Updates October 2020

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Type »

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Product »

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation »

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability »

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

CVSSv3 Base »

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp »

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day »

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today »

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

UpdatedBaseTempVulnerabilityChangeExpRemCTICVE
10/31/20208.27.8Oracle Financial Services Analytical Applications Infrastructure information disclosure(2): source_cve_assigned, source_cve_nvd_summaryNot DefinedOfficial Fix0.78CVE-2020-1945
10/31/20208.68.2Oracle Insurance Accounting Analyzer User Interface cross site scripting(3): source_cve_assigned, source_cve_nvd_summary, advisory_confirm_urlNot DefinedOfficial Fix1.71CVE-2019-11358
10/31/20209.89.4Oracle FLEXCUBE Private Banking Core xml external entity reference(2): source_cve_assigned, source_cve_nvd_summaryNot DefinedOfficial Fix0.06CVE-2019-13990
10/31/20209.89.4Oracle FLEXCUBE Investor Servicing Infrastructure xml external entity reference(2): source_cve_assigned, source_cve_nvd_summaryNot DefinedOfficial Fix2.18CVE-2019-13990
10/31/20209.89.4Oracle Financial Services Market Risk Measurement User Interface injection(2): source_cve_assigned, source_cve_nvd_summaryNot DefinedOfficial Fix2.04CVE-2017-15708
10/31/20209.89.4Oracle Financial Services Lending/Leasing Core deserialization(3): advisory_person_name, source_securityfocus_date, source_securityfocus_classNot DefinedOfficial Fix0.06CVE-2017-5645
10/31/20209.89.4Oracle Financial Services Lending/Leasing Core Remote Code Execution(1): source_cve_cnaNot DefinedOfficial Fix0.06CVE-2019-2904
10/31/20209.89.4Oracle Banking Platform Framework deserialization(3): source_cve_assigned, source_cve_nvd_summary, advisory_confirm_urlNot DefinedOfficial Fix0.06CVE-2020-9546
10/31/20209.89.4Oracle Banking Payments Core xml external entity reference(2): source_cve_assigned, source_cve_nvd_summaryNot DefinedOfficial Fix2.19CVE-2019-13990
10/31/20205.35.1Oracle Enterprise Manager Ops Center Networking information disclosure(3): source_cve_assigned, source_cve_nvd_summary, advisory_confirm_urlNot DefinedOfficial Fix0.06CVE-2019-1551
10/31/20205.35.1Oracle Enterprise Manager Ops Center Networking uninitialized resource(3): source_cve_assigned, source_cve_nvd_summary, advisory_confirm_urlNot DefinedOfficial Fix0.06CVE-2020-1934
10/31/20205.55.3Oracle Enterprise Manager Base Platform Application Service Level Mgmt xml external entity reference(2): source_cve_assigned, source_cve_nvd_summaryNot DefinedOfficial Fix0.00CVE-2019-12415
10/31/20206.15.8Oracle Application Testing Suite Load Testing for Web Apps cross site scripting(2): source_cve_assigned, source_cve_nvd_summaryNot DefinedOfficial Fix0.06CVE-2019-17091
10/31/20207.16.8Oracle Data Masking/Subsetting Data Masking unknown vulnerability(1): source_cve_cnaNot DefinedOfficial Fix0.06CVE-2020-2983
10/31/20207.16.8Oracle Configuration Manager Discovery/collection script unknown vulnerability(1): source_cve_cnaNot DefinedOfficial Fix0.06CVE-2020-2984
10/31/20207.16.8Oracle Enterprise Manager Base Platform Enterprise Config Management unknown vulnerability(1): source_cve_cnaNot DefinedOfficial Fix2.07CVE-2020-2982
10/31/20207.57.2Oracle Real User Experience Insight APM Mesh infinite loop(3): source_cve_assigned, source_cve_nvd_summary, advisory_confirm_urlNot DefinedOfficial Fix0.03CVE-2020-7595
10/31/20207.57.2Oracle Enterprise Manager Base Platform Application Service Level Mgmt server-side request forgery(2): source_cve_assigned, source_cve_nvd_summaryNot DefinedOfficial Fix2.14CVE-2019-0227
10/31/20208.17.7Oracle Enterprise Manager Base Platform Reporting Framework input validation(5): source_cve_assigned, source_cve_nvd_summary, advisory_confirm_url, source_sectracker, source_exploitdbProof-of-ConceptOfficial Fix2.45CVE-2018-11776
10/31/20208.48.0Oracle Enterprise Manager for Fusion Middleware Coherence Management server-side request forgery(2): source_cve_assigned, source_cve_nvd_summaryNot DefinedOfficial Fix0.08CVE-2019-0227
10/31/20208.27.8Oracle Enterprise Manager Ops Center Networking information disclosure(2): source_cve_assigned, source_cve_nvd_summaryNot DefinedOfficial Fix0.00CVE-2020-1945
10/31/20209.89.4Oracle Application Testing Suite Load Testing for Web Apps deserialization(3): advisory_person_name, source_securityfocus_date, source_securityfocus_classNot DefinedOfficial Fix2.51CVE-2017-5645
10/31/20209.89.4Oracle Enterprise Manager Base Platform Enterprise Manager Install deserialization(3): source_cve_assigned, source_cve_nvd_summary, advisory_confirm_urlNot DefinedOfficial Fix2.59CVE-2020-9546
10/31/20202.72.6Oracle Applications Framework Page Request information disclosure(1): source_cve_cnaNot DefinedOfficial Fix2.43CVE-2020-14590
10/31/20204.74.5Oracle Marketing Marketing Administration unknown vulnerability(1): source_cve_cnaNot DefinedOfficial Fix1.97CVE-2020-14555
10/31/20204.74.5Oracle CRM Technical Foundation Preferences unknown vulnerability(1): source_cve_cnaNot DefinedOfficial Fix2.15CVE-2020-14661
10/31/20204.74.5Oracle CRM Technical Foundation Preferences unknown vulnerability(1): source_cve_cnaNot DefinedOfficial Fix2.41CVE-2020-14659
10/31/20204.74.5Oracle Common Applications CRM User Management Framework unknown vulnerability(1): source_cve_cnaNot DefinedOfficial Fix2.31CVE-2020-14717
10/31/20204.74.5Oracle Common Applications CRM User Management Framework unknown vulnerability(1): source_cve_cnaNot DefinedOfficial Fix0.97CVE-2020-14716
10/31/20204.74.5Oracle Application Object Library Diagnostics unknown vulnerability(1): source_cve_cnaNot DefinedOfficial Fix2.69CVE-2020-14554
10/31/20205.35.1Oracle Application Object Library Logging information disclosure(1): source_cve_cnaNot DefinedOfficial Fix0.82CVE-2020-14635
10/31/20207.57.2Oracle CRM Technical Foundation Preferences denial of service(1): source_cve_cnaNot DefinedOfficial Fix0.06CVE-2020-14679
10/31/20207.67.3Oracle CRM Technical Foundation Preferences unknown vulnerability(1): source_cve_cnaNot DefinedOfficial Fix2.26CVE-2020-14667
10/31/20207.67.3Oracle CRM Technical Foundation Preferences unknown vulnerability(1): source_cve_cnaNot DefinedOfficial Fix0.68CVE-2020-14657
10/31/20207.67.3Oracle Applications Framework Attachments/File Upload cross site scripting(1): source_cve_cnaNot DefinedOfficial Fix2.16CVE-2020-14610
10/31/20207.77.4Oracle Internet Expenses Mobile Expenses Admin Utilities information disclosure(1): source_cve_cnaNot DefinedOfficial Fix2.43CVE-2020-14720
10/31/20207.77.4Oracle Internet Expenses Mobile Expenses Admin Utilities unknown vulnerability(1): source_cve_cnaNot DefinedOfficial Fix0.53CVE-2020-14719
10/31/20208.27.8Oracle iSupport Others unknown vulnerability(1): source_cve_cnaNot DefinedOfficial Fix1.96CVE-2020-14686
10/31/20208.27.8Oracle iStore User Registration cross site scripting(2): vulnerability_cwe, source_cve_cnaNot DefinedOfficial Fix0.76CVE-2020-14582
10/31/20208.27.8Oracle iStore Address Book cross site scripting(2): vulnerability_cwe, source_cve_cnaNot DefinedOfficial Fix0.00CVE-2020-14596
10/31/20208.27.8Oracle Email Center Message Display unknown vulnerability(1): source_cve_cnaNot DefinedOfficial Fix0.05CVE-2020-14666
10/31/20208.27.8Oracle E-Business Intelligence DBI Setups unknown vulnerability(1): source_cve_cnaNot DefinedOfficial Fix0.06CVE-2020-14681
10/31/20208.27.8Oracle E-Business Intelligence DBI Setups unknown vulnerability(1): source_cve_cnaNot DefinedOfficial Fix0.05CVE-2020-14668
10/31/20208.27.8Oracle Depot Repair Estimate/Actual Charges unknown vulnerability(1): source_cve_cnaNot DefinedOfficial Fix0.05CVE-2020-14682
10/31/20208.27.8Oracle CRM Technical Foundation Preferences unknown vulnerability(1): source_cve_cnaNot DefinedOfficial Fix0.06CVE-2020-14660
10/31/20208.27.8Oracle Common Applications CRM User Management Framework unknown vulnerability(1): source_cve_cnaNot DefinedOfficial Fix0.05CVE-2020-14688
10/31/20208.27.8Oracle Applications Framework Popups unknown vulnerability(1): source_cve_cnaNot DefinedOfficial Fix0.05CVE-2020-14534
10/31/20208.27.8Oracle Advanced Outbound Telephony User Interface unknown vulnerability(1): source_cve_cnaNot DefinedOfficial Fix0.05CVE-2020-14671
10/31/20208.27.8Oracle Advanced Outbound Telephony Settings unknown vulnerability(1): source_cve_cnaNot DefinedOfficial Fix0.37CVE-2020-14670
10/31/20209.18.7Oracle Trade Management Invoice unknown vulnerability(1): source_cve_cnaNot DefinedOfficial Fix2.24CVE-2020-14665

Do you know our Splunk app?

Download it now for free!