Vulnerabilities > Oracle > Advanced Supply Chain Planning > Critical

DATE CVE VULNERABILITY TITLE RISK
2022-01-18 CVE-2022-23305 SQL Injection vulnerability in multiple products
By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout.
network
low complexity
apache netapp broadcom qos oracle CWE-89
critical
 9.8
9.8
2016-10-25 CVE-2016-5599 Improper Access Control vulnerability in Oracle Advanced Supply Chain Planning 12.2.3/12.2.4/12.2.5
Unspecified vulnerability in the Oracle Advanced Supply Chain Planning component in Oracle Supply Chain Products Suite 12.2.3 through 12.2.5 allows remote attackers to affect confidentiality and integrity via vectors related to MscObieeSrvlt.
network
low complexity
oracle CWE-284
critical
 9.1
9.1