Application Object Library
CVEs (16)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-10246 | Hig | 0.57 | 8.2 | 0.13 | Aug 8, 2017 | Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: iHelp). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Application Object Library accessible data as well as unauthorized update, insert or delete access to some of Oracle Application Object Library accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N). | |
| CVE-2017-10177 | Hig | 0.53 | 8.1 | 0.01 | Aug 8, 2017 | Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Flexfields). The supported version that is affected is 12.2.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Application Object Library accessible data as well as unauthorized access to critical data or complete access to all Oracle Application Object Library accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). | |
| CVE-2017-10328 | Hig | 0.49 | 7.5 | 0.02 | Oct 19, 2017 | Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Diagnostics). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Application Object Library accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). | |
| CVE-2017-3246 | Med | 0.39 | 6.0 | 0.00 | Jan 27, 2017 | Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Patching). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Application Object Library executes to compromise Oracle Application Object Library. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Application Object Library accessible data as well as unauthorized access to critical data or complete access to all Oracle Application Object Library accessible data. CVSS v3.0 Base Score 6.0 (Confidentiality and Integrity impacts). | |
| CVE-2016-0697 | Med | 0.39 | 6.0 | 0.00 | Apr 21, 2016 | Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows local users to affect confidentiality and integrity via unknown vectors. | |
| CVE-2017-10331 | Med | 0.34 | 5.3 | 0.00 | Oct 19, 2017 | Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Diagnostics). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Application Object Library accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). | |
| CVE-2017-10244 | Med | 0.34 | 5.3 | 0.01 | Aug 8, 2017 | Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Attachments). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Application Object Library accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). | |
| CVE-2017-3556 | Med | 0.34 | 5.3 | 0.01 | Apr 24, 2017 | Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: File Management). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Application Object Library accessible data. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). | |
| CVE-2016-3434 | Med | 0.31 | 4.7 | 0.00 | Apr 21, 2016 | Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect integrity via vectors related to Logout. | |
| CVE-2016-0589 | 0.00 | — | 0.00 | Jan 21, 2016 | Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect confidentiality and integrity via unknown vectors. | ||
| CVE-2016-0586 | 0.00 | — | 0.00 | Jan 21, 2016 | Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect integrity via unknown vectors related to iHelp. | ||
| CVE-2016-0585 | 0.00 | — | 0.01 | Jan 21, 2016 | Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect availability via vectors related to ICX Error. | ||
| CVE-2016-0576 | 0.00 | — | 0.00 | Jan 21, 2016 | Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect confidentiality and integrity via vectors related to ICX LOVs. | ||
| CVE-2016-0520 | 0.00 | — | 0.00 | Jan 21, 2016 | Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect integrity via vectors related to Java APIs. | ||
| CVE-2008-2586 | 0.00 | — | 0.00 | Jul 15, 2008 | Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.0.4 has unknown impact and remote authenticated attack vectors, a different vulnerability than CVE-2008-2606. | ||
| CVE-2008-2606 | 0.00 | — | 0.01 | Jul 15, 2008 | Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.0.4 has unknown impact and remote authenticated attack vectors, a different vulnerability than CVE-2008-2586. |
- risk 0.57cvss 8.2epss 0.13
Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: iHelp). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Application Object Library accessible data as well as unauthorized update, insert or delete access to some of Oracle Application Object Library accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N).
- risk 0.53cvss 8.1epss 0.01
Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Flexfields). The supported version that is affected is 12.2.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Application Object Library accessible data as well as unauthorized access to critical data or complete access to all Oracle Application Object Library accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).
- risk 0.49cvss 7.5epss 0.02
Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Diagnostics). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Application Object Library accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
- risk 0.39cvss 6.0epss 0.00
Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Patching). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Application Object Library executes to compromise Oracle Application Object Library. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Application Object Library accessible data as well as unauthorized access to critical data or complete access to all Oracle Application Object Library accessible data. CVSS v3.0 Base Score 6.0 (Confidentiality and Integrity impacts).
- risk 0.39cvss 6.0epss 0.00
Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows local users to affect confidentiality and integrity via unknown vectors.
- risk 0.34cvss 5.3epss 0.00
Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Diagnostics). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Application Object Library accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).
- risk 0.34cvss 5.3epss 0.01
Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Attachments). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Application Object Library accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).
- risk 0.34cvss 5.3epss 0.01
Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: File Management). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Application Object Library accessible data. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).
- risk 0.31cvss 4.7epss 0.00
Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect integrity via vectors related to Logout.
- CVE-2016-0589Jan 21, 2016risk 0.00cvss —epss 0.00
Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect confidentiality and integrity via unknown vectors.
- CVE-2016-0586Jan 21, 2016risk 0.00cvss —epss 0.00
Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect integrity via unknown vectors related to iHelp.
- CVE-2016-0585Jan 21, 2016risk 0.00cvss —epss 0.01
Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect availability via vectors related to ICX Error.
- CVE-2016-0576Jan 21, 2016risk 0.00cvss —epss 0.00
Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect confidentiality and integrity via vectors related to ICX LOVs.
- CVE-2016-0520Jan 21, 2016risk 0.00cvss —epss 0.00
Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect integrity via vectors related to Java APIs.
- CVE-2008-2586Jul 15, 2008risk 0.00cvss —epss 0.00
Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.0.4 has unknown impact and remote authenticated attack vectors, a different vulnerability than CVE-2008-2606.
- CVE-2008-2606Jul 15, 2008risk 0.00cvss —epss 0.01
Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.0.4 has unknown impact and remote authenticated attack vectors, a different vulnerability than CVE-2008-2586.