Agile Product Lifecycle Management For Process
Monthly
Oracle Agile PLM for Process has a CVSS 9.8 vulnerability in the Supply Chain Sourcing component that allows unauthenticated remote attackers to fully compromise the system.
Agile Product Lifecycle Management For Process versions up to 6.2.4 is affected by cross-site scripting (xss) (CVSS 6.5).
Vulnerability in the Oracle Agile Product Lifecycle Management for Process product of Oracle Supply Chain (component: Product Quality Management). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Vulnerability in the Oracle Agile Product Lifecycle Management for Process product of Oracle Supply Chain (component: Data Import). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Vulnerability in the Oracle Agile Product Lifecycle Management for Process product of Oracle Supply Chain (component: Installation). Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Vulnerability in the Advanced Networking Option component of Oracle Database Server. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.
In jQuery starting with 1.12.0 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.
{}, ...) because of Object.prototype pollution. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
Vulnerability in the Oracle Agile Product Lifecycle Management for Process component of Oracle Supply Chain Products Suite (subcomponent: User Group Management). Rated medium severity (CVSS 5.0).
Vulnerability in the Oracle Agile Product Lifecycle Management for Process component of Oracle Supply Chain Products Suite (subcomponent: Installation). Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity.
Vulnerability in the Oracle Agile Product Lifecycle Management for Process component of Oracle Supply Chain Products Suite (subcomponent: Installation). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Unspecified vulnerability in the Oracle Agile Product Lifecycle Management for Process component in Oracle Supply Chain Products Suite 6.1.0.4, 6.1.1.6, and 6.2.0.0 allows local users to affect. Rated medium severity (CVSS 4.1). This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.
Oracle Agile PLM for Process has a CVSS 9.8 vulnerability in the Supply Chain Sourcing component that allows unauthenticated remote attackers to fully compromise the system.
Agile Product Lifecycle Management For Process versions up to 6.2.4 is affected by cross-site scripting (xss) (CVSS 6.5).
Vulnerability in the Oracle Agile Product Lifecycle Management for Process product of Oracle Supply Chain (component: Product Quality Management). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Vulnerability in the Oracle Agile Product Lifecycle Management for Process product of Oracle Supply Chain (component: Data Import). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Vulnerability in the Oracle Agile Product Lifecycle Management for Process product of Oracle Supply Chain (component: Installation). Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Vulnerability in the Advanced Networking Option component of Oracle Database Server. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.
In jQuery starting with 1.12.0 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.
{}, ...) because of Object.prototype pollution. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
Vulnerability in the Oracle Agile Product Lifecycle Management for Process component of Oracle Supply Chain Products Suite (subcomponent: User Group Management). Rated medium severity (CVSS 5.0).
Vulnerability in the Oracle Agile Product Lifecycle Management for Process component of Oracle Supply Chain Products Suite (subcomponent: Installation). Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity.
Vulnerability in the Oracle Agile Product Lifecycle Management for Process component of Oracle Supply Chain Products Suite (subcomponent: Installation). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Unspecified vulnerability in the Oracle Agile Product Lifecycle Management for Process component in Oracle Supply Chain Products Suite 6.1.0.4, 6.1.1.6, and 6.2.0.0 allows local users to affect. Rated medium severity (CVSS 4.1). This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.