Oracle Application Server Portal — known CVE vulnerabilities
Every CVE whose affected-product data names Oracle Application Server Portal, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (6)
CVE-2003-1193 — CVSS 7.5 (high): Multiple SQL injection vulnerabilities in the Portal DB (1) List of Values (LOVs), (2) Forms, (3) Hierarchy, and (4) XML components…
CVE-2006-6697 — CVSS 7.5 (high): CRLF injection vulnerability in webapp/jsp/calendar.jsp in Oracle Portal 10g and earlier, including 9.0.2, allows remote attackers to…
CVE-2004-1707 — CVSS 7.2 (high): The (1) dbsnmp and (2) nmo programs in Oracle 8i, Oracle 9i, and Oracle IAS 9.0.2.0.1, on Unix systems, use a default path to find and…
CVE-2006-6699 — CVSS 5.0 (medium): Multiple CRLF injection vulnerabilities in Oracle Portal 9.0.2 and possibly other versions allow remote attackers to inject arbitrary HTTP…
CVE-2008-2138 — CVSS 5.0 (medium): Oracle Application Server (OracleAS) Portal 10g allows remote attackers to bypass intended access restrictions and read the contents of…
CVE-2007-1506 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in PORTAL.wwv_main.render_warning_screen in the Oracle Portal 10g allows remote attackers to…