVE-2021-2247.json | 135 ++++++++++++++++--------------- 2021/2xxx/CVE-2021-2248.json | 127 +++++++++++++++-------------- 2021/2xxx/CVE-2021-2249.json | 135 ++++++++++++++++--------------- 2021/2xxx/CVE-2021-2250.json | 127 +++++++++++++++-------------- 2021/2xxx/CVE-2021-2251.json | 135 ++++++++++++++++--------------- 2021/2xxx/CVE-2021-2252.json | 127 +++++++++++++++-------------- 2021/2xxx/CVE-2021-2253.json | 135 ++++++++++++++++--------------- 2021/2xxx/CVE-2021-2254.json | 127 +++++++++++++++-------------- 2021/2xxx/CVE-2021-2255.json | 127 +++++++++++++++-------------- 2021/2xxx/CVE-2021-2256.json | 127 +++++++++++++++-------------- 2021/2xxx/CVE-2021-2257.json | 127 +++++++++++++++-------------- 2021/2xxx/CVE-2021-2258.json | 135 ++++++++++++++++--------------- 2021/2xxx/CVE-2021-2259.json | 135 ++++++++++++++++--------------- 2021/2xxx/CVE-2021-2260.json | 127 +++++++++++++++-------------- 2021/2xxx/CVE-2021-2261.json | 135 ++++++++++++++++--------------- 2021/2xxx/CVE-2021-2262.json | 127 +++++++++++++++-------------- 2021/2xxx/CVE-2021-2263.json | 127 +++++++++++++++-------------- 2021/2xxx/CVE-2021-2264.json | 127 +++++++++++++++-------------- 2021/2xxx/CVE-2021-2266.json | 127 +++++++++++++++-------------- 2021/2xxx/CVE-2021-2267.json | 127 +++++++++++++++-------------- 2021/2xxx/CVE-2021-2268.json | 127 +++++++++++++++-------------- 2021/2xxx/CVE-2021-2269.json | 127 +++++++++++++++-------------- 2021/2xxx/CVE-2021-2270.json | 127 +++++++++++++++-------------- 2021/2xxx/CVE-2021-2271.json | 135 ++++++++++++++++--------------- 2021/2xxx/CVE-2021-2272.json | 127 +++++++++++++++-------------- 2021/2xxx/CVE-2021-2273.json | 127 +++++++++++++++-------------- 2021/2xxx/CVE-2021-2274.json | 135 ++++++++++++++++--------------- 2021/2xxx/CVE-2021-2275.json | 135 ++++++++++++++++--------------- 50 files changed, 3326 insertions(+), 3176 deletions(-) diff --git a/2021/2xxx/CVE-2021-2224.json b/2021/2xxx/CVE-2021-2224.json index b9c6c47e89c..1fd8e4e8f00 100644 --- a/2021/2xxx/CVE-2021-2224.json +++ b/2021/2xxx/CVE-2021-2224.json @@ -1,67 +1,70 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2021-2224" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Compensation Workbench", - "version": { - "version_data": [ - { - "version_value": "12.1.1-12.1.3", - "version_affected": "=" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2021-2224", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Compensation Workbench", + "version": { + "version_data": [ + { + "version_value": "12.1.1-12.1.3", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the Oracle Compensation Workbench product of Oracle E-Business Suite (component: Compensation Workbench). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Compensation Workbench. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Compensation Workbench accessible data as well as unauthorized access to critical data or complete access to all Oracle Compensation Workbench accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "8.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Compensation Workbench. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Compensation Workbench accessible data as well as unauthorized access to critical data or complete access to all Oracle Compensation Workbench accessible data." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Compensation Workbench product of Oracle E-Business Suite (component: Compensation Workbench). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Compensation Workbench. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Compensation Workbench accessible data as well as unauthorized access to critical data or complete access to all Oracle Compensation Workbench accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "8.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Compensation Workbench. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Compensation Workbench accessible data as well as unauthorized access to critical data or complete access to all Oracle Compensation Workbench accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] } +} \ No newline at end of file diff --git a/2021/2xxx/CVE-2021-2225.json b/2021/2xxx/CVE-2021-2225.json index 041a8682e26..26fa3824009 100644 --- a/2021/2xxx/CVE-2021-2225.json +++ b/2021/2xxx/CVE-2021-2225.json @@ -1,67 +1,70 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2021-2225" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "E-Business Intelligence", - "version": { - "version_data": [ - { - "version_value": "12.1.1-12.1.3", - "version_affected": "=" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2021-2225", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "E-Business Intelligence", + "version": { + "version_data": [ + { + "version_value": "12.1.1-12.1.3", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the Oracle E-Business Intelligence product of Oracle E-Business Suite (component: DBI Setups). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle E-Business Intelligence. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle E-Business Intelligence accessible data as well as unauthorized access to critical data or complete access to all Oracle E-Business Intelligence accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "8.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle E-Business Intelligence. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle E-Business Intelligence accessible data as well as unauthorized access to critical data or complete access to all Oracle E-Business Intelligence accessible data." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle E-Business Intelligence product of Oracle E-Business Suite (component: DBI Setups). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle E-Business Intelligence. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle E-Business Intelligence accessible data as well as unauthorized access to critical data or complete access to all Oracle E-Business Intelligence accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "8.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle E-Business Intelligence. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle E-Business Intelligence accessible data as well as unauthorized access to critical data or complete access to all Oracle E-Business Intelligence accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] } +} \ No newline at end of file diff --git a/2021/2xxx/CVE-2021-2226.json b/2021/2xxx/CVE-2021-2226.json index a4dd0f88fd4..a8201a5a080 100644 --- a/2021/2xxx/CVE-2021-2226.json +++ b/2021/2xxx/CVE-2021-2226.json @@ -1,71 +1,74 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2021-2226" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "MySQL Server", - "version": { - "version_data": [ - { - "version_value": "5.7.33 and prior", - "version_affected": "=" - }, - { - "version_value": "8.0.23 and prior", - "version_affected": "=" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2021-2226", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_value": "5.7.33 and prior", + "version_affected": "=" + }, + { + "version_value": "8.0.23 and prior", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.1 Base Score 4.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "4.9", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.1 Base Score 4.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "4.9", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] } +} \ No newline at end of file diff --git a/2021/2xxx/CVE-2021-2227.json b/2021/2xxx/CVE-2021-2227.json index 58e0749b1e8..6e8e414a0ac 100644 --- a/2021/2xxx/CVE-2021-2227.json +++ b/2021/2xxx/CVE-2021-2227.json @@ -1,67 +1,70 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2021-2227" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Cash Management", - "version": { - "version_data": [ - { - "version_value": "12.1.1-12.1.3", - "version_affected": "=" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2021-2227", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cash Management", + "version": { + "version_data": [ + { + "version_value": "12.1.1-12.1.3", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the Oracle Cash Management product of Oracle E-Business Suite (component: Bank Account Transfer). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Cash Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Cash Management accessible data as well as unauthorized access to critical data or complete access to all Oracle Cash Management accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "8.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Cash Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Cash Management accessible data as well as unauthorized access to critical data or complete access to all Oracle Cash Management accessible data." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Cash Management product of Oracle E-Business Suite (component: Bank Account Transfer). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Cash Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Cash Management accessible data as well as unauthorized access to critical data or complete access to all Oracle Cash Management accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "8.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Cash Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Cash Management accessible data as well as unauthorized access to critical data or complete access to all Oracle Cash Management accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] } +} \ No newline at end of file diff --git a/2021/2xxx/CVE-2021-2228.json b/2021/2xxx/CVE-2021-2228.json index d0ba1539c03..b70d7f2a5ed 100644 --- a/2021/2xxx/CVE-2021-2228.json +++ b/2021/2xxx/CVE-2021-2228.json @@ -1,71 +1,74 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2021-2228" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Incentive Compensation", - "version": { - "version_data": [ - { - "version_value": "12.1.3", - "version_affected": "=" - }, - { - "version_value": "12.2.3-12.2.10", - "version_affected": "=" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2021-2228", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Incentive Compensation", + "version": { + "version_data": [ + { + "version_value": "12.1.3", + "version_affected": "=" + }, + { + "version_value": "12.2.3-12.2.10", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the Oracle Incentive Compensation product of Oracle E-Business Suite (component: User Interface). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Incentive Compensation. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Incentive Compensation accessible data as well as unauthorized access to critical data or complete access to all Oracle Incentive Compensation accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "8.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Incentive Compensation. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Incentive Compensation accessible data as well as unauthorized access to critical data or complete access to all Oracle Incentive Compensation accessible data." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Incentive Compensation product of Oracle E-Business Suite (component: User Interface). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Incentive Compensation. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Incentive Compensation accessible data as well as unauthorized access to critical data or complete access to all Oracle Incentive Compensation accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "8.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Incentive Compensation. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Incentive Compensation accessible data as well as unauthorized access to critical data or complete access to all Oracle Incentive Compensation accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] } +} \ No newline at end of file diff --git a/2021/2xxx/CVE-2021-2229.json b/2021/2xxx/CVE-2021-2229.json index 04d121cc882..9fd2b0df0a2 100644 --- a/2021/2xxx/CVE-2021-2229.json +++ b/2021/2xxx/CVE-2021-2229.json @@ -1,67 +1,70 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2021-2229" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Depot Repair", - "version": { - "version_data": [ - { - "version_value": "12.1.1-12.1.3", - "version_affected": "=" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2021-2229", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Depot Repair", + "version": { + "version_data": [ + { + "version_value": "12.1.1-12.1.3", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the Oracle Depot Repair product of Oracle E-Business Suite (component: LOVs). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Depot Repair. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Depot Repair accessible data as well as unauthorized access to critical data or complete access to all Oracle Depot Repair accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "8.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Depot Repair. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Depot Repair accessible data as well as unauthorized access to critical data or complete access to all Oracle Depot Repair accessible data." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Depot Repair product of Oracle E-Business Suite (component: LOVs). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Depot Repair. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Depot Repair accessible data as well as unauthorized access to critical data or complete access to all Oracle Depot Repair accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "8.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Depot Repair. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Depot Repair accessible data as well as unauthorized access to critical data or complete access to all Oracle Depot Repair accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] } +} \ No newline at end of file diff --git a/2021/2xxx/CVE-2021-2230.json b/2021/2xxx/CVE-2021-2230.json index f188e322f65..e95caae31dc 100644 --- a/2021/2xxx/CVE-2021-2230.json +++ b/2021/2xxx/CVE-2021-2230.json @@ -1,67 +1,70 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2021-2230" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "MySQL Server", - "version": { - "version_data": [ - { - "version_value": "8.0.23 and prior", - "version_affected": "=" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2021-2230", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_value": "8.0.23 and prior", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "4.9", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "4.9", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] } +} \ No newline at end of file diff --git a/2021/2xxx/CVE-2021-2231.json b/2021/2xxx/CVE-2021-2231.json index 3e47b41c615..7f5717076bc 100644 --- a/2021/2xxx/CVE-2021-2231.json +++ b/2021/2xxx/CVE-2021-2231.json @@ -1,67 +1,70 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2021-2231" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Installed Base", - "version": { - "version_data": [ - { - "version_value": "12.1.3", - "version_affected": "=" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2021-2231", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Installed Base", + "version": { + "version_data": [ + { + "version_value": "12.1.3", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite (component: APIs). The supported version that is affected is 12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Installed Base. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Installed Base accessible data as well as unauthorized access to critical data or complete access to all Oracle Installed Base accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "8.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Installed Base. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Installed Base accessible data as well as unauthorized access to critical data or complete access to all Oracle Installed Base accessible data." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite (component: APIs). The supported version that is affected is 12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Installed Base. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Installed Base accessible data as well as unauthorized access to critical data or complete access to all Oracle Installed Base accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "8.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Installed Base. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Installed Base accessible data as well as unauthorized access to critical data or complete access to all Oracle Installed Base accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] } +} \ No newline at end of file diff --git a/2021/2xxx/CVE-2021-2232.json b/2021/2xxx/CVE-2021-2232.json index 3173593d25e..ccd243e562d 100644 --- a/2021/2xxx/CVE-2021-2232.json +++ b/2021/2xxx/CVE-2021-2232.json @@ -1,67 +1,70 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2021-2232" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "MySQL Server", - "version": { - "version_data": [ - { - "version_value": "8.0.23 and prior", - "version_affected": "=" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2021-2232", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_value": "8.0.23 and prior", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin). Supported versions that are affected are 8.0.23 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 1.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "1.9", - "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin). Supported versions that are affected are 8.0.23 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 1.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "1.9", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] } +} \ No newline at end of file diff --git a/2021/2xxx/CVE-2021-2233.json b/2021/2xxx/CVE-2021-2233.json index 44c1dc0258d..b2f7cc06504 100644 --- a/2021/2xxx/CVE-2021-2233.json +++ b/2021/2xxx/CVE-2021-2233.json @@ -1,71 +1,74 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2021-2233" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Enterprise Asset Management", - "version": { - "version_data": [ - { - "version_value": "12.1.1-12.1.3", - "version_affected": "=" - }, - { - "version_value": "12.2.3-12.2.10", - "version_affected": "=" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2021-2233", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Enterprise Asset Management", + "version": { + "version_data": [ + { + "version_value": "12.1.1-12.1.3", + "version_affected": "=" + }, + { + "version_value": "12.2.3-12.2.10", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the Oracle Enterprise Asset Management product of Oracle E-Business Suite (component: Setup). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Enterprise Asset Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Enterprise Asset Management accessible data as well as unauthorized access to critical data or complete access to all Oracle Enterprise Asset Management accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "8.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Enterprise Asset Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Enterprise Asset Management accessible data as well as unauthorized access to critical data or complete access to all Oracle Enterprise Asset Management accessible data." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Enterprise Asset Management product of Oracle E-Business Suite (component: Setup). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Enterprise Asset Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Enterprise Asset Management accessible data as well as unauthorized access to critical data or complete access to all Oracle Enterprise Asset Management accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "8.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Enterprise Asset Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Enterprise Asset Management accessible data as well as unauthorized access to critical data or complete access to all Oracle Enterprise Asset Management accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] } +} \ No newline at end of file diff --git a/2021/2xxx/CVE-2021-2234.json b/2021/2xxx/CVE-2021-2234.json index 1d721a3ff0e..3210a8cccf9 100644 --- a/2021/2xxx/CVE-2021-2234.json +++ b/2021/2xxx/CVE-2021-2234.json @@ -1,79 +1,82 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2021-2234" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Database - Enterprise Edition", - "version": { - "version_data": [ - { - "version_value": "12.1.0.2", - "version_affected": "=" - }, - { - "version_value": "12.2.0.1", - "version_affected": "=" - }, - { - "version_value": "18c", - "version_affected": "=" - }, - { - "version_value": "19c", - "version_affected": "=" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2021-2234", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Database - Enterprise Edition", + "version": { + "version_data": [ + { + "version_value": "12.1.0.2", + "version_affected": "=" + }, + { + "version_value": "12.2.0.1", + "version_affected": "=" + }, + { + "version_value": "18c", + "version_affected": "=" + }, + { + "version_value": "19c", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows low privileged attacker having Create Session privilege with network access via Oracle Net to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java VM accessible data. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "5.3", - "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Difficult to exploit vulnerability allows low privileged attacker having Create Session privilege with network access via Oracle Net to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java VM accessible data." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows low privileged attacker having Create Session privilege with network access via Oracle Net to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java VM accessible data. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "5.3", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows low privileged attacker having Create Session privilege with network access via Oracle Net to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java VM accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] } +} \ No newline at end of file diff --git a/2021/2xxx/CVE-2021-2235.json b/2021/2xxx/CVE-2021-2235.json index 1593bed5efb..7ed3e1b5072 100644 --- a/2021/2xxx/CVE-2021-2235.json +++ b/2021/2xxx/CVE-2021-2235.json @@ -1,67 +1,70 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2021-2235" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Transportation Execution", - "version": { - "version_data": [ - { - "version_value": "12.1.1-12.1.3", - "version_affected": "=" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2021-2235", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Transportation Execution", + "version": { + "version_data": [ + { + "version_value": "12.1.1-12.1.3", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the Oracle Transportation Execution product of Oracle E-Business Suite (component: Install and Upgrade). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Transportation Execution. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Transportation Execution accessible data as well as unauthorized access to critical data or complete access to all Oracle Transportation Execution accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "8.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Transportation Execution. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Transportation Execution accessible data as well as unauthorized access to critical data or complete access to all Oracle Transportation Execution accessible data." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Transportation Execution product of Oracle E-Business Suite (component: Install and Upgrade). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Transportation Execution. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Transportation Execution accessible data as well as unauthorized access to critical data or complete access to all Oracle Transportation Execution accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "8.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Transportation Execution. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Transportation Execution accessible data as well as unauthorized access to critical data or complete access to all Oracle Transportation Execution accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] } +} \ No newline at end of file diff --git a/2021/2xxx/CVE-2021-2236.json b/2021/2xxx/CVE-2021-2236.json index eac40eeb079..05e40b041f9 100644 --- a/2021/2xxx/CVE-2021-2236.json +++ b/2021/2xxx/CVE-2021-2236.json @@ -1,67 +1,70 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2021-2236" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Financials Common Modules", - "version": { - "version_data": [ - { - "version_value": "12.1.1-12.1.3", - "version_affected": "=" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2021-2236", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Financials Common Modules", + "version": { + "version_data": [ + { + "version_value": "12.1.1-12.1.3", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the Oracle Financials Common Modules product of Oracle E-Business Suite (component: Advanced Global Intercompany). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financials Common Modules. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financials Common Modules accessible data as well as unauthorized access to critical data or complete access to all Oracle Financials Common Modules accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "8.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financials Common Modules. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financials Common Modules accessible data as well as unauthorized access to critical data or complete access to all Oracle Financials Common Modules accessible data." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Financials Common Modules product of Oracle E-Business Suite (component: Advanced Global Intercompany). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financials Common Modules. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financials Common Modules accessible data as well as unauthorized access to critical data or complete access to all Oracle Financials Common Modules accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "8.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financials Common Modules. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financials Common Modules accessible data as well as unauthorized access to critical data or complete access to all Oracle Financials Common Modules accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] } +} \ No newline at end of file diff --git a/2021/2xxx/CVE-2021-2237.json b/2021/2xxx/CVE-2021-2237.json index d4c5f5a455b..29e33b48935 100644 --- a/2021/2xxx/CVE-2021-2237.json +++ b/2021/2xxx/CVE-2021-2237.json @@ -1,67 +1,70 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2021-2237" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "General Ledger", - "version": { - "version_data": [ - { - "version_value": "12.1.1-12.1.3", - "version_affected": "=" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2021-2237", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "General Ledger", + "version": { + "version_data": [ + { + "version_value": "12.1.1-12.1.3", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the Oracle General Ledger product of Oracle E-Business Suite (component: Account Hierarchy Manager). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle General Ledger. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle General Ledger accessible data as well as unauthorized access to critical data or complete access to all Oracle General Ledger accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "8.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle General Ledger. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle General Ledger accessible data as well as unauthorized access to critical data or complete access to all Oracle General Ledger accessible data." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle General Ledger product of Oracle E-Business Suite (component: Account Hierarchy Manager). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle General Ledger. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle General Ledger accessible data as well as unauthorized access to critical data or complete access to all Oracle General Ledger accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "8.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle General Ledger. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle General Ledger accessible data as well as unauthorized access to critical data or complete access to all Oracle General Ledger accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] } +} \ No newline at end of file diff --git a/2021/2xxx/CVE-2021-2238.json b/2021/2xxx/CVE-2021-2238.json index c2cbee2f5a3..aa3a84bee9d 100644 --- a/2021/2xxx/CVE-2021-2238.json +++ b/2021/2xxx/CVE-2021-2238.json @@ -1,67 +1,70 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2021-2238" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "MES for Process Manufacturing", - "version": { - "version_data": [ - { - "version_value": "12.1.3", - "version_affected": "=" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2021-2238", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MES for Process Manufacturing", + "version": { + "version_data": [ + { + "version_value": "12.1.3", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the Oracle MES for Process Manufacturing product of Oracle E-Business Suite (component: Process Operations). The supported version that is affected is 12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle MES for Process Manufacturing. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle MES for Process Manufacturing accessible data as well as unauthorized access to critical data or complete access to all Oracle MES for Process Manufacturing accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "8.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle MES for Process Manufacturing. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle MES for Process Manufacturing accessible data as well as unauthorized access to critical data or complete access to all Oracle MES for Process Manufacturing accessible data." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle MES for Process Manufacturing product of Oracle E-Business Suite (component: Process Operations). The supported version that is affected is 12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle MES for Process Manufacturing. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle MES for Process Manufacturing accessible data as well as unauthorized access to critical data or complete access to all Oracle MES for Process Manufacturing accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "8.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle MES for Process Manufacturing. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle MES for Process Manufacturing accessible data as well as unauthorized access to critical data or complete access to all Oracle MES for Process Manufacturing accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] } +} \ No newline at end of file diff --git a/2021/2xxx/CVE-2021-2239.json b/2021/2xxx/CVE-2021-2239.json index 37cfd23b9f4..9dfd8d503b9 100644 --- a/2021/2xxx/CVE-2021-2239.json +++ b/2021/2xxx/CVE-2021-2239.json @@ -1,71 +1,74 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2021-2239" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Time and Labor", - "version": { - "version_data": [ - { - "version_value": "12.1.1-12.1.3", - "version_affected": "=" - }, - { - "version_value": "12.2.3-12.2.10", - "version_affected": "=" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2021-2239", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Time and Labor", + "version": { + "version_data": [ + { + "version_value": "12.1.1-12.1.3", + "version_affected": "=" + }, + { + "version_value": "12.2.3-12.2.10", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the Oracle Time and Labor product of Oracle E-Business Suite (component: Timecard). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Time and Labor. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Time and Labor accessible data as well as unauthorized access to critical data or complete access to all Oracle Time and Labor accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "8.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Time and Labor. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Time and Labor accessible data as well as unauthorized access to critical data or complete access to all Oracle Time and Labor accessible data." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Time and Labor product of Oracle E-Business Suite (component: Timecard). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Time and Labor. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Time and Labor accessible data as well as unauthorized access to critical data or complete access to all Oracle Time and Labor accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "8.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Time and Labor. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Time and Labor accessible data as well as unauthorized access to critical data or complete access to all Oracle Time and Labor accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] } +} \ No newline at end of file diff --git a/2021/2xxx/CVE-2021-2240.json b/2021/2xxx/CVE-2021-2240.json index 5975d1d8ca6..0715b5fc1e9 100644 --- a/2021/2xxx/CVE-2021-2240.json +++ b/2021/2xxx/CVE-2021-2240.json @@ -1,67 +1,70 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2021-2240" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Outside In Technology", - "version": { - "version_data": [ - { - "version_value": "8.5.5", - "version_affected": "=" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2021-2240", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Outside In Technology", + "version": { + "version_data": [ + { + "version_value": "8.5.5", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS Base Score depend on the software that uses Outside In Technology. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology, but if data is not received over a network the CVSS score may be lower. CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "dep", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS Base Score depend on the software that uses Outside In Technology. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology, but if data is not received over a network the CVSS score may be lower. CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "dep", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] } +} \ No newline at end of file diff --git a/2021/2xxx/CVE-2021-2241.json b/2021/2xxx/CVE-2021-2241.json index 73e0ea00dd8..4d78c63351d 100644 --- a/2021/2xxx/CVE-2021-2241.json +++ b/2021/2xxx/CVE-2021-2241.json @@ -1,67 +1,70 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2021-2241" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "iStore", - "version": { - "version_data": [ - { - "version_value": "12.1.1-12.1.3", - "version_affected": "=" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2021-2241", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "iStore", + "version": { + "version_data": [ + { + "version_value": "12.1.1-12.1.3", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: Shopping Cart). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle iStore. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle iStore accessible data as well as unauthorized access to critical data or complete access to all Oracle iStore accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "8.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle iStore. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle iStore accessible data as well as unauthorized access to critical data or complete access to all Oracle iStore accessible data." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: Shopping Cart). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle iStore. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle iStore accessible data as well as unauthorized access to critical data or complete access to all Oracle iStore accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "8.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle iStore. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle iStore accessible data as well as unauthorized access to critical data or complete access to all Oracle iStore accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] } +} \ No newline at end of file diff --git a/2021/2xxx/CVE-2021-2242.json b/2021/2xxx/CVE-2021-2242.json index 7578c159998..666c4720fec 100644 --- a/2021/2xxx/CVE-2021-2242.json +++ b/2021/2xxx/CVE-2021-2242.json @@ -1,67 +1,70 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2021-2242" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Outside In Technology", - "version": { - "version_data": [ - { - "version_value": "8.5.5", - "version_affected": "=" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2021-2242", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Outside In Technology", + "version": { + "version_data": [ + { + "version_value": "8.5.5", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS Base Score depend on the software that uses Outside In Technology. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology, but if data is not received over a network the CVSS score may be lower. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "dep", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS Base Score depend on the software that uses Outside In Technology. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology, but if data is not received over a network the CVSS score may be lower. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "dep", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] } +} \ No newline at end of file diff --git a/2021/2xxx/CVE-2021-2244.json b/2021/2xxx/CVE-2021-2244.json index d93f79c13a3..a2d3d731f0e 100644 --- a/2021/2xxx/CVE-2021-2244.json +++ b/2021/2xxx/CVE-2021-2244.json @@ -1,71 +1,74 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2021-2244" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Hyperion Analytic Provider Services", - "version": { - "version_data": [ - { - "version_value": "11.1.2.4", - "version_affected": "=" - }, - { - "version_value": "12.2.1.4", - "version_affected": "=" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2021-2244", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Hyperion Analytic Provider Services", + "version": { + "version_data": [ + { + "version_value": "11.1.2.4", + "version_affected": "=" + }, + { + "version_value": "12.2.1.4", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the Hyperion Analytic Provider Services product of Oracle Hyperion (component: JAPI). Supported versions that are affected are 11.1.2.4 and 12.2.1.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Hyperion Analytic Provider Services. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Hyperion Analytic Provider Services, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Hyperion Analytic Provider Services. CVSS 3.1 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "9.6", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Hyperion Analytic Provider Services. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Hyperion Analytic Provider Services, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Hyperion Analytic Provider Services." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Hyperion Analytic Provider Services product of Oracle Hyperion (component: JAPI). Supported versions that are affected are 11.1.2.4 and 12.2.1.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Hyperion Analytic Provider Services. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Hyperion Analytic Provider Services, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Hyperion Analytic Provider Services. CVSS 3.1 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "9.6", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Hyperion Analytic Provider Services. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Hyperion Analytic Provider Services, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Hyperion Analytic Provider Services." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] } +} \ No newline at end of file diff --git a/2021/2xxx/CVE-2021-2245.json b/2021/2xxx/CVE-2021-2245.json index 8dff29bcc8f..9d6fe281b28 100644 --- a/2021/2xxx/CVE-2021-2245.json +++ b/2021/2xxx/CVE-2021-2245.json @@ -1,71 +1,74 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2021-2245" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Database - Enterprise Edition", - "version": { - "version_data": [ - { - "version_value": "18c", - "version_affected": "=" - }, - { - "version_value": "19c", - "version_affected": "=" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2021-2245", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Database - Enterprise Edition", + "version": { + "version_data": [ + { + "version_value": "18c", + "version_affected": "=" + }, + { + "version_value": "19c", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the Oracle Database - Enterprise Edition Unified Audit component of Oracle Database Server. Supported versions that are affected are 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having Create Audit Policy privilege with network access via Oracle Net to compromise Oracle Database - Enterprise Edition Unified Audit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Database - Enterprise Edition Unified Audit accessible data. CVSS 3.1 Base Score 2.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "2.7", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Easily exploitable vulnerability allows high privileged attacker having Create Audit Policy privilege with network access via Oracle Net to compromise Oracle Database - Enterprise Edition Unified Audit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Database - Enterprise Edition Unified Audit accessible data." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Database - Enterprise Edition Unified Audit component of Oracle Database Server. Supported versions that are affected are 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having Create Audit Policy privilege with network access via Oracle Net to compromise Oracle Database - Enterprise Edition Unified Audit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Database - Enterprise Edition Unified Audit accessible data. CVSS 3.1 Base Score 2.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "2.7", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker having Create Audit Policy privilege with network access via Oracle Net to compromise Oracle Database - Enterprise Edition Unified Audit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Database - Enterprise Edition Unified Audit accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] } +} \ No newline at end of file diff --git a/2021/2xxx/CVE-2021-2246.json b/2021/2xxx/CVE-2021-2246.json index 29bb0a2c05c..24c2d3c583e 100644 --- a/2021/2xxx/CVE-2021-2246.json +++ b/2021/2xxx/CVE-2021-2246.json @@ -1,67 +1,70 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2021-2246" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Universal Work Queue", - "version": { - "version_data": [ - { - "version_value": "12.1.1-12.1.3", - "version_affected": "=" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2021-2246", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Universal Work Queue", + "version": { + "version_data": [ + { + "version_value": "12.1.1-12.1.3", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite (component: Work Provider Site Level Administration). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Universal Work Queue. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Universal Work Queue accessible data as well as unauthorized access to critical data or complete access to all Oracle Universal Work Queue accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "8.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Universal Work Queue. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Universal Work Queue accessible data as well as unauthorized access to critical data or complete access to all Oracle Universal Work Queue accessible data." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite (component: Work Provider Site Level Administration). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Universal Work Queue. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Universal Work Queue accessible data as well as unauthorized access to critical data or complete access to all Oracle Universal Work Queue accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "8.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Universal Work Queue. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Universal Work Queue accessible data as well as unauthorized access to critical data or complete access to all Oracle Universal Work Queue accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] } +} \ No newline at end of file diff --git a/2021/2xxx/CVE-2021-2247.json b/2021/2xxx/CVE-2021-2247.json index 6456f1b9574..2ee4b875789 100644 --- a/2021/2xxx/CVE-2021-2247.json +++ b/2021/2xxx/CVE-2021-2247.json @@ -1,71 +1,74 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2021-2247" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Advanced Collections", - "version": { - "version_data": [ - { - "version_value": "12.1.1-12.1.3", - "version_affected": "=" - }, - { - "version_value": "12.2.3-12.2.10", - "version_affected": "=" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2021-2247", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Advanced Collections", + "version": { + "version_data": [ + { + "version_value": "12.1.1-12.1.3", + "version_affected": "=" + }, + { + "version_value": "12.2.3-12.2.10", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the Oracle Advanced Collections product of Oracle E-Business Suite (component: Admin). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Advanced Collections. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Advanced Collections accessible data as well as unauthorized access to critical data or complete access to all Oracle Advanced Collections accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "8.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Advanced Collections. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Advanced Collections accessible data as well as unauthorized access to critical data or complete access to all Oracle Advanced Collections accessible data." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Advanced Collections product of Oracle E-Business Suite (component: Admin). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Advanced Collections. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Advanced Collections accessible data as well as unauthorized access to critical data or complete access to all Oracle Advanced Collections accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "8.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Advanced Collections. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Advanced Collections accessible data as well as unauthorized access to critical data or complete access to all Oracle Advanced Collections accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] } +} \ No newline at end of file diff --git a/2021/2xxx/CVE-2021-2248.json b/2021/2xxx/CVE-2021-2248.json index b18dcb1dc08..62396628872 100644 --- a/2021/2xxx/CVE-2021-2248.json +++ b/2021/2xxx/CVE-2021-2248.json @@ -1,67 +1,70 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2021-2248" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Secure Global Desktop", - "version": { - "version_data": [ - { - "version_value": "5.6", - "version_affected": "=" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2021-2248", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Secure Global Desktop", + "version": { + "version_data": [ + { + "version_value": "5.6", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the Oracle Secure Global Desktop product of Oracle Virtualization (component: Server). The supported version that is affected is 5.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via SKID to compromise Oracle Secure Global Desktop. While the vulnerability is in Oracle Secure Global Desktop, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Secure Global Desktop. CVSS 3.1 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "10.", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via SKID to compromise Oracle Secure Global Desktop. While the vulnerability is in Oracle Secure Global Desktop, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Secure Global Desktop." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Secure Global Desktop product of Oracle Virtualization (component: Server). The supported version that is affected is 5.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via SKID to compromise Oracle Secure Global Desktop. While the vulnerability is in Oracle Secure Global Desktop, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Secure Global Desktop. CVSS 3.1 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "10.", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via SKID to compromise Oracle Secure Global Desktop. While the vulnerability is in Oracle Secure Global Desktop, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Secure Global Desktop." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] } +} \ No newline at end of file diff --git a/2021/2xxx/CVE-2021-2249.json b/2021/2xxx/CVE-2021-2249.json index a1c0b9807cf..b66cf3c8d05 100644 --- a/2021/2xxx/CVE-2021-2249.json +++ b/2021/2xxx/CVE-2021-2249.json @@ -1,71 +1,74 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2021-2249" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Landed Cost Management", - "version": { - "version_data": [ - { - "version_value": "12.1.1-12.1.3", - "version_affected": "=" - }, - { - "version_value": "12.2.3-12.2.10", - "version_affected": "=" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2021-2249", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Landed Cost Management", + "version": { + "version_data": [ + { + "version_value": "12.1.1-12.1.3", + "version_affected": "=" + }, + { + "version_value": "12.2.3-12.2.10", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the Oracle Landed Cost Management product of Oracle E-Business Suite (component: Shipment Workbench). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Landed Cost Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Landed Cost Management accessible data as well as unauthorized access to critical data or complete access to all Oracle Landed Cost Management accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "8.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Landed Cost Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Landed Cost Management accessible data as well as unauthorized access to critical data or complete access to all Oracle Landed Cost Management accessible data." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Landed Cost Management product of Oracle E-Business Suite (component: Shipment Workbench). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Landed Cost Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Landed Cost Management accessible data as well as unauthorized access to critical data or complete access to all Oracle Landed Cost Management accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "8.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Landed Cost Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Landed Cost Management accessible data as well as unauthorized access to critical data or complete access to all Oracle Landed Cost Management accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] } +} \ No newline at end of file diff --git a/2021/2xxx/CVE-2021-2250.json b/2021/2xxx/CVE-2021-2250.json index 5bee7388eaf..fe01de0c48a 100644 --- a/2021/2xxx/CVE-2021-2250.json +++ b/2021/2xxx/CVE-2021-2250.json @@ -1,67 +1,70 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2021-2250" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "VM VirtualBox", - "version": { - "version_data": [ - { - "version_value": "6.1.20", - "version_affected": "<" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2021-2250", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "VM VirtualBox", + "version": { + "version_data": [ + { + "version_value": "6.1.20", + "version_affected": "<" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "8.2", - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "8.2", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] } +} \ No newline at end of file diff --git a/2021/2xxx/CVE-2021-2251.json b/2021/2xxx/CVE-2021-2251.json index 2af27e89b70..f90fdd00f91 100644 --- a/2021/2xxx/CVE-2021-2251.json +++ b/2021/2xxx/CVE-2021-2251.json @@ -1,71 +1,74 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2021-2251" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "CRM Technical Foundation", - "version": { - "version_data": [ - { - "version_value": "12.1.3", - "version_affected": "=" - }, - { - "version_value": "12.2.3-12.2.10", - "version_affected": "=" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2021-2251", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "CRM Technical Foundation", + "version": { + "version_data": [ + { + "version_value": "12.1.3", + "version_affected": "=" + }, + { + "version_value": "12.2.3-12.2.10", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Data Source). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle CRM Technical Foundation. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle CRM Technical Foundation accessible data as well as unauthorized access to critical data or complete access to all Oracle CRM Technical Foundation accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "8.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle CRM Technical Foundation. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle CRM Technical Foundation accessible data as well as unauthorized access to critical data or complete access to all Oracle CRM Technical Foundation accessible data." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Data Source). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle CRM Technical Foundation. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle CRM Technical Foundation accessible data as well as unauthorized access to critical data or complete access to all Oracle CRM Technical Foundation accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "8.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle CRM Technical Foundation. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle CRM Technical Foundation accessible data as well as unauthorized access to critical data or complete access to all Oracle CRM Technical Foundation accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] } +} \ No newline at end of file diff --git a/2021/2xxx/CVE-2021-2252.json b/2021/2xxx/CVE-2021-2252.json index aa8ed170d87..2fa1464ff4c 100644 --- a/2021/2xxx/CVE-2021-2252.json +++ b/2021/2xxx/CVE-2021-2252.json @@ -1,67 +1,70 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2021-2252" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Loans", - "version": { - "version_data": [ - { - "version_value": "12.1.1-12.1.3", - "version_affected": "=" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2021-2252", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Loans", + "version": { + "version_data": [ + { + "version_value": "12.1.1-12.1.3", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the Oracle Loans product of Oracle E-Business Suite (component: Loan Details, Loan Accounting Events). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Loans. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Loans accessible data as well as unauthorized access to critical data or complete access to all Oracle Loans accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "8.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Loans. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Loans accessible data as well as unauthorized access to critical data or complete access to all Oracle Loans accessible data." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Loans product of Oracle E-Business Suite (component: Loan Details, Loan Accounting Events). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Loans. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Loans accessible data as well as unauthorized access to critical data or complete access to all Oracle Loans accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "8.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Loans. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Loans accessible data as well as unauthorized access to critical data or complete access to all Oracle Loans accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] } +} \ No newline at end of file diff --git a/2021/2xxx/CVE-2021-2253.json b/2021/2xxx/CVE-2021-2253.json index 592a55814a3..3edc4a5968b 100644 --- a/2021/2xxx/CVE-2021-2253.json +++ b/2021/2xxx/CVE-2021-2253.json @@ -1,71 +1,74 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2021-2253" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Advanced Supply Chain Planning", - "version": { - "version_data": [ - { - "version_value": "12.1", - "version_affected": "=" - }, - { - "version_value": "12.2", - "version_affected": "=" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2021-2253", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Advanced Supply Chain Planning", + "version": { + "version_data": [ + { + "version_value": "12.1", + "version_affected": "=" + }, + { + "version_value": "12.2", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the Oracle Advanced Supply Chain Planning product of Oracle Supply Chain (component: Core). Supported versions that are affected are 12.1 and 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Advanced Supply Chain Planning. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Advanced Supply Chain Planning accessible data as well as unauthorized access to critical data or complete access to all Oracle Advanced Supply Chain Planning accessible data. CVSS 3.1 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "9.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Advanced Supply Chain Planning. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Advanced Supply Chain Planning accessible data as well as unauthorized access to critical data or complete access to all Oracle Advanced Supply Chain Planning accessible data." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Advanced Supply Chain Planning product of Oracle Supply Chain (component: Core). Supported versions that are affected are 12.1 and 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Advanced Supply Chain Planning. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Advanced Supply Chain Planning accessible data as well as unauthorized access to critical data or complete access to all Oracle Advanced Supply Chain Planning accessible data. CVSS 3.1 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "9.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Advanced Supply Chain Planning. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Advanced Supply Chain Planning accessible data as well as unauthorized access to critical data or complete access to all Oracle Advanced Supply Chain Planning accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] } +} \ No newline at end of file diff --git a/2021/2xxx/CVE-2021-2254.json b/2021/2xxx/CVE-2021-2254.json index 8b209720a4e..6cc1af58a15 100644 --- a/2021/2xxx/CVE-2021-2254.json +++ b/2021/2xxx/CVE-2021-2254.json @@ -1,67 +1,70 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2021-2254" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Project Contracts", - "version": { - "version_data": [ - { - "version_value": "12.1.1-12.1.3", - "version_affected": "=" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2021-2254", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Project Contracts", + "version": { + "version_data": [ + { + "version_value": "12.1.1-12.1.3", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the Oracle Project Contracts product of Oracle E-Business Suite (component: Hold Management). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Project Contracts. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Project Contracts accessible data as well as unauthorized access to critical data or complete access to all Oracle Project Contracts accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "8.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Project Contracts. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Project Contracts accessible data as well as unauthorized access to critical data or complete access to all Oracle Project Contracts accessible data." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Project Contracts product of Oracle E-Business Suite (component: Hold Management). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Project Contracts. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Project Contracts accessible data as well as unauthorized access to critical data or complete access to all Oracle Project Contracts accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "8.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Project Contracts. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Project Contracts accessible data as well as unauthorized access to critical data or complete access to all Oracle Project Contracts accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] } +} \ No newline at end of file diff --git a/2021/2xxx/CVE-2021-2255.json b/2021/2xxx/CVE-2021-2255.json index 32f78f7cfb4..9a2dbec76aa 100644 --- a/2021/2xxx/CVE-2021-2255.json +++ b/2021/2xxx/CVE-2021-2255.json @@ -1,67 +1,70 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2021-2255" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Service Contracts", - "version": { - "version_data": [ - { - "version_value": "12.1.1-12.1.3", - "version_affected": "=" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2021-2255", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Service Contracts", + "version": { + "version_data": [ + { + "version_value": "12.1.1-12.1.3", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the Oracle Service Contracts product of Oracle E-Business Suite (component: Authoring). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Service Contracts. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Service Contracts accessible data as well as unauthorized access to critical data or complete access to all Oracle Service Contracts accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "8.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Service Contracts. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Service Contracts accessible data as well as unauthorized access to critical data or complete access to all Oracle Service Contracts accessible data." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Service Contracts product of Oracle E-Business Suite (component: Authoring). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Service Contracts. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Service Contracts accessible data as well as unauthorized access to critical data or complete access to all Oracle Service Contracts accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "8.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Service Contracts. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Service Contracts accessible data as well as unauthorized access to critical data or complete access to all Oracle Service Contracts accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] } +} \ No newline at end of file diff --git a/2021/2xxx/CVE-2021-2256.json b/2021/2xxx/CVE-2021-2256.json index 936062e580d..c5c7caaecb2 100644 --- a/2021/2xxx/CVE-2021-2256.json +++ b/2021/2xxx/CVE-2021-2256.json @@ -1,67 +1,70 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2021-2256" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Cloud Infrastructure", - "version": { - "version_data": [ - { - "version_value": "16.3.1.4.2", - "version_affected": "<" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2021-2256", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cloud Infrastructure", + "version": { + "version_data": [ + { + "version_value": "16.3.1.4.2", + "version_affected": "<" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the Oracle Storage Cloud Software Appliance product of Oracle Storage Gateway (component: Management Console). The supported version that is affected is Prior to 16.3.1.4.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Storage Cloud Software Appliance. While the vulnerability is in Oracle Storage Cloud Software Appliance, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Storage Cloud Software Appliance. Note: Updating the Oracle Storage Cloud Software Appliance to version 16.3.1.4.2 or later will address these vulnerabilities. Download the latest version of Oracle Storage Cloud Software Appliance from here. Refer to Document 2768897.1 for more details. CVSS 3.1 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "10.", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Storage Cloud Software Appliance. While the vulnerability is in Oracle Storage Cloud Software Appliance, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Storage Cloud Software Appliance." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Storage Cloud Software Appliance product of Oracle Storage Gateway (component: Management Console). The supported version that is affected is Prior to 16.3.1.4.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Storage Cloud Software Appliance. While the vulnerability is in Oracle Storage Cloud Software Appliance, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Storage Cloud Software Appliance. Note: Updating the Oracle Storage Cloud Software Appliance to version 16.3.1.4.2 or later will address these vulnerabilities. Download the latest version of Oracle Storage Cloud Software Appliance from here. Refer to Document 2768897.1 for more details. CVSS 3.1 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "10.", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Storage Cloud Software Appliance. While the vulnerability is in Oracle Storage Cloud Software Appliance, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Storage Cloud Software Appliance." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] } +} \ No newline at end of file diff --git a/2021/2xxx/CVE-2021-2257.json b/2021/2xxx/CVE-2021-2257.json index aadca875db6..2605a989895 100644 --- a/2021/2xxx/CVE-2021-2257.json +++ b/2021/2xxx/CVE-2021-2257.json @@ -1,67 +1,70 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2021-2257" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Cloud Infrastructure", - "version": { - "version_data": [ - { - "version_value": "16.3.1.4.2", - "version_affected": "<" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2021-2257", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cloud Infrastructure", + "version": { + "version_data": [ + { + "version_value": "16.3.1.4.2", + "version_affected": "<" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the Oracle Storage Cloud Software Appliance product of Oracle Storage Gateway (component: Management Console). The supported version that is affected is Prior to 16.3.1.4.2. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Storage Cloud Software Appliance. While the vulnerability is in Oracle Storage Cloud Software Appliance, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Storage Cloud Software Appliance accessible data. Note: Updating the Oracle Storage Cloud Software Appliance to version 16.3.1.4.2 or later will address these vulnerabilities. Download the latest version of Oracle Storage Cloud Software Appliance from here. Refer to Document 2768897.1 for more details. CVSS 3.1 Base Score 4.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "4.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Storage Cloud Software Appliance. While the vulnerability is in Oracle Storage Cloud Software Appliance, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Storage Cloud Software Appliance accessible data." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Storage Cloud Software Appliance product of Oracle Storage Gateway (component: Management Console). The supported version that is affected is Prior to 16.3.1.4.2. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Storage Cloud Software Appliance. While the vulnerability is in Oracle Storage Cloud Software Appliance, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Storage Cloud Software Appliance accessible data. Note: Updating the Oracle Storage Cloud Software Appliance to version 16.3.1.4.2 or later will address these vulnerabilities. Download the latest version of Oracle Storage Cloud Software Appliance from here. Refer to Document 2768897.1 for more details. CVSS 3.1 Base Score 4.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "4.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Storage Cloud Software Appliance. While the vulnerability is in Oracle Storage Cloud Software Appliance, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Storage Cloud Software Appliance accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] } +} \ No newline at end of file diff --git a/2021/2xxx/CVE-2021-2258.json b/2021/2xxx/CVE-2021-2258.json index 6278d0877f4..99cec60d45d 100644 --- a/2021/2xxx/CVE-2021-2258.json +++ b/2021/2xxx/CVE-2021-2258.json @@ -1,71 +1,74 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2021-2258" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Projects", - "version": { - "version_data": [ - { - "version_value": "12.1.1-12.1.3", - "version_affected": "=" - }, - { - "version_value": "12.2.3-12.2.10", - "version_affected": "=" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2021-2258", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Projects", + "version": { + "version_data": [ + { + "version_value": "12.1.1-12.1.3", + "version_affected": "=" + }, + { + "version_value": "12.2.3-12.2.10", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the Oracle Projects product of Oracle E-Business Suite (component: User Interface). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Projects. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Projects accessible data as well as unauthorized access to critical data or complete access to all Oracle Projects accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "8.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Projects. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Projects accessible data as well as unauthorized access to critical data or complete access to all Oracle Projects accessible data." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Projects product of Oracle E-Business Suite (component: User Interface). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Projects. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Projects accessible data as well as unauthorized access to critical data or complete access to all Oracle Projects accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "8.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Projects. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Projects accessible data as well as unauthorized access to critical data or complete access to all Oracle Projects accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] } +} \ No newline at end of file diff --git a/2021/2xxx/CVE-2021-2259.json b/2021/2xxx/CVE-2021-2259.json index 740426730df..8c1c94ad7ce 100644 --- a/2021/2xxx/CVE-2021-2259.json +++ b/2021/2xxx/CVE-2021-2259.json @@ -1,71 +1,74 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2021-2259" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Payroll", - "version": { - "version_data": [ - { - "version_value": "12.1.1-12.1.3", - "version_affected": "=" - }, - { - "version_value": "12.2.3-12.2.10", - "version_affected": "=" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2021-2259", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Payroll", + "version": { + "version_data": [ + { + "version_value": "12.1.1-12.1.3", + "version_affected": "=" + }, + { + "version_value": "12.2.3-12.2.10", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the Oracle Payables product of Oracle E-Business Suite (component: India Localization, Results). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Payables. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Payables accessible data as well as unauthorized access to critical data or complete access to all Oracle Payables accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "8.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Payables. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Payables accessible data as well as unauthorized access to critical data or complete access to all Oracle Payables accessible data." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Payables product of Oracle E-Business Suite (component: India Localization, Results). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Payables. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Payables accessible data as well as unauthorized access to critical data or complete access to all Oracle Payables accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "8.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Payables. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Payables accessible data as well as unauthorized access to critical data or complete access to all Oracle Payables accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] } +} \ No newline at end of file diff --git a/2021/2xxx/CVE-2021-2260.json b/2021/2xxx/CVE-2021-2260.json index 94d03432594..606ef2422f6 100644 --- a/2021/2xxx/CVE-2021-2260.json +++ b/2021/2xxx/CVE-2021-2260.json @@ -1,67 +1,70 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2021-2260" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Human Resources", - "version": { - "version_data": [ - { - "version_value": "12.1.3", - "version_affected": "=" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2021-2260", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Human Resources", + "version": { + "version_data": [ + { + "version_value": "12.1.3", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the Oracle Human Resources product of Oracle E-Business Suite (component: iRecruitment). The supported version that is affected is 12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Human Resources. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Human Resources accessible data as well as unauthorized access to critical data or complete access to all Oracle Human Resources accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "8.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Human Resources. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Human Resources accessible data as well as unauthorized access to critical data or complete access to all Oracle Human Resources accessible data." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Human Resources product of Oracle E-Business Suite (component: iRecruitment). The supported version that is affected is 12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Human Resources. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Human Resources accessible data as well as unauthorized access to critical data or complete access to all Oracle Human Resources accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "8.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Human Resources. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Human Resources accessible data as well as unauthorized access to critical data or complete access to all Oracle Human Resources accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] } +} \ No newline at end of file diff --git a/2021/2xxx/CVE-2021-2261.json b/2021/2xxx/CVE-2021-2261.json index 1e064fe20f0..2b90d1c9dbc 100644 --- a/2021/2xxx/CVE-2021-2261.json +++ b/2021/2xxx/CVE-2021-2261.json @@ -1,71 +1,74 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2021-2261" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Lease and Finance Management", - "version": { - "version_data": [ - { - "version_value": "12.1.1-12.1.3", - "version_affected": "=" - }, - { - "version_value": "12.2.3-12.2.10", - "version_affected": "=" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2021-2261", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Lease and Finance Management", + "version": { + "version_data": [ + { + "version_value": "12.1.1-12.1.3", + "version_affected": "=" + }, + { + "version_value": "12.2.3-12.2.10", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the Oracle Lease and Finance Management product of Oracle E-Business Suite (component: Quotes). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Lease and Finance Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Lease and Finance Management accessible data as well as unauthorized access to critical data or complete access to all Oracle Lease and Finance Management accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "8.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Lease and Finance Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Lease and Finance Management accessible data as well as unauthorized access to critical data or complete access to all Oracle Lease and Finance Management accessible data." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Lease and Finance Management product of Oracle E-Business Suite (component: Quotes). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Lease and Finance Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Lease and Finance Management accessible data as well as unauthorized access to critical data or complete access to all Oracle Lease and Finance Management accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "8.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Lease and Finance Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Lease and Finance Management accessible data as well as unauthorized access to critical data or complete access to all Oracle Lease and Finance Management accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] } +} \ No newline at end of file diff --git a/2021/2xxx/CVE-2021-2262.json b/2021/2xxx/CVE-2021-2262.json index 89cda0049b2..751ef6104df 100644 --- a/2021/2xxx/CVE-2021-2262.json +++ b/2021/2xxx/CVE-2021-2262.json @@ -1,67 +1,70 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2021-2262" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Purchasing", - "version": { - "version_data": [ - { - "version_value": "12.1.3", - "version_affected": "=" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2021-2262", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Purchasing", + "version": { + "version_data": [ + { + "version_value": "12.1.3", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the Oracle Purchasing product of Oracle E-Business Suite (component: Endeca). The supported version that is affected is 12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle Purchasing. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Purchasing accessible data as well as unauthorized access to critical data or complete access to all Oracle Purchasing accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "8.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle Purchasing. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Purchasing accessible data as well as unauthorized access to critical data or complete access to all Oracle Purchasing accessible data." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Purchasing product of Oracle E-Business Suite (component: Endeca). The supported version that is affected is 12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle Purchasing. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Purchasing accessible data as well as unauthorized access to critical data or complete access to all Oracle Purchasing accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "8.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle Purchasing. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Purchasing accessible data as well as unauthorized access to critical data or complete access to all Oracle Purchasing accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] } +} \ No newline at end of file diff --git a/2021/2xxx/CVE-2021-2263.json b/2021/2xxx/CVE-2021-2263.json index 163e3de5723..25030f4a420 100644 --- a/2021/2xxx/CVE-2021-2263.json +++ b/2021/2xxx/CVE-2021-2263.json @@ -1,67 +1,70 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2021-2263" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Sourcing", - "version": { - "version_data": [ - { - "version_value": "12.1.1-12.1.3", - "version_affected": "=" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2021-2263", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Sourcing", + "version": { + "version_data": [ + { + "version_value": "12.1.1-12.1.3", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the Oracle Sourcing product of Oracle E-Business Suite (component: Intelligence, RFx). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Sourcing. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Sourcing accessible data as well as unauthorized access to critical data or complete access to all Oracle Sourcing accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "8.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Sourcing. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Sourcing accessible data as well as unauthorized access to critical data or complete access to all Oracle Sourcing accessible data." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Sourcing product of Oracle E-Business Suite (component: Intelligence, RFx). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Sourcing. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Sourcing accessible data as well as unauthorized access to critical data or complete access to all Oracle Sourcing accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "8.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Sourcing. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Sourcing accessible data as well as unauthorized access to critical data or complete access to all Oracle Sourcing accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] } +} \ No newline at end of file diff --git a/2021/2xxx/CVE-2021-2264.json b/2021/2xxx/CVE-2021-2264.json index 1ebd912ccfd..d353273ab7f 100644 --- a/2021/2xxx/CVE-2021-2264.json +++ b/2021/2xxx/CVE-2021-2264.json @@ -1,67 +1,70 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2021-2264" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "VM VirtualBox", - "version": { - "version_data": [ - { - "version_value": "6.1.20", - "version_affected": "<" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2021-2264", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "VM VirtualBox", + "version": { + "version_data": [ + { + "version_value": "6.1.20", + "version_affected": "<" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data as well as unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 8.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "8.4", - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data as well as unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data as well as unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 8.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "8.4", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data as well as unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] } +} \ No newline at end of file diff --git a/2021/2xxx/CVE-2021-2266.json b/2021/2xxx/CVE-2021-2266.json index bbca3188dcc..adbcc60518b 100644 --- a/2021/2xxx/CVE-2021-2266.json +++ b/2021/2xxx/CVE-2021-2266.json @@ -1,67 +1,70 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2021-2266" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "VM VirtualBox", - "version": { - "version_data": [ - { - "version_value": "6.1.20", - "version_affected": "<" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2021-2266", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "VM VirtualBox", + "version": { + "version_data": [ + { + "version_value": "6.1.20", + "version_affected": "<" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "6.0", - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "6.0", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] } +} \ No newline at end of file diff --git a/2021/2xxx/CVE-2021-2267.json b/2021/2xxx/CVE-2021-2267.json index c3b160756ce..26f95aff673 100644 --- a/2021/2xxx/CVE-2021-2267.json +++ b/2021/2xxx/CVE-2021-2267.json @@ -1,67 +1,70 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2021-2267" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Labor Distribution", - "version": { - "version_data": [ - { - "version_value": "12.1.1-12.1.3", - "version_affected": "=" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2021-2267", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Labor Distribution", + "version": { + "version_data": [ + { + "version_value": "12.1.1-12.1.3", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the Oracle Labor Distribution product of Oracle E-Business Suite (component: User Interface). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Labor Distribution. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Labor Distribution accessible data as well as unauthorized access to critical data or complete access to all Oracle Labor Distribution accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "8.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Labor Distribution. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Labor Distribution accessible data as well as unauthorized access to critical data or complete access to all Oracle Labor Distribution accessible data." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Labor Distribution product of Oracle E-Business Suite (component: User Interface). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Labor Distribution. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Labor Distribution accessible data as well as unauthorized access to critical data or complete access to all Oracle Labor Distribution accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "8.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Labor Distribution. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Labor Distribution accessible data as well as unauthorized access to critical data or complete access to all Oracle Labor Distribution accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] } +} \ No newline at end of file diff --git a/2021/2xxx/CVE-2021-2268.json b/2021/2xxx/CVE-2021-2268.json index 1d1cb4f807a..e12c2108690 100644 --- a/2021/2xxx/CVE-2021-2268.json +++ b/2021/2xxx/CVE-2021-2268.json @@ -1,67 +1,70 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2021-2268" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Quoting", - "version": { - "version_data": [ - { - "version_value": "12.1.1-12.1.3", - "version_affected": "=" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2021-2268", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Quoting", + "version": { + "version_data": [ + { + "version_value": "12.1.1-12.1.3", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the Oracle Quoting product of Oracle E-Business Suite (component: Courseware). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Quoting. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Quoting accessible data as well as unauthorized access to critical data or complete access to all Oracle Quoting accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "8.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Quoting. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Quoting accessible data as well as unauthorized access to critical data or complete access to all Oracle Quoting accessible data." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Quoting product of Oracle E-Business Suite (component: Courseware). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Quoting. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Quoting accessible data as well as unauthorized access to critical data or complete access to all Oracle Quoting accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "8.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Quoting. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Quoting accessible data as well as unauthorized access to critical data or complete access to all Oracle Quoting accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] } +} \ No newline at end of file diff --git a/2021/2xxx/CVE-2021-2269.json b/2021/2xxx/CVE-2021-2269.json index 23466e609ce..ec0cfcabb5b 100644 --- a/2021/2xxx/CVE-2021-2269.json +++ b/2021/2xxx/CVE-2021-2269.json @@ -1,67 +1,70 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2021-2269" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Advanced Pricing", - "version": { - "version_data": [ - { - "version_value": "12.1.3", - "version_affected": "=" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2021-2269", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Advanced Pricing", + "version": { + "version_data": [ + { + "version_value": "12.1.3", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the Oracle Advanced Pricing product of Oracle E-Business Suite (component: Price Book). The supported version that is affected is 12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Advanced Pricing. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Advanced Pricing accessible data as well as unauthorized access to critical data or complete access to all Oracle Advanced Pricing accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "8.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Advanced Pricing. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Advanced Pricing accessible data as well as unauthorized access to critical data or complete access to all Oracle Advanced Pricing accessible data." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Advanced Pricing product of Oracle E-Business Suite (component: Price Book). The supported version that is affected is 12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Advanced Pricing. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Advanced Pricing accessible data as well as unauthorized access to critical data or complete access to all Oracle Advanced Pricing accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "8.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Advanced Pricing. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Advanced Pricing accessible data as well as unauthorized access to critical data or complete access to all Oracle Advanced Pricing accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] } +} \ No newline at end of file diff --git a/2021/2xxx/CVE-2021-2270.json b/2021/2xxx/CVE-2021-2270.json index b5d7a5beb54..9e9ee6dcd1e 100644 --- a/2021/2xxx/CVE-2021-2270.json +++ b/2021/2xxx/CVE-2021-2270.json @@ -1,67 +1,70 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2021-2270" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Site Hub", - "version": { - "version_data": [ - { - "version_value": "12.1.1-12.1.3", - "version_affected": "=" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2021-2270", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Site Hub", + "version": { + "version_data": [ + { + "version_value": "12.1.1-12.1.3", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the Oracle Site Hub product of Oracle E-Business Suite (component: Sites). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Site Hub. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Site Hub accessible data as well as unauthorized access to critical data or complete access to all Oracle Site Hub accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "8.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Site Hub. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Site Hub accessible data as well as unauthorized access to critical data or complete access to all Oracle Site Hub accessible data." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Site Hub product of Oracle E-Business Suite (component: Sites). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Site Hub. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Site Hub accessible data as well as unauthorized access to critical data or complete access to all Oracle Site Hub accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "8.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Site Hub. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Site Hub accessible data as well as unauthorized access to critical data or complete access to all Oracle Site Hub accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] } +} \ No newline at end of file diff --git a/2021/2xxx/CVE-2021-2271.json b/2021/2xxx/CVE-2021-2271.json index 7a0aae20665..267cf10b034 100644 --- a/2021/2xxx/CVE-2021-2271.json +++ b/2021/2xxx/CVE-2021-2271.json @@ -1,71 +1,74 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2021-2271" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Work in Process", - "version": { - "version_data": [ - { - "version_value": "12.1.3", - "version_affected": "=" - }, - { - "version_value": "12.2.3-12.2.8", - "version_affected": "=" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2021-2271", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Work in Process", + "version": { + "version_data": [ + { + "version_value": "12.1.3", + "version_affected": "=" + }, + { + "version_value": "12.2.3-12.2.8", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the Oracle Work in Process product of Oracle E-Business Suite (component: Resource Exceptions). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.8. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Work in Process. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Work in Process accessible data as well as unauthorized access to critical data or complete access to all Oracle Work in Process accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "8.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Work in Process. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Work in Process accessible data as well as unauthorized access to critical data or complete access to all Oracle Work in Process accessible data." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Work in Process product of Oracle E-Business Suite (component: Resource Exceptions). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.8. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Work in Process. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Work in Process accessible data as well as unauthorized access to critical data or complete access to all Oracle Work in Process accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "8.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Work in Process. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Work in Process accessible data as well as unauthorized access to critical data or complete access to all Oracle Work in Process accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] } +} \ No newline at end of file diff --git a/2021/2xxx/CVE-2021-2272.json b/2021/2xxx/CVE-2021-2272.json index 70bfe27010a..0c7dfde80e1 100644 --- a/2021/2xxx/CVE-2021-2272.json +++ b/2021/2xxx/CVE-2021-2272.json @@ -1,67 +1,70 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2021-2272" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Subledger Accounting", - "version": { - "version_data": [ - { - "version_value": "12.1.1-12.1.3", - "version_affected": "=" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2021-2272", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Subledger Accounting", + "version": { + "version_data": [ + { + "version_value": "12.1.1-12.1.3", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the Oracle Subledger Accounting product of Oracle E-Business Suite (component: Inquiries). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Subledger Accounting. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Subledger Accounting accessible data as well as unauthorized access to critical data or complete access to all Oracle Subledger Accounting accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "8.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Subledger Accounting. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Subledger Accounting accessible data as well as unauthorized access to critical data or complete access to all Oracle Subledger Accounting accessible data." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Subledger Accounting product of Oracle E-Business Suite (component: Inquiries). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Subledger Accounting. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Subledger Accounting accessible data as well as unauthorized access to critical data or complete access to all Oracle Subledger Accounting accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "8.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Subledger Accounting. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Subledger Accounting accessible data as well as unauthorized access to critical data or complete access to all Oracle Subledger Accounting accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] } +} \ No newline at end of file diff --git a/2021/2xxx/CVE-2021-2273.json b/2021/2xxx/CVE-2021-2273.json index 0624c3a6aa8..e130f51ab4e 100644 --- a/2021/2xxx/CVE-2021-2273.json +++ b/2021/2xxx/CVE-2021-2273.json @@ -1,67 +1,70 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2021-2273" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Legal Entity Configurator", - "version": { - "version_data": [ - { - "version_value": "12.1.1-12.1.3", - "version_affected": "=" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2021-2273", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Legal Entity Configurator", + "version": { + "version_data": [ + { + "version_value": "12.1.1-12.1.3", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the Oracle Legal Entity Configurator product of Oracle E-Business Suite (component: Create Contracts). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Legal Entity Configurator. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Legal Entity Configurator accessible data as well as unauthorized access to critical data or complete access to all Oracle Legal Entity Configurator accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "8.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Legal Entity Configurator. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Legal Entity Configurator accessible data as well as unauthorized access to critical data or complete access to all Oracle Legal Entity Configurator accessible data." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Legal Entity Configurator product of Oracle E-Business Suite (component: Create Contracts). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Legal Entity Configurator. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Legal Entity Configurator accessible data as well as unauthorized access to critical data or complete access to all Oracle Legal Entity Configurator accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "8.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Legal Entity Configurator. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Legal Entity Configurator accessible data as well as unauthorized access to critical data or complete access to all Oracle Legal Entity Configurator accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] } +} \ No newline at end of file diff --git a/2021/2xxx/CVE-2021-2274.json b/2021/2xxx/CVE-2021-2274.json index dcb87e1a521..9b50012f635 100644 --- a/2021/2xxx/CVE-2021-2274.json +++ b/2021/2xxx/CVE-2021-2274.json @@ -1,71 +1,74 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2021-2274" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "E-Business Tax", - "version": { - "version_data": [ - { - "version_value": "12.1.1-12.1.3", - "version_affected": "=" - }, - { - "version_value": "12.2.3-12.2.10", - "version_affected": "=" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2021-2274", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "E-Business Tax", + "version": { + "version_data": [ + { + "version_value": "12.1.1-12.1.3", + "version_affected": "=" + }, + { + "version_value": "12.2.3-12.2.10", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the Oracle E-Business Tax product of Oracle E-Business Suite (component: User Interface). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle E-Business Tax. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle E-Business Tax accessible data as well as unauthorized access to critical data or complete access to all Oracle E-Business Tax accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "8.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle E-Business Tax. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle E-Business Tax accessible data as well as unauthorized access to critical data or complete access to all Oracle E-Business Tax accessible data." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle E-Business Tax product of Oracle E-Business Suite (component: User Interface). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle E-Business Tax. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle E-Business Tax accessible data as well as unauthorized access to critical data or complete access to all Oracle E-Business Tax accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "8.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle E-Business Tax. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle E-Business Tax accessible data as well as unauthorized access to critical data or complete access to all Oracle E-Business Tax accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] } +} \ No newline at end of file diff --git a/2021/2xxx/CVE-2021-2275.json b/2021/2xxx/CVE-2021-2275.json index b5e4ada2fbe..a0d378d1576 100644 --- a/2021/2xxx/CVE-2021-2275.json +++ b/2021/2xxx/CVE-2021-2275.json @@ -1,71 +1,74 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2021-2275" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Applications Manager", - "version": { - "version_data": [ - { - "version_value": "12.1.3", - "version_affected": "=" - }, - { - "version_value": "12.2.3-12.2.10", - "version_affected": "=" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2021-2275", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Applications Manager", + "version": { + "version_data": [ + { + "version_value": "12.1.3", + "version_affected": "=" + }, + { + "version_value": "12.2.3-12.2.10", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the Oracle Applications Manager product of Oracle E-Business Suite (component: View Reports). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Applications Manager. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Applications Manager accessible data as well as unauthorized access to critical data or complete access to all Oracle Applications Manager accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "6.5", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Applications Manager. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Applications Manager accessible data as well as unauthorized access to critical data or complete access to all Oracle Applications Manager accessible data." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Applications Manager product of Oracle E-Business Suite (component: View Reports). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Applications Manager. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Applications Manager accessible data as well as unauthorized access to critical data or complete access to all Oracle Applications Manager accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "6.5", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Applications Manager. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Applications Manager accessible data as well as unauthorized access to critical data or complete access to all Oracle Applications Manager accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] } +} \ No newline at end of file