Updates April 2020

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Type »

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Product »

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation »

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability »

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

CVSSv3 Base »

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp »

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day »

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today »

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

UpdatedBaseTempVulnerabilityChangeExpRemCTICVE
04/30/20206.15.8Oracle PeopleSoft Enterprise PeopleTools Portal access control(5): vulnerability_discoverydate, advisory_confirm_url, source_cve_assigned, source_securityfocus_date, source_securityfocus_classNot DefinedOfficial Fix0.00CVE-2019-2471
04/30/20206.15.8Oracle PeopleSoft Enterprise SCM eProcurement Manage Requisition Status access control(6): vulnerability_discoverydate, advisory_company_name, advisory_confirm_url, source_cve_assigned, source_securityfocus_date, source_securityfocus_classNot DefinedOfficial Fix0.02CVE-2019-2519
04/30/20206.15.8Oracle PeopleSoft Enterprise PeopleTools Portal access control(5): vulnerability_discoverydate, advisory_confirm_url, source_cve_assigned, source_securityfocus_date, source_securityfocus_classNot DefinedOfficial Fix0.00CVE-2019-2439
04/30/20206.15.8Oracle PeopleSoft Enterprise PeopleTools PIA Search Functionality access control(5): vulnerability_discoverydate, advisory_confirm_url, source_cve_assigned, source_securityfocus_date, source_securityfocus_classNot DefinedOfficial Fix0.00CVE-2019-2499
04/30/20206.15.8Oracle PeopleSoft Enterprise PeopleTools PIA Search access control(5): vulnerability_discoverydate, advisory_confirm_url, source_cve_assigned, source_securityfocus_date, source_securityfocus_classNot DefinedOfficial Fix0.00CVE-2019-2423
04/30/20206.15.8Oracle PeopleSoft Enterprise PeopleTools Mobile Application Platform cross site scripting(15): vulnerability_discoverydate, advisory_confirm_url, source_cve_assigned, source_cve_nvd_published, source_cve_nvd_summary, source_securityfocus, source_securityfocus_date, source_securityfocus_class, source_nessus_id, source_nessus_name, source_nessus_filename, source_nessus_family, source_openvas_filename, source_openvas_title, source_openvas_familyNot DefinedOfficial Fix0.00CVE-2015-9251
04/30/20206.15.8Oracle PeopleSoft Enterprise PeopleTools Fluid Core access control(5): vulnerability_discoverydate, advisory_confirm_url, source_cve_assigned, source_securityfocus_date, source_securityfocus_classNot DefinedOfficial Fix0.04CVE-2019-2442
04/30/20206.56.2Oracle PeopleSoft Enterprise PeopleTools Performance Monitor access control(5): vulnerability_discoverydate, advisory_confirm_url, source_cve_assigned, source_securityfocus_date, source_securityfocus_classNot DefinedOfficial Fix0.06CVE-2019-2417
04/30/20206.15.8Oracle PeopleSoft Enterprise HCM eProfile Manager Desktop Guided Self Service access control(6): vulnerability_discoverydate, advisory_company_name, advisory_confirm_url, source_cve_assigned, source_securityfocus_date, source_securityfocus_classNot DefinedOfficial Fix0.05CVE-2019-2421
04/30/20207.26.9Oracle PeopleSoft Enterprise PeopleTools XML Publisher access control(6): vulnerability_discoverydate, advisory_company_name, advisory_confirm_url, source_cve_assigned, source_securityfocus_date, source_securityfocus_classNot DefinedOfficial Fix0.00CVE-2019-2443
04/30/20207.57.2Oracle PeopleSoft Enterprise PeopleTools OpenSSL key management(14): vulnerability_discoverydate, advisory_confirm_url, source_cve_assigned, source_cve_nvd_published, source_oval_id, source_securityfocus_date, source_securityfocus_class, source_nessus_id, source_nessus_name, source_nessus_filename, source_nessus_family, source_openvas_filename, source_openvas_title, source_openvas_familyNot DefinedOfficial Fix0.00CVE-2018-0732
04/30/20207.26.9Oracle PeopleSoft Enterprise PeopleTools XML Publisher access control(6): vulnerability_discoverydate, advisory_company_name, advisory_confirm_url, source_cve_assigned, source_securityfocus_date, source_securityfocus_classNot DefinedOfficial Fix0.00CVE-2019-2433
04/30/20208.37.9Oracle PeopleSoft Enterprise PeopleTools File Processing memory corruption(15): vulnerability_discoverydate, advisory_confirm_url, source_cve_assigned, source_cve_nvd_published, source_securityfocus, source_securityfocus_date, source_securityfocus_class, source_nessus_id, source_nessus_name, source_nessus_filename, source_nessus_family, source_openvas_id, source_openvas_filename, source_openvas_title, source_openvas_familyNot DefinedOfficial Fix0.00CVE-2018-1000300
04/30/20208.88.4Oracle PeopleSoft Enterprise PeopleTools Application Server access control(6): vulnerability_discoverydate, advisory_company_name, advisory_confirm_url, source_cve_assigned, source_securityfocus_date, source_securityfocus_classNot DefinedOfficial Fix0.00CVE-2019-2416
04/30/20207.57.2Oracle PeopleSoft Enterprise PeopleTools access control(6): vulnerability_discoverydate, advisory_company_name, advisory_confirm_url, source_cve_assigned, source_securityfocus_date, source_securityfocus_classNot DefinedOfficial Fix0.03CVE-2019-2405
04/30/20204.24.1Oracle MySQL Enterprise Monitor Monitoring key management(14): vulnerability_discoverydate, advisory_confirm_url, source_cve_assigned, source_cve_nvd_published, source_oval_id, source_securityfocus_date, source_securityfocus_class, source_nessus_id, source_nessus_name, source_nessus_filename, source_nessus_family, source_openvas_filename, source_openvas_title, source_openvas_familyNot DefinedOfficial Fix0.00CVE-2018-0732
04/30/20202.52.4Oracle MySQL Server Shell access control(6): vulnerability_discoverydate, advisory_company_name, advisory_confirm_url, source_cve_assigned, source_securityfocus_date, source_securityfocus_classNot DefinedOfficial Fix0.00CVE-2019-2513
04/30/20204.13.9Oracle MySQL Server Options access control(6): vulnerability_discoverydate, advisory_company_name, advisory_confirm_url, source_cve_assigned, source_securityfocus_date, source_securityfocus_classNot DefinedOfficial Fix0.00CVE-2019-2535
04/30/20204.94.7Oracle MySQL Server Privileges access control(6): vulnerability_discoverydate, advisory_company_name, advisory_confirm_url, source_cve_assigned, source_securityfocus_date, source_securityfocus_classNot DefinedOfficial Fix0.00CVE-2019-2486
04/30/20204.94.7Oracle MySQL Server Privileges access control(6): vulnerability_discoverydate, advisory_company_name, advisory_confirm_url, source_cve_assigned, source_securityfocus_date, source_securityfocus_classNot DefinedOfficial Fix0.00CVE-2019-2532
04/30/20204.94.7Oracle MySQL Server Partition access control(6): vulnerability_discoverydate, advisory_company_name, advisory_confirm_url, source_cve_assigned, source_securityfocus_date, source_securityfocus_classNot DefinedOfficial Fix0.05CVE-2019-2528
04/30/20204.94.7Oracle MySQL Server Replication access control(7): vulnerability_discoverydate, advisory_person_name, advisory_company_name, advisory_confirm_url, source_cve_assigned, source_securityfocus_date, source_securityfocus_classNot DefinedOfficial Fix0.00CVE-2019-2531
04/30/20204.94.7Oracle MySQL Server Optimizer access control(6): vulnerability_discoverydate, advisory_company_name, advisory_confirm_url, source_cve_assigned, source_securityfocus_date, source_securityfocus_classNot DefinedOfficial Fix0.00CVE-2019-2530
04/30/20204.94.7Oracle MySQL Server Optimizer access control(7): vulnerability_discoverydate, advisory_person_name, advisory_company_name, advisory_confirm_url, source_cve_assigned, source_securityfocus_date, source_securityfocus_classNot DefinedOfficial Fix0.00CVE-2019-2507
04/30/20204.94.7Oracle MySQL Server Optimizer access control(7): vulnerability_discoverydate, advisory_person_name, advisory_company_name, advisory_confirm_url, source_cve_assigned, source_securityfocus_date, source_securityfocus_classNot DefinedOfficial Fix0.00CVE-2019-2481
04/30/20204.94.7Oracle MySQL Server Optimizer access control(6): vulnerability_discoverydate, advisory_company_name, advisory_confirm_url, source_cve_assigned, source_securityfocus_date, source_securityfocus_classNot DefinedOfficial Fix0.00CVE-2019-2420
04/30/20204.94.7Oracle MySQL Server DDL access control(6): vulnerability_discoverydate, advisory_company_name, advisory_confirm_url, source_cve_assigned, source_securityfocus_date, source_securityfocus_classNot DefinedOfficial Fix0.00CVE-2019-2495
04/30/20204.94.7Oracle MySQL Server DDL access control(7): vulnerability_discoverydate, advisory_person_name, advisory_company_name, advisory_confirm_url, source_cve_assigned, source_securityfocus_date, source_securityfocus_classNot DefinedOfficial Fix0.00CVE-2019-2537
04/30/20204.94.7Oracle MySQL Server DDL access control(6): vulnerability_discoverydate, advisory_company_name, advisory_confirm_url, source_cve_assigned, source_securityfocus_date, source_securityfocus_classNot DefinedOfficial Fix0.00CVE-2019-2494
04/30/20204.94.7Oracle MySQL Server InnoDB access control(6): vulnerability_discoverydate, advisory_company_name, advisory_confirm_url, source_cve_assigned, source_securityfocus_date, source_securityfocus_classNot DefinedOfficial Fix0.00CVE-2019-2510
04/30/20204.94.7Oracle MySQL Server Connection access control(6): vulnerability_discoverydate, advisory_company_name, advisory_confirm_url, source_cve_assigned, source_securityfocus_date, source_securityfocus_classNot DefinedOfficial Fix0.00CVE-2019-2539
04/30/20205.04.8Oracle MySQL Server Packaging access control(6): vulnerability_discoverydate, advisory_company_name, advisory_confirm_url, source_cve_assigned, source_securityfocus_date, source_securityfocus_classNot DefinedOfficial Fix0.00CVE-2019-2536
04/30/20204.94.7Oracle MySQL Server InnoDB access control(6): vulnerability_discoverydate, advisory_company_name, advisory_confirm_url, source_cve_assigned, source_securityfocus_date, source_securityfocus_classNot DefinedOfficial Fix0.00CVE-2019-2502
04/30/20205.45.2Oracle MySQL Server Packaging key management(16): vulnerability_discoverydate, advisory_person_name, advisory_company_name, advisory_confirm_url, source_cve_assigned, source_cve_nvd_published, source_oval_id, source_securityfocus_date, source_securityfocus_class, source_nessus_id, source_nessus_name, source_nessus_filename, source_nessus_family, source_openvas_filename, source_openvas_title, source_openvas_familyNot DefinedOfficial Fix0.00CVE-2018-0734
04/30/20205.55.3Oracle MySQL Server Replication access control(6): vulnerability_discoverydate, advisory_company_name, advisory_confirm_url, source_cve_assigned, source_securityfocus_date, source_securityfocus_classNot DefinedOfficial Fix0.00CVE-2019-2436
04/30/20206.46.1Oracle MySQL Server Connection Handling access control(5): vulnerability_discoverydate, advisory_confirm_url, source_cve_assigned, source_securityfocus_date, source_securityfocus_classNot DefinedOfficial Fix0.00CVE-2019-2503
04/30/20206.56.2Oracle MySQL Server Parser access control(6): vulnerability_discoverydate, advisory_company_name, advisory_confirm_url, source_cve_assigned, source_securityfocus_date, source_securityfocus_classNot DefinedOfficial Fix0.00CVE-2019-2455
04/30/20206.56.2Oracle MySQL Server Parser access control(7): vulnerability_discoverydate, advisory_person_name, advisory_company_name, advisory_confirm_url, source_cve_assigned, source_securityfocus_date, source_securityfocus_classNot DefinedOfficial Fix0.00CVE-2019-2434
04/30/20206.56.2Oracle MySQL Server PS access control(7): vulnerability_discoverydate, advisory_person_name, advisory_company_name, advisory_confirm_url, source_cve_assigned, source_securityfocus_date, source_securityfocus_classNot DefinedOfficial Fix0.07CVE-2019-2482
04/30/20206.56.2Oracle MySQL Server Privileges access control(3): vulnerability_discoverydate, advisory_confirm_url, source_cve_assignedNot DefinedOfficial Fix0.00CVE-2019-2533

Might our Artificial Intelligence support you?

Check our Alexa App!