Vulnerabilidades en Oracle Corporation

5160 resultados
Análisis Vexday

Com 5.160 CVEs catalogadas e 376 surgidas apenas nos últimos 90 dias, o portfólio de vulnerabilidades da Oracle Corporation reflete a amplitude e complexidade de seu ecossistema de produtos. A taxa de exploração ativa — 26 entradas no CISA KEV, representando 0,5% do total — está em linha com a média geral do catálogo, mas o EPSS máximo observado de 1,0 indica que ao menos uma vulnerabilidade concentra probabilidade praticamente certa de exploração: CVE-2020-14882, uma falha ativa com EPSS de 1,0 que deve ser tratada como prioridade absoluta em qualquer ambiente Oracle. O tipo de falha mais recorrente, CWE-284 (controle de acesso impróprio), associado às 254 vulnerabilidades críticas e 74 com prova de conceito pública, sugere que superfícies de exposição relacionadas a autorização e gerenciamento de permissões merecem atenção redobrada nas avaliações de risco e nos ciclos de patching.

CVE-2017-10244Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Attachments). Supported versions EPSS 2.0%CVE-2020-14897MEDIUMVulnerability in the Oracle FLEXCUBE Direct Banking product of Oracle Financial Services Applications (component: Pre Login). Supported versEPSS 2.0%CVE-2018-3189Vulnerability in the Oracle Customer Interaction History component of Oracle E-Business Suite (subcomponent: Outcome-Result). Supported versEPSS 2.0%CVE-2020-14641MEDIUMVulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Roles). Supported versions that are affected are 8.0EPSS 2.0%CVE-2021-35574HIGHVulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported versionEPSS 2.0%CVE-2017-3625Vulnerability in the Oracle WebCenter Content component of Oracle Fusion Middleware (subcomponent: Content Server). Supported versions that EPSS 2.0%CVE-2018-2848Vulnerability in the Oracle Hospitality Simphony First Edition component of Oracle Hospitality Applications (subcomponent: Client ApplicatioEPSS 2.0%CVE-2022-21253MEDIUMVulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.27 anEPSS 2.0%CVE-2018-2855Vulnerability in the Oracle Financial Services Basel Regulatory Capital Basic component of Oracle Financial Services Applications (subcomponEPSS 2.0%CVE-2019-2905Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Installation). SupporteEPSS 2.0%CVE-2018-2561Vulnerability in the Oracle HTTP Server component of Oracle Fusion Middleware (subcomponent: Web Listener). Supported versions that are affeEPSS 2.0%CVE-2018-2916Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: API frameworks). The sEPSS 2.0%CVE-2018-3141Vulnerability in the Hyperion Essbase Administration Services component of Oracle Hyperion (subcomponent: EAS Console). The supported versioEPSS 2.0%CVE-2018-2624Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: User Interface). The sEPSS 2.0%CVE-2020-2915CRITICALVulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Caching, CacheStore, Invocation). Supported versions tEPSS 2.0%CVE-2018-2649Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Infrastructure). SEPSS 2.0%CVE-2017-3602Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). Supported versions that are aEPSS 2.0%CVE-2020-2956HIGHVulnerability in the Oracle Human Resources product of Oracle E-Business Suite (component: Hierarchy Diagrammers). Supported versions that aEPSS 2.0%CVE-2020-14553MEDIUMVulnerability in the MySQL Server product of Oracle MySQL (component: Server: Pluggable Auth). Supported versions that are affected are 5.7.EPSS 2.0%CVE-2017-3541Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Server). Supported versions that are affectEPSS 2.0%