Oracle Applications Framework — known CVE vulnerabilities
Every CVE whose affected-product data names Oracle Applications Framework, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (28)
CVE-2021-2200 — CVSS 9.1 (critical): Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Home page). The supported version that is…
CVE-2020-2890 — CVSS 8.2 (high): Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Diagnostics). Supported versions that are…
CVE-2018-3243 — CVSS 8.2 (high): Vulnerability in the Oracle Applications Framework component of Oracle E-Business Suite (subcomponent: None). Supported versions that are…
CVE-2019-2682 — CVSS 8.2 (high): Vulnerability in the Oracle Applications Framework component of Oracle E-Business Suite (subcomponent: Attachments / File Upload)…
CVE-2020-14534 — CVSS 8.2 (high): Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Popups). The supported version that is…
CVE-2021-2380 — CVSS 7.6 (high): Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Attachments / File Upload). Supported…
CVE-2020-14610 — CVSS 7.6 (high): Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Attachments / File Upload). The supported…
CVE-2022-21566 — CVSS 7.5 (high): Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Diagnostics). Supported versions that are…
CVE-2016-3447 — CVSS 6.9 (medium): Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 12.1.3, 12.2.3, 12.2.4, and 12.2.5…
CVE-2024-21080 — CVSS 6.5 (medium): Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: REST Services). Supported versions that…
CVE-2022-21636 — CVSS 6.5 (medium): Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Session Management). Supported versions…
CVE-2025-50071 — CVSS 6.4 (medium): Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Web Utilities). Supported versions that…
CVE-2023-22042 — CVSS 6.1 (medium): Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Diagnostics). Supported versions that are…
CVE-2022-21468 — CVSS 6.1 (medium): Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Popups). Supported versions that are…
CVE-2022-21477 — CVSS 5.4 (medium): Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Attachments, File Upload). Supported…
CVE-2025-30711 — CVSS 5.4 (medium): Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Attachments, File Upload). Supported…
CVE-2025-30718 — CVSS 5.4 (medium): Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Attachments, File Upload). Supported…
CVE-2017-3528 — CVSS 5.4 (medium): Vulnerability in the Oracle Applications Framework component of Oracle E-Business Suite (subcomponent: Popup windows (lists of values…
CVE-2021-2477 — CVSS 5.3 (medium): Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Session Management). Supported versions…
CVE-2020-2666 — CVSS 5.3 (medium): Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Attachments / File Upload). Supported…
CVE-2020-2866 — CVSS 5.3 (medium): Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Attachments / File Upload). Supported…
CVE-2026-34298 — CVSS 4.7 (medium): Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Personalization). Supported versions that…
CVE-2020-14746 — CVSS 4.7 (medium): Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Popup windows). Supported versions that…
CVE-2020-2566 — CVSS 4.7 (medium): Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Attachments / File Upload). Supported…
CVE-2025-53064 — CVSS 4.3 (medium): Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Personalization). Supported versions that…
CVE-2025-53071 — CVSS 4.3 (medium): Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Upload Attachments). Supported versions…
CVE-2018-2971 — CVSS 4.3 (medium): Vulnerability in the Oracle Applications Framework component of Oracle E-Business Suite (subcomponent: REST Services). Supported versions…
CVE-2020-14590 — CVSS 2.7 (low): Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Page Request). Supported versions that…