Archive 10/19/2021

Type

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Product

Oracle MySQL Server46
Oracle Java SE14
Oracle PeopleSoft Enterprise PeopleTools11
Oracle Communications Session Report Manager11
InHand IR61511

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation

Official Fix451
Temporary Fix0
Workaround0
Unavailable0
Not Defined18

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability

High0
Functional0
Proof-of-Concept3
Unproven0
Not Defined466

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

CVSSv3 Base

≤10
≤21
≤37
≤418
≤553
≤6125
≤753
≤8114
≤964
≤1034

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤21
≤38
≤417
≤554
≤6133
≤758
≤8131
≤934
≤1033

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day

<1k20
<2k19
<5k95
<10k122
<25k152
<50k23
<100k19
≥100k19

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today

<1k210
<2k57
<5k135
<10k29
<25k15
<50k23
<100k0
≥100k0

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

IDBaseTempVulnerability0dayTodayExpRemCTICVE
1850534.44.3Oracle VM VirtualBox denial of service$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2021-2475
1850524.44.3Oracle VM VirtualBox denial of service$0-$5k$0-$5kNot DefinedOfficial Fix0.05CVE-2021-35542
1850514.64.5Oracle Secure Global Desktop Client unknown vulnerability$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2021-35650
1850505.35.2Oracle Secure Global Desktop Apache Tomcat request smuggling$5k-$25k$0-$5kNot DefinedOfficial Fix0.03CVE-2021-33037
1850495.45.3Oracle Secure Global Desktop Server unknown vulnerability$5k-$25k$0-$5kNot DefinedOfficial Fix0.02CVE-2021-35649
1850485.55.4Oracle VM VirtualBox denial of service$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2021-35540
1850476.76.5Oracle VM VirtualBox unknown vulnerability$5k-$25k$0-$5kNot DefinedOfficial Fix0.03CVE-2021-35545
1850467.87.6Oracle VM VirtualBox Local Privilege Escalation$5k-$25k$0-$5kNot DefinedOfficial Fix0.02CVE-2021-35538
1850455.55.4Oracle Utilities Framework Apache Ant denial of service$0-$5k$0-$5kNot DefinedOfficial Fix0.02CVE-2021-36374
1850443.73.6Oracle Ethernet Switch ES2-64/Ethernet Switch ES2-72 OpenSSL information disclosure$5k-$25k$0-$5kNot DefinedOfficial Fix0.03CVE-2020-1968
1850433.93.8Oracle Solaris Utility unknown vulnerability$5k-$25k$0-$5kNot DefinedOfficial Fix0.03CVE-2021-35549
1850426.05.8Oracle Solaris Device drivers denial of service$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2021-35589
1850416.56.3Oracle Solaris Filesystem denial of service$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2021-35539
1850409.89.6Oracle ZFS Storage Appliance Kit Operating System Image out-of-bounds write$100k and more$25k-$100kNot DefinedOfficial Fix0.05CVE-2021-26691
1850395.35.2Oracle Transportation Management information disclosure$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2021-2476
1850385.45.3Oracle Transportation Management UI Infrastructure unknown vulnerability$5k-$25k$0-$5kNot DefinedOfficial Fix0.03CVE-2021-35616
1850375.55.4Oracle Agile PLM Apache Groovy information disclosure$0-$5k$0-$5kNot DefinedOfficial Fix0.02CVE-2020-17521
1850367.57.3Oracle Autovue for Agile Product Lifecycle Management jackson-databind xml external entity reference$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-25649
1850357.57.3Oracle Autovue for Agile Product Lifecycle Management Eclipse Jetty denial of service$5k-$25k$0-$5kNot DefinedOfficial Fix0.02CVE-2021-28165
1850343.73.6Oracle Siebel Apps - Marketing Apache Log4j information disclosure$5k-$25k$0-$5kNot DefinedOfficial Fix0.04CVE-2020-9488
1850336.56.3Oracle Siebel UI Framework CKEditor denial of service$5k-$25k$0-$5kNot DefinedOfficial Fix0.04CVE-2021-26272
1850327.06.8Oracle Siebel Apps - Marketing Apache Tomcat deserialization$5k-$25k$0-$5kNot DefinedOfficial Fix0.04CVE-2020-9484
1850317.57.3Oracle Siebel UI Framework OpenSSL information disclosure$5k-$25k$0-$5kNot DefinedOfficial Fix0.02CVE-2016-2183
1850307.57.3Oracle Siebel UI Framework Apache Tomcat information disclosure$5k-$25k$0-$5kNot DefinedOfficial Fix0.04CVE-2021-25122
1850297.57.3Oracle Siebel Core - Automation Eclipse Jetty denial of service$5k-$25k$0-$5kNot DefinedOfficial Fix0.02CVE-2021-28165
1850283.33.2Oracle Retail Customer Management and Segmentation Foundation Google Guava information disclosure$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2020-8908
1850275.35.2Oracle Retail Customer Management and Segmentation Foundation Apache HTTPClient unknown vulnerability$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-13956
1850265.35.2Oracle Retail Customer Management and Segmentation Foundation Apache Commons IO information disclosure$5k-$25k$0-$5kNot DefinedOfficial Fix0.03CVE-2021-29425
1850255.55.4Oracle Retail Store Inventory Management Apache Ant denial of service$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2021-36374
1850245.55.4Oracle Retail Service Backbone Apache Ant denial of service$0-$5k$0-$5kNot DefinedOfficial Fix0.05CVE-2021-36374
1850235.55.4Oracle Retail Predictive Application Server Apache Ant denial of service$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2021-36374
1850225.55.4Oracle Retail Point-of-Service Apache Ant denial of service$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2021-36374
1850215.55.4Oracle Retail Merchandising System Apache Ant denial of service$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2021-36374
1850205.55.4Oracle Retail Integration Bus Apache Ant denial of service$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2021-36374
1850195.55.4Oracle Retail Financial Integration Apache Ant denial of service$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2021-36374
1850185.55.4Oracle Retail Extract Transform and Load Apache Ant denial of service$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2021-36374
1850175.55.4Oracle Retail Central Office Apache Ant denial of service$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2021-36374
1850165.55.4Oracle Retail Bulk Data Integration Apache Ant denial of service$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2021-36374
1850155.55.4Oracle Retail Back Office Apache Ant denial of service$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2021-36374
1850145.55.4Oracle Retail Advanced Inventory Planning Apache Ant denial of service$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2021-36374

429 more entries are not shown

Do you want to use VulDB in your project?

Use the official API to access entries easily!