Skip to main content

Configurator

13 CVEs product

Monthly

CVE-2026-21972 MEDIUM This Month

Configurator contains a vulnerability that allows attackers to unauthorized read access to a subset of Oracle Configurator accessible data (CVSS 5.3).

Oracle Configurator
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-30728 HIGH PATCH This Week

Vulnerability in the Oracle Configurator product of Oracle E-Business Suite (component: Core). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Configurator
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2025-30720 MEDIUM This Month

Vulnerability in the Oracle Configurator product of Oracle E-Business Suite (component: Orders). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Configurator
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2023-43986 CRITICAL Act Now

DM Concept configurator before v4.9.4 was discovered to contain a SQL injection vulnerability via the component ConfiguratorAttachment::getAttachmentByToken. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Configurator
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2021-2080 HIGH This Week

Vulnerability in the Oracle Configurator product of Oracle Supply Chain (component: UI Servlet). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Configurator
NVD
CVSS 3.1
8.2
EPSS
1.3%
CVE-2021-2079 HIGH This Week

Vulnerability in the Oracle Configurator product of Oracle Supply Chain (component: UI Servlet). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Configurator
NVD
CVSS 3.1
8.2
EPSS
1.3%
CVE-2021-2078 HIGH This Week

Vulnerability in the Oracle Configurator product of Oracle Supply Chain (component: UI Servlet). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Configurator
NVD
CVSS 3.1
8.2
EPSS
1.3%
CVE-2020-14669 HIGH This Week

Vulnerability in the Oracle Configurator product of Oracle Supply Chain (component: UI Servlet). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Configurator
NVD
CVSS 3.1
8.2
EPSS
1.3%
CVE-2020-2865 MEDIUM This Month

Vulnerability in the Oracle Configurator product of Oracle Supply Chain (component: Installation). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Configurator
NVD
CVSS 3.1
5.3
EPSS
1.4%
CVE-2019-2567 HIGH PATCH This Week

Vulnerability in the Oracle Configurator component of Oracle Supply Chain Products Suite (subcomponent: Active Model Generation). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Configurator
NVD
CVSS 3.0
7.5
EPSS
1.6%
CVE-2016-3438 HIGH This Week

Unspecified vulnerability in the Oracle Configurator component in Oracle Supply Chain Products Suite 12.0.6, 12.1, and 12.2 allows remote attackers to affect confidentiality and integrity via vectors. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Oracle Configurator
NVD
CVSS 3.0
8.2
EPSS
0.4%
CVE-2016-0541 MEDIUM This Month

Unspecified vulnerability in the Oracle Configurator component in Oracle Supply Chain Products Suite 11.5.10.2, 12.1, and 12.2 allows remote attackers to affect confidentiality via unknown vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Oracle Configurator
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2016-0540 MEDIUM This Month

Unspecified vulnerability in the Oracle Configurator component in Oracle Supply Chain Products Suite 11.5.10.2, 12.1, and 12.2 allows remote attackers to affect confidentiality via unknown vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Oracle Configurator
NVD
CVSS 2.0
5.0
EPSS
0.3%
EPSS 0% CVSS 5.3
MEDIUM This Month

Configurator contains a vulnerability that allows attackers to unauthorized read access to a subset of Oracle Configurator accessible data (CVSS 5.3).

Oracle Configurator
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Vulnerability in the Oracle Configurator product of Oracle E-Business Suite (component: Core). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Configurator
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

Vulnerability in the Oracle Configurator product of Oracle E-Business Suite (component: Orders). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Configurator
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

DM Concept configurator before v4.9.4 was discovered to contain a SQL injection vulnerability via the component ConfiguratorAttachment::getAttachmentByToken. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Configurator
NVD
EPSS 1% CVSS 8.2
HIGH This Week

Vulnerability in the Oracle Configurator product of Oracle Supply Chain (component: UI Servlet). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Configurator
NVD
EPSS 1% CVSS 8.2
HIGH This Week

Vulnerability in the Oracle Configurator product of Oracle Supply Chain (component: UI Servlet). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Configurator
NVD
EPSS 1% CVSS 8.2
HIGH This Week

Vulnerability in the Oracle Configurator product of Oracle Supply Chain (component: UI Servlet). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Configurator
NVD
EPSS 1% CVSS 8.2
HIGH This Week

Vulnerability in the Oracle Configurator product of Oracle Supply Chain (component: UI Servlet). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Configurator
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

Vulnerability in the Oracle Configurator product of Oracle Supply Chain (component: Installation). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Configurator
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

Vulnerability in the Oracle Configurator component of Oracle Supply Chain Products Suite (subcomponent: Active Model Generation). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Configurator
NVD
EPSS 0% CVSS 8.2
HIGH This Week

Unspecified vulnerability in the Oracle Configurator component in Oracle Supply Chain Products Suite 12.0.6, 12.1, and 12.2 allows remote attackers to affect confidentiality and integrity via vectors. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Oracle Configurator
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

Unspecified vulnerability in the Oracle Configurator component in Oracle Supply Chain Products Suite 11.5.10.2, 12.1, and 12.2 allows remote attackers to affect confidentiality via unknown vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Oracle Configurator
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

Unspecified vulnerability in the Oracle Configurator component in Oracle Supply Chain Products Suite 11.5.10.2, 12.1, and 12.2 allows remote attackers to affect confidentiality via unknown vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Oracle Configurator
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy