Text Form of Oracle Critical Patch Update - January 2014 Risk Matrices
This document provides the text form of the CPUJan2014 Advisory Risk Matrices. Please note that the CVE numbers in this document correspond to the same CVE numbers in the CPUJan2014 Advisory
This page contains the following text format Risk Matrices:
- Oracle Database Server
- Oracle Fusion Middleware
- Oracle Hyperion
- Oracle E-Business Suite
- Oracle Supply Chain Products Suite
- Oracle PeopleSoft Products
- Oracle Siebel CRM
- Oracle iLearning
- Oracle Financial Services Software
- Oracle Java SE
- Oracle and Sun Systems Products Suite
- Oracle Virtualization
- Oracle MySQL
Text Form of Risk Matrix for Oracle Database Server
This table provides the text form of the Risk Matrix for Oracle Database Server.
| CVE Identifier | Description |
|---|---|
| CVE-2013-5764 | Vulnerability in the Core RDBMS component of Oracle Database Server. This vulnerability requires Create Session, Alter Session privileges for a successful attack. Supported versions that are affected are 11.1.0.7, 11.2.0.3 and 12.1.0.1. Difficult to exploit vulnerability allows successful authenticated network attacks via Oracle Net. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Core RDBMS. CVSS Base Score 3.5 (Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2013-5853 | Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 11.1.0.7, 11.2.0.3 and 12.1.0.1. Easily exploitable vulnerability allows successful unauthenticated network attacks via Oracle Net. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Core RDBMS. CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2013-5858 | Vulnerability in the Core RDBMS component of Oracle Database Server. This vulnerability requires Create Session, Create View privileges for a successful attack. Supported versions that are affected are 11.1.0.7, 11.2.0.3, 11.2.0.4 and 12.1.0.1. Easily exploitable vulnerability allows successful authenticated network attacks via Oracle Net. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Core RDBMS accessible data. CVSS Base Score 4.0 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2014-0377 | Vulnerability in the Core RDBMS component of Oracle Database Server. This vulnerability requires Create Session, Create Role, Create User, Select privilege on SYS tables. privileges for a successful attack. Supported versions that are affected are 11.1.0.7, 11.2.0.3, 11.2.0.4 and 12.1.0.1. Easily exploitable vulnerability allows successful authenticated network attacks via Oracle Net. Successful attack of this vulnerability can result in unauthorized read access to a subset of Core RDBMS accessible data. CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2014-0378 | Vulnerability in the Spatial component of Oracle Database Server. This vulnerability requires Local Login, Create Session privileges for a successful attack. Supported versions that are affected are 11.1.0.7, 11.2.0.3, 11.2.0.4 and 12.1.0.1. Difficult to exploit vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized update, insert or delete access to some Spatial accessible data as well as read access to a subset of Spatial accessible data and ability to cause a partial denial of service (partial DOS) of Spatial. CVSS Base Score 4.1 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:S/C:P/I:P/A:P). (legend) [Advisory] |
Text Form of Risk Matrix for Oracle Fusion Middleware
This table provides the text form of the Risk Matrix for Oracle Fusion Middleware.
| CVE Identifier | Description |
|---|---|
| CVE-2007-0009 | Vulnerability in the Oracle HTTP Server component of Oracle Fusion Middleware (subcomponent: OSSL Module). Supported versions that are affected are OHS: 11.1.1.6.0 and 11.1.1.7.0 Oracle Forms and Reports: 11.1.2.1. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTPS. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle HTTP Server accessible data as well as read access to a subset of Oracle HTTP Server accessible data and ability to cause a partial denial of service (partial DOS) of Oracle HTTP Server. Note: This fix also addresses CVE-2007-0008. CVSS Base Score 6.8 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P). (legend) [Advisory] |
| CVE-2007-1858 | Vulnerability in the Oracle HTTP Server component of Oracle Fusion Middleware (subcomponent: OSSL Module). Supported versions that are affected are OHS: 11.1.1.6.0 and 11.1.1.7.0 Oracle Forms and Reports: 11.1.2.1. Very difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTPS. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle HTTP Server accessible data. CVSS Base Score 2.6 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:H/Au:N/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2012-3499 | Vulnerability in the Oracle HTTP Server component of Oracle Fusion Middleware (subcomponent: Web Listener). Supported versions that are affected are OHS: 11.1.1.6.0 and 11.1.1.7.0 Oracle Forms and Reports: 11.1.2.1. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle HTTP Server accessible data. Note: This fix also addresses CVE-2012-4558. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2012-3544 | Vulnerability in the Oracle Enterprise Data Quality component of Oracle Fusion Middleware (subcomponent: Internal Operations). Supported versions that are affected are 8.1 and 9.0.8. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Enterprise Data Quality. Note: Please refer to Doc ID My Oracle Support Note 1595538.1 for instructions on how to address this issue. CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2012-4605 | Vulnerability in the Oracle HTTP Server component of Oracle Fusion Middleware (subcomponent: OSSL Module). Supported versions that are affected are OHS: 11.1.1.6.0 and 11.1.1.7.0 Oracle Forms and Reports: 11.1.2.1. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTPS. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle HTTP Server accessible data. Note: This fix also addresses CVE-2006-0998 and CVE-2006-0999. CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2013-1620 | Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Security). Supported versions that are affected are GlassFish Enterprise Server 2.1.1, Sun Java Application Server 8.1 and 8.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTPS. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle GlassFish Server accessible data. CVSS Base Score 4.3 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2013-1620 | Vulnerability in the Oracle Traffic Director component of Oracle Fusion Middleware (subcomponent: Security). Supported versions that are affected are 11.1.1.6, 11.1.1.7. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTPS. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Traffic Director accessible data. CVSS Base Score 4.3 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2013-1620 | Vulnerability in the Oracle iPlanet Web Proxy Server component of Oracle Fusion Middleware (subcomponent: Security). Supported version that is affected is 4.0. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTPS. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle iPlanet Web Proxy Server accessible data. CVSS Base Score 4.3 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2013-1620 | Vulnerability in the Oracle iPlanet Web Server component of Oracle Fusion Middleware (subcomponent: Security). Supported versions that are affected are 6.1, 7.0. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTPS. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle iPlanet Web Server accessible data. CVSS Base Score 4.3 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2013-1654 | Vulnerability in the Oracle HTTP Server component of Oracle Fusion Middleware (subcomponent: OSSL Module). Supported versions that are affected are OHS: 11.1.1.6.0 and 11.1.1.7.0 Oracle Forms and Reports: 11.1.2.1 Fusion Middleware: 10.1.3.5.0. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTPS. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle HTTP Server accessible data. CVSS Base Score 5.0 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2013-1862 | Vulnerability in the Oracle HTTP Server component of Oracle Fusion Middleware (subcomponent: Web Listener). Supported versions that are affected are OHS: 11.1.1.6.0, 11.1.1.7.0 and 12.1.2.0 Oracle Forms and Reports: 11.1.2.1. Very difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle HTTP Server accessible data as well as read access to a subset of Oracle HTTP Server accessible data and ability to cause a partial denial of service (partial DOS) of Oracle HTTP Server. CVSS Base Score 5.1 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:P). (legend) [Advisory] |
| CVE-2013-4316 | Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: WebCenter Sites Community). Supported versions that are affected are 11.1.1.6.1 and 11.1.1.8.0. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. Note: The following CVEs are fixed as a result of upgrading to Struts 2.3.15.3: CVE-2013-4316, CVE-2013-2251, CVE-2013-2248, CVE-2013-2135 and CVE-2013-2134. The CVSS score is taken from http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4316. CVSS Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C). (legend) [Advisory] |
| CVE-2013-5785 | Vulnerability in the Oracle Reports Developer component of Oracle Fusion Middleware (subcomponent: Security and Authentication). Supported versions that are affected are 11.1.1.6, 11.1.1.7 and 11.1.2.1. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized takeover of Oracle Reports Developer possibly including arbitrary code execution within the Oracle Reports Developer. Note: Please refer to Doc ID My Oracle Support Note 1608683.1 for instructions on how to address this issue. CVSS Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P). (legend) [Advisory] |
| CVE-2013-5808 | Vulnerability in the Oracle iPlanet Web Proxy Server component of Oracle Fusion Middleware (subcomponent: Administration). The supported version that is affected is 4.0. Very difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle iPlanet Web Proxy Server accessible data. CVSS Base Score 2.6 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:H/Au:N/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2013-5869 | Vulnerability in the Oracle WebCenter Portal component of Oracle Fusion Middleware (subcomponent: Page Service). Supported versions that are affected are 11.1.1.6.0, 11.1.1.7.0 and 11.1.1.8.0. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle WebCenter Portal accessible data. CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2013-5879 | Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Maintenance). Supported versions that are affected are 8.4.0 and 8.4.1. Difficult to exploit vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). It does not have any particular associated protocol. If the hosting software passes data received over the network to Outside In Technology code, the CVSS Base Score would increase to 6.8. CVSS Base Score 1.5 (Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:S/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2013-5900 | Vulnerability in the Oracle Identity Manager component of Oracle Fusion Middleware (subcomponent: End User Self Service). Supported versions that are affected are 11.1.1.5, 11.1.1.7, 11.1.2.0 and 11.1.2.1. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Identity Manager accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2013-5901 | Vulnerability in the Oracle Identity Manager component of Oracle Fusion Middleware (subcomponent: Identity Console). Supported versions that are affected are 11.1.2.0 and 11.1.2.1. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to all Oracle Identity Manager accessible data. CVSS Base Score 4.3 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2014-0374 | Vulnerability in the Oracle Portal component of Oracle Fusion Middleware (subcomponent: Page Parameters and Events). The supported version that is affected is 11.1.1.6. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Portal accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2014-0383 | Vulnerability in the Oracle Identity Manager component of Oracle Fusion Middleware (subcomponent: Identity Console). Supported versions that are affected are 11.1.2.0 and 11.1.2.1. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Identity Manager accessible data. CVSS Base Score 3.5 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2014-0391 | Vulnerability in the Oracle Identity Manager component of Oracle Fusion Middleware (subcomponent: End User Self Service). Supported versions that are affected are 11.1.1.5, 11.1.1.7, 11.1.2.0 and 11.1.2.1. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Identity Manager accessible data. CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2014-0400 | Vulnerability in the Oracle Internet Directory component of Oracle Fusion Middleware (subcomponent: OID LDAP server). Supported versions that are affected are 11.1.1.6 and 11.1.1.7. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to any arbitrary Operating System location. CVSS Base Score 6.3 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:C/I:N/A:N). (legend) [Advisory] |
Text Form of Risk Matrix for Oracle Hyperion
This table provides the text form of the Risk Matrix for Oracle Hyperion.
| CVE Identifier | Description |
|---|---|
| CVE-2013-3830 | Vulnerability in the Hyperion Strategic Finance component of Oracle Hyperion (subcomponent: Server). Supported versions that are affected are 11.1.2.1 and 11.1.2.2. Very difficult to exploit vulnerability allows successful authenticated network attacks via Microsoft RPC. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. CVSS Base Score 7.1 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:H/Au:S/C:C/I:C/A:C). (legend) [Advisory] |
| CVE-2014-0367 | Vulnerability in the Hyperion Essbase Administration Services component of Oracle Hyperion (subcomponent: Admin Console). Supported versions that are affected are 11.1.2.1, 11.1.2.2 and 11.1.2.3. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Hyperion Essbase Administration Services accessible data as well as read access to a subset of Hyperion Essbase Administration Services accessible data. CVSS Base Score 5.5 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:N). (legend) [Advisory] |
Text Form of Risk Matrix for Oracle E-Business Suite
This table provides the text form of the Risk Matrix for Oracle E-Business Suite.
| CVE Identifier | Description |
|---|---|
| CVE-2013-5874 | Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Logging). Supported versions that are affected are 11.5.10.2, 12.0.6, 12.1.3 and 12.2.2. Easily exploitable vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized read access to a subset of Oracle Application Object Library accessible data. CVSS Base Score 1.7 (Confidentiality impacts). CVSS V2 Vector: (AV:L/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2013-5890 | Vulnerability in the Oracle Payroll component of Oracle E-Business Suite (subcomponent: Exception Reporting). Supported versions that are affected are 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, 12.1.3 and 12.2.2. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Oracle Payroll accessible data as well as read access to all Oracle Payroll accessible data. CVSS Base Score 5.5 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:N). (legend) [Advisory] |
| CVE-2014-0366 | Vulnerability in the Oracle Applications Framework component of Oracle E-Business Suite (subcomponent: Attachments). Supported versions that are affected are 11.5.10.2, 12.0.6, 12.1.3 and 12.2.2. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Applications Framework accessible data. CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2014-0398 | Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Discoverer). Supported versions that are affected are 11.5.10.2, 12.0.6, 12.1.3 and 12.2.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Application Object Library accessible data. CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory] |
Text Form of Risk Matrix for Oracle Supply Chain Products Suite
This table provides the text form of the Risk Matrix for Oracle Supply Chain Products Suite.
| CVE Identifier | Description |
|---|---|
| CVE-2012-3544 | Vulnerability in the Oracle Transportation Management component of Oracle Supply Chain Products Suite (subcomponent: Application Server). Supported versions that are affected are 6.0, 6.1, 6.2, 6.3, 6.3.1 and 6.3.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Transportation Management. CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2013-2067 | Vulnerability in the Oracle Transportation Management component of Oracle Supply Chain Products Suite (subcomponent: Application Server). Supported versions that are affected are 6.0, 6.1, 6.2, 6.3, 6.3.1 and 6.3.2. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to all Oracle Transportation Management accessible data. CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2013-2071 | Vulnerability in the Oracle Transportation Management component of Oracle Supply Chain Products Suite (subcomponent: Application Server). Supported versions that are affected are 6.0, 6.1, 6.2, 6.3, 6.3.1 and 6.3.2. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Transportation Management accessible data. CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2013-5795 | Vulnerability in the Oracle Demantra Demand Management component of Oracle Supply Chain Products Suite (subcomponent: DM Others). Supported versions that are affected are 7.2.0.3 SQL-Server, 7.3.0, 7.3.1, 12.2.0, 12.2.1, 12.2.2 and 12.2.3. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to all Oracle Demantra Demand Management accessible data. CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2013-5868 | Vulnerability in the Oracle AutoVue component of Oracle Supply Chain Products Suite (subcomponent: Web General). The supported version that is affected is 20.1.1. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to all Oracle AutoVue accessible data. CVSS Base Score 3.5 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2013-5871 | Vulnerability in the Oracle AutoVue component of Oracle Supply Chain Products Suite (subcomponent: Web General). The supported version that is affected is 20.1.1. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle AutoVue accessible data. CVSS Base Score 3.5 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2013-5877 | Vulnerability in the Oracle Demantra Demand Management component of Oracle Supply Chain Products Suite (subcomponent: DM Others). Supported versions that are affected are 7.2.0.3 SQL-Server, 7.3.0, 7.3.1, 12.2.0 and 12.2.1. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Demantra Demand Management accessible data. CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2013-5880 | Vulnerability in the Oracle Demantra Demand Management component of Oracle Supply Chain Products Suite (subcomponent: DM Others). Supported versions that are affected are 12.2.0, 12.2.1 and 12.2.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Demantra Demand Management accessible data. CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2013-5897 | Vulnerability in the Oracle Agile Product Lifecycle Management for Process component of Oracle Supply Chain Products Suite (subcomponent: Manage Data Cache). Supported versions that are affected are 6.0, 6.1 and 6.1.1. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Oracle Agile Product Lifecycle Management for Process accessible data as well as read access to all Oracle Agile Product Lifecycle Management for Process accessible data. CVSS Base Score 5.5 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:N). (legend) [Advisory] |
| CVE-2014-0371 | Vulnerability in the Oracle Demantra Demand Management component of Oracle Supply Chain Products Suite (subcomponent: DM Others). Supported versions that are affected are 7.2.0.3 SQL-Server, 7.3.0.x, 7.3.1.x, 12.2.0, 12.2.1 and 12.2.2. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Demantra Demand Management accessible data. CVSS Base Score 3.5 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2014-0372 | Vulnerability in the Oracle Demantra Demand Management component of Oracle Supply Chain Products Suite (subcomponent: DM Others). Supported versions that are affected are 7.2.0.3 SQL-Server, 7.3.0, 7.3.1, 12.2.0, 12.2.1 and 12.2.2. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Oracle Demantra Demand Management accessible data as well as read access to all Oracle Demantra Demand Management accessible data. CVSS Base Score 5.5 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:N). (legend) [Advisory] |
| CVE-2014-0379 | Vulnerability in the Oracle Demantra Demand Management component of Oracle Supply Chain Products Suite (subcomponent: DM Others). Supported versions that are affected are 7.2.0.3 SQL-Server, 7.3.0.x, 7.3.1.x, 12.2.0, 12.2.1 and 12.2.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Demantra Demand Management accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2014-0399 | Vulnerability in the Oracle Transportation Management component of Oracle Supply Chain Products Suite (subcomponent: Data, Domain & Function Security). Supported versions that are affected are 6.2, 6.3, 6.3.1 and 6.3.2. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Transportation Management accessible data. CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2014-0434 | Vulnerability in the Oracle Agile Product Lifecycle Management for Process component of Oracle Supply Chain Products Suite (subcomponent: Installation). Supported versions that are affected are 6.0, 6.1 and 6.1.1. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Agile Product Lifecycle Management for Process accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2014-0435 | Vulnerability in the Oracle Transportation Management component of Oracle Supply Chain Products Suite (subcomponent: Data, Domain & Function Security). Supported versions that are affected are 6.1, 6.2, 6.3, 6.3.1 and 6.3.2. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Transportation Management. CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2014-0444 | Vulnerability in the Oracle AutoVue component of Oracle Supply Chain Products Suite (subcomponent: Web General). The supported version that is affected is 20.1.1. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle AutoVue accessible data. CVSS Base Score 3.5 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:P/I:N/A:N). (legend) [Advisory] |
Text Form of Risk Matrix for Oracle PeopleSoft Products
This table provides the text form of the Risk Matrix for Oracle PeopleSoft Products.
| CVE Identifier | Description |
|---|---|
| CVE-2013-5873 | Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Integration Broker). Supported versions that are affected are 8.52 and 8.53. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2013-5886 | Vulnerability in the PeopleSoft Enterprise HRMS component of Oracle PeopleSoft Products (subcomponent: Common Application Objects). Supported versions that are affected are 9.1 and 9.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft Enterprise HRMS accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2013-5909 | Vulnerability in the PeopleSoft Enterprise HRMS component of Oracle PeopleSoft Products (subcomponent: Org and Workforce Dev). Supported versions that are affected are 9.1 and 9.2. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft Enterprise HRMS accessible data as well as read access to a subset of PeopleSoft Enterprise HRMS accessible data. CVSS Base Score 4.9 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:P/I:P/A:N). (legend) [Advisory] |
| CVE-2014-0380 | Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: MultiChannel Framework (MCF)). Supported versions that are affected are 8.52 and 8.53. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft Enterprise PeopleTools accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2014-0381 | Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: PIA Core Technology). Supported versions that are affected are 8.52 and 8.53. Very difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft Enterprise PeopleTools accessible data. CVSS Base Score 2.6 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:H/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2014-0388 | Vulnerability in the PeopleSoft Enterprise HRMS Human Resources component of Oracle PeopleSoft Products (subcomponent: Org and Workforce Dev). Supported versions that are affected are 9.1 and 9.2. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise HRMS Human Resources accessible data. CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2014-0392 | Vulnerability in the PeopleSoft Enterprise HRMS component of Oracle PeopleSoft Products (subcomponent: Security). Supported versions that are affected are 9.1 and 9.2. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise HRMS accessible data. CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2014-0394 | Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Updates Environment Mgmt). Supported versions that are affected are 8.52 and 8.53. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2014-0395 | Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Updates Environment Mgmt). Supported versions that are affected are 8.52 and 8.53. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2014-0396 | Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Portal - Web Services). Supported versions that are affected are 8.52 and 8.53. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2014-0425 | Vulnerability in the PeopleSoft Enterprise SCM Services Procurement component of Oracle PeopleSoft Products (subcomponent: Security). The supported version that is affected is 9.2. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise SCM Services Procurement accessible data. CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2014-0438 | Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Panel Processor). Supported versions that are affected are 8.52 and 8.53. Easily exploitable vulnerability allows successful authenticated network attacks via None. Successful attack of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2014-0439 | Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Report Distribution). Supported versions that are affected are 8.52 and 8.53. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft Enterprise PeopleTools accessible data. CVSS Base Score 4.0 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2014-0440 | Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: PIA Core Technology). Supported versions that are affected are 8.52 and 8.53. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of PeopleSoft Enterprise PeopleTools. CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2014-0441 | Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Integration Broker). Supported versions that are affected are 8.52 and 8.53. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of PeopleSoft Enterprise PeopleTools. CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2014-0443 | Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Security). The supported version that is affected is 8.52. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft Enterprise PeopleTools accessible data. CVSS Base Score 5.0 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2014-0445 | Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: PIA Core Technology). Supported versions that are affected are 8.52 and 8.53. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft Enterprise PeopleTools accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
Text Form of Risk Matrix for Oracle Siebel CRM
This table provides the text form of the Risk Matrix for Oracle Siebel CRM.
| CVE Identifier | Description |
|---|---|
| CVE-2014-0369 | Vulnerability in the Siebel Core - EAI component of Oracle Siebel CRM (subcomponent: Java Integration). Supported versions that are affected are 8.1.1 and 8.2.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Siebel Core - EAI accessible data. CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2014-0370 | Vulnerability in the Siebel Life Sciences component of Oracle Siebel CRM (subcomponent: Clinical Trip Report). Supported versions that are affected are 8.1.1 and 8.2.2. Difficult to exploit vulnerability allows successful network attacks via HTTP, requiring multiple authentications. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Siebel Life Sciences. CVSS Base Score 2.8 (Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:M/C:N/I:N/A:P). (legend) [Advisory] |
Text Form of Risk Matrix for Oracle iLearning
This table provides the text form of the Risk Matrix for Oracle iLearning.
| CVE Identifier | Description |
|---|---|
| CVE-2014-0389 | Vulnerability in the Oracle iLearning component of Oracle iLearning (subcomponent: Learner Pages). The supported version that is affected is 6.0. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle iLearning accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
Text Form of Risk Matrix for Oracle Financial Services Software
This table provides the text form of the Risk Matrix for Oracle Financial Services Software.
| CVE Identifier | Description |
|---|---|
| CVE-2013-4316 | Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Software (subcomponent: Core). Supported versions that are affected are 1.7, 2.0, 2.0.1, 2.2.0.1, 3.0, 12.0.1 and 12.0.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. Note: The following CVEs are fixed as a result of upgrading to Struts 2.3.15.3: CVE-2013-4316 and CVE-2013-4310. The CVSS score is taken from http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4316. CVSS Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C). (legend) [Advisory] |
Text Form of Risk Matrix for Oracle Java SE
This table provides the text form of the Risk Matrix for Oracle Java SE.
| CVE Identifier | Description |
|---|---|
| CVE-2013-5870 | Vulnerability in the Java SE, JavaFX component of Oracle Java SE (subcomponent: JavaFX). Supported versions that are affected are Java SE 7u45 and JavaFX 2.2.45. Difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Java SE, JavaFX accessible data as well as read access to a subset of Java SE, JavaFX accessible data and ability to cause a partial denial of service (partial DOS) of Java SE, JavaFX. Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets. CVSS Base Score 6.8 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P). (legend) [Advisory] |
| CVE-2013-5878 | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE 6u65, Java SE 7u45 and Java SE Embedded 7u45. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Java SE, Java SE Embedded accessible data as well as read access to a subset of Java SE, Java SE Embedded accessible data and ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets. CVSS Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P). (legend) [Advisory] |
| CVE-2013-5884 | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: CORBA ). Supported versions that are affected are Java SE 5.0u55, Java SE 6u65, Java SE 7u45 and Java SE Embedded 7u45. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets. CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2013-5887 | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE 6u65 and Java SE 7u45. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets. CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2013-5888 | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE 6u65 and Java SE 7u45. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Java SE accessible data as well as read access to a subset of Java SE accessible data and ability to cause a partial denial of service (partial DOS) of Java SE. Note: Applies to client deployment of Java under GNOME environment on Linux and Solaris. CVSS Base Score 4.6 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:P/I:P/A:P). (legend) [Advisory] |
| CVE-2013-5889 | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE 6u65 and Java SE 7u45. Difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets. CVSS Base Score 9.3 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C). (legend) [Advisory] |
| CVE-2013-5893 | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE 7u45 and Java SE Embedded 7u45. Difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets. CVSS Base Score 9.3 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C). (legend) [Advisory] |
| CVE-2013-5895 | Vulnerability in the Java SE, JavaFX component of Oracle Java SE (subcomponent: JavaFX). Supported versions that are affected are Java SE 7u45 and JavaFX 2.2.45. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized read access to a subset of Java SE, JavaFX accessible data. Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets. CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2013-5896 | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: CORBA). Supported versions that are affected are Java SE 5.0u55, Java SE 6u65, Java SE 7u45 and Java SE Embedded 7u45. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets. CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2013-5898 | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE 6u65 and Java SE 7u45. Very difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Java SE accessible data as well as read access to a subset of Java SE accessible data. Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets. CVSS Base Score 4.0 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N). (legend) [Advisory] |
| CVE-2013-5899 | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE 6u65 and Java SE 7u45. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets. CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2013-5902 | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE 6u65 and Java SE 7u45. Very difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Java SE accessible data as well as read access to a subset of Java SE accessible data and ability to cause a partial denial of service (partial DOS) of Java SE. Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets. CVSS Base Score 5.1 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:P). (legend) [Advisory] |
| CVE-2013-5904 | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). The supported version that is affected is Java SE 7u45. Difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Java SE accessible data as well as read access to a subset of Java SE accessible data and ability to cause a partial denial of service (partial DOS) of Java SE. Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets. CVSS Base Score 6.8 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P). (legend) [Advisory] |
| CVE-2013-5905 | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Install). Supported versions that are affected are Java SE 5.0u55, Java SE 6u65 and Java SE 7u45. Very difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Java SE accessible data as well as read access to a subset of Java SE accessible data and ability to cause a partial denial of service (partial DOS) of Java SE. Note: Applies to installation process on client deployment of Java. CVSS Base Score 5.1 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:P). (legend) [Advisory] |
| CVE-2013-5906 | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Install). Supported versions that are affected are Java SE 5.0u55, Java SE 6u65 and Java SE 7u45. Very difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Java SE accessible data as well as read access to a subset of Java SE accessible data and ability to cause a partial denial of service (partial DOS) of Java SE. Note: Applies to installation process on client deployment of Java. CVSS Base Score 5.1 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:P). (legend) [Advisory] |
| CVE-2013-5907 | Vulnerability in the Java SE, JRockit, Java SE Embedded component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE 5.0u55, Java SE 6u65, Java SE 7u45, JRockit R27.7.7, JRockit R28.2.9 and Java SE Embedded 7u45. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C). (legend) [Advisory] |
| CVE-2013-5910 | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE 6u65, Java SE 7u45 and Java SE Embedded 7u45. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Java SE, Java SE Embedded accessible data. Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets. CVSS Base Score 5.0 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2014-0368 | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE 5.0u55, Java SE 6u65, Java SE 7u45 and Java SE Embedded 7u45. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets. CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2014-0373 | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Serviceability ). Supported versions that are affected are Java SE 5.0u55, Java SE 6u65 and Java SE 7u45. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Java SE accessible data as well as read access to a subset of Java SE accessible data and ability to cause a partial denial of service (partial DOS) of Java SE. Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets. CVSS Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P). (legend) [Advisory] |
| CVE-2014-0375 | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE 6u65 and Java SE 7u45. Difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Java SE accessible data as well as read access to a subset of Java SE accessible data. Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets. CVSS Base Score 5.8 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:N). (legend) [Advisory] |
| CVE-2014-0376 | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE 5.0u55, Java SE 6u65, Java SE 7u45 and Java SE Embedded 7u45. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Java SE, Java SE Embedded accessible data. Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets. CVSS Base Score 5.0 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2014-0382 | Vulnerability in the Java SE, JavaFX component of Oracle Java SE (subcomponent: JavaFX). Supported versions that are affected are Java SE 7u45 and JavaFX 2.2.45. Difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, JavaFX. Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets. CVSS Base Score 4.3 (Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2014-0385 | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Install). The supported version that is affected is Java SE 7u45 on OS X. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. Note: Applies to installation process on client deployment of Java. CVSS Base Score 9.3 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C). (legend) [Advisory] |
| CVE-2014-0387 | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE 6u65 and Java SE 7u45 on Firefox. Very difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets. CVSS Base Score 7.6 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:H/Au:N/C:C/I:C/A:C). (legend) [Advisory] |
| CVE-2014-0403 | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE 6u65 and Java SE 7u45. Difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Java SE accessible data as well as read access to a subset of Java SE accessible data. Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets. CVSS Base Score 5.8 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:N). (legend) [Advisory] |
| CVE-2014-0408 | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Hotspot). The supported version that is affected is Java SE 7u45 on OS X. Difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets. CVSS Base Score 9.3 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C). (legend) [Advisory] |
| CVE-2014-0410 | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE 6u65 and Java SE 7u45. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets. CVSS Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C). (legend) [Advisory] |
| CVE-2014-0411 | Vulnerability in the Java SE, JRockit, Java SE Embedded component of Oracle Java SE (subcomponent: JSSE). Supported versions that are affected are Java SE 5.0u55, Java SE 6u65, Java SE 7u45, JRockit R27.7.7, JRockit R28.2.9 and Java SE Embedded 7u45. Very difficult to exploit vulnerability allows successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Java SE, JRockit, Java SE Embedded accessible data as well as read access to a subset of Java SE, JRockit, Java SE Embedded accessible data. Note: Applies to client and server deployment of JSSE. CVSS Base Score 4.0 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N). (legend) [Advisory] |
| CVE-2014-0415 | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE 6u65 and Java SE 7u45. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets. CVSS Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C). (legend) [Advisory] |
| CVE-2014-0416 | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAAS). Supported versions that are affected are Java SE 5.0u55, Java SE 6u65, Java SE 7u45 and Java SE Embedded 7u45. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Java SE, Java SE Embedded accessible data. Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets. CVSS Base Score 5.0 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2014-0417 | Vulnerability in the Java SE, JavaFX, Java SE Embedded component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE 5.0u55, Java SE 6u65, Java SE 7u45, JavaFX 2.2.45 and Java SE Embedded 7u45. Difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets. CVSS Base Score 9.3 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C). (legend) [Advisory] |
| CVE-2014-0418 | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE 6u65 and Java SE 7u45. Very difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Java SE accessible data as well as read access to a subset of Java SE accessible data and ability to cause a partial denial of service (partial DOS) of Java SE. Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets. CVSS Base Score 5.1 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:P). (legend) [Advisory] |
| CVE-2014-0422 | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JNDI). Supported versions that are affected are Java SE 5.0u55, Java SE 6u65, Java SE 7u45 and Java SE Embedded 7u45. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets. CVSS Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C). (legend) [Advisory] |
| CVE-2014-0423 | Vulnerability in the Java SE, JRockit, Java SE Embedded component of Oracle Java SE (subcomponent: Beans). Supported versions that are affected are Java SE 5.0u55, Java SE 6u65, Java SE 7u45, JRockit R27.7.7, JRockit R28.2.9 and Java SE Embedded 7u45. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized read access to a subset of Java SE, JRockit, Java SE Embedded accessible data and ability to cause a partial denial of service (partial DOS) of Java SE, JRockit, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS Base Score 5.5 (Confidentiality and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:P). (legend) [Advisory] |
| CVE-2014-0424 | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE 6u65 and Java SE 7u45. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Java SE accessible data as well as read access to a subset of Java SE accessible data and ability to cause a partial denial of service (partial DOS) of Java SE. Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets. CVSS Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P). (legend) [Advisory] |
| CVE-2014-0428 | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: CORBA). Supported versions that are affected are Java SE 5.0u55, Java SE 6u65, Java SE 7u45 and Java SE Embedded 7u45. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets. CVSS Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C). (legend) [Advisory] |
Text Form of Risk Matrix for Oracle Sun Systems Products Suite
This table provides the text form of the Risk Matrix for Oracle Sun Systems Products Suite.
| CVE Identifier | Description |
|---|---|
| CVE-2003-1067 | Vulnerability in the Solaris component of Oracle and Sun Systems Products Suite (subcomponent: Localization (L10N)). Supported versions that are affected are 8 and 9. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. Note: Applies only when Solaris is running on SPARC platform. CVSS Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:C/I:C/A:C). (legend) [Advisory] |
| CVE-2013-2924 | Vulnerability in the Solaris component of Oracle and Sun Systems Products Suite (subcomponent: Localization (L10N)). The supported version that is affected is 11.1. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Solaris. CVSS Base Score 1.9 (Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2013-5821 | Vulnerability in the Solaris component of Oracle and Sun Systems Products Suite (subcomponent: Remote Procedure Call (RPC)). Supported versions that are affected are 8, 9, 10 and 11.1. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Solaris accessible data as well as read access to a subset of Solaris accessible data and ability to cause a partial denial of service (partial DOS) of Solaris. CVSS Base Score 4.6 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:P/I:P/A:P). (legend) [Advisory] |
| CVE-2013-5833 | Vulnerability in the Solaris component of Oracle and Sun Systems Products Suite (subcomponent: Filesystem). Supported versions that are affected are 8 and 9. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS). CVSS Base Score 4.9 (Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:C). (legend) [Advisory] |
| CVE-2013-5834 | Vulnerability in the Solaris component of Oracle and Sun Systems Products Suite (subcomponent: "ps" command line utility). The supported version that is affected is 8. Very difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. CVSS Base Score 6.2 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:H/Au:N/C:C/I:C/A:C). (legend) [Advisory] |
| CVE-2013-5872 | Vulnerability in the Solaris component of Oracle and Sun Systems Products Suite (subcomponent: Name Service Cache Daemon (NSCD)). Supported versions that are affected are 10 and 11.1. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Solaris. CVSS Base Score 2.1 (Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2013-5875 | Vulnerability in the Solaris component of Oracle and Sun Systems Products Suite (subcomponent: Role Based Access Control (RBAC)). The supported version that is affected is 11.1. Difficult to exploit vulnerability requiring logon to Operating System plus additional, multiple logins to components. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized update, insert or delete access to some Solaris accessible data and ability to cause a partial denial of service (partial DOS) of Solaris. CVSS Base Score 2.7 (Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:M/C:N/I:P/A:P). (legend) [Advisory] |
| CVE-2013-5876 | Vulnerability in the Solaris component of Oracle and Sun Systems Products Suite (subcomponent: Kernel). Supported versions that are affected are 10 and 11.1. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS). CVSS Base Score 4.9 (Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:C). (legend) [Advisory] |
| CVE-2013-5883 | Vulnerability in the Solaris component of Oracle and Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 8. Easily exploitable vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized update, insert or delete access to some Solaris accessible data and ability to cause a partial denial of service (partial DOS) of Solaris. Note: Applies only when Solaris is running on SPARC platform. CVSS Base Score 3.2 (Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:S/C:N/I:P/A:P). (legend) [Advisory] |
| CVE-2013-5885 | Vulnerability in the Solaris component of Oracle and Sun Systems Products Suite (subcomponent: Audit). The supported version that is affected is 11.1. Easily exploitable vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized update, insert or delete access to some Solaris accessible data. CVSS Base Score 1.7 (Integrity impacts). CVSS V2 Vector: (AV:L/AC:L/Au:S/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2014-0390 | Vulnerability in the Solaris component of Oracle and Sun Systems Products Suite (subcomponent: Java Web Console). The supported version that is affected is 10. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Solaris accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
Text Form of Risk Matrix for Oracle Virtualization
This table provides the text form of the Risk Matrix for Oracle Virtualization.
| CVE Identifier | Description |
|---|---|
| CVE-2012-3544 | Vulnerability in the Oracle Secure Global Desktop (SGD) component of Oracle Virtualization (subcomponent: Apache Tomcat). Supported versions that are affected are SGD prior to 4.63 with December 2013 PSU and 4.71. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Secure Global Desktop (SGD). CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2013-2067 | Vulnerability in the Oracle Secure Global Desktop (SGD) component of Oracle Virtualization (subcomponent: Apache Tomcat). Supported versions that are affected are SGD prior to SGD 4.63 with December 2013 PSU and 4.71. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Secure Global Desktop (SGD) accessible data as well as read access to a subset of Oracle Secure Global Desktop (SGD) accessible data and ability to cause a partial denial of service (partial DOS) of Oracle Secure Global Desktop (SGD). CVSS Base Score 6.8 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P). (legend) [Advisory] |
| CVE-2013-2071 | Vulnerability in the Oracle Secure Global Desktop (SGD) component of Oracle Virtualization (subcomponent: Apache Tomcat). Supported versions that are affected are SGD prior to 4.71 with December 2013 PSU and 5.0 with December 2013 PSU. Very difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Secure Global Desktop (SGD) accessible data. Note: SGD releases prior to SGD 4.7 are not affected by CVE-2013-2071 as they do not ship with Apache Tomcat 7.x, which is the only affected release of Tomcat. CVSS Base Score 2.6 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:H/Au:N/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2013-5892 | Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are VirtualBox prior to 3.2.20, 4.0.22, 4.1.30, 4.2.22 and 4.3.6. Very difficult to exploit vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized takeover of Oracle VM VirtualBox possibly including arbitrary code execution within the Oracle VM VirtualBox. CVSS Base Score 3.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:H/Au:S/C:P/I:P/A:P). (legend) [Advisory] |
| CVE-2014-0404 | Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are VirtualBox prior to 3.2.20, 4.0.22, 4.1.30, 4.2.20 and 4.3.4. Very difficult to exploit vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as update, insert or delete access to some Oracle VM VirtualBox accessible data. CVSS Base Score 2.4 (Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:H/Au:S/C:N/I:P/A:P). (legend) [Advisory] |
| CVE-2014-0405 | Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are VirtualBox prior to 3.2.20, 4.0.22, 4.1.30, 4.2.20 and 4.3.4. Very difficult to exploit vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized update, insert or delete access to some Oracle VM VirtualBox accessible data as well as read access to a subset of Oracle VM VirtualBox accessible data and ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox. Note: Applies only when a Windows guest with VirtualBox Additions installed is running on VirtualBox. CVSS Base Score 3.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:H/Au:S/C:P/I:P/A:P). (legend) [Advisory] |
| CVE-2014-0406 | Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are VirtualBox prior to 3.2.20, 4.0.22, 4.1.30, 4.2.20 and 4.3.4. Very difficult to exploit vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized update, insert or delete access to all Oracle VM VirtualBox accessible data and ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox. CVSS Base Score 2.4 (Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:H/Au:S/C:N/I:P/A:P). (legend) [Advisory] |
| CVE-2014-0407 | Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are VirtualBox prior to 3.2.20, 4.0.22, 4.1.30, 4.2.20 and 4.3.4. Very difficult to exploit vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized takeover of Oracle VM VirtualBox possibly including arbitrary code execution within the Oracle VM VirtualBox. CVSS Base Score 3.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:H/Au:S/C:P/I:P/A:P). (legend) [Advisory] |
| CVE-2014-0419 | Vulnerability in the Oracle Secure Global Desktop (SGD) component of Oracle Virtualization (subcomponent: Administration Console and Workspace Web Applications). Supported versions that are affected are SGD prior to 4.63 with December 2013 PSU , 4.71, 5.0 with December 2013 PSU and 5.10. Very difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Secure Global Desktop (SGD) accessible data as well as read access to a subset of Oracle Secure Global Desktop (SGD) accessible data and ability to cause a partial denial of service (partial DOS) of Oracle Secure Global Desktop (SGD). CVSS Base Score 5.1 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:P). (legend) [Advisory] |
Text Form of Risk Matrix for Oracle MySQL
This table provides the text form of the Risk Matrix for Oracle MySQL.
| CVE Identifier | Description |
|---|---|
| CVE-2013-4316 | Vulnerability in the MySQL Enterprise Monitor component of Oracle MySQL (subcomponent: Service Manager). Supported versions that are affected are 3.0.4 and earlier and 2.3.14 and earlier. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. Note: The following CVEs are fixed as a result of upgrading to Struts 2.3.15.3: CVE-2013-4316 and CVE-2013-4310. The CVSS score is taken from http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4316. The CVSS score is 10.0 if MySQL Enterprise Monitor runs with admin or root privileges. The score would be 7.5 if MySQL Enterprise Monitor runs with non-admin privileges and the impact on Confidentiality, Integrity and Availability would be Partial+. CVSS Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C). (legend) [Advisory] |
| CVE-2013-5860 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: GIS). Supported versions that are affected are 5.6.14 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS). CVSS Base Score 6.8 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:C). (legend) [Advisory] |
| CVE-2013-5881 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.14 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2013-5882 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Stored Procedure). Supported versions that are affected are 5.6.13 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS). CVSS Base Score 6.8 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:C). (legend) [Advisory] |
| CVE-2013-5891 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Partition). Supported versions that are affected are 5.5.33 and earlier and 5.6.13 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2013-5894 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.13 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2013-5908 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Error Handling). Supported versions that are affected are 5.1.72 and earlier, 5.5.34 and earlier and 5.6.14 and earlier. Very difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 2.6 (Availability impacts). CVSS V2 Vector: (AV:N/AC:H/Au:N/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2014-0386 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Optimizer). Supported versions that are affected are 5.1.71 and earlier, 5.5.33 and earlier and 5.6.13 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2014-0393 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.1.71 and earlier, 5.5.33 and earlier and 5.6.13 and earlier. Easily exploitable vulnerability allows successful network attacks via multiple protocols, requiring multiple authentications. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some MySQL Server accessible data. CVSS Base Score 3.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:M/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2014-0401 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Privileges). Supported versions that are affected are 5.1.72 and earlier, 5.5.34 and earlier and 5.6.14 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2014-0402 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Locking). Supported versions that are affected are 5.1.71 and earlier, 5.5.33 and earlier and 5.6.13 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2014-0412 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.1.72 and earlier, 5.5.34 and earlier and 5.6.14 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2014-0420 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Replication). Supported versions that are affected are 5.5.34 and earlier and 5.6.14 and earlier. Difficult to exploit vulnerability allows successful network attacks via multiple protocols, requiring multiple authentications. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 2.8 (Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:M/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2014-0427 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: FTS). Supported versions that are affected are 5.6.13 and earlier. Difficult to exploit vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 3.5 (Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2014-0430 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Performance Schema). Supported versions that are affected are 5.6.13 and earlier. Difficult to exploit vulnerability allows successful network attacks via multiple protocols, requiring multiple authentications. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 2.8 (Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:M/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2014-0431 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.14 and earlier. Difficult to exploit vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 3.5 (Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2014-0433 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Thread Pooling). Supported versions that are affected are 5.6.13 and earlier. Difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS Base Score 4.3 (Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2014-0437 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Optimizer). Supported versions that are affected are 5.1.72 and earlier, 5.5.34 and earlier and 5.6.14 and earlier. Difficult to exploit vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 3.5 (Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:N/A:P). (legend) [Advisory] |