Multiple vulnerabilities in Oracle Complex Maintenance, Repair, and Overhaul
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 31 |
| CVE-ID | CVE-2024-21046 CVE-2024-21045 CVE-2024-21044 CVE-2024-21043 CVE-2024-21042 CVE-2024-21041 CVE-2024-21040 CVE-2024-21039 CVE-2024-21038 CVE-2024-21037 CVE-2024-21036 CVE-2024-21035 CVE-2024-21034 CVE-2024-21033 CVE-2024-21032 CVE-2024-21031 CVE-2024-21030 CVE-2024-21029 CVE-2024-21028 CVE-2024-21027 CVE-2024-21026 CVE-2024-21025 CVE-2024-21024 CVE-2024-21023 CVE-2024-21022 CVE-2024-21021 CVE-2024-21020 CVE-2024-21019 CVE-2024-21018 CVE-2024-21017 CVE-2024-21016 |
| CWE-ID | CWE-20 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Oracle Complex Maintenance, Repair, and Overhaul Other software / Other software solutions |
| Vendor | Oracle |
Security Bulletin
This security bulletin contains information about 31 vulnerabilities.
1) Improper input validation
EUVDB-ID: #VU88624
Risk: Medium
CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-21046
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The vulnerability exists due to improper input validation within the LOV component in Oracle Complex Maintenance, Repair, and Overhaul. A remote non-authenticated attacker can exploit this vulnerability to read and manipulate data.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Complex Maintenance, Repair, and Overhaul: 12.2.3 - 12.2.13
External linkshttp://www.oracle.com/security-alerts/cpuapr2024.html?3263
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Improper input validation
EUVDB-ID: #VU88623
Risk: Medium
CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-21045
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The vulnerability exists due to improper input validation within the LOV component in Oracle Complex Maintenance, Repair, and Overhaul. A remote non-authenticated attacker can exploit this vulnerability to read and manipulate data.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Complex Maintenance, Repair, and Overhaul: 12.2.3 - 12.2.13
External linkshttp://www.oracle.com/security-alerts/cpuapr2024.html?3263
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Improper input validation
EUVDB-ID: #VU88622
Risk: Medium
CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-21044
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The vulnerability exists due to improper input validation within the LOV component in Oracle Complex Maintenance, Repair, and Overhaul. A remote non-authenticated attacker can exploit this vulnerability to read and manipulate data.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Complex Maintenance, Repair, and Overhaul: 12.2.3 - 12.2.13
External linkshttp://www.oracle.com/security-alerts/cpuapr2024.html?3263
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Improper input validation
EUVDB-ID: #VU88621
Risk: Medium
CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-21043
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The vulnerability exists due to improper input validation within the LOV component in Oracle Complex Maintenance, Repair, and Overhaul. A remote non-authenticated attacker can exploit this vulnerability to read and manipulate data.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Complex Maintenance, Repair, and Overhaul: 12.2.3 - 12.2.13
External linkshttp://www.oracle.com/security-alerts/cpuapr2024.html?3263
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Improper input validation
EUVDB-ID: #VU88620
Risk: Medium
CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-21042
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The vulnerability exists due to improper input validation within the LOV component in Oracle Complex Maintenance, Repair, and Overhaul. A remote non-authenticated attacker can exploit this vulnerability to read and manipulate data.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Complex Maintenance, Repair, and Overhaul: 12.2.3 - 12.2.13
External linkshttp://www.oracle.com/security-alerts/cpuapr2024.html?3263
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Improper input validation
EUVDB-ID: #VU88619
Risk: Medium
CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-21041
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The vulnerability exists due to improper input validation within the LOV component in Oracle Complex Maintenance, Repair, and Overhaul. A remote non-authenticated attacker can exploit this vulnerability to read and manipulate data.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Complex Maintenance, Repair, and Overhaul: 12.2.3 - 12.2.13
External linkshttp://www.oracle.com/security-alerts/cpuapr2024.html?3263
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Improper input validation
EUVDB-ID: #VU88618
Risk: Medium
CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-21040
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The vulnerability exists due to improper input validation within the LOV component in Oracle Complex Maintenance, Repair, and Overhaul. A remote non-authenticated attacker can exploit this vulnerability to read and manipulate data.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Complex Maintenance, Repair, and Overhaul: 12.2.3 - 12.2.13
External linkshttp://www.oracle.com/security-alerts/cpuapr2024.html?3263
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Improper input validation
EUVDB-ID: #VU88617
Risk: Medium
CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-21039
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The vulnerability exists due to improper input validation within the LOV component in Oracle Complex Maintenance, Repair, and Overhaul. A remote non-authenticated attacker can exploit this vulnerability to read and manipulate data.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Complex Maintenance, Repair, and Overhaul: 12.2.3 - 12.2.13
External linkshttp://www.oracle.com/security-alerts/cpuapr2024.html?3263
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Improper input validation
EUVDB-ID: #VU88616
Risk: Medium
CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-21038
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The vulnerability exists due to improper input validation within the LOV component in Oracle Complex Maintenance, Repair, and Overhaul. A remote non-authenticated attacker can exploit this vulnerability to read and manipulate data.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Complex Maintenance, Repair, and Overhaul: 12.2.3 - 12.2.13
External linkshttp://www.oracle.com/security-alerts/cpuapr2024.html?3263
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Improper input validation
EUVDB-ID: #VU88615
Risk: Medium
CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-21037
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The vulnerability exists due to improper input validation within the LOV component in Oracle Complex Maintenance, Repair, and Overhaul. A remote non-authenticated attacker can exploit this vulnerability to read and manipulate data.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Complex Maintenance, Repair, and Overhaul: 12.2.3 - 12.2.13
External linkshttp://www.oracle.com/security-alerts/cpuapr2024.html?3263
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Improper input validation
EUVDB-ID: #VU88614
Risk: Medium
CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-21036
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The vulnerability exists due to improper input validation within the LOV component in Oracle Complex Maintenance, Repair, and Overhaul. A remote non-authenticated attacker can exploit this vulnerability to read and manipulate data.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Complex Maintenance, Repair, and Overhaul: 12.2.3 - 12.2.13
External linkshttp://www.oracle.com/security-alerts/cpuapr2024.html?3263
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Improper input validation
EUVDB-ID: #VU88613
Risk: Medium
CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-21035
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The vulnerability exists due to improper input validation within the LOV component in Oracle Complex Maintenance, Repair, and Overhaul. A remote non-authenticated attacker can exploit this vulnerability to read and manipulate data.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Complex Maintenance, Repair, and Overhaul: 12.2.3 - 12.2.13
External linkshttp://www.oracle.com/security-alerts/cpuapr2024.html?3263
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Improper input validation
EUVDB-ID: #VU88612
Risk: Medium
CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-21034
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The vulnerability exists due to improper input validation within the LOV component in Oracle Complex Maintenance, Repair, and Overhaul. A remote non-authenticated attacker can exploit this vulnerability to read and manipulate data.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Complex Maintenance, Repair, and Overhaul: 12.2.3 - 12.2.13
External linkshttp://www.oracle.com/security-alerts/cpuapr2024.html?3263
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Improper input validation
EUVDB-ID: #VU88611
Risk: Medium
CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-21033
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The vulnerability exists due to improper input validation within the LOV component in Oracle Complex Maintenance, Repair, and Overhaul. A remote non-authenticated attacker can exploit this vulnerability to read and manipulate data.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Complex Maintenance, Repair, and Overhaul: 12.2.3 - 12.2.13
External linkshttp://www.oracle.com/security-alerts/cpuapr2024.html?3263
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Improper input validation
EUVDB-ID: #VU88610
Risk: Medium
CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-21032
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The vulnerability exists due to improper input validation within the LOV component in Oracle Complex Maintenance, Repair, and Overhaul. A remote non-authenticated attacker can exploit this vulnerability to read and manipulate data.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Complex Maintenance, Repair, and Overhaul: 12.2.3 - 12.2.13
External linkshttp://www.oracle.com/security-alerts/cpuapr2024.html?3263
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Improper input validation
EUVDB-ID: #VU88609
Risk: Medium
CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-21031
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The vulnerability exists due to improper input validation within the LOV component in Oracle Complex Maintenance, Repair, and Overhaul. A remote non-authenticated attacker can exploit this vulnerability to read and manipulate data.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Complex Maintenance, Repair, and Overhaul: 12.2.3 - 12.2.13
External linkshttp://www.oracle.com/security-alerts/cpuapr2024.html?3263
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Improper input validation
EUVDB-ID: #VU88608
Risk: Medium
CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-21030
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The vulnerability exists due to improper input validation within the LOV component in Oracle Complex Maintenance, Repair, and Overhaul. A remote non-authenticated attacker can exploit this vulnerability to read and manipulate data.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Complex Maintenance, Repair, and Overhaul: 12.2.3 - 12.2.13
External linkshttp://www.oracle.com/security-alerts/cpuapr2024.html?3263
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Improper input validation
EUVDB-ID: #VU88607
Risk: Medium
CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-21029
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The vulnerability exists due to improper input validation within the LOV component in Oracle Complex Maintenance, Repair, and Overhaul. A remote non-authenticated attacker can exploit this vulnerability to read and manipulate data.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Complex Maintenance, Repair, and Overhaul: 12.2.3 - 12.2.13
External linkshttp://www.oracle.com/security-alerts/cpuapr2024.html?3263
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Improper input validation
EUVDB-ID: #VU88606
Risk: Medium
CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-21028
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The vulnerability exists due to improper input validation within the LOV component in Oracle Complex Maintenance, Repair, and Overhaul. A remote non-authenticated attacker can exploit this vulnerability to read and manipulate data.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Complex Maintenance, Repair, and Overhaul: 12.2.3 - 12.2.13
External linkshttp://www.oracle.com/security-alerts/cpuapr2024.html?3263
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Improper input validation
EUVDB-ID: #VU88605
Risk: Medium
CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-21027
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The vulnerability exists due to improper input validation within the LOV component in Oracle Complex Maintenance, Repair, and Overhaul. A remote non-authenticated attacker can exploit this vulnerability to read and manipulate data.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Complex Maintenance, Repair, and Overhaul: 12.2.3 - 12.2.13
External linkshttp://www.oracle.com/security-alerts/cpuapr2024.html?3263
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Improper input validation
EUVDB-ID: #VU88604
Risk: Medium
CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-21026
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The vulnerability exists due to improper input validation within the LOV component in Oracle Complex Maintenance, Repair, and Overhaul. A remote non-authenticated attacker can exploit this vulnerability to read and manipulate data.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Complex Maintenance, Repair, and Overhaul: 12.2.3 - 12.2.13
External linkshttp://www.oracle.com/security-alerts/cpuapr2024.html?3263
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Improper input validation
EUVDB-ID: #VU88603
Risk: Medium
CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-21025
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The vulnerability exists due to improper input validation within the LOV component in Oracle Complex Maintenance, Repair, and Overhaul. A remote non-authenticated attacker can exploit this vulnerability to read and manipulate data.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Complex Maintenance, Repair, and Overhaul: 12.2.3 - 12.2.13
External linkshttp://www.oracle.com/security-alerts/cpuapr2024.html?3263
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Improper input validation
EUVDB-ID: #VU88602
Risk: Medium
CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-21024
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The vulnerability exists due to improper input validation within the LOV component in Oracle Complex Maintenance, Repair, and Overhaul. A remote non-authenticated attacker can exploit this vulnerability to read and manipulate data.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Complex Maintenance, Repair, and Overhaul: 12.2.3 - 12.2.13
External linkshttp://www.oracle.com/security-alerts/cpuapr2024.html?3263
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Improper input validation
EUVDB-ID: #VU88601
Risk: Medium
CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-21023
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The vulnerability exists due to improper input validation within the LOV component in Oracle Complex Maintenance, Repair, and Overhaul. A remote non-authenticated attacker can exploit this vulnerability to read and manipulate data.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Complex Maintenance, Repair, and Overhaul: 12.2.3 - 12.2.13
External linkshttp://www.oracle.com/security-alerts/cpuapr2024.html?3263
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Improper input validation
EUVDB-ID: #VU88600
Risk: Medium
CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-21022
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The vulnerability exists due to improper input validation within the LOV component in Oracle Complex Maintenance, Repair, and Overhaul. A remote non-authenticated attacker can exploit this vulnerability to read and manipulate data.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Complex Maintenance, Repair, and Overhaul: 12.2.3 - 12.2.13
External linkshttp://www.oracle.com/security-alerts/cpuapr2024.html?3263
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Improper input validation
EUVDB-ID: #VU88599
Risk: Medium
CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-21021
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The vulnerability exists due to improper input validation within the LOV component in Oracle Complex Maintenance, Repair, and Overhaul. A remote non-authenticated attacker can exploit this vulnerability to read and manipulate data.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Complex Maintenance, Repair, and Overhaul: 12.2.3 - 12.2.13
External linkshttp://www.oracle.com/security-alerts/cpuapr2024.html?3263
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Improper input validation
EUVDB-ID: #VU88598
Risk: Medium
CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-21020
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The vulnerability exists due to improper input validation within the LOV component in Oracle Complex Maintenance, Repair, and Overhaul. A remote non-authenticated attacker can exploit this vulnerability to read and manipulate data.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Complex Maintenance, Repair, and Overhaul: 12.2.3 - 12.2.13
External linkshttp://www.oracle.com/security-alerts/cpuapr2024.html?3263
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Improper input validation
EUVDB-ID: #VU88597
Risk: Medium
CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-21019
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The vulnerability exists due to improper input validation within the LOV component in Oracle Complex Maintenance, Repair, and Overhaul. A remote non-authenticated attacker can exploit this vulnerability to read and manipulate data.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Complex Maintenance, Repair, and Overhaul: 12.2.3 - 12.2.13
External linkshttp://www.oracle.com/security-alerts/cpuapr2024.html?3263
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) Improper input validation
EUVDB-ID: #VU88596
Risk: Medium
CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-21018
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The vulnerability exists due to improper input validation within the LOV component in Oracle Complex Maintenance, Repair, and Overhaul. A remote non-authenticated attacker can exploit this vulnerability to read and manipulate data.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Complex Maintenance, Repair, and Overhaul: 12.2.3 - 12.2.13
External linkshttp://www.oracle.com/security-alerts/cpuapr2024.html?3263
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) Improper input validation
EUVDB-ID: #VU88595
Risk: Medium
CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-21017
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The vulnerability exists due to improper input validation within the LOV component in Oracle Complex Maintenance, Repair, and Overhaul. A remote non-authenticated attacker can exploit this vulnerability to read and manipulate data.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Complex Maintenance, Repair, and Overhaul: 12.2.3 - 12.2.13
External linkshttp://www.oracle.com/security-alerts/cpuapr2024.html?3263
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) Improper input validation
EUVDB-ID: #VU88594
Risk: Medium
CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-21016
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The vulnerability exists due to improper input validation within the LOV component in Oracle Complex Maintenance, Repair, and Overhaul. A remote non-authenticated attacker can exploit this vulnerability to read and manipulate data.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Complex Maintenance, Repair, and Overhaul: 12.2.3 - 12.2.13
External linkshttp://www.oracle.com/security-alerts/cpuapr2024.html?3263
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
