Application Express
CVEs (46)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-2513 | Med | 0.35 | 5.4 | 0.01 | Jul 15, 2020 | Vulnerability in the Oracle Application Express component of Oracle Database Server. Supported versions that are affected are 5.1-19.2. Easily exploitable vulnerability allows low privileged attacker having SQL Workshop privilege with network access via HTTP to compromise Oracle… | ||
| CVE-2019-2484 | Med | 0.35 | 5.4 | 0.01 | Jul 23, 2019 | Vulnerability in the Application Express component of Oracle Database Server. Supported versions that are affected are 5.1 and 18.2. Easily exploitable vulnerability allows low privileged attacker having Valid Account privilege with network access via HTTP to compromise… | ||
| CVE-2016-7103 | Med | 0.34 | 6.1 | 0.23 | Mar 15, 2017 | Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function. | ||
| CVE-2020-2977 | Med | 0.30 | 4.6 | 0.01 | Jul 15, 2020 | Vulnerability in the Oracle Application Express component of Oracle Database Server. Supported versions that are affected are 5.1-19.2. Easily exploitable vulnerability allows low privileged attacker having Valid User Account privilege with network access via HTTP to compromise… | ||
| CVE-2020-2514 | Med | 0.30 | 4.6 | 0.01 | Apr 15, 2020 | Vulnerability in the Oracle Application Express component of Oracle Database Server. The supported version that is affected is Prior to 19.2. Easily exploitable vulnerability allows low privileged attacker having End User Role privilege with network access via HTTPS to… | ||
| CVE-2009-0981 | 0.03 | — | 0.05 | Apr 15, 2009 | Unspecified vulnerability in the Application Express component in Oracle Database 11.1.0.7 allows remote authenticated users to affect confidentiality, related to APEX. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on reliable… | |||
| CVE-2025-50067 | 0.00 | — | 0.00 | Jul 15, 2025 | Vulnerability in Oracle Application Express (component: Strategic Planner Starter App). Supported versions that are affected are 24.2.4 and 24.2.5. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Application… | |||
| CVE-2025-21557 | 0.00 | — | 0.00 | Jan 21, 2025 | Vulnerability in Oracle Application Express (component: General). Supported versions that are affected are 23.2 and 24.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Application Express. Successful attacks… | |||
| CVE-2024-21261 | 0.00 | — | 0.00 | Oct 15, 2024 | Vulnerability in Oracle Application Express (component: General). Supported versions that are affected are 23.2 and 24.1. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Application Express. While the… | |||
| CVE-2015-2655 | 0.00 | — | 0.02 | Jul 16, 2015 | Unspecified vulnerability in the Application Express component in Oracle Database Server before 4.2.3.00.08 allows remote authenticated users to affect confidentiality and integrity via unknown vectors. | |||
| CVE-2015-2586 | 0.00 | — | 0.02 | Jul 16, 2015 | Unspecified vulnerability in the Application Express component in Oracle Database Server before 4.2.1 allows remote attackers to affect availability via unknown vectors. | |||
| CVE-2015-2585 | 0.00 | — | 0.01 | Jul 16, 2015 | Unspecified vulnerability in the Application Express component in Oracle Database Server before 5.0 allows remote authenticated users to affect availability via unknown vectors. | |||
| CVE-2014-6483 | 0.00 | — | 0.01 | Oct 15, 2014 | Unspecified vulnerability in the Application Express component in Oracle Database Server before 4.2.6 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. | |||
| CVE-2013-1519 | 0.00 | — | 0.01 | Apr 17, 2013 | Unspecified vulnerability in the Application Express component in Oracle Database Server before 4.2.1 allows remote attackers to affect integrity via unknown vectors. | |||
| CVE-2012-1708 | 0.00 | — | 0.03 | May 3, 2012 | Unspecified vulnerability in the Application Express component in Oracle Database Server 4.0 and 4.1 allows remote attackers to affect integrity via unknown vectors. | |||
| CVE-2011-3525 | 0.00 | — | 0.02 | Oct 18, 2011 | Unspecified vulnerability in the Application Express component in Oracle Database Server 3.2 and 4.0 allows remote authenticated users to affect confidentiality, integrity, and availability, related to APEX developer user. | |||
| CVE-2010-0892 | 0.00 | — | 0.01 | Jul 13, 2010 | Unspecified vulnerability in the Application Express component in Oracle Database Server 3.2.0.00.27 allows remote attackers to affect integrity via unknown vectors. | |||
| CVE-2009-1993 | 0.00 | — | 0.02 | Oct 22, 2009 | Unspecified vulnerability in the Application Express component in Oracle Database 3.0.1 allows remote authenticated users to affect confidentiality and integrity, related to FLOWS_030000.WWV_EXECUTE_IMMEDIATE. | |||
| CVE-2008-4005 | 0.00 | — | 0.01 | Oct 14, 2008 | Unspecified vulnerability in the Oracle Application Express component in Oracle Database 11.1.0.6 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. | |||
| CVE-2008-1822 | 0.00 | — | 0.02 | Apr 16, 2008 | Unspecified vulnerability in the Oracle Application Express component in Oracle Application Express 3.0.1 has unknown impact and remote attack vectors, aka APEX02. |
- risk 0.35cvss 5.4epss 0.01
Vulnerability in the Oracle Application Express component of Oracle Database Server. Supported versions that are affected are 5.1-19.2. Easily exploitable vulnerability allows low privileged attacker having SQL Workshop privilege with network access via HTTP to compromise Oracle…
- risk 0.35cvss 5.4epss 0.01
Vulnerability in the Application Express component of Oracle Database Server. Supported versions that are affected are 5.1 and 18.2. Easily exploitable vulnerability allows low privileged attacker having Valid Account privilege with network access via HTTP to compromise…
- risk 0.34cvss 6.1epss 0.23
Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function.
- risk 0.30cvss 4.6epss 0.01
Vulnerability in the Oracle Application Express component of Oracle Database Server. Supported versions that are affected are 5.1-19.2. Easily exploitable vulnerability allows low privileged attacker having Valid User Account privilege with network access via HTTP to compromise…
- risk 0.30cvss 4.6epss 0.01
Vulnerability in the Oracle Application Express component of Oracle Database Server. The supported version that is affected is Prior to 19.2. Easily exploitable vulnerability allows low privileged attacker having End User Role privilege with network access via HTTPS to…
- CVE-2009-0981Apr 15, 2009risk 0.03cvss —epss 0.05
Unspecified vulnerability in the Application Express component in Oracle Database 11.1.0.7 allows remote authenticated users to affect confidentiality, related to APEX. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on reliable…
- CVE-2025-50067Jul 15, 2025risk 0.00cvss —epss 0.00
Vulnerability in Oracle Application Express (component: Strategic Planner Starter App). Supported versions that are affected are 24.2.4 and 24.2.5. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Application…
- CVE-2025-21557Jan 21, 2025risk 0.00cvss —epss 0.00
Vulnerability in Oracle Application Express (component: General). Supported versions that are affected are 23.2 and 24.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Application Express. Successful attacks…
- CVE-2024-21261Oct 15, 2024risk 0.00cvss —epss 0.00
Vulnerability in Oracle Application Express (component: General). Supported versions that are affected are 23.2 and 24.1. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Application Express. While the…
- CVE-2015-2655Jul 16, 2015risk 0.00cvss —epss 0.02
Unspecified vulnerability in the Application Express component in Oracle Database Server before 4.2.3.00.08 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.
- CVE-2015-2586Jul 16, 2015risk 0.00cvss —epss 0.02
Unspecified vulnerability in the Application Express component in Oracle Database Server before 4.2.1 allows remote attackers to affect availability via unknown vectors.
- CVE-2015-2585Jul 16, 2015risk 0.00cvss —epss 0.01
Unspecified vulnerability in the Application Express component in Oracle Database Server before 5.0 allows remote authenticated users to affect availability via unknown vectors.
- CVE-2014-6483Oct 15, 2014risk 0.00cvss —epss 0.01
Unspecified vulnerability in the Application Express component in Oracle Database Server before 4.2.6 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.
- CVE-2013-1519Apr 17, 2013risk 0.00cvss —epss 0.01
Unspecified vulnerability in the Application Express component in Oracle Database Server before 4.2.1 allows remote attackers to affect integrity via unknown vectors.
- CVE-2012-1708May 3, 2012risk 0.00cvss —epss 0.03
Unspecified vulnerability in the Application Express component in Oracle Database Server 4.0 and 4.1 allows remote attackers to affect integrity via unknown vectors.
- CVE-2011-3525Oct 18, 2011risk 0.00cvss —epss 0.02
Unspecified vulnerability in the Application Express component in Oracle Database Server 3.2 and 4.0 allows remote authenticated users to affect confidentiality, integrity, and availability, related to APEX developer user.
- CVE-2010-0892Jul 13, 2010risk 0.00cvss —epss 0.01
Unspecified vulnerability in the Application Express component in Oracle Database Server 3.2.0.00.27 allows remote attackers to affect integrity via unknown vectors.
- CVE-2009-1993Oct 22, 2009risk 0.00cvss —epss 0.02
Unspecified vulnerability in the Application Express component in Oracle Database 3.0.1 allows remote authenticated users to affect confidentiality and integrity, related to FLOWS_030000.WWV_EXECUTE_IMMEDIATE.
- CVE-2008-4005Oct 14, 2008risk 0.00cvss —epss 0.01
Unspecified vulnerability in the Oracle Application Express component in Oracle Database 11.1.0.6 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.
- CVE-2008-1822Apr 16, 2008risk 0.00cvss —epss 0.02
Unspecified vulnerability in the Oracle Application Express component in Oracle Application Express 3.0.1 has unknown impact and remote attack vectors, aka APEX02.
Page 2 of 3