Configurator
CVEs (22)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-3438 | Hig | 0.53 | 8.2 | 0.02 | Apr 21, 2016 | Unspecified vulnerability in the Oracle Configurator component in Oracle Supply Chain Products Suite 12.0.6, 12.1, and 12.2 allows remote attackers to affect confidentiality and integrity via vectors related to JRAD Heartbeat. NOTE: the previous information is from the April… | ||
| CVE-2025-15440 | Hig | 0.47 | 7.2 | 0.00 | Feb 11, 2026 | The iONE360 configurator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Contact Form Parameters in all versions up to, and including, 2.0.57 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated… | ||
| CVE-2026-34274 | Med | 0.40 | 6.1 | 0.00 | Apr 21, 2026 | Vulnerability in the Oracle Configurator product of Oracle E-Business Suite (component: User Interface). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle… | ||
| CVE-2025-61884 | 0.22 | — | 0.98 | KEV | Oct 12, 2025 | Vulnerability in the Oracle Configurator product of Oracle E-Business Suite (component: Runtime UI). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle… | ||
| CVE-2021-20587 | 0.01 | — | 0.04 | Feb 19, 2021 | Heap-based buffer overflow vulnerability in Mitsubishi Electric FA Engineering Software (CPU Module Logging Configuration Tool versions 1.112R and prior, CW Configurator versions 1.011M and prior, Data Transfer versions 3.44W and prior, EZSocket versions 5.4 and prior, FR… | |||
| CVE-2026-21972 | 0.00 | — | 0.00 | Jan 20, 2026 | Vulnerability in the Oracle Configurator product of Oracle E-Business Suite (component: User Interface). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle… | |||
| CVE-2025-30728 | 0.00 | — | 0.00 | Apr 15, 2025 | Vulnerability in the Oracle Configurator product of Oracle E-Business Suite (component: Core). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle… | |||
| CVE-2025-30720 | 0.00 | — | 0.00 | Apr 15, 2025 | Vulnerability in the Oracle Configurator product of Oracle E-Business Suite (component: Orders). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle… | |||
| CVE-2022-0556 | 0.00 | — | 0.00 | Apr 11, 2022 | A local privilege escalation vulnerability caused by incorrect permission assignment in some directories of the Zyxel AP Configurator (ZAC) version 1.1.4, which could allow an attacker to execute arbitrary code as a local administrator. | |||
| CVE-2022-21255 | 0.00 | — | 0.01 | Jan 19, 2022 | Vulnerability in the Oracle Configurator product of Oracle E-Business Suite (component: UI Servlet). Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle… | |||
| CVE-2021-2080 | 0.00 | — | 0.01 | Jan 20, 2021 | Vulnerability in the Oracle Configurator product of Oracle Supply Chain (component: UI Servlet). Supported versions that are affected are 12.1 and 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle… | |||
| CVE-2021-2079 | 0.00 | — | 0.01 | Jan 20, 2021 | Vulnerability in the Oracle Configurator product of Oracle Supply Chain (component: UI Servlet). Supported versions that are affected are 12.1 and 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle… | |||
| CVE-2021-2078 | 0.00 | — | 0.01 | Jan 20, 2021 | Vulnerability in the Oracle Configurator product of Oracle Supply Chain (component: UI Servlet). Supported versions that are affected are 12.1 and 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle… | |||
| CVE-2020-14669 | 0.00 | — | 0.01 | Jul 15, 2020 | Vulnerability in the Oracle Configurator product of Oracle Supply Chain (component: UI Servlet). Supported versions that are affected are 12.1 and 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle… | |||
| CVE-2020-2865 | 0.00 | — | 0.01 | Apr 15, 2020 | Vulnerability in the Oracle Configurator product of Oracle Supply Chain (component: Installation). Supported versions that are affected are 12.1 and 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle… | |||
| CVE-2019-2567 | 0.00 | — | 0.02 | Apr 23, 2019 | Vulnerability in the Oracle Configurator component of Oracle Supply Chain Products Suite (subcomponent: Active Model Generation). Supported versions that are affected are 12.1 and 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP… | |||
| CVE-2016-0541 | 0.00 | — | 0.02 | Jan 21, 2016 | Unspecified vulnerability in the Oracle Configurator component in Oracle Supply Chain Products Suite 11.5.10.2, 12.1, and 12.2 allows remote attackers to affect confidentiality via unknown vectors related to UI Servlet, a different vulnerability than CVE-2016-0540. | |||
| CVE-2016-0540 | 0.00 | — | 0.02 | Jan 21, 2016 | Unspecified vulnerability in the Oracle Configurator component in Oracle Supply Chain Products Suite 11.5.10.2, 12.1, and 12.2 allows remote attackers to affect confidentiality via unknown vectors related to UI Servlet, a different vulnerability than CVE-2016-0541. | |||
| CVE-2015-4848 | 0.00 | — | 0.02 | Oct 21, 2015 | Unspecified vulnerability in the Oracle Configurator component in Oracle Supply Chain Products Suite 12.0.6, 12.1.3, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality via unknown vectors related to Integration with Peoplesoft. | |||
| CVE-2015-4847 | 0.00 | — | 0.02 | Oct 21, 2015 | Unspecified vulnerability in the Oracle Configurator component in Oracle Supply Chain Products Suite 12.0.6, 12.1.3, 12.2.3, and 12.2.4 allows remote attackers to affect integrity via vectors related to OCI. |
- risk 0.53cvss 8.2epss 0.02
Unspecified vulnerability in the Oracle Configurator component in Oracle Supply Chain Products Suite 12.0.6, 12.1, and 12.2 allows remote attackers to affect confidentiality and integrity via vectors related to JRAD Heartbeat. NOTE: the previous information is from the April…
- risk 0.47cvss 7.2epss 0.00
The iONE360 configurator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Contact Form Parameters in all versions up to, and including, 2.0.57 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated…
- risk 0.40cvss 6.1epss 0.00
Vulnerability in the Oracle Configurator product of Oracle E-Business Suite (component: User Interface). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle…
- risk 0.22cvss —epss 0.98
Vulnerability in the Oracle Configurator product of Oracle E-Business Suite (component: Runtime UI). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle…
- CVE-2021-20587Feb 19, 2021risk 0.01cvss —epss 0.04
Heap-based buffer overflow vulnerability in Mitsubishi Electric FA Engineering Software (CPU Module Logging Configuration Tool versions 1.112R and prior, CW Configurator versions 1.011M and prior, Data Transfer versions 3.44W and prior, EZSocket versions 5.4 and prior, FR…
- CVE-2026-21972Jan 20, 2026risk 0.00cvss —epss 0.00
Vulnerability in the Oracle Configurator product of Oracle E-Business Suite (component: User Interface). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle…
- CVE-2025-30728Apr 15, 2025risk 0.00cvss —epss 0.00
Vulnerability in the Oracle Configurator product of Oracle E-Business Suite (component: Core). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle…
- CVE-2025-30720Apr 15, 2025risk 0.00cvss —epss 0.00
Vulnerability in the Oracle Configurator product of Oracle E-Business Suite (component: Orders). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle…
- CVE-2022-0556Apr 11, 2022risk 0.00cvss —epss 0.00
A local privilege escalation vulnerability caused by incorrect permission assignment in some directories of the Zyxel AP Configurator (ZAC) version 1.1.4, which could allow an attacker to execute arbitrary code as a local administrator.
- CVE-2022-21255Jan 19, 2022risk 0.00cvss —epss 0.01
Vulnerability in the Oracle Configurator product of Oracle E-Business Suite (component: UI Servlet). Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle…
- CVE-2021-2080Jan 20, 2021risk 0.00cvss —epss 0.01
Vulnerability in the Oracle Configurator product of Oracle Supply Chain (component: UI Servlet). Supported versions that are affected are 12.1 and 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle…
- CVE-2021-2079Jan 20, 2021risk 0.00cvss —epss 0.01
Vulnerability in the Oracle Configurator product of Oracle Supply Chain (component: UI Servlet). Supported versions that are affected are 12.1 and 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle…
- CVE-2021-2078Jan 20, 2021risk 0.00cvss —epss 0.01
Vulnerability in the Oracle Configurator product of Oracle Supply Chain (component: UI Servlet). Supported versions that are affected are 12.1 and 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle…
- CVE-2020-14669Jul 15, 2020risk 0.00cvss —epss 0.01
Vulnerability in the Oracle Configurator product of Oracle Supply Chain (component: UI Servlet). Supported versions that are affected are 12.1 and 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle…
- CVE-2020-2865Apr 15, 2020risk 0.00cvss —epss 0.01
Vulnerability in the Oracle Configurator product of Oracle Supply Chain (component: Installation). Supported versions that are affected are 12.1 and 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle…
- CVE-2019-2567Apr 23, 2019risk 0.00cvss —epss 0.02
Vulnerability in the Oracle Configurator component of Oracle Supply Chain Products Suite (subcomponent: Active Model Generation). Supported versions that are affected are 12.1 and 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP…
- CVE-2016-0541Jan 21, 2016risk 0.00cvss —epss 0.02
Unspecified vulnerability in the Oracle Configurator component in Oracle Supply Chain Products Suite 11.5.10.2, 12.1, and 12.2 allows remote attackers to affect confidentiality via unknown vectors related to UI Servlet, a different vulnerability than CVE-2016-0540.
- CVE-2016-0540Jan 21, 2016risk 0.00cvss —epss 0.02
Unspecified vulnerability in the Oracle Configurator component in Oracle Supply Chain Products Suite 11.5.10.2, 12.1, and 12.2 allows remote attackers to affect confidentiality via unknown vectors related to UI Servlet, a different vulnerability than CVE-2016-0541.
- CVE-2015-4848Oct 21, 2015risk 0.00cvss —epss 0.02
Unspecified vulnerability in the Oracle Configurator component in Oracle Supply Chain Products Suite 12.0.6, 12.1.3, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality via unknown vectors related to Integration with Peoplesoft.
- CVE-2015-4847Oct 21, 2015risk 0.00cvss —epss 0.02
Unspecified vulnerability in the Oracle Configurator component in Oracle Supply Chain Products Suite 12.0.6, 12.1.3, 12.2.3, and 12.2.4 allows remote attackers to affect integrity via vectors related to OCI.
Page 1 of 2