CVE Daily
← All tags

Tag: Unauthenticated/Unauthorized Access

All CVEs associated with "Unauthenticated/Unauthorized Access". Page 118/128 • 15319 CVEs.

Subscribe CVEs: RSS for “Unauthenticated/Unauthorized Access”  ·  RSS (High+Critical only)

About “Unauthenticated/Unauthorized Access”

A curated feed of “Unauthenticated/Unauthorized Access”-related CVEs appears below. We currently track 15319 CVEs for this tag (all time). In the last 365 days, 3827 were published. Average CVSS is 7.4 (all time; 7.4 over 365d), and 61% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-862 - Missing Authorization, CWE-306 - Missing Authentication for Critical Function, CWE-639 - Authorization Bypass Through User-Controlled Key.

In our taxonomy this topic maps to a HIGH impact class. Vendor advisories and release notes are key. Verify compatibility matrices, prefer supported long term versions, and stage rollouts with monitoring. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2017-04-24
Low

CVE-2016-5551

Vulnerability in the Solaris Cluster component of Oracle Sun Systems Products Suite (subcomponent: NAS device addition). The supported version that is affected is 4.3. Easily "exploitable" vulnerabil…

CVSS: 2.8 CWE: CWE-284 - Improper Access Control View on NVD
High

CVE-2017-2332

An insufficient authentication vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a malicious, network based, unauthenticated attacker…

CVSS: 8.8 CWE: CWE-287 - Improper Authentication View on NVD
High

CVE-2017-2331

A firewall bypass vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a network-based malicious attacker to bypass firewall policies, le…

CVSS: 7.3 CWE: N/A View on NVD
High

CVE-2017-2319

A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a malicious attacker to compromise the systems confidentiality or integrity withou…

CVSS: 8.3 CWE: CWE-287 - Improper Authentication View on NVD
2017-04-23
Medium

CVE-2017-8078

On the TP-Link TL-SG108E 1.0, the upgrade process can be requested remotely without authentication (httpupg.cgi with a parameter called cmd). This affects the 1.1.2 Build 20141017 Rel.50749 firmware.

CVSS: 5.3 CWE: CWE-287 - Improper Authentication View on NVD
2017-04-19
Medium

CVE-2016-5410

firewalld.py in firewalld before 0.4.3.3 allows local users to bypass authentication and modify firewall configurations via the (1) addPassthrough, (2) removePassthrough, (3) addEntry, (4) removeEntr…

CVSS: 5.5 CWE: CWE-287 - Improper Authentication View on NVD
2017-04-13
High

CVE-2016-8727

An exploitable information disclosure vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point. Retrieving a series of URLs without authentication can reveal…

CVSS: 7.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2016-8725

An exploitable information disclosure vulnerability exists in the Web Application functionality of the Moxa AWK-3131A wireless access point running firmware 1.1. Retrieving a specific URL without aut…

CVSS: 5.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2016-8722

An exploitable Information Disclosure vulnerability exists in the Web Application functionality of Moxa AWK-3131A Series Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client. Retrieving a specific…

CVSS: 5.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2017-04-12
Critical

CVE-2016-7552

On the Trend Micro Threat Discovery Appliance 2.6.1062r1, directory traversal when processing a session_id cookie allows a remote, unauthenticated attacker to delete arbitrary files as root. This can…

CVSS: 9.8 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2017-04-10
Critical

CVE-2015-2888

Summer Baby Zoom Wifi Monitor & Internet Viewing System allows remote attackers to bypass authentication, related to the MySnapCam web service.

CVSS: 9.8 CWE: CWE-306 - Missing Authentication for Critical Function View on NVD
2017-04-07
Critical

CVE-2007-6760

Dataprobe iBootBar (with 2007-09-20 and possibly later beta firmware) allows remote attackers to bypass authentication, and conduct power-cycle attacks on connected devices, via a DCCOOKIE cookie.

CVSS: 9.8 CWE: CWE-287 - Improper Authentication View on NVD
Critical

CVE-2007-6759

Dataprobe iBootBar (with 2007-09-20 and possibly later released firmware) allows remote attackers to bypass authentication, and conduct power-cycle attacks on connected devices, via a DCRABBIT cookie.

CVSS: 9.8 CWE: CWE-287 - Improper Authentication View on NVD
Medium

CVE-2017-6606

A vulnerability in a startup script of Cisco IOS XE Software could allow an unauthenticated attacker with physical access to the targeted system to execute arbitrary commands on the underlying operat…

CVSS: 6.4 CWE: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') View on NVD
2017-04-05
Critical

CVE-2017-7450

AIRTAME HDMI dongle with firmware before 2.2.0 allows unauthenticated access to a big part of the management interface. It is possible to extract all information including the Wi-Fi password, reboot,…

CVSS: 9.8 CWE: CWE-287 - Improper Authentication View on NVD
2017-04-02
Medium

CVE-2016-8776

Huawei P9 phones with software EVA-AL10C00,EVA-CL10C00,EVA-DL10C00,EVA-TL10C00 and P9 Lite phones with software VNS-L21C185 allow attackers to bypass the factory reset protection (FRP) to enter some…

CVSS: 4.6 CWE: CWE-285 - Improper Authorization View on NVD
2017-03-30
Critical

CVE-2016-10309

In the GUI of Ceragon FibeAir IP-10 (before 7.2.0) devices, a remote attacker can bypass authentication by adding an ALBATROSS cookie with the value 0-4-11 to their browser.

CVSS: 9.8 CWE: CWE-287 - Improper Authentication View on NVD
2017-03-28
Critical

CVE-2016-6807

Custom commands may be executed on Ambari Agent (2.4.x, before 2.4.2) hosts without authorization, leading to unauthorized access to operations that may affect the underlying system. Such operations…

CVSS: 9.8 CWE: CWE-284 - Improper Access Control View on NVD
High

CVE-2016-9469

Multiple versions of GitLab expose a dangerous method to any authenticated user that could lead to the deletion of all Issue and MergeRequest objects on a GitLab instance. For GitLab instances with p…

CVSS: 8.2 CWE: CWE-749 - Exposed Dangerous Method or Function View on NVD
High

CVE-2016-9463

Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.1.2, 9.0.6, and 8.2.9 suffer from SMB User Authentication Bypass. Nextcloud/ownCloud include an optional and not by default enable…

CVSS: 8.1 CWE: CWE-303 - Incorrect Implementation of Authentication Algorithm View on NVD
High

CVE-2016-9123

go-jose before 1.0.5 suffers from a CBC-HMAC integer overflow on 32-bit architectures. An integer overflow could lead to authentication bypass for CBC-HMAC encrypted ciphertexts on 32-bit architectur…

CVSS: 7.5 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
2017-03-27
High

CVE-2017-5237

Due to a lack of authentication, an unauthenticated user who knows the Eview EV-07S GPS Tracker's phone number can revert the device to a factory default configuration with an SMS command, "RESET!"

CVSS: 7.5 CWE: CWE-287 - Improper Authentication View on NVD
2017-03-26
Medium

CVE-2017-5622

With OxygenOS before 4.0.3, when a charger is connected to a powered-off OnePlus 3 or 3T device, the platform starts with adbd enabled. Therefore, a malicious charger or a physical attacker can open…

CVSS: 5.9 CWE: CWE-276 - Incorrect Default Permissions View on NVD
2017-03-24
High

CVE-2017-7240

An issue was discovered on Miele Professional PST10 devices. The corresponding embedded webserver "PST10 WebServer" typically listens to port 80 and is prone to a directory traversal attack; therefor…

CVSS: 7.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2017-03-23
Critical

CVE-2015-5729

The Soft Access Point (AP) feature in Samsung Smart TVs X10P, X12, X14H, X14J, and NT14U and Xpress M288OFW printers generate weak WPA2 PSK keys, which makes it easier for remote attackers to obtain…

CVSS: 9.8 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2017-03-22
High

CVE-2017-5874

CSRF exists on D-Link DIR-600M Rev. Cx devices before v3.05ENB01_beta_20170306. This can be used to bypass authentication and insert XSS sequences or possibly have unspecified other impact.

CVSS: 8.8 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
2017-03-20
Critical

CVE-2016-4926

Insufficient authentication vulnerability in Junos Space before 15.2R2 allows remote network based users with access to Junos Space web interface to perform certain administrative tasks without authe…

CVSS: 9.8 CWE: CWE-287 - Improper Authentication View on NVD
High

CVE-2016-9165

The get_sessions servlet in CA Unified Infrastructure Management (formerly CA Nimsoft Monitor) before 8.5 and CA Unified Infrastructure Management Snap (formerly CA Nimsoft Monitor Snap) allows remot…

CVSS: 7.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2016-2981

An undisclosed vulnerability in the CLM applications in IBM Jazz Team Server may allow unauthorized access to user credentials. IBM Reference #: 1999965.

CVSS: 6.8 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2017-03-17
Medium

CVE-2017-3880

An Authentication Bypass vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to access limited meeting information on the Cisco WebEx Meetings Server. More In…

CVSS: 6.5 CWE: CWE-287 - Improper Authentication View on NVD
2017-03-15
Critical

CVE-2017-3831

A vulnerability in the web-based GUI of Cisco Mobility Express 1800 Series Access Points could allow an unauthenticated, remote attacker to bypass authentication. The attacker could be granted full a…

CVSS: 9.8 CWE: CWE-264 View on NVD
Critical

CVE-2016-7955

The logcheck function in session.inc in AlienVault OSSIM before 5.3.1, when an action has been created, and USM before 5.3.1 allows remote attackers to bypass authentication and consequently obtain s…

CVSS: 9.8 CWE: CWE-264 View on NVD
2017-03-14
Critical

CVE-2016-8027

SQL injection vulnerability in core services in Intel Security McAfee ePolicy Orchestrator (ePO) 5.3.2 and earlier and 5.1.3 and earlier allows attackers to alter a SQL query, which can result in dis…

CVSS: 10.0 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
High

CVE-2016-8024

Improper neutralization of CRLF sequences in HTTP headers vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote unauthenticated attacker to obtain sensit…

CVSS: 8.1 CWE: CWE-113 - Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') View on NVD
High

CVE-2016-8023

Authentication bypass by assumed-immutable data vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote unauthenticated attacker to bypass server authentic…

CVSS: 8.1 CWE: CWE-287 - Improper Authentication View on NVD
High

CVE-2016-8022

Authentication bypass by spoofing vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote unauthenticated attacker to execute arbitrary code or cause a den…

CVSS: 7.5 CWE: CWE-287 - Improper Authentication View on NVD
Medium

CVE-2016-8007

Authentication bypass vulnerability in McAfee Host Intrusion Prevention Services (HIPS) 8.0 Patch 7 and earlier allows authenticated users to manipulate the product's registry keys via specific condi…

CVSS: 6.3 CWE: CWE-284 - Improper Access Control View on NVD
2017-03-09
High

CVE-2017-6527

An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to a NUL-terminated directory traversal attack allowing an unauthenticated attacker to access system files readable by the…

CVSS: 7.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
Critical

CVE-2017-6558

iball Baton 150M iB-WRA150N v1 00000001 1.2.6 build 110401 Rel.47776n devices are prone to an authentication bypass vulnerability that allows remote attackers to view and modify administrative router…

CVSS: 9.8 CWE: CWE-798 - Use of Hard-coded Credentials View on NVD
2017-03-08
Critical

CVE-2017-5178

An issue was discovered in Schneider Electric Tableau Server/Desktop Versions 7.0 to 10.1.3 in Wonderware Intelligence Versions 2014R3 and prior. These versions contain a system account that is insta…

CVSS: 9.8 CWE: CWE-1188 - Initialization of a Resource with an Insecure Default View on NVD
2017-03-02
High

CVE-2017-6413

The "OpenID Connect Relying Party and OAuth 2.0 Resource Server" (aka mod_auth_openidc) module before 2.1.6 for the Apache HTTP Server does not skip OIDC_CLAIM_ and OIDCAuthNHeader headers in an "Aut…

CVSS: 8.6 CWE: CWE-287 - Improper Authentication View on NVD
High

CVE-2017-6384

Memory leak in the login_user function in saslserv/main.c in saslserv/main.so in Atheme 7.2.7 allows a remote unauthenticated attacker to consume memory and cause a denial of service. This is fixed i…

CVSS: 7.5 CWE: CWE-772 - Missing Release of Resource after Effective Lifetime View on NVD
High

CVE-2017-6062

The "OpenID Connect Relying Party and OAuth 2.0 Resource Server" (aka mod_auth_openidc) module before 2.1.5 for the Apache HTTP Server does not skip OIDC_CLAIM_ and OIDCAuthNHeader headers in an "OID…

CVSS: 8.6 CWE: CWE-287 - Improper Authentication View on NVD
2017-03-01
Medium

CVE-2016-8232

Document Object Model-(DOM) based cross-site scripting vulnerability in the Advanced Management Module (AMM) versions earlier than 66Z of Lenovo IBM BladeCenter HS22, HS22V, HS23, HS23E, HX5 allows a…

CVSS: 6.1 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2017-02-17
Critical

CVE-2017-5344

An issue was discovered in dotCMS through 3.6.1. The findChildrenByFilter() function which is called by the web accessible path /categoriesServlet performs string interpolation and direct SQL query e…

CVSS: 9.8 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
2017-02-15
High

CVE-2016-1888

The telnetd service in FreeBSD 9.3, 10.1, 10.2, 10.3, and 11.0 allows remote attackers to inject arguments to login and bypass authentication via vectors involving a "sequence of memory allocation fa…

CVSS: 7.5 CWE: CWE-287 - Improper Authentication View on NVD
2017-02-13
Medium

CVE-2016-9355

An issue was discovered in Becton, Dickinson and Company (BD) Alaris 8015 Point of Care (PC) unit, Version 9.5 and prior versions, and Version 9.7. An unauthorized user with physical access to an Ala…

CVSS: 5.3 CWE: CWE-255 View on NVD
Medium

CVE-2016-8375

An issue was discovered in Becton, Dickinson and Company (BD) Alaris 8015 Point of Care (PC) unit, Version 9.5 and prior versions, and Version 9.7, and 8000 PC unit. An unauthorized user with physica…

CVSS: 4.9 CWE: CWE-255 View on NVD
Medium

CVE-2017-5163

An issue was discovered in Belden Hirschmann GECKO Lite Managed switch, Version 2.0.00 and prior versions. After an administrator downloads a configuration file, a copy of the configuration file, whi…

CVSS: 5.9 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
Critical

CVE-2017-5152

An issue was discovered in Advantech WebAccess Version 8.1. By accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to access pages unrestricted (AUTHENTICA…

CVSS: 9.1 CWE: CWE-287 - Improper Authentication View on NVD
Critical

CVE-2017-5144

An issue was discovered in Carlo Gavazzi VMU-C EM prior to firmware Version A11_U05, and VMU-C PV prior to firmware Version A17. The access control flaw allows access to most application functions wi…

CVSS: 9.8 CWE: N/A View on NVD
Critical

CVE-2016-9369

An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPor…

CVSS: 9.8 CWE: CWE-287 - Improper Authentication View on NVD
Critical

CVE-2016-9366

An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPor…

CVSS: 9.8 CWE: CWE-264 View on NVD
High

CVE-2016-9363

An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPor…

CVSS: 7.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2016-9357

An issue was discovered in certain legacy Eaton ePDUs -- the affected products are past end-of-life (EoL) and no longer supported: EAMxxx prior to June 30, 2015, EMAxxx prior to January 31, 2014, EAM…

CVSS: 5.3 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
High

CVE-2016-8361

An issue was discovered in Lynxspring JENEsys BAS Bridge versions 1.1.8 and older. The application uses a hard-coded username with no password allowing an attacker into the system without authenticat…

CVSS: 8.6 CWE: CWE-798 - Use of Hard-coded Credentials View on NVD
Critical

CVE-2016-5815

An issue was discovered on Schneider Electric IONXXXX series power meters ION73XX series, ION75XX series, ION76XX series, ION8650 series, ION8800 series, and PM5XXX series. No authentication is confi…

CVSS: 9.8 CWE: CWE-284 - Improper Access Control View on NVD
2017-02-08
Critical

CVE-2016-9005

IBM System Storage TS3100-TS3200 Tape Library could allow an unauthenticated user with access to the company network, to change a user's password and gain remote access to the system.

CVSS: 9.8 CWE: CWE-284 - Improper Access Control View on NVD
Critical

CVE-2017-2765

EMC Isilon InsightIQ 4.1.0, 4.0.1, 4.0.0, 3.2.2, 3.2.1, 3.2.0, 3.1.1, 3.1.0, 3.0.1, 3.0.0 is affected by an authentication bypass vulnerability that could potentially be exploited by attackers to com…

CVSS: 9.8 CWE: CWE-287 - Improper Authentication View on NVD
2017-02-07
Critical

CVE-2016-2403

Symfony before 2.8.6 and 3.x before 3.0.6 allows remote attackers to bypass authentication by logging in with an empty password and valid username, which triggers an unauthenticated bind.

CVSS: 9.8 CWE: CWE-287 - Improper Authentication View on NVD
High

CVE-2016-1894

NetApp OnCommand Workflow Automation before 3.1P2 allows remote attackers to bypass authentication via unspecified vectors.

CVSS: 8.1 CWE: CWE-284 - Improper Access Control View on NVD
High

CVE-2016-1502

NetApp SnapCenter Server 1.0 and 1.0P1 allows remote attackers to partially bypass authentication and then list and delete backups via unspecified vectors.

CVSS: 7.3 CWE: CWE-287 - Improper Authentication View on NVD
2017-02-01
Low

CVE-2016-9703

IBM Security Identity Manager Virtual Appliance does not invalidate session tokens which could allow an unauthorized user with physical access to the work station to obtain sensitive information.

CVSS: 2.4 CWE: CWE-384 - Session Fixation View on NVD
Medium

CVE-2016-8977

IBM BigFix Inventory v9 could disclose sensitive information to an unauthorized user using HTTP GET requests. This information could be used to mount further attacks against the system.

CVSS: 5.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2016-3023

IBM Security Access Manager for Web could allow an unauthenticated user to gain access to sensitive information by entering invalid file names.

CVSS: 5.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Critical

CVE-2017-3791

A vulnerability in the web-based GUI of Cisco Prime Home could allow an unauthenticated, remote attacker to bypass authentication and execute actions with administrator privileges. The vulnerability…

CVSS: 10.0 CWE: CWE-287 - Improper Authentication View on NVD
2017-01-30
Critical

CVE-2016-10176

The NETGEAR WNR2000v5 router allows an administrator to perform sensitive actions by invoking the apply.cgi URL on the web server of the device. This special URL is handled by the embedded web server…

CVSS: 9.8 CWE: CWE-20 - Improper Input Validation View on NVD
Critical

CVE-2016-10174

The NETGEAR WNR2000v5 router contains a buffer overflow in the hidden_lang_avi parameter when invoking the URL /apply.cgi?/lang_check.html. This buffer overflow can be exploited by an unauthenticated…

CVSS: 9.8 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
2017-01-27
High

CVE-2017-3443

Vulnerability in the Oracle Common Applications component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 1…

CVSS: 8.2 CWE: N/A View on NVD
High

CVE-2017-3442

Vulnerability in the Oracle Customer Interaction History component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easil…

CVSS: 8.2 CWE: N/A View on NVD
High

CVE-2017-3441

Vulnerability in the Oracle Customer Interaction History component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easil…

CVSS: 8.2 CWE: N/A View on NVD
High

CVE-2017-3440

Vulnerability in the Oracle Customer Interaction History component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easil…

CVSS: 8.2 CWE: N/A View on NVD
High

CVE-2017-3439

Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4…

CVSS: 8.2 CWE: N/A View on NVD
High

CVE-2017-3438

Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4…

CVSS: 8.2 CWE: N/A View on NVD
High

CVE-2017-3437

Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4…

CVSS: 8.2 CWE: N/A View on NVD
High

CVE-2017-3436

Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4…

CVSS: 8.2 CWE: N/A View on NVD
High

CVE-2017-3435

Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4…

CVSS: 8.2 CWE: N/A View on NVD
High

CVE-2017-3433

Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4…

CVSS: 8.2 CWE: N/A View on NVD
High

CVE-2017-3431

Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4…

CVSS: 8.2 CWE: N/A View on NVD
High

CVE-2017-3430

Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4…

CVSS: 8.2 CWE: N/A View on NVD
High

CVE-2017-3429

Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4…

CVSS: 8.2 CWE: N/A View on NVD
High

CVE-2017-3428

Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4…

CVSS: 8.2 CWE: N/A View on NVD
High

CVE-2017-3427

Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4…

CVSS: 8.2 CWE: N/A View on NVD
High

CVE-2017-3426

Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4…

CVSS: 8.2 CWE: N/A View on NVD
High

CVE-2017-3425

Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4…

CVSS: 8.2 CWE: N/A View on NVD
High

CVE-2017-3424

Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4…

CVSS: 8.2 CWE: N/A View on NVD
High

CVE-2017-3423

Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4…

CVSS: 8.2 CWE: N/A View on NVD
High

CVE-2017-3422

Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4…

CVSS: 8.2 CWE: N/A View on NVD
High

CVE-2017-3421

Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4…

CVSS: 8.2 CWE: N/A View on NVD
High

CVE-2017-3420

Vulnerability in the Oracle CRM Technical Foundation component of Oracle E-Business Suite (subcomponent: User Interface). The supported version that is affected is 12.1.3. Easily exploitable vulnerab…

CVSS: 8.2 CWE: N/A View on NVD
High

CVE-2017-3419

Vulnerability in the Oracle CRM Technical Foundation component of Oracle E-Business Suite (subcomponent: User Interface). The supported version that is affected is 12.1.3. Easily exploitable vulnerab…

CVSS: 8.2 CWE: N/A View on NVD
High

CVE-2017-3418

Vulnerability in the Oracle CRM Technical Foundation component of Oracle E-Business Suite (subcomponent: User Interface). The supported version that is affected is 12.1.3. Easily exploitable vulnerab…

CVSS: 8.2 CWE: N/A View on NVD
High

CVE-2017-3417

Vulnerability in the Oracle Universal Work Queue component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4,…

CVSS: 8.2 CWE: N/A View on NVD
High

CVE-2017-3416

Vulnerability in the Oracle Universal Work Queue component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4,…

CVSS: 8.2 CWE: N/A View on NVD
High

CVE-2017-3415

Vulnerability in the Oracle Universal Work Queue component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4,…

CVSS: 8.2 CWE: N/A View on NVD
High

CVE-2017-3414

Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 1…

CVSS: 8.2 CWE: N/A View on NVD
High

CVE-2017-3413

Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 1…

CVSS: 8.2 CWE: N/A View on NVD
High

CVE-2017-3412

Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 1…

CVSS: 8.2 CWE: N/A View on NVD
High

CVE-2017-3411

Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 1…

CVSS: 8.2 CWE: N/A View on NVD
High

CVE-2017-3410

Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 1…

CVSS: 8.2 CWE: N/A View on NVD
High

CVE-2017-3409

Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 1…

CVSS: 8.2 CWE: N/A View on NVD
High

CVE-2017-3408

Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 1…

CVSS: 8.2 CWE: N/A View on NVD
High

CVE-2017-3407

Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 1…

CVSS: 8.2 CWE: N/A View on NVD
High

CVE-2017-3406

Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 1…

CVSS: 8.2 CWE: N/A View on NVD
High

CVE-2017-3405

Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 1…

CVSS: 8.2 CWE: N/A View on NVD
High

CVE-2017-3404

Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 1…

CVSS: 8.2 CWE: N/A View on NVD
High

CVE-2017-3403

Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 1…

CVSS: 8.2 CWE: N/A View on NVD
High

CVE-2017-3402

Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 1…

CVSS: 8.2 CWE: N/A View on NVD
High

CVE-2017-3401

Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 1…

CVSS: 8.2 CWE: N/A View on NVD
High

CVE-2017-3400

Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 1…

CVSS: 8.2 CWE: N/A View on NVD
High

CVE-2017-3399

Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 1…

CVSS: 8.2 CWE: N/A View on NVD
High

CVE-2017-3398

Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 1…

CVSS: 8.2 CWE: N/A View on NVD
High

CVE-2017-3397

Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 1…

CVSS: 8.2 CWE: N/A View on NVD
High

CVE-2017-3396

Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 1…

CVSS: 8.2 CWE: N/A View on NVD
High

CVE-2017-3395

Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 1…

CVSS: 8.2 CWE: N/A View on NVD
High

CVE-2017-3394

Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 1…

CVSS: 8.2 CWE: N/A View on NVD
High

CVE-2017-3392

Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 1…

CVSS: 8.2 CWE: N/A View on NVD
High

CVE-2017-3391

Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 1…

CVSS: 8.2 CWE: N/A View on NVD
High

CVE-2017-3390

Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 1…

CVSS: 8.2 CWE: N/A View on NVD
High

CVE-2017-3389

Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 1…

CVSS: 8.2 CWE: N/A View on NVD