Deploy autonomous AI agents that reason, exploit, and validate complex vulnerability chains — not another scanner, an agentic system that thinks like a senior pentester.
CVE-2015-4849 is a low severity vulnerability with a CVSS score of 0.0. Exploits are available; patches have been released and should be applied urgently.
Lower probability of exploitation
EPSS predicts the probability of exploitation in the next 30 days based on real-world threat data, complementing CVSS severity scores with actual risk assessment.
Unspecified vulnerability in the Oracle Payments component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Punch-in. NOTE: the previous information is from the October 2015 CPU. Oracle has not commented on third-party claims that this issue is an XML External Entity (XXE) vulnerability, which allows remote attackers to cause a denial of service or conduct SMB Relay attacks via a crafted DTD in an XML request to OA_HTML/IspPunchInServlet.
| Vendor | Product |
|---|---|
| Oracle | E Business Suite |
Please cite this page when referencing data from Strobes VI. Proper attribution helps support our vulnerability intelligence research.