Text Form of Oracle Critical Patch Update - April 2013 Risk Matrices
This document provides the text form of the CPUApr2013 Advisory Risk Matrices. Please note that the CVE numbers in this document correspond to the same CVE numbers in the CPUApr2013 Advisory
This page contains the following text format Risk Matrices:
- Oracle Database Server
- Oracle Fusion Middleware
- Oracle E-Business Suite
- Oracle Supply Chain Products Suite
- Oracle PeopleSoft Products
- Oracle Siebel CRM
- Oracle Industry Applications
- Oracle Financial Services Software
- Oracle Primavera Products Suite
- Oracle and Sun Systems Products Suite
- Oracle Sun Middleware Products
- Oracle MySQL
- Oracle Support Tools
Text Form of Risk Matrix for Oracle Database Server
This table provides the text form of the Risk Matrix for Oracle Database Server.
| CVE Identifier | Description |
|---|---|
| CVE-2013-1519 | Vulnerability in the Application Express component of Oracle Database Server. The supported version that is affected is All releases prior to 4.2.1. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Application Express accessible data. Note: The Supported Versions Affected are all releases prior to 4.2.1, with the exception of APEX 4.2 that is installed with 12.1 release of Database. CVSS Base Score 5.0 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2013-1534 | Vulnerability in the Workload Manager component of Oracle Database Server. Supported versions that are affected are 11.2.0.2 and 11.2.0.3. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. Note: This is only applicable in RAC configurations. Workload Manager is not separately downloadable. The CVSS Base Score is 10.0 only for Windows. For Linux, Unix and other platforms, the CVSS Base Score is 7.5, and the impacts for Confidentiality, Integrity and Availability are Partial+. CVSS Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C). (legend) [Advisory] |
| CVE-2013-1538 | Vulnerability in the Network Layer component of Oracle Database Server. Supported versions that are affected are 11.2.0.2 and 11.2.0.3. Easily exploitable vulnerability allows successful unauthenticated network attacks via Oracle Net. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Network Layer. CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2013-1554 | Vulnerability in the Network Layer component of Oracle Database Server. Supported versions that are affected are 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2 and 11.2.0.3. Easily exploitable vulnerability allows successful unauthenticated network attacks via Oracle Net. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Network Layer. CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory] |
Text Form of Risk Matrix for Oracle Fusion Middleware
This table provides the text form of the Risk Matrix for Oracle Fusion Middleware.
| CVE Identifier | Description |
|---|---|
| CVE-2007-1862 | Vulnerability in the Oracle HTTP Server component of Oracle Fusion Middleware (subcomponent: Web Listener). For supported versions that are affected see note. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle HTTP Server accessible data. Note: Fixed in all supported releases and patchsets. CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2009-0023 | Vulnerability in the Oracle HTTP Server component of Oracle Fusion Middleware (subcomponent: Web Listener). For supported versions that are affected see note. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle HTTP Server. Note: Fixed in all supported releases and patchsets. CVSS Base Score 4.3 (Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2009-1191 | Vulnerability in the Oracle HTTP Server component of Oracle Fusion Middleware (subcomponent: Web Listener). For supported versions that are affected see note. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle HTTP Server accessible data. Note: Fixed in all supported releases and patchsets. CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2009-1890 | Vulnerability in the Oracle HTTP Server component of Oracle Fusion Middleware (subcomponent: Web Listener). For supported versions that are affected see note. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS). Note: Fixed in all supported releases and patchsets. CVSS Base Score 7.1 (Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:C). (legend) [Advisory] |
| CVE-2009-1955 | Vulnerability in the Oracle HTTP Server component of Oracle Fusion Middleware (subcomponent: Web Listener). For supported versions that are affected see note. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS). Note: Fixed in all supported releases and patchsets. CVSS Base Score 7.8 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:C). (legend) [Advisory] |
| CVE-2009-1956 | Vulnerability in the Oracle HTTP Server component of Oracle Fusion Middleware (subcomponent: Web Listener). For supported versions that are affected see note. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle HTTP Server accessible data and ability to cause a partial denial of service (partial DOS) of Oracle HTTP Server. Note: Fixed in all supported releases and patchsets. CVSS Base Score 6.4 (Confidentiality and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:P). (legend) [Advisory] |
| CVE-2009-2699 | Vulnerability in the Oracle HTTP Server component of Oracle Fusion Middleware (subcomponent: Web Listener). For supported versions that are affected see note. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle HTTP Server. Note: Fixed in all supported releases and patchsets. CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2010-0408 | Vulnerability in the Oracle HTTP Server component of Oracle Fusion Middleware (subcomponent: Web Listener). For supported versions that are affected see note. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle HTTP Server. Note: Fixed in all supported releases and patchsets. CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2010-2068 | Vulnerability in the Oracle HTTP Server component of Oracle Fusion Middleware (subcomponent: Web Listener). For supported versions that are affected see note. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle HTTP Server accessible data. Note: Fixed in all supported releases and patchsets. CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2010-2791 | Vulnerability in the Oracle HTTP Server component of Oracle Fusion Middleware (subcomponent: Web Listener). For supported versions that are affected see note. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle HTTP Server accessible data. Note: Fixed in all supported releases and patchsets. CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2012-0841 | Vulnerability in the Oracle HTTP Server component of Oracle Fusion Middleware (subcomponent: ModSecurity). The supported version that is affected is 11.1.1.6.0. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle HTTP Server. CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2012-2751 | Vulnerability in the Oracle HTTP Server component of Oracle Fusion Middleware (subcomponent: Web Listener). The supported version that is affected is 11.1.1.6.0. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle HTTP Server accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2012-4303 | Vulnerability in the Oracle WebCenter Content component of Oracle Fusion Middleware (subcomponent: Content Server). The supported version that is affected is 11.1.1.6.0. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle WebCenter Content accessible data. CVSS Base Score 3.5 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2013-1497 | Vulnerability in the Oracle COREid Access component of Oracle Fusion Middleware (subcomponent: WebGate - WebServer plugin). The supported version that is affected is 10.1.4.3.0. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle COREid Access accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2013-1503 | Vulnerability in the Oracle WebCenter Content component of Oracle Fusion Middleware (subcomponent: Content Server). Supported versions that are affected are 10.1.3.5.1 and 11.1.1.6.0. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle WebCenter Content accessible data. CVSS Base Score 3.5 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2013-1504 | Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WebLogic Console). Supported versions that are affected are 10.0.2, 10.3.5, 10.3.6 and 12.1.1. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle WebLogic Server accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2013-1509 | Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: WebCenter Sites). Supported versions that are affected are 7.6.2, 11.1.1.6.0 and 11.1.1.6.1. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Oracle WebCenter Sites accessible data. CVSS Base Score 4.0 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2013-1514 | Vulnerability in the Oracle Containers for J2EE component of Oracle Fusion Middleware (subcomponent: RMI Support). The supported version that is affected is 10.1.3.5. Easily exploitable vulnerability allows successful authenticated network attacks via Java RMI. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Containers for J2EE accessible data. CVSS Base Score 4.0 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2013-1516 | Vulnerability in the Oracle WebCenter Capture component of Oracle Fusion Middleware (subcomponent: Import Server). The supported version that is affected is 10.1.3.5.1. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle WebCenter Capture. CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2013-1522 | Vulnerability in the Oracle WebCenter Content component of Oracle Fusion Middleware (subcomponent: Content Server). Supported versions that are affected are 10.1.3.5.1 and 11.1.1.6.0. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle WebCenter Content accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2013-1529 | Vulnerability in the Oracle WebCenter Interaction component of Oracle Fusion Middleware (subcomponent: Image Service). Supported versions that are affected are 6.5.1 and 10.3.3.0. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle WebCenter Interaction accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2013-1542 | Vulnerability in the Oracle Containers for J2EE component of Oracle Fusion Middleware (subcomponent: Servlet Runtime). The supported version that is affected is 10.1.3.5. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Containers for J2EE accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2013-1545 | Vulnerability in the Oracle HTTP Server component of Oracle Fusion Middleware (subcomponent: Web Listener). Supported versions that are affected are 10.1.3.5, 11.1.1.5.0 and 11.1.1.6.0. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle HTTP Server. CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2013-1553 | Vulnerability in the Oracle Web Services Manager component of Oracle Fusion Middleware (subcomponent: Web Services Security). The supported version that is affected is 11.1.1.6.0. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Web Services Manager accessible data as well as read access to a subset of Oracle Web Services Manager accessible data. CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). (legend) [Advisory] |
| CVE-2013-1559 | Vulnerability in the Oracle WebCenter Content component of Oracle Fusion Middleware (subcomponent: Content Server). Supported versions that are affected are 10.1.3.5.1 and 11.1.1.6.0. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebCenter Content. CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2013-1565 | Vulnerability in the Oracle GoldenGate Veridata component of Oracle Fusion Middleware (subcomponent: None). The supported version that is affected is 3.0.0.11. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle GoldenGate Veridata. CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2013-2380 | Vulnerability in the Oracle JRockit component of Oracle Fusion Middleware. Supported versions that are affected are R27.7.4 and earlier and R28.2.6 and earlier. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. Note: Oracle released a Java SE Critical Patch Update on April 16, 2013 to address multiple vulnerabilities affecting the Java Runtime Environment. Oracle CVE-2013-2380 refers to the advisories that are applicable to JRockit from the Java SE Critical Patch Update. The CVSS score of this vulnerability CVE# reflects the highest among those fixed in JRockit. The complete list of all vulnerabilities addressed in JRockit under CVE-2013-2380 is as follows: CVE-2013-1537 and CVE-2013-2415. CVSS Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C). (legend) [Advisory] |
| CVE-2013-2390 | Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WebLogic Console). Supported versions that are affected are 10.0.2, 10.3.5, 10.3.6 and 12.1.1. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle WebLogic Server accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2013-2393 | Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.3.7 and 8.4.0. Difficult to exploit vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). It does not have any particular associated protocol. If the hosting software passes data received over the network to Outside In Technology code, the CVSS Base Score would increase to 6.8. CVSS Base Score 1.5 (Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:S/C:N/I:N/A:P). (legend) [Advisory] |
Text Form of Risk Matrix for Oracle E-Business Suite
This table provides the text form of the Risk Matrix for Oracle E-Business Suite.
| CVE Identifier | Description |
|---|---|
| CVE-2013-1501 | Vulnerability in the Oracle iStore component of Oracle E-Business Suite (subcomponent: Login). The supported version that is affected is 11.5.10.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle iStore accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2013-1517 | Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Diagnostics). Supported versions that are affected are 11.5.10.2, 12.0.6 and 12.1.3. Very difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Application Object Library accessible data. CVSS Base Score 2.6 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:H/Au:N/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2013-1524 | Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Attachments). Supported versions that are affected are 12.0.6 and 12.1.3. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Application Object Library accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2013-1528 | Vulnerability in the Oracle HRMS component of Oracle E-Business Suite (subcomponent: Payroll). Supported versions that are affected are 11.5.10.2, 12.0.6, 12.1.1, 12.1.2 and 12.1.3. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle HRMS accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2013-2388 | Vulnerability in the Oracle Applications Technology Stack component of Oracle E-Business Suite (subcomponent: Mid Tier File Management). Supported versions that are affected are 11.5.10.2, 12.0.6 and 12.1.3. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Applications Technology Stack. CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2013-2396 | Vulnerability in the Oracle Applications Manager component of Oracle E-Business Suite (subcomponent: HTML OAM client). Supported versions that are affected are 12.0.6 and 12.1.3. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Applications Manager accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
Text Form of Risk Matrix for Oracle Supply Chain Products Suite
This table provides the text form of the Risk Matrix for Oracle Supply Chain Products Suite.
| CVE Identifier | Description |
|---|---|
| CVE-2013-0410 | Vulnerability in the Agile EDM component of Oracle Supply Chain Products Suite (subcomponent: Base Component - Common Objects). Supported versions that are affected are 6.1.1.0, 6.1.2.0 and 6.1.2.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to all Agile EDM accessible data. CVSS Base Score 4.3 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2013-1536 | Vulnerability in the Oracle Transportation Management component of Oracle Supply Chain Products Suite (subcomponent: Security). Supported versions that are affected are 5.5.05 and 6.2. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to all Oracle Transportation Management accessible data. CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2013-2441 | Vulnerability in the Agile EDM component of Oracle Supply Chain Products Suite (subcomponent: Java Client). Supported versions that are affected are 6.1.1.0, 6.1.2.0 and 6.1.2.2. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Agile EDM accessible data. CVSS Base Score 4.0 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:P/A:N). (legend) [Advisory] |
Text Form of Risk Matrix for Oracle PeopleSoft Products
This table provides the text form of the Risk Matrix for Oracle PeopleSoft Products.
| CVE Identifier | Description |
|---|---|
| CVE-2013-1513 | Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: PIA Core Technology). Supported versions that are affected are 8.51, 8.52 and 8.53. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft Enterprise PeopleTools accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2013-1527 | Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Report Distribution). Supported versions that are affected are 8.51, 8.52 and 8.53. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2013-1550 | Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: WorkCenter). Supported versions that are affected are 8.52 and 8.53. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft Enterprise PeopleTools accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2013-2374 | Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Rich Text Editor). Supported versions that are affected are 8.51, 8.52 and 8.53. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft Enterprise PeopleTools accessible data. CVSS Base Score 4.0 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2013-2401 | Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Portal). Supported versions that are affected are 8.51, 8.52 and 8.53. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft Enterprise PeopleTools accessible data. CVSS Base Score 3.5 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2013-2402 | Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: WorkCenter). Supported versions that are affected are 8.51, 8.52 and 8.53. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft Enterprise PeopleTools accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2013-2404 | Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Portal). Supported versions that are affected are 8.51, 8.52 and 8.53. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft Enterprise PeopleTools accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2013-2406 | Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: PIA Core Technology). Supported versions that are affected are 8.51, 8.52 and 8.53. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft Enterprise PeopleTools accessible data. CVSS Base Score 3.5 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2013-2408 | Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: PIA Core Technology). Supported versions that are affected are 8.51, 8.52 and 8.53. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft Enterprise PeopleTools accessible data. Note: This only affects IE 6. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2013-2409 | Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: PIA Core Technology). Supported versions that are affected are 8.51, 8.52 and 8.53. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2013-2410 | Vulnerability in the PeopleSoft Enterprise HRMS component of Oracle PeopleSoft Products (subcomponent: Absence Management). The supported version that is affected is 9.1.0. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise HRMS accessible data. CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory] |
Text Form of Risk Matrix for Oracle Siebel CRM
This table provides the text form of the Risk Matrix for Oracle Siebel CRM.
| CVE Identifier | Description |
|---|---|
| CVE-2013-0416 | Vulnerability in the Siebel Enterprise Application Integration component of Oracle Siebel CRM (subcomponent: Web Services). Supported versions that are affected are 8.1.1 and 8.2.2. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Siebel Enterprise Application Integration accessible data. CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2013-1510 | Vulnerability in the Siebel UI Framework component of Oracle Siebel CRM (subcomponent: Portal Framework). Supported versions that are affected are 8.1.1 and 8.2.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Siebel UI Framework accessible data. CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2013-1543 | Vulnerability in the Siebel UI Framework component of Oracle Siebel CRM (subcomponent: Open UI Client ). Supported versions that are affected are 8.1.1 and 8.2.2. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Siebel UI Framework accessible data. CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2013-1551 | Vulnerability in the Siebel Enterprise Application Integration component of Oracle Siebel CRM (subcomponent: Integration Business Services). Supported versions that are affected are 8.1.1 and 8.2.2. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Siebel Enterprise Application Integration accessible data as well as read access to a subset of Siebel Enterprise Application Integration accessible data and ability to cause a partial denial of service (partial DOS) of Siebel Enterprise Application Integration. CVSS Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:P/I:P/A:P). (legend) [Advisory] |
| CVE-2013-2398 | Vulnerability in the Siebel UI Framework component of Oracle Siebel CRM (subcomponent: Open UI Client ). Supported versions that are affected are 8.1.1 and 8.2.2. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Siebel UI Framework accessible data as well as read access to a subset of Siebel UI Framework accessible data and ability to cause a partial denial of service (partial DOS) of Siebel UI Framework. CVSS Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:P/I:P/A:P). (legend) [Advisory] |
| CVE-2013-2399 | Vulnerability in the Siebel Call Center component of Oracle Siebel CRM (subcomponent: Email - COMM Server Components). Supported versions that are affected are 8.1.1 and 8.2.2. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Siebel Call Center accessible data. CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2013-2403 | Vulnerability in the Siebel Enterprise Application Integration component of Oracle Siebel CRM (subcomponent: Web Services). Supported versions that are affected are 8.1.1 and 8.2.2. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Siebel Enterprise Application Integration accessible data. CVSS Base Score 3.5 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2013-2413 | Vulnerability in the Siebel Enterprise Application Integration component of Oracle Siebel CRM (subcomponent: Web Services). Supported versions that are affected are 8.1.1 and 8.2.2. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Siebel Enterprise Application Integration accessible data as well as read access to a subset of Siebel Enterprise Application Integration accessible data. CVSS Base Score 4.9 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:P/I:P/A:N). (legend) [Advisory] |
Text Form of Risk Matrix for Oracle Industry Applications
This table provides the text form of the Risk Matrix for Oracle Industry Applications.
| CVE Identifier | Description |
|---|---|
| CVE-2013-1520 | Vulnerability in the Oracle Clinical Remote Data Capture Option component of Oracle Industry Applications (subcomponent: HTML Surround). Supported versions that are affected are 4.6.0 and 4.6.6. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Oracle Clinical Remote Data Capture Option accessible data as well as read access to all Oracle Clinical Remote Data Capture Option accessible data. CVSS Base Score 5.5 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:N). (legend) [Advisory] |
| CVE-2013-1525 | Vulnerability in the Oracle Retail Integration Bus component of Oracle Industry Applications (subcomponent: Retail Integration Bus Manager). Supported versions that are affected are 13.0, 13.1 and 13.2. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Retail Integration Bus accessible data. CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2013-2397 | Vulnerability in the Oracle Retail Central Office component of Oracle Industry Applications (subcomponent: Customer Operations (Add, Search)). Supported versions that are affected are 13.1, 13.2, 13.3 and 13.4. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Oracle Retail Central Office accessible data as well as read access to all Oracle Retail Central Office accessible data. CVSS Base Score 5.5 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:N). (legend) [Advisory] |
Text Form of Risk Matrix for Oracle Financial Services Software
This table provides the text form of the Risk Matrix for Oracle Financial Services Software.
| CVE Identifier | Description |
|---|---|
| CVE-2013-1505 | Vulnerability in the Oracle FLEXCUBE Direct Banking component of Oracle Financial Services Software (subcomponent: BASE). Supported versions that are affected are 2.8.0 - 3.1.0. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle FLEXCUBE Direct Banking accessible data as well as read access to a subset of Oracle FLEXCUBE Direct Banking accessible data. CVSS Base Score 4.9 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:P/I:P/A:N). (legend) [Advisory] |
| CVE-2013-1533 | Vulnerability in the Oracle FLEXCUBE Direct Banking component of Oracle Financial Services Software (subcomponent: BASE). Supported versions that are affected are 2.8.0 - 3.1.0, 5.1.0, 5.2.0, 5.3.1 - 5.3.3 and 6.0.1 - 12.0.0. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Oracle FLEXCUBE Direct Banking accessible data as well as read access to all Oracle FLEXCUBE Direct Banking accessible data. CVSS Base Score 5.5 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:N). (legend) [Advisory] |
| CVE-2013-1535 | Vulnerability in the Oracle FLEXCUBE Direct Banking component of Oracle Financial Services Software (subcomponent: BASE). Supported versions that are affected are 2.8.0 - 4.1.0, 5.1.0,5.2.0, 5.3.4 and 6.0.1. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Direct Banking accessible data. CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2013-1539 | Vulnerability in the Oracle FLEXCUBE Direct Banking component of Oracle Financial Services Software (subcomponent: CTF). Supported versions that are affected are 2.8.0 - 3.1.0, 5.0.2 - 5.0.5 and 5.3.0 - 5.3.4. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Direct Banking accessible data. CVSS Base Score 3.5 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2013-1541 | Vulnerability in the Oracle FLEXCUBE Direct Banking component of Oracle Financial Services Software (subcomponent: BASE). Supported versions that are affected are 2.8.0 - 3.1.0, 5.0.2 - 5.0.5 and 5.3.0 - 5.3.4. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Direct Banking accessible data. CVSS Base Score 3.5 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2013-1546 | Vulnerability in the Oracle FLEXCUBE Direct Banking component of Oracle Financial Services Software (subcomponent: BASE). Supported versions that are affected are 2.8.0 - 3.1.0 and 5.0.2 - 12.0.1. Difficult to exploit vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized read access to a subset of Oracle FLEXCUBE Direct Banking accessible data. CVSS Base Score 1.5 (Confidentiality impacts). CVSS V2 Vector: (AV:L/AC:M/Au:S/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2013-1547 | Vulnerability in the Oracle FLEXCUBE Direct Banking component of Oracle Financial Services Software (subcomponent: BASE). Supported versions that are affected are 2.8.0 - 12.0.1. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle FLEXCUBE Direct Banking accessible data. CVSS Base Score 3.5 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2013-1549 | Vulnerability in the Oracle FLEXCUBE Direct Banking component of Oracle Financial Services Software (subcomponent: BASE). Supported versions that are affected are 2.8.0 - 5.3.3, 6.0.1 and 12.0.0. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle FLEXCUBE Direct Banking accessible data. CVSS Base Score 3.5 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2013-1556 | Vulnerability in the Oracle FLEXCUBE Direct Banking component of Oracle Financial Services Software (subcomponent: OTH). Supported versions that are affected are 2.8.0 - 12.0.1. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle FLEXCUBE Direct Banking accessible data. CVSS Base Score 3.5 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2013-1560 | Vulnerability in the Oracle FLEXCUBE Direct Banking component of Oracle Financial Services Software (subcomponent: BASE). Supported versions that are affected are 2.8.0 - 4.1.0. Very difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Direct Banking accessible data. CVSS Base Score 2.1 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:H/Au:S/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2013-1562 | Vulnerability in the Oracle FLEXCUBE Direct Banking component of Oracle Financial Services Software (subcomponent: HELP). Supported versions that are affected are 2.8.0 - 4.1.0. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle FLEXCUBE Direct Banking accessible data. CVSS Base Score 4.0 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2013-1568 | Vulnerability in the Oracle FLEXCUBE Direct Banking component of Oracle Financial Services Software (subcomponent: CB). Supported versions that are affected are 2.8.0 - 5.3.3, 6.0.1 and 6.2.0. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle FLEXCUBE Direct Banking. CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2013-2377 | Vulnerability in the Oracle FLEXCUBE Direct Banking component of Oracle Financial Services Software (subcomponent: My Services). Supported versions that are affected are 2.8.0 - 4.1.0. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Direct Banking accessible data. CVSS Base Score 3.5 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2013-2379 | Vulnerability in the Oracle FLEXCUBE Direct Banking component of Oracle Financial Services Software (subcomponent: RT). Supported versions that are affected are 2.8.0 - 12.0.1. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle FLEXCUBE Direct Banking accessible data. CVSS Base Score 3.5 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2013-2382 | Vulnerability in the Oracle FLEXCUBE Direct Banking component of Oracle Financial Services Software (subcomponent: BASE). Supported versions that are affected are 2.8.0 - 12.0.1. Easily exploitable vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized read access to a subset of Oracle FLEXCUBE Direct Banking accessible data. CVSS Base Score 1.7 (Confidentiality impacts). CVSS V2 Vector: (AV:L/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2013-2385 | Vulnerability in the Oracle FLEXCUBE Direct Banking component of Oracle Financial Services Software (subcomponent: BASE). Supported versions that are affected are 2.8.0 - 4.1.0. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Direct Banking accessible data. CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2013-2386 | Vulnerability in the Oracle FLEXCUBE Direct Banking component of Oracle Financial Services Software (subcomponent: BASE). Supported versions that are affected are 2.8.0 - 4.1.0. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle FLEXCUBE Direct Banking accessible data and ability to cause a partial denial of service (partial DOS) of Oracle FLEXCUBE Direct Banking. CVSS Base Score 4.9 (Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:P). (legend) [Advisory] |
| CVE-2013-2387 | Vulnerability in the Oracle FLEXCUBE Direct Banking component of Oracle Financial Services Software (subcomponent: BASE). Supported versions that are affected are 2.8.0 - 4.1.0. Very difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle FLEXCUBE Direct Banking accessible data as well as read access to a subset of Oracle FLEXCUBE Direct Banking accessible data. CVSS Base Score 3.6 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:H/Au:S/C:P/I:P/A:N). (legend) [Advisory] |
Text Form of Risk Matrix for Oracle Primavera Products Suite
This table provides the text form of the Risk Matrix for Oracle Primavera Products Suite.
| CVE Identifier | Description |
|---|---|
| CVE-2013-2405 | Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Primavera Products Suite (subcomponent: Web Access). Supported versions that are affected are 7.0, 8.1 and 8.2. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Primavera P6 Enterprise Project Portfolio Management accessible data as well as read access to all Primavera P6 Enterprise Project Portfolio Management accessible data. CVSS Base Score 5.5 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:N). (legend) [Advisory] |
| CVE-2013-2411 | Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Primavera Products Suite (subcomponent: Web Access). Supported versions that are affected are 7.0, 8.1 and 8.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Primavera P6 Enterprise Project Portfolio Management accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
Text Form of Risk Matrix for Oracle and Sun Systems Products Suite
This table provides the text form of the Risk Matrix for Oracle and Sun Systems Products Suite.
| CVE Identifier | Description |
|---|---|
| CVE-2012-0568 | Vulnerability in the Solaris component of Oracle and Sun Systems Products Suite (subcomponent: Utility/fdformat). Supported versions that are affected are 8, 9 and 10. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized read access to a subset of Solaris accessible data. CVSS Base Score 2.1 (Confidentiality impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2012-0570 | Vulnerability in the Solaris component of Oracle and Sun Systems Products Suite (subcomponent: Libraries/Libc). Supported versions that are affected are 8, 9, 10 and 11. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Solaris. CVSS Base Score 2.1 (Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2013-0403 | Vulnerability in the Solaris component of Oracle and Sun Systems Products Suite (subcomponent: Utility). Supported versions that are affected are 8, 9, 10 and 11. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Solaris. CVSS Base Score 1.9 (Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2013-0404 | Vulnerability in the Solaris component of Oracle and Sun Systems Products Suite (subcomponent: Kernel/Boot). The supported version that is affected is 10. Very difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Solaris accessible data as well as read access to a subset of Solaris accessible data and ability to cause a partial denial of service (partial DOS) of Solaris. CVSS Base Score 3.7 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:H/Au:N/C:P/I:P/A:P). (legend) [Advisory] |
| CVE-2013-0405 | Vulnerability in the Solaris component of Oracle and Sun Systems Products Suite (subcomponent: Filesystem/NFS). Supported versions that are affected are 8, 9, 10 and 11. Easily exploitable vulnerability allows successful unauthenticated network attacks via IPv6. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Solaris accessible data as well as read access to a subset of Solaris accessible data. Note: CVE-2013-0405 occurs only when the Solaris NFS client mounts the NFS server over IPv6. CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). (legend) [Advisory] |
| CVE-2013-0406 | Vulnerability in the Solaris component of Oracle and Sun Systems Products Suite (subcomponent: Kernel/IPsec). The supported version that is affected is 10. Difficult to exploit vulnerability allows successful unauthenticated network attacks via TCP/IP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Solaris accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2013-0408 | Vulnerability in the Solaris component of Oracle and Sun Systems Products Suite (subcomponent: CPU performance counters drivers). The supported version that is affected is 10. Easily exploitable vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized Operating System hang or frequently repeatable crash (complete DOS). CVSS Base Score 4.6 (Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:S/C:N/I:N/A:C). (legend) [Advisory] |
| CVE-2013-0411 | Vulnerability in the Solaris component of Oracle and Sun Systems Products Suite (subcomponent: RBAC Configuration). Supported versions that are affected are 8, 9 and 10. Very difficult to exploit vulnerability requiring logon to Operating System plus additional, multiple logins to components. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized Operating System takeover including arbitrary code execution. CVSS Base Score 5.9 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:H/Au:M/C:C/I:C/A:C). (legend) [Advisory] |
| CVE-2013-0412 | Vulnerability in the Solaris component of Oracle and Sun Systems Products Suite (subcomponent: Utility/pax). Supported versions that are affected are 8, 9, 10 and 11. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Solaris accessible data and ability to cause a partial denial of service (partial DOS) of Solaris. CVSS Base Score 3.3 (Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:N/I:P/A:P). (legend) [Advisory] |
| CVE-2013-0413 | Vulnerability in the Solaris component of Oracle and Sun Systems Products Suite (subcomponent: Remote Execution Service). Supported versions that are affected are 10 and 11. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Solaris accessible data as well as read access to a subset of Solaris accessible data and ability to cause a partial denial of service (partial DOS) of Solaris. CVSS Base Score 4.4 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:P/I:P/A:P). (legend) [Advisory] |
| CVE-2013-1494 | Vulnerability in the Solaris component of Oracle and Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 10. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS). Note: CVE-2013-1494 only affects Solaris 10 running on SPARC T4 servers. CVSS Base Score 4.7 (Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:N/I:N/A:C). (legend) [Advisory] |
| CVE-2013-1496 | Vulnerability in the Solaris component of Oracle and Sun Systems Products Suite (subcomponent: Kernel/IO). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS). CVSS Base Score 4.9 (Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:C). (legend) [Advisory] |
| CVE-2013-1498 | Vulnerability in the Solaris component of Oracle and Sun Systems Products Suite (subcomponent: Kernel/IO). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS). CVSS Base Score 4.9 (Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:C). (legend) [Advisory] |
| CVE-2013-1499 | Vulnerability in the Solaris component of Oracle and Sun Systems Products Suite (subcomponent: Network Configuration). The supported version that is affected is 11. Easily exploitable vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized ability to cause a partial denial of service (partial DOS) of Solaris. CVSS Base Score 1.7 (Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2013-1507 | Vulnerability in the Solaris component of Oracle and Sun Systems Products Suite (subcomponent: Filesystem). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS). CVSS Base Score 4.9 (Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:C). (legend) [Advisory] |
| CVE-2013-1530 | Vulnerability in the Solaris component of Oracle and Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 10. Very difficult to exploit vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized Operating System hang or frequently repeatable crash (complete DOS). CVSS Base Score 3.8 (Availability impacts). CVSS V2 Vector: (AV:L/AC:H/Au:S/C:N/I:N/A:C). (legend) [Advisory] |
Text Form of Risk Matrix for Oracle Sun Middleware Products
This table provides the text form of the Risk Matrix for Oracle Sun Middleware Products.
| CVE Identifier | Description |
|---|---|
| CVE-2013-1508 | Vulnerability in the Oracle GlassFish Server component of Oracle Sun Middleware Products (subcomponent: REST Interface). Supported versions that are affected are 3.0.1 and 3.1.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle GlassFish Server accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2013-1515 | Vulnerability in the Oracle GlassFish Server component of Oracle Sun Middleware Products (subcomponent: ADMIN Interface). Supported versions that are affected are 3.0.1 and 3.1.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle GlassFish Server accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
Text Form of Risk Matrix for Oracle MySQL
This table provides the text form of the Risk Matrix for Oracle MySQL.
| CVE Identifier | Description |
|---|---|
| CVE-2012-5614 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server XML). Supported versions that are affected are 5.1.67 and earlier and 5.5.29 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2013-1502 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Partition). Supported versions that are affected are 5.5.30 and earlier and 5.6.9 and earlier. Difficult to exploit vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 1.5 (Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:S/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2013-1506 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Locking). Supported versions that are affected are 5.1.67 and earlier, 5.5.29 and earlier and 5.6.10 and earlier. Difficult to exploit vulnerability allows successful network attacks via multiple protocols, requiring multiple authentications. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS Base Score 2.8 (Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:M/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2013-1511 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.5.30 and earlier and 5.6.10 and earlier. Difficult to exploit vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 3.5 (Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2013-1512 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Data Manipulation Language). Supported versions that are affected are 5.5.29 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2013-1521 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Locking). Supported versions that are affected are 5.1.67 and earlier and 5.5.29 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized takeover of MySQL Server possibly including arbitrary code execution within the MySQL Server. CVSS Base Score 6.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:P). (legend) [Advisory] |
| CVE-2013-1523 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Optimizer). Supported versions that are affected are 5.5.29 and earlier and 5.6.10 and earlier. Very difficult to exploit vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized takeover of MySQL Server possibly including arbitrary code execution within the MySQL Server. CVSS Base Score 4.6 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:H/Au:S/C:P/I:P/A:P). (legend) [Advisory] |
| CVE-2013-1526 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Replication). Supported versions that are affected are 5.5.29 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2013-1531 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Privileges). Supported versions that are affected are 5.1.66 and earlier and 5.5.28 and earlier. Difficult to exploit vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some MySQL Server accessible data as well as read access to a subset of MySQL Server accessible data and ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:P/I:P/A:P). (legend) [Advisory] |
| CVE-2013-1532 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Information Schema). Supported versions that are affected are 5.1.68 and earlier, 5.5.30 and earlier and 5.6.10 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2013-1544 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Data Manipulation Language). Supported versions that are affected are 5.1.68 and earlier, 5.5.30 and earlier and 5.6.10 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2013-1548 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Types). Supported versions that are affected are 5.1.63 and earlier. Difficult to exploit vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 3.5 (Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2013-1552 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server). Supported versions that are affected are 5.1.67 and earlier and 5.5.29 and earlier. Difficult to exploit vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some MySQL Server accessible data as well as read access to a subset of MySQL Server accessible data and ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:P/I:P/A:P). (legend) [Advisory] |
| CVE-2013-1555 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Partition). Supported versions that are affected are 5.1.67 and earlier and 5.5.29 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2013-1566 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.10 and earlier. Difficult to exploit vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 3.5 (Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2013-1567 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Data Manipulation Language). Supported versions that are affected are 5.6.10 and earlier. Difficult to exploit vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 3.5 (Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2013-1570 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: MemCached). Supported versions that are affected are 5.6.10 and earlier. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2013-2375 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Privileges). Supported versions that are affected are 5.1.68 and earlier, 5.5.30 and earlier and 5.6.10 and earlier. Difficult to exploit vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized takeover of MySQL Server possibly including arbitrary code execution within the MySQL Server. CVSS Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:P/I:P/A:P). (legend) [Advisory] |
| CVE-2013-2376 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Stored Procedure). Supported versions that are affected are 5.5.30 and earlier and 5.6.10 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2013-2378 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Information Schema). Supported versions that are affected are 5.1.67 and earlier, 5.5.29 and earlier and 5.6.10 and earlier. Difficult to exploit vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized takeover of MySQL Server possibly including arbitrary code execution within the MySQL Server. CVSS Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:P/I:P/A:P). (legend) [Advisory] |
| CVE-2013-2381 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Privileges). Supported versions that are affected are 5.6.10 and earlier. Difficult to exploit vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some MySQL Server accessible data. CVSS Base Score 3.5 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2013-2389 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.1.68 and earlier, 5.5.30 and earlier and 5.6.10 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2013-2391 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Install). Supported versions that are affected are 5.1.68 and earlier, 5.5.30 and earlier and 5.6.10 and earlier. Difficult to exploit vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized update, insert or delete access to all MySQL Server accessible data as well as read access to all MySQL Server accessible data. CVSS Base Score 3.0 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:L/AC:M/Au:S/C:P/I:P/A:N). (legend) [Advisory] |
| CVE-2013-2392 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Optimizer). Supported versions that are affected are 5.1.68 and earlier, 5.5.30 and earlier and 5.6.10 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2013-2395 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Data Manipulation Language). Supported versions that are affected are 5.6.10 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS). CVSS Base Score 6.8 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:C). (legend) [Advisory] |
Text Form of Risk Matrix for Oracle Support Tools
This table provides the text form of the Risk Matrix for Oracle Support Tools.
| CVE Identifier | Description |
|---|---|
| CVE-2013-1495 | Vulnerability in the Automatic Service Request component of Oracle Support Tools (subcomponent: None). The supported version that is affected is All versions prior to 4.3.2. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. Note: Oracle Auto Service Request (ASR) is a support feature that automatically generates a service request for specific hardware faults. All systems on which ASR has been installed must follow the patching guidance in My Oracle Support Note 1541430.1. CVSS Base Score 6.9 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:C/I:C/A:C). (legend) [Advisory] |