Archive 07/19/2022

Type

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Product

Oracle MySQL Server23
Foxit PDF Reader18
Oracle Financial Services Crime and Compliance Man ...17
Oracle WebLogic Server15
Oracle PeopleSoft Enterprise PeopleTools11

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation

Official Fix391
Temporary Fix0
Workaround1
Unavailable0
Not Defined56

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability

High0
Functional0
Proof-of-Concept2
Unproven0
Not Defined446

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

CVSSv3 Base

≤10
≤20
≤32
≤45
≤538
≤665
≤797
≤8147
≤932
≤1062

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤33
≤44
≤538
≤671
≤7104
≤8146
≤924
≤1058

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day

<1k19
<2k36
<5k81
<10k142
<25k101
<50k6
<100k50
≥100k13

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today

<1k89
<2k130
<5k145
<10k17
<25k28
<50k39
<100k0
≥100k0

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

IDBaseTempVulnerability0dayTodayExpRemCTICVE
2045364.44.3Oracle VM VirtualBox Core denial of service$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2022-21554
2045358.28.0Oracle VM VirtualBox Core Local Privilege Escalation$5k-$25k$0-$5kNot DefinedOfficial Fix0.03CVE-2022-21571
2045347.57.3Oracle Utilities Framework General denial of service$5k-$25k$0-$5kNot DefinedOfficial Fix0.05CVE-2020-36518
2045333.43.3Oracle ZFS Storage Appliance Kit Core unknown vulnerability$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2022-21563
2045324.24.1Oracle Solaris Kernel denial of service$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2022-21439
2045315.55.4Oracle Solaris SMB Server denial of service$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2022-21533
2045307.57.3Oracle Solaris Remote Administration Daemon denial of service$5k-$25k$0-$5kNot DefinedOfficial Fix0.03CVE-2022-21514
2045297.67.4Oracle Solaris Filesystem Privilege Escalation$5k-$25k$0-$5kNot DefinedOfficial Fix0.03CVE-2022-21524
2045288.17.9Oracle ZFS Storage Appliance Kit Operating System Image request smuggling$5k-$25k$5k-$25kNot DefinedOfficial Fix0.04CVE-2022-24801
2045278.28.0Oracle ZFS Storage Appliance Kit Core Local Privilege Escalation$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2022-21513
2045264.84.6Oracle Agile Engineering Data Management Installation Issues path traversal$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2021-29425
2045255.35.2Oracle Autovue for Agile Product Lifecycle Management Internal Operations information disclosure$5k-$25k$0-$5kNot DefinedOfficial Fix0.03CVE-2021-34429
2045245.55.3Oracle Product Lifecycle Analytics Installation Issues denial of service$0-$5k$0-$5kNot DefinedOfficial Fix0.07CVE-2021-36374
2045235.55.4Oracle Agile Engineering Data Management Installation Issues information disclosure$0-$5k$0-$5kNot DefinedOfficial Fix0.09CVE-2020-17521
2045225.55.4Oracle Agile Engineering Data Management Installation Issues denial of service$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2021-36374
2045216.15.8Oracle Agile PLM Security unknown vulnerability$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2021-41184
2045206.46.3Oracle Agile PLM Security cross site scripting$5k-$25k$0-$5kNot DefinedOfficial Fix0.04CVE-2020-11022
2045196.56.3Oracle Product Lifecycle Analytics Installation Issues denial of service$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2022-23437
2045186.56.3Oracle Agile PLM Security denial of service$5k-$25k$0-$5kNot DefinedOfficial Fix0.04CVE-2022-23437
2045176.56.2Oracle Agile Engineering Data Management Installation Issues denial of service$5k-$25k$0-$5kNot DefinedOfficial Fix0.08CVE-2022-23437
2045166.66.4Oracle Product Lifecycle Analytics Installation Issues input validation$5k-$25k$0-$5kNot DefinedOfficial Fix0.07CVE-2021-44832
2045157.37.1Oracle Product Lifecycle Analytics Installation Issues deserialization$5k-$25k$0-$5kNot DefinedOfficial Fix0.02CVE-2019-10086
2045147.37.0Oracle Agile Engineering Data Management Installation Issues Remote Code Execution$5k-$25k$0-$5kNot DefinedOfficial Fix0.06CVE-2019-10086
2045137.57.3Oracle Product Lifecycle Analytics Installation Issues server-side request forgery$5k-$25k$5k-$25kNot DefinedOfficial Fix0.08CVE-2019-0227
2045127.57.3Oracle Agile PLM Security xml external entity reference$5k-$25k$0-$5kNot DefinedOfficial Fix0.03CVE-2020-25649
2045117.57.3Oracle Agile PLM Security information disclosure$5k-$25k$0-$5kNot DefinedOfficial Fix0.03CVE-2021-40690
2045107.57.3Oracle Agile Engineering Data Management Installation Issues denial of service$5k-$25k$0-$5kNot DefinedOfficial Fix0.03CVE-2021-42340
2045097.87.5Oracle Product Lifecycle Analytics Installation Issues Local Privilege Escalation$5k-$25k$0-$5kNot DefinedOfficial Fix0.05CVE-2021-22118
2045088.28.0Oracle Product Lifecycle Analytics Installation Issues input validation$5k-$25k$0-$5kNot DefinedOfficial Fix0.03CVE-2020-11987
2045078.28.0Oracle Agile Engineering Data Management Installation Issues server-side request forgery$5k-$25k$0-$5kNot DefinedOfficial Fix0.07CVE-2020-11987
2045068.07.9Oracle Agile Product Lifecycle Management for Process Reporting Remote Code Execution$5k-$25k$0-$5kNot DefinedOfficial Fix0.05CVE-2021-2351
2045058.68.4Oracle Agile PLM Security denial of service$5k-$25k$0-$5kNot DefinedOfficial Fix0.04CVE-2022-25762
2045049.89.6Oracle Transportation Management Mobile Applications cross site scripting$25k-$100k$5k-$25kNot DefinedOfficial Fix0.04CVE-2019-0219
2045039.89.6Oracle Agile Engineering Data Management Installation Issues xml external entity reference$25k-$100k$5k-$25kNot DefinedOfficial Fix0.00CVE-2020-10683
2045025.55.3Oracle Siebel Apps Field Service Smart Answer denial of service$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2021-31812
2045014.84.7Oracle Retail Xstore Point of Service Xenvironment path traversal$5k-$25k$0-$5kNot DefinedOfficial Fix0.03CVE-2021-29425
2045004.84.7Oracle Retail Pricing Pricing - Security path traversal$5k-$25k$0-$5kNot DefinedOfficial Fix0.06CVE-2021-29425
2044994.84.7Oracle Retail Merchandising System Foundation path traversal$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2021-29425
2044986.66.4Oracle Retail Xstore Point of Service Xenvironment input validation$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2021-44832
2044976.66.4Oracle Retail Order Broker Internal Operations input validation$5k-$25k$0-$5kNot DefinedOfficial Fix0.03CVE-2021-44832
2044967.37.1Oracle Retail Sales Audit others deserialization$5k-$25k$0-$5kNot DefinedOfficial Fix0.03CVE-2019-10086
2044957.37.1Oracle Retail Allocation General deserialization$5k-$25k$0-$5kNot DefinedOfficial Fix0.03CVE-2019-10086
2044947.57.2Oracle Retail Sales Audit others denial of service$5k-$25k$0-$5kNot DefinedOfficial Fix0.02CVE-2020-36518
2044937.67.5Oracle Retail Order Broker System Administration denial of service$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2022-25647
2044927.87.6Oracle Retail Customer Insights Other privileges management$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2021-22118
2044918.88.4Oracle Retail Customer Insights Other code injection$5k-$25k$5k-$25kNot DefinedOfficial Fix0.00CVE-2021-29505
2044909.89.6Oracle Retail Merchandising System Foundation code injection$25k-$100k$25k-$100kNot DefinedOfficial Fix0.05CVE-2022-22965
2044899.89.6Oracle Retail Integration Bus RIB Kernal code injection$25k-$100k$25k-$100kNot DefinedOfficial Fix0.04CVE-2022-22965
2044889.89.6Oracle Retail Financial Integration PeopleSoft Integration Bugs code injection$25k-$100k$25k-$100kNot DefinedOfficial Fix0.02CVE-2022-22965
2044879.89.6Oracle Retail Extract Transform and Load Mathematical Operators sql injection$25k-$100k$5k-$25kNot DefinedOfficial Fix0.03CVE-2022-23305

398 more entries are not shown

Want to stay up to date on a daily basis?

Enable the mail alert feature now!