CISA Catalog
Data sourced from the official CISA Known Exploited Vulnerabilities Catalog. Federal agencies are required to remediate these vulnerabilities by the due date per BOD 22-01.
KEV Entries
1,619
Ransomware Use
327
Overdue
1,615
Vendors
266
Products
655
44 results · Page 1/2
Oracle PeopleSoft Enterprise PeopleTools Missing Authentication for Critical Function Vulnerability
Oracle · PeopleSoft Enterprise PeopleTools
Oracle PeopleSoft Enterprise PeopleTools contains a missing authentication for critical function vulnerability which could allow an unauthenticated attacker to obtain takeover of PeopleSoft Enterprise PeopleTools.
Required Action
Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
Oracle WebLogic Server Unspecified Vulnerability
Oracle · WebLogic Server
Oracle WebLogic contains an unspecified vulnerability that could allow an unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data.
Required Action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Oracle Fusion Middleware Missing Authentication for Critical Function Vulnerability
Oracle · Fusion Middleware
Oracle Fusion Middleware contains a missing authentication for critical function vulnerability, allowing unauthenticated remote attackers to take over Identity Manager.
Required Action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Oracle E-Business Suite Server-Side Request Forgery (SSRF) Vulnerability
Oracle · E-Business Suite
Oracle E-Business Suite contains a server-side request forgery (SSRF) vulnerability in the Runtime component of Oracle Configurator. This vulnerability is remotely exploitable without authentication.
Required Action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Oracle E-Business Suite Unspecified Vulnerability
Oracle · E-Business Suite
Oracle E-Business Suite contains an unspecified vulnerability in the BI Publisher Integration component. The vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Concurrent Processing. Successful attacks can result in takeover of Oracle Concurrent Processing.
Required Action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Oracle Agile Product Lifecycle Management (PLM) Deserialization Vulnerability
Oracle · Agile Product Lifecycle Management (PLM)
Oracle Agile Product Lifecycle Management (PLM) contains a deserialization vulnerability that allows a low-privileged attacker with network access via HTTP to compromise the system.
Required Action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Oracle WebLogic Server Unspecified Vulnerability
Oracle · WebLogic Server
Oracle WebLogic Server, a product within the Fusion Middleware suite, contains an unspecified vulnerability exploitable by an unauthenticated attacker with network access via IIOP or T3.
Required Action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Oracle Agile Product Lifecycle Management (PLM) Incorrect Authorization Vulnerability
Oracle · Agile Product Lifecycle Management (PLM)
Oracle Agile Product Lifecycle Management (PLM) contains an incorrect authorization vulnerability in the Process Extension component of the Software Development Kit. Successful exploitation of this vulnerability may result in unauthenticated file disclosure.
Required Action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Oracle WebLogic Server Remote Code Execution Vulnerability
Oracle · WebLogic Server
Oracle WebLogic Server, a product within the Fusion Middleware suite, contains a deserialization vulnerability. Unauthenticated attackers with network access via T3 or IIOP can exploit this vulnerability to achieve remote code execution.
Required Action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Oracle ADF Faces Deserialization of Untrusted Data Vulnerability
Oracle · ADF Faces
Oracle ADF Faces library, included with Oracle JDeveloper Distribution, contains a deserialization of untrusted data vulnerability leading to unauthenticated remote code execution.
Required Action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Oracle WebLogic Server OS Command Injection Vulnerability
Oracle · WebLogic Server
Oracle WebLogic Server, a product within the Fusion Middleware suite, contains an OS command injection vulnerability that allows an attacker to execute arbitrary code via a specially crafted HTTP request that includes a malicious XML document.
Required Action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Oracle Fusion Middleware Unspecified Vulnerability
Oracle · Fusion Middleware
Oracle Fusion Middleware contains an unspecified vulnerability in the WLS Core Components that allows an unauthenticated attacker with network access via IIOP to compromise the WebLogic Server.
Required Action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Oracle Java SE and JRockit Unspecified Vulnerability
Oracle · Java SE and JRockit
Oracle Java SE and JRockit contains an unspecified vulnerability that allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Java Management Extensions (JMX). This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service.
Required Action
Apply updates per vendor instructions.
Oracle WebLogic Server Unspecified Vulnerability
Oracle · WebLogic Server
Oracle WebLogic Server contains an unspecified vulnerability that allows an unauthenticated attacker with network access via T3, IIOP, to compromise Oracle WebLogic Server.
Required Action
Apply updates per vendor instructions.
Oracle E-Business Suite Unspecified Vulnerability
Oracle · E-Business Suite
Oracle E-Business Suite contains an unspecified vulnerability that allows an unauthenticated attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator.
Required Action
Apply updates per vendor instructions.
Oracle Fusion Middleware Unspecified Vulnerability
Oracle · Fusion Middleware
Oracle Fusion Middleware Access Manager allows an unauthenticated attacker with network access via HTTP to takeover the Access Manager product.
Required Action
Apply updates per vendor instructions.
Oracle WebLogic Server Unspecified Vulnerability
Oracle · WebLogic Server
Oracle WebLogic Server contains an unspecified vulnerability which can allow an unauthenticated attacker with T3 network access to compromise the server.
Required Action
Apply updates per vendor instructions.
Oracle Solaris Privilege Escalation Vulnerability
Oracle · Solaris
Oracle Solaris component: XScreenSaver contains an unspecified vulnerability that allows for privilege escalation.
Required Action
Apply updates per vendor instructions.
Oracle JRE Unspecified Vulnerability
Oracle · Java Runtime Environment (JRE)
Unspecified vulnerability in hotspot for Java Runtime Environment (JRE) allows remote attackers to affect integrity.
Required Action
Apply updates per vendor instructions.
Oracle JRE Sandbox Bypass Vulnerability
Oracle · Java Runtime Environment (JRE)
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle allows remote attackers to bypass the Java security sandbox.
Required Action
Apply updates per vendor instructions.
Oracle JRE Remote Code Execution Vulnerability
Oracle · Java Runtime Environment (JRE)
A vulnerability in the way Java restricts the permissions of Java applets could allow an attacker to execute commands on a vulnerable system.
Required Action
Apply updates per vendor instructions.
Oracle Fusion Middleware Unspecified Vulnerability
Oracle · Fusion Middleware
Unspecified vulnerability in the Oracle WebCenter Forms Recognition component in Oracle Fusion Middleware allows remote attackers to affect confidentiality, integrity, and availability via Unknown vectors related to Designer.
Required Action
Apply updates per vendor instructions.
Oracle JRE Unspecified Vulnerability
Oracle · Java Runtime Environment (JRE)
Unspecified vulnerability in the Java Runtime Environment (JRE) in Java SE component allows remote attackers to affect confidentiality, integrity, and availability via Unknown vectors.
Required Action
Apply updates per vendor instructions.
Oracle Java SE Unspecified Vulnerability
Oracle · Java SE
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE allows remote attackers to affect confidentiality, integrity, and availability via Unknown vectors related to 2D
Required Action
Apply updates per vendor instructions.
Oracle Java SE Sandbox Bypass Vulnerability
Oracle · Java SE
The default Java security properties configuration did not restrict access to the com.sun.org.glassfish.external and com.sun.org.glassfish.gmbal packages. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions.
Required Action
Apply updates per vendor instructions.
