Archive 04/19/2022

Type

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Product

Oracle Communications Cloud Native Core Policy32
Oracle MySQL Server26
Oracle Blockchain Platform15
Oracle Communications Cloud Native Core Console12
Oracle PeopleSoft Enterprise PeopleTools11

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation

Official Fix534
Temporary Fix0
Workaround5
Unavailable0
Not Defined11

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability

High0
Functional0
Proof-of-Concept9
Unproven0
Not Defined541

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

CVSSv3 Base

≤10
≤20
≤36
≤416
≤547
≤684
≤7174
≤8120
≤929
≤1074

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤36
≤417
≤547
≤698
≤7165
≤8122
≤923
≤1072

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day

<1k9
<2k9
<5k70
<10k158
<25k196
<50k31
<100k52
≥100k25

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today

<1k95
<2k147
<5k210
<10k21
<25k32
<50k45
<100k0
≥100k0

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

IDBaseTempVulnerability0dayTodayExpRemCTICVE
1982123.83.7Oracle VM VirtualBox Core unknown vulnerability$5k-$25k$0-$5kNot DefinedOfficial Fix0.06CVE-2022-21488
1982113.83.7Oracle VM VirtualBox Core information disclosure$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2022-21487
1982106.56.3Oracle VM VirtualBox Core denial of service$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2022-21471
1982096.76.5Oracle VM VirtualBox Core unknown vulnerability$5k-$25k$0-$5kNot DefinedOfficial Fix0.06CVE-2022-21465
1982087.87.6Oracle VM VirtualBox Core Local Privilege Escalation$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2022-21491
1982079.08.8Oracle Secure Global Desktop Web Server server-side request forgery$25k-$100k$25k-$100kNot DefinedOfficial Fix0.04CVE-2021-40438
1982066.66.4Oracle Utilities Framework General input validation$5k-$25k$0-$5kNot DefinedOfficial Fix0.03CVE-2021-44832
1982056.66.4Oracle Taleo Platform Taleo Connect Client Installer input validation$5k-$25k$0-$5kNot DefinedOfficial Fix0.03CVE-2021-44832
1982043.73.6Oracle StorageTek ACSLS Software information disclosure$5k-$25k$0-$5kNot DefinedOfficial Fix0.08CVE-2020-9488
1982033.73.6Oracle Ethernet Switch TOR-72 Firmware information disclosure$5k-$25k$0-$5kNot DefinedOfficial Fix0.02CVE-2020-1968
1982023.73.6Oracle Ethernet Switch ES1-24 Firmware information disclosure$5k-$25k$0-$5kNot DefinedOfficial Fix0.04CVE-2020-1968
1982014.03.9Oracle Solaris Kernel denial of service$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2022-21494
1982004.84.7Oracle Solaris Cluster Tools path traversal$5k-$25k$0-$5kNot DefinedOfficial Fix0.02CVE-2021-29425
1981995.04.9Oracle Solaris Utility unknown vulnerability$5k-$25k$0-$5kNot DefinedOfficial Fix0.02CVE-2022-21416
1981985.55.4Oracle Solaris Kernel denial of service$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2022-21463
1981975.55.4Oracle Solaris Kernel information disclosure$0-$5k$0-$5kNot DefinedOfficial Fix0.06CVE-2022-21461
1981965.95.8Oracle Solaris Kernel denial of service$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2022-21493
1981956.46.3Oracle StorageTek ACSLS Software cross site scripting$5k-$25k$0-$5kNot DefinedOfficial Fix0.04CVE-2020-11022
1981946.56.4Oracle StorageTek ACSLS Software information disclosure$5k-$25k$0-$5kNot DefinedOfficial Fix0.04CVE-2019-3740
1981937.27.1Oracle StorageTek ACSLS Software unknown vulnerability$5k-$25k$0-$5kNot DefinedOfficial Fix0.08CVE-2020-5421
1981926.56.3Oracle Solaris Cluster Tools information disclosure$5k-$25k$0-$5kNot DefinedOfficial Fix0.05CVE-2020-6950
1981917.57.3Oracle StorageTek Tape Analytics Core temp file$5k-$25k$5k-$25kNot DefinedOfficial Fix0.00CVE-2020-11979
1981907.57.3Oracle StorageTek ACSLS Software temp file$5k-$25k$5k-$25kNot DefinedOfficial Fix0.00CVE-2020-11979
1981898.28.0Oracle Solaris Utility unknown vulnerability$5k-$25k$5k-$25kNot DefinedOfficial Fix0.07CVE-2022-21446
1981888.07.9Oracle StorageTek Tape Analytics Application Server Remote Code Execution$25k-$100k$0-$5kNot DefinedOfficial Fix0.02CVE-2021-2351
1981878.07.9Oracle StorageTek ACSLS Software Remote Code Execution$25k-$100k$0-$5kNot DefinedOfficial Fix0.03CVE-2021-2351
1981869.89.6Oracle ZFS Storage Appliance Kit Operating System Image out-of-bounds write$100k and more$25k-$100kNot DefinedOfficial Fix0.00CVE-2021-39275
1981859.89.6Oracle Solaris Cluster Tools exceptional condition$25k-$100k$25k-$100kNot DefinedOfficial Fix0.07CVE-2019-17195
1981845.55.4Oracle OSS Support Tools Explorer information disclosure$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2022-21405
1981836.56.3Oracle OSS Support Tools Diagnostic Assistant denial of service$5k-$25k$0-$5kNot DefinedOfficial Fix0.02CVE-2021-41973
1981826.56.3Oracle OSS Support Tools Diagnostic Assistant denial of service$0-$5k$0-$5kNot DefinedOfficial Fix0.02CVE-2021-30129
1981814.84.7Oracle Agile PLM Security path traversal$5k-$25k$0-$5kNot DefinedOfficial Fix0.05CVE-2021-29425
1981806.36.3Oracle Agile PLM Security cross site scripting$5k-$25k$0-$5kNot DefinedOfficial Fix0.04CVE-2021-41165
1981796.15.9Oracle Transportation Management User Interface unknown vulnerability$5k-$25k$0-$5kNot DefinedOfficial Fix0.02CVE-2022-21480
1981786.56.3Oracle Agile PLM Attachments information disclosure$5k-$25k$0-$5kNot DefinedOfficial Fix0.03CVE-2022-21467
1981776.66.4Oracle Autovue for Agile Product Lifecycle Management Internal Operations input validation$5k-$25k$0-$5kNot DefinedOfficial Fix0.02CVE-2021-44832
1981766.66.4Oracle Agile PLM MCAD Connector CAX Client input validation$5k-$25k$0-$5kNot DefinedOfficial Fix0.04CVE-2021-44832
1981756.66.4Oracle Agile PLM Security input validation$5k-$25k$0-$5kNot DefinedOfficial Fix0.02CVE-2021-44832
1981746.66.4Oracle Agile Engineering Data Management Installation Issues input validation$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2021-44832
1981737.57.3Oracle Agile PLM Security denial of service$5k-$25k$0-$5kNot DefinedOfficial Fix0.03CVE-2021-42340
1981729.89.6Oracle Product Lifecycle Analytics Installer code injection$25k-$100k$25k-$100kNot DefinedOfficial Fix0.02CVE-2022-22965
1981719.89.6Oracle Advanced Supply Chain Planning MscObieeSrvlt sql injection$25k-$100k$5k-$25kNot DefinedOfficial Fix0.03CVE-2022-23305
1981705.35.2Oracle Retail EFTLink Framework information disclosure$5k-$25k$0-$5kNot DefinedOfficial Fix0.04CVE-2021-34429
1981695.55.4Oracle Retail Xstore Point of Service Xstore Office denial of service$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2021-31812
1981685.55.4Oracle Retail Xstore Point of Service Xenvironment denial of service$0-$5k$0-$5kNot DefinedOfficial Fix0.07CVE-2021-36374
1981675.55.4Oracle Retail Invoice Matching Security denial of service$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2021-36374
1981665.55.4Oracle Retail EFTLink Installation denial of service$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2021-36374
1981656.56.3Oracle Retail Service Backbone RSB Installation denial of service$5k-$25k$0-$5kNot DefinedOfficial Fix0.04CVE-2022-23437
1981646.56.3Oracle Retail Merchandising System Foundation denial of service$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2022-23437
1981636.56.3Oracle Retail Integration Bus RIB Kernal denial of service$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2022-23437

500 more entries are not shown

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!