Text Form of Oracle Critical Patch Update - October 2014 Risk Matrices
This document provides the text form of the CPUOct2014 Advisory Risk Matrices. Please note that the CVE numbers in this document correspond to the same CVE numbers in the CPUOct2014 Advisory
This page contains the following text format Risk Matrices:
- Oracle Database Server
- Oracle Fusion Middleware
- Oracle Enterprise Manager Grid Control
- Oracle E-Business Suite
- Oracle Supply Chain Products Suite
- Oracle PeopleSoft Products
- Oracle JD Edwards Products
- Oracle Communications Applications
- Oracle Retail Applications
- Oracle Health Sciences Applications
- Oracle Primavera Products Suite
- Oracle Java SE
- Oracle Sun Systems Products Suite
- Oracle Virtualization
- Oracle MySQL
Text Form of Risk Matrix for Oracle Database Server
This table provides the text form of the Risk Matrix for Oracle Database Server.
| CVE Identifier | Description |
|---|---|
| CVE-2014-0050 | Vulnerability in the Application Express component of Oracle Database Server. The supported version that is affected is All releases prior to 4.2.6. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Application Express. CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2014-2478 | Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 11.1.0.7, 11.2.0.3, 11.2.0.4 and 12.1.0.1. Very difficult to exploit vulnerability allows successful unauthenticated network attacks via Oracle Net. Successful attack of this vulnerability can result in unauthorized read access to a subset of Core RDBMS accessible data. CVSS Base Score 2.6 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:H/Au:N/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2014-4289 | Vulnerability in the JDBC component of Oracle Database Server. This vulnerability requires Create Session privileges for a successful attack. Supported versions that are affected are 11.1.0.7, 11.2.0.3, 11.2.0.4 and 12.1.0.1. Very difficult to exploit vulnerability allows successful authenticated network attacks via Oracle Net. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some JDBC accessible data as well as read access to a subset of JDBC accessible data. CVSS Base Score 3.6 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:H/Au:S/C:P/I:P/A:N). (legend) [Advisory] |
| CVE-2014-4290 | Vulnerability in the JPublisher component of Oracle Database Server. This vulnerability requires Create Session privileges for a successful attack. Supported versions that are affected are 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1 and 12.1.0.2. Easily exploitable vulnerability allows successful authenticated network attacks via Oracle Net. Successful attack of this vulnerability can result in unauthorized read access to a subset of JPublisher accessible data. CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2014-4291 | Vulnerability in the JPublisher component of Oracle Database Server. This vulnerability requires Create Session privileges for a successful attack. Supported versions that are affected are 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1 and 12.1.0.2. Easily exploitable vulnerability allows successful authenticated network attacks via Oracle Net. Successful attack of this vulnerability can result in unauthorized read access to a subset of JPublisher accessible data. CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2014-4292 | Vulnerability in the JPublisher component of Oracle Database Server. This vulnerability requires Create Session privileges for a successful attack. Supported versions that are affected are 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1 and 12.1.0.2. Easily exploitable vulnerability allows successful authenticated network attacks via Oracle Net. Successful attack of this vulnerability can result in unauthorized read access to a subset of JPublisher accessible data. CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2014-4293 | Vulnerability in the JPublisher component of Oracle Database Server. This vulnerability requires Create Session privileges for a successful attack. Supported versions that are affected are 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1 and 12.1.0.2. Easily exploitable vulnerability allows successful authenticated network attacks via Oracle Net. Successful attack of this vulnerability can result in unauthorized read access to a subset of JPublisher accessible data. CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2014-4294 | Vulnerability in the Java VM component of Oracle Database Server. This vulnerability requires Create Session privileges for a successful attack. Supported versions that are affected are 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1 and 12.1.0.2. Easily exploitable vulnerability allows successful authenticated network attacks via Oracle Net. Successful attack of this vulnerability can result in unauthorized read access to a subset of Java VM accessible data. CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2014-4295 | Vulnerability in the Java VM component of Oracle Database Server. This vulnerability requires Create Session privileges for a successful attack. Supported versions that are affected are 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1 and 12.1.0.2. Easily exploitable vulnerability allows successful authenticated network attacks via Oracle Net. Successful attack of this vulnerability can result in unauthorized read access to a subset of Java VM accessible data. CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2014-4296 | Vulnerability in the JPublisher component of Oracle Database Server. This vulnerability requires Create Session privileges for a successful attack. Supported versions that are affected are 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1 and 12.1.0.2. Easily exploitable vulnerability allows successful authenticated network attacks via Oracle Net. Successful attack of this vulnerability can result in unauthorized read access to a subset of JPublisher accessible data. CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2014-4297 | Vulnerability in the JPublisher component of Oracle Database Server. This vulnerability requires Create Session privileges for a successful attack. Supported versions that are affected are 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1 and 12.1.0.2. Easily exploitable vulnerability allows successful authenticated network attacks via Oracle Net. Successful attack of this vulnerability can result in unauthorized read access to a subset of JPublisher accessible data. CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2014-4298 | Vulnerability in the SQLJ component of Oracle Database Server. This vulnerability requires Create Session privileges for a successful attack. Supported versions that are affected are 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1 and 12.1.0.2. Easily exploitable vulnerability allows successful authenticated network attacks via Oracle Net. Successful attack of this vulnerability can result in unauthorized read access to a subset of SQLJ accessible data. CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2014-4299 | Vulnerability in the SQLJ component of Oracle Database Server. This vulnerability requires Create Session privileges for a successful attack. Supported versions that are affected are 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1 and 12.1.0.2. Easily exploitable vulnerability allows successful authenticated network attacks via Oracle Net. Successful attack of this vulnerability can result in unauthorized read access to a subset of SQLJ accessible data. CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2014-4300 | Vulnerability in the SQLJ component of Oracle Database Server. This vulnerability requires Create Session privileges for a successful attack. Supported versions that are affected are 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1 and 12.1.0.2. Easily exploitable vulnerability allows successful authenticated network attacks via Oracle Net. Successful attack of this vulnerability can result in unauthorized read access to a subset of SQLJ accessible data. CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2014-4310 | Vulnerability in the JPublisher component of Oracle Database Server. This vulnerability requires Create Session privileges for a successful attack. Supported versions that are affected are 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1 and 12.1.0.2. Easily exploitable vulnerability allows successful authenticated network attacks via Oracle Net. Successful attack of this vulnerability can result in unauthorized read access to a subset of JPublisher accessible data. CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2014-6452 | Vulnerability in the SQLJ component of Oracle Database Server. This vulnerability requires Create Session privileges for a successful attack. Supported versions that are affected are 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1 and 12.1.0.2. Easily exploitable vulnerability allows successful authenticated network attacks via Oracle Net. Successful attack of this vulnerability can result in unauthorized read access to a subset of SQLJ accessible data. CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2014-6453 | Vulnerability in the Java VM component of Oracle Database Server. This vulnerability requires Create Session privileges for a successful attack. Supported versions that are affected are 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1 and 12.1.0.2. Easily exploitable vulnerability allows successful authenticated network attacks via Oracle Net. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. Note: These vulnerabilities have a CVSS score of 9.0 on Windows and the confidentiality, availability and integrity impacts are Complete. These vulnerabilities have a CVSS score of 6.5 on non-Windows and the confidentiality, availability and integrity impacts are Partial+. CVSS Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:C/I:C/A:C). (legend) [Advisory] |
| CVE-2014-6454 | Vulnerability in the SQLJ component of Oracle Database Server. This vulnerability requires Create Session privileges for a successful attack. Supported versions that are affected are 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1 and 12.1.0.2. Easily exploitable vulnerability allows successful authenticated network attacks via Oracle Net. Successful attack of this vulnerability can result in unauthorized read access to a subset of SQLJ accessible data. CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2014-6455 | Vulnerability in the SQLJ component of Oracle Database Server. This vulnerability requires Create Session privileges for a successful attack. Supported versions that are affected are 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1 and 12.1.0.2. Easily exploitable vulnerability allows successful authenticated network attacks via Oracle Net. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. Note: These vulnerabilities have a CVSS score of 9.0 on Windows and the confidentiality, availability and integrity impacts are Complete. These vulnerabilities have a CVSS score of 6.5 on non-Windows and the confidentiality, availability and integrity impacts are Partial+. CVSS Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:C/I:C/A:C). (legend) [Advisory] |
| CVE-2014-6467 | Vulnerability in the Java VM component of Oracle Database Server. This vulnerability requires Create Session privileges for a successful attack. Supported versions that are affected are 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1 and 12.1.0.2. Easily exploitable vulnerability allows successful authenticated network attacks via Oracle Net. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. Note: These vulnerabilities have a CVSS score of 9.0 on Windows and the confidentiality, availability and integrity impacts are Complete. These vulnerabilities have a CVSS score of 6.5 on non-Windows and the confidentiality, availability and integrity impacts are Partial+. CVSS Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:C/I:C/A:C). (legend) [Advisory] |
| CVE-2014-6477 | Vulnerability in the JPublisher component of Oracle Database Server. This vulnerability requires Create Session privileges for a successful attack. Supported versions that are affected are 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1 and 12.1.0.2. Easily exploitable vulnerability allows successful authenticated network attacks via Oracle Net. Successful attack of this vulnerability can result in unauthorized read access to a subset of JPublisher accessible data. CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2014-6483 | Vulnerability in the Application Express component of Oracle Database Server. This vulnerability requires Create Session privileges for a successful attack. The supported version that is affected is All releases prior to 4.2.6. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Application Express accessible data as well as read access to a subset of Application Express accessible data and ability to cause a partial denial of service (partial DOS) of Application Express. CVSS Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:P/I:P/A:P). (legend) [Advisory] |
| CVE-2014-6537 | Vulnerability in the Java VM component of Oracle Database Server. This vulnerability requires Create Session privileges for a successful attack. Supported versions that are affected are 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1 and 12.1.0.2. Easily exploitable vulnerability allows successful authenticated network attacks via Oracle Net. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Java VM accessible data as well as read access to a subset of Java VM accessible data and ability to cause a partial denial of service (partial DOS) of Java VM. CVSS Base Score 6.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:P). (legend) [Advisory] |
| CVE-2014-6538 | Vulnerability in the Java VM component of Oracle Database Server. This vulnerability requires Create Session privileges for a successful attack. Supported versions that are affected are 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1 and 12.1.0.2. Easily exploitable vulnerability allows successful authenticated network attacks via Oracle Net. Successful attack of this vulnerability can result in unauthorized read access to a subset of Java VM accessible data. CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2014-6542 | Vulnerability in the SQLJ component of Oracle Database Server. This vulnerability requires Create Session privileges for a successful attack. Supported versions that are affected are 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1 and 12.1.0.2. Easily exploitable vulnerability allows successful authenticated network attacks via Oracle Net. Successful attack of this vulnerability can result in unauthorized read access to a subset of SQLJ accessible data. CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2014-6544 | Vulnerability in the JDBC component of Oracle Database Server. This vulnerability requires Create Session privileges for a successful attack. Supported versions that are affected are 11.1.0.7, 11.2.0.3, 11.2.0.4 and 12.1.0.1. Very difficult to exploit vulnerability allows successful authenticated network attacks via Oracle Net. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some JDBC accessible data as well as read access to a subset of JDBC accessible data. CVSS Base Score 3.6 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:H/Au:S/C:P/I:P/A:N). (legend) [Advisory] |
| CVE-2014-6545 | Vulnerability in the Java VM component of Oracle Database Server. This vulnerability requires Create Session privileges for a successful attack. Supported versions that are affected are 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1 and 12.1.0.2. Easily exploitable vulnerability allows successful authenticated network attacks via Oracle Net. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. Note: These vulnerabilities have a CVSS score of 9.0 on Windows and the confidentiality, availability and integrity impacts are Complete. These vulnerabilities have a CVSS score of 6.5 on non-Windows and the confidentiality, availability and integrity impacts are Partial+. CVSS Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:C/I:C/A:C). (legend) [Advisory] |
| CVE-2014-6546 | Vulnerability in the JPublisher component of Oracle Database Server. This vulnerability requires Create Session privileges for a successful attack. Supported versions that are affected are 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1 and 12.1.0.2. Easily exploitable vulnerability allows successful authenticated network attacks via Oracle Net. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. Note: These vulnerabilities have a CVSS score of 9.0 on Windows and the confidentiality, availability and integrity impacts are Complete. These vulnerabilities have a CVSS score of 6.5 on non-Windows and the confidentiality, availability and integrity impacts are Partial+. CVSS Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:C/I:C/A:C). (legend) [Advisory] |
| CVE-2014-6547 | Vulnerability in the JPublisher component of Oracle Database Server. This vulnerability requires Create Session privileges for a successful attack. Supported versions that are affected are 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1 and 12.1.0.2. Easily exploitable vulnerability allows successful authenticated network attacks via Oracle Net. Successful attack of this vulnerability can result in unauthorized read access to a subset of JPublisher accessible data. CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2014-6560 | Vulnerability in the Java VM component of Oracle Database Server. This vulnerability requires Create Session privileges for a successful attack. Supported versions that are affected are 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1 and 12.1.0.2. Easily exploitable vulnerability allows successful authenticated network attacks via Oracle Net. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. Note: These vulnerabilities have a CVSS score of 9.0 on Windows and the confidentiality, availability and integrity impacts are Complete. These vulnerabilities have a CVSS score of 6.5 on non-Windows and the confidentiality, availability and integrity impacts are Partial+. CVSS Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:C/I:C/A:C). (legend) [Advisory] |
| CVE-2014-6563 | Vulnerability in the Java VM component of Oracle Database Server. This vulnerability requires Create Session privileges for a successful attack. Supported versions that are affected are 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1 and 12.1.0.2. Easily exploitable vulnerability allows successful authenticated network attacks via Oracle Net. Successful attack of this vulnerability can result in unauthorized read access to a subset of Java VM accessible data. CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory] |
Text Form of Risk Matrix for Oracle Fusion Middleware
This table provides the text form of the Risk Matrix for Oracle Fusion Middleware.
| CVE Identifier | Description |
|---|---|
| CVE-2013-1741 | Vulnerability in the Oracle OpenSSO component of Oracle Fusion Middleware (subcomponent: Web Agents). Supported versions that are affected are 3.0-04. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTPS. Successful attack of this vulnerability can result in unauthorized takeover of Oracle OpenSSO possibly including arbitrary code execution within the Oracle OpenSSO. Note: This fix also addresses CVE-2013-1739,CVE-2013-1740, CVE-2013-5605, CVE-2013-5606,CVE-2014-1490, CVE-2014-1491, CVE-2014-1492. CVSS Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P). (legend) [Advisory] |
| CVE-2014-0050 | Vulnerability in the Oracle Endeca Information Discovery Studio component of Oracle Fusion Middleware (subcomponent: Studio). Supported versions that are affected are 2.2.2, 2.3, 2.4, 3.0 and 3.1. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Endeca Information Discovery Studio. Note: This fix also addresses CVE-2013-4286,CVE-2013-4322,CVE-2013-4590,CVE-2014-0033. CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2014-0114 | Security-in-Depth issue in the Oracle JDeveloper component of Oracle Fusion Middleware (subcomponent: ADF Controllers (Struts based)). Supported versions that are affected are 10.1.3.5, 11.1.1.7, 11.1.2.4, 12.1.2.0 and 12.1.3.0. Note: Please refer to Doc ID My Oracle Support Note 1926728.1 for instructions on how to address this issue. This fix also addresses CVE-2014-0050. CVSS Base Score 0.0. CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:N). (legend) [Advisory] |
| CVE-2014-0114 | Vulnerability in the Oracle Identity Manager component of Oracle Fusion Middleware (subcomponent: OIM Legacy UI (Struts based)). Supported versions that are affected are 11.1.1.5, 11.1.1.7, 11.1.2.1 and 11.1.2.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Identity Manager accessible data as well as read access to a subset of Oracle Identity Manager accessible data and ability to cause a partial denial of service (partial DOS) of Oracle Identity Manager. CVSS Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P). (legend) [Advisory] |
| CVE-2014-0114 | Vulnerability in the Oracle Adaptive Access Manager component of Oracle Fusion Middleware (subcomponent: OAAM Server (Struts based)). Supported versions that are affected are 11.1.1.5, 11.1.1.7, 11.1.2.1 and 11.1.2.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Adaptive Access Manager accessible data as well as read access to a subset of Oracle Adaptive Access Manager accessible data and ability to cause a partial denial of service (partial DOS) of Oracle Adaptive Access Manager. CVSS Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P). (legend) [Advisory] |
| CVE-2014-0114 | Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS-Console (Struts based)). Supported versions that are affected are 10.0.2.0, 10.3.6.0, 12.1.1.0, 12.1.2.0 and 12.1.3.0. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized takeover of Oracle WebLogic Server possibly including arbitrary code execution within the Oracle WebLogic Server. CVSS Base Score 6.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:P). (legend) [Advisory] |
| CVE-2014-0114 | Vulnerability in the Oracle Enterprise Data Quality component of Oracle Fusion Middleware (subcomponent: Launchpad (Struts based)). Supported versions that are affected are 8.1.2 and 9.0.11. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Enterprise Data Quality accessible data as well as read access to a subset of Oracle Enterprise Data Quality accessible data and ability to cause a partial denial of service (partial DOS) of Oracle Enterprise Data Quality. CVSS Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P). (legend) [Advisory] |
| CVE-2014-0119 | Vulnerability in the Oracle Enterprise Data Quality component of Oracle Fusion Middleware (subcomponent: Internal Operations). Supported versions that are affected are 8.1.2 and 9.0.11. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Enterprise Data Quality accessible data. Note: This fix also addresses CVE-2013-4286,CVE-2013-4322,CVE-2013-4590,CVE-2014-0033,CVE-2014-0050,CVE-2014-0075,CVE-2014-0095,CVE-2014-0096. CVSS Base Score 4.3 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2014-0224 | Vulnerability in the Oracle Endeca Information Discovery Studio component of Oracle Fusion Middleware (subcomponent: Studio). The supported version that is affected is 3.1. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Endeca Information Discovery Studio accessible data as well as read access to a subset of Oracle Endeca Information Discovery Studio accessible data and ability to cause a partial denial of service (partial DOS) of Oracle Endeca Information Discovery Studio. Note: This fix also addresses CVE-2014-3470,CVE-2010-5298,CVE-2014-0221,CVE-2014-0195,CVE-2014-0198. CVSS Base Score 6.8 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P). (legend) [Advisory] |
| CVE-2014-2880 | Vulnerability in the Oracle Identity Manager component of Oracle Fusion Middleware (subcomponent: User Management). Supported versions that are affected are 11.1.1.5, 11.1.1.7, 11.1.2.1 and 11.1.2.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Identity Manager accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2014-6462 | Vulnerability in the Oracle Access Manager component of Oracle Fusion Middleware (subcomponent: Admin Console). Supported versions that are affected are 11.1.2.1 and 11.1.2.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Access Manager accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2014-6487 | Vulnerability in the Oracle Identity Manager component of Oracle Fusion Middleware (subcomponent: End User Self Service). Supported versions that are affected are 11.1.1.5, 11.1.1.7, 11.1.2.1 and 11.1.2.2. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Identity Manager accessible data. CVSS Base Score 3.5 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2014-6499 | Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WebLogic Tuxedo Connector). Supported versions that are affected are 10.0.2.0, 10.3.6.0, 12.1.1.0, 12.1.2.0 and 12.1.3.0. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle WebLogic Server accessible data as well as read access to a subset of Oracle WebLogic Server accessible data and ability to cause a partial denial of service (partial DOS) of Oracle WebLogic Server. Note: Please refer to Doc ID My Oracle Support Note 1930466.1 for instructions on how to address this issue. CVSS Base Score 6.8 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P). (legend) [Advisory] |
| CVE-2014-6522 | Vulnerability in the Oracle JDeveloper component of Oracle Fusion Middleware (subcomponent: ADF Faces). Supported versions that are affected are 11.1.1.7, 11.1.2.4, 12.1.2.0 and 12.1.3.0. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle JDeveloper accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2014-6534 | Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Console). Supported versions that are affected are 10.0.2.0, 10.3.6.0, 12.1.1.0, 12.1.2.0 and 12.1.3.0. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle WebLogic Server accessible data. CVSS Base Score 4.0 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2014-6552 | Vulnerability in the Oracle Access Manager component of Oracle Fusion Middleware (subcomponent: Admin Console). Supported versions that are affected are 11.1.1.5, 11.1.1.7, 11.1.2.1 and 11.1.2.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Access Manager accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2014-6553 | Vulnerability in the Oracle Access Manager component of Oracle Fusion Middleware (subcomponent: Admin Console). Supported versions that are affected are 11.1.1.5 and 11.1.1.7. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Access Manager accessible data as well as read access to a subset of Oracle Access Manager accessible data. CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). (legend) [Advisory] |
| CVE-2014-6554 | Vulnerability in the Oracle Access Manager component of Oracle Fusion Middleware (subcomponent: Admin Console). Supported versions that are affected are 11.1.2.1 and 11.1.2.2. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Access Manager accessible data as well as read access to a subset of Oracle Access Manager accessible data. CVSS Base Score 5.5 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:N). (legend) [Advisory] |
Text Form of Risk Matrix for Oracle Enterprise Manager Grid Control
This table provides the text form of the Risk Matrix for Oracle Enterprise Manager Grid Control.
| CVE Identifier | Description |
|---|---|
| CVE-2014-6488 | Vulnerability in the Enterprise Manager for Oracle Database component of Oracle Enterprise Manager Grid Control (subcomponent: Content Management). Supported versions that are affected are EM Base Platform: 10.2.0.5, 11.1.0.1 EM DB Control: 11.1.0.7, 11.2.0.3, 11.2.0.4 EM Plugin for DB: 12.1.0.4, 12.1.0.5 and 12.1.0.6. Very difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Enterprise Manager for Oracle Database accessible data. CVSS Base Score 2.1 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:H/Au:S/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2014-6557 | Vulnerability in the Application Performance Management component of Oracle Enterprise Manager Grid Control (subcomponent: End User Experience Management). The supported version that is affected is All releases prior to 12.1.0.6.2. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Application Performance Management accessible data as well as read access to a subset of Application Performance Management accessible data. CVSS Base Score 4.9 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:P/I:P/A:N). (legend) [Advisory] |
Text Form of Risk Matrix for Oracle E-Business Suite
This table provides the text form of the Risk Matrix for Oracle E-Business Suite.
| CVE Identifier | Description |
|---|---|
| CVE-2014-4278 | Vulnerability in the Oracle Applications Technology Stack component of Oracle E-Business Suite (subcomponent: Oracle Forms). Supported versions that are affected are 12.0.6, 12.1.3, 12.2.2, 12.2.3 and 12.2.4. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized takeover of Oracle Applications Technology Stack possibly including arbitrary code execution within the Oracle Applications Technology Stack. Note: This is an Oracle E-Business Suite specific fix in Oracle Fusion Middleware. CVSS Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P). (legend) [Advisory] |
| CVE-2014-4281 | Vulnerability in the Oracle Applications Framework component of Oracle E-Business Suite (subcomponent: Portal Integration). Supported versions that are affected are 12.1.3, 12.2.2, 12.2.3 and 12.2.4. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Applications Framework accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2014-4285 | Vulnerability in the Oracle Applications Technology component of Oracle E-Business Suite (subcomponent: Reports Configuration). The supported version that is affected is 11.5.10.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Applications Technology accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2014-6471 | Vulnerability in the Oracle Applications Manager component of Oracle E-Business Suite (subcomponent: OAM Diagnostics). Supported versions that are affected are 12.0.6, 12.1.3, 12.2.2, 12.2.3 and 12.2.4. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Applications Manager accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2014-6472 | Vulnerability in the Oracle Applications Framework component of Oracle E-Business Suite (subcomponent: LOV). Supported versions that are affected are 11.5.10.2, 12.0.6, 12.1.3, 12.2.2, 12.2.3 and 12.2.4. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Applications Framework accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2014-6479 | Vulnerability in the Oracle Applications Technology component of Oracle E-Business Suite (subcomponent: OC4J Configuration). Supported versions that are affected are 11.5.10.2, 12.0.6 and 12.1.3. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Applications Technology accessible data. CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2014-6523 | Vulnerability in the Oracle Applications Framework component of Oracle E-Business Suite (subcomponent: REST Interface). Supported versions that are affected are 12.1.3, 12.2.2, 12.2.3 and 12.2.4. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Applications Framework accessible data. CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2014-6539 | Vulnerability in the Oracle Applications Framework component of Oracle E-Business Suite (subcomponent: LOV). Supported versions that are affected are 11.5.10.2, 12.0.6, 12.1.3, 12.2.2, 12.2.3 and 12.2.4. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Applications Framework accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2014-6550 | Vulnerability in the Oracle Applications Object Library component of Oracle E-Business Suite (subcomponent: iHelp). The supported version that is affected is 11.5.10.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Applications Object Library accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2014-6561 | Vulnerability in the Oracle Payments component of Oracle E-Business Suite (subcomponent: Separate Remittance Advice ). Supported versions that are affected are 12.0.4, 12.0.6, 12.1.1,12.1.2, 12.1.3, 12.2.2, 12.2.3 and 12.2.4. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Payments accessible data. CVSS Base Score 4.3 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N). (legend) [Advisory] |
Text Form of Risk Matrix for Oracle Supply Chain Products Suite
This table provides the text form of the Risk Matrix for Oracle Supply Chain Products Suite.
| CVE Identifier | Description |
|---|---|
| CVE-2014-6461 | Vulnerability in the Agile PLM component of Oracle Supply Chain Products Suite (subcomponent: Roles & Privileges). The supported version that is affected is 9.3.1.2. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Agile PLM accessible data as well as read access to all Agile PLM accessible data. CVSS Base Score 4.9 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:P/I:P/A:N). (legend) [Advisory] |
| CVE-2014-6498 | Vulnerability in the Oracle Transportation Management component of Oracle Supply Chain Products Suite (subcomponent: Security). Supported versions that are affected are 6.1, 6.2, 6.3, 6.3.1, 6.3.2, 6.3.3, 6.3.4 and 6.3.5. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Transportation Management accessible data. CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2014-6533 | Vulnerability in the Oracle Transportation Management component of Oracle Supply Chain Products Suite (subcomponent: Security). Supported versions that are affected are 6.1 and 6.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Transportation Management accessible data as well as read access to a subset of Oracle Transportation Management accessible data and ability to cause a partial denial of service (partial DOS) of Oracle Transportation Management. CVSS Base Score 6.8 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P). (legend) [Advisory] |
| CVE-2014-6536 | Vulnerability in the Agile PLM component of Oracle Supply Chain Products Suite (subcomponent: Security). The supported version that is affected is 9.3.3. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Agile PLM accessible data. CVSS Base Score 3.5 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2014-6543 | Vulnerability in the Agile PLM component of Oracle Supply Chain Products Suite (subcomponent: ITEM (Item & BOM)). The supported version that is affected is 9.3.3. Very difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Agile PLM accessible data as well as read access to a subset of Agile PLM accessible data. CVSS Base Score 3.6 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:H/Au:S/C:P/I:P/A:N). (legend) [Advisory] |
Text Form of Risk Matrix for Oracle PeopleSoft Products
This table provides the text form of the Risk Matrix for Oracle PeopleSoft Products.
| CVE Identifier | Description |
|---|---|
| CVE-2014-6460 | Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: QUERY). Supported versions that are affected are 8.52, 8.53 and 8.54. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all PeopleSoft Enterprise PeopleTools accessible data as well as read access to all PeopleSoft Enterprise PeopleTools accessible data. CVSS Base Score 4.9 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:P/I:P/A:N). (legend) [Advisory] |
| CVE-2014-6475 | Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Security). Supported versions that are affected are 8.52, 8.53 and 8.54. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS Base Score 3.5 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2014-6482 | Vulnerability in the PeopleSoft Enterprise PT PeopleTools component of Oracle PeopleSoft Products (subcomponent: Updates Change Assistant). Supported versions that are affected are 8.53 and 8.54. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft Enterprise PT PeopleTools accessible data. CVSS Base Score 4.0 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2014-6486 | Vulnerability in the PeopleSoft Enterprise HRMS component of Oracle PeopleSoft Products (subcomponent: Talent Acquisition Manager - Security). The supported version that is affected is 9.2. Easily exploitable vulnerability allows successful authenticated network attacks via HTTPS. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft Enterprise HRMS accessible data. CVSS Base Score 4.0 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2014-6535 | Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: SECURITY). Supported versions that are affected are 8.52, 8.53 and 8.54. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft Enterprise PeopleTools accessible data as well as read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS Base Score 5.8 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:N). (legend) [Advisory] |
Text Form of Risk Matrix for Oracle JD Edwards Products
This table provides the text form of the Risk Matrix for Oracle JD Edwards Products.
| CVE Identifier | Description |
|---|---|
| CVE-2014-6516 | Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Installation SEC). The supported version that is affected is 8.98. Easily exploitable vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized takeover of JD Edwards EnterpriseOne Tools possibly including arbitrary code execution within the JD Edwards EnterpriseOne Tools. CVSS Base Score 4.3 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:S/C:P/I:P/A:P). (legend) [Advisory] |
Text Form of Risk Matrix for Oracle Communications Applications
This table provides the text form of the Risk Matrix for Oracle Communications Applications.
| CVE Identifier | Description |
|---|---|
| CVE-2014-0114 | Vulnerability in the Oracle Communications MetaSolv Solution component of Oracle Communications Applications (subcomponent: Infrastructure, LSR, ASR (Struts based)). Supported versions that are affected are MetaSolv Solution: 6.2.1.0.0, LSR: 9.4.0, 10.1.0 and ASR: 49.0.0. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Communications MetaSolv Solution accessible data as well as read access to a subset of Oracle Communications MetaSolv Solution accessible data and ability to cause a partial denial of service (partial DOS) of Oracle Communications MetaSolv Solution. CVSS Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P). (legend) [Advisory] |
| CVE-2014-6465 | Vulnerability in the Oracle Communications Session Border Controller component of Oracle Communications Applications (subcomponent: Lawful Intercept ). The supported version that is affected is SCX640m5. Difficult to exploit vulnerability allows successful authenticated network attacks via TCP/TLS. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS). CVSS Base Score 6.3 (Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:N/A:C). (legend) [Advisory] |
Text Form of Risk Matrix for Oracle Retail Applications
This table provides the text form of the Risk Matrix for Oracle Retail Applications.
| CVE Identifier | Description |
|---|---|
| CVE-2014-0114 | Vulnerability in the Oracle Retail Allocation component of Oracle Retail Applications (subcomponent: General application (Struts based)). Supported versions that are affected are 10.0, 11.0, 12.0, 13.0, 13.1 and 13.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized takeover of Oracle Retail Allocation possibly including arbitrary code execution within the Oracle Retail Allocation. CVSS Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P). (legend) [Advisory] |
| CVE-2014-0114 | Vulnerability in the Oracle Retail Invoice Matching component of Oracle Retail Applications (subcomponent: General application (Struts based)). Supported versions that are affected are 11.0, 12.0, 12.0 IN, 12.1, 13.0, 13.1, 13.2 and 14.0. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized takeover of Oracle Retail Invoice Matching possibly including arbitrary code execution within the Oracle Retail Invoice Matching. CVSS Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P). (legend) [Advisory] |
| CVE-2014-0114 | Vulnerability in the Oracle Retail Markdown Optimization component of Oracle Retail Applications (subcomponent: General application (Struts based)). Supported versions that are affected are 12.0, 13.0, 13.1, 13.2 and 13.4. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized takeover of Oracle Retail Markdown Optimization possibly including arbitrary code execution within the Oracle Retail Markdown Optimization. CVSS Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P). (legend) [Advisory] |
| CVE-2014-0114 | Vulnerability in the Oracle Retail Clearance Optimization Engine component of Oracle Retail Applications (subcomponent: General application (Struts based)). Supported versions that are affected are 13.3, 13.4 and 14.0. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized takeover of Oracle Retail Clearance Optimization Engine possibly including arbitrary code execution within the Oracle Retail Clearance Optimization Engine. CVSS Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P). (legend) [Advisory] |
Text Form of Risk Matrix for Oracle Health Sciences Applications
This table provides the text form of the Risk Matrix for Oracle Health Sciences Applications.
| CVE Identifier | Description |
|---|---|
| CVE-2014-0050 | Vulnerability in the Oracle Health Sciences Empirica Signal component of Oracle Health Sciences Applications (subcomponent: Tomcat, FileUpload). Supported versions that are affected are 7.3.3.3 and prior. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Health Sciences Empirica Signal. Note: This fix also addresses CVE-2013-4286, CVE-2013-4322, CVE-2013-4590 and CVE-2014-0033. CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2014-0050 | Vulnerability in the Oracle Health Sciences Empirica Study component of Oracle Health Sciences Applications (subcomponent: Tomcat, FileUpload). Supported versions that are affected are 3.1.2.0 and prior. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Health Sciences Empirica Study. Note: This fix also addresses CVE-2013-4286, CVE-2013-4322, CVE-2013-4590 and CVE-2014-0033. CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2014-0050 | Vulnerability in the Oracle Health Sciences Empirica Inspections component of Oracle Health Sciences Applications (subcomponent: Tomcat, FileUpload). Supported versions that are affected are 1.0.1.0 and prior. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Health Sciences Empirica Inspections. Note: This fix also addresses CVE-2013-4286, CVE-2013-4322, CVE-2013-4590 and CVE-2014-0033. CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory] |
Text Form of Risk Matrix for Oracle Primavera Products Suite
This table provides the text form of the Risk Matrix for Oracle Primavera Products Suite.
| CVE Identifier | Description |
|---|---|
| CVE-2014-0114 | Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Primavera Products Suite (subcomponent: Web Access (Struts based)). Supported versions that are affected are 7.0, 8.0, 8.1, 8.2 and 8.3. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Primavera P6 Enterprise Project Portfolio Management accessible data as well as read access to a subset of Primavera P6 Enterprise Project Portfolio Management accessible data and ability to cause a partial denial of service (partial DOS) of Primavera P6 Enterprise Project Portfolio Management. CVSS Base Score 6.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:P). (legend) [Advisory] |
| CVE-2014-0114 | Vulnerability in the Primavera Contract Management component of Oracle Primavera Products Suite (subcomponent: Web Access (Struts based)). Supported versions that are affected are 13.1 and 14.0. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Primavera Contract Management accessible data as well as read access to a subset of Primavera Contract Management accessible data and ability to cause a partial denial of service (partial DOS) of Primavera Contract Management. CVSS Base Score 6.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:P). (legend) [Advisory] |
Text Form of Risk Matrix for Oracle Java SE
This table provides the text form of the Risk Matrix for Oracle Java SE.
| CVE Identifier | Description |
|---|---|
| CVE-2014-4288 | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE 6u81, Java SE 7u67 and Java SE 8u20. Very difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets. CVSS Base Score 7.6 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:H/Au:N/C:C/I:C/A:C). (legend) [Advisory] |
| CVE-2014-6456 | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE 7u67 and Java SE 8u20. Difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets. CVSS Base Score 9.3 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C). (legend) [Advisory] |
| CVE-2014-6457 | Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JSSE). Supported versions that are affected are Java SE 5.0u71, Java SE 6u81, Java SE 7u67, Java SE 8u20, Java SE Embedded 7u60, JRockit R27.8.3 and JRockit R28.3.3. Very difficult to exploit vulnerability allows successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Java SE, Java SE Embedded, JRockit accessible data as well as read access to a subset of Java SE, Java SE Embedded, JRockit accessible data. Note: Applies to client and server deployment of JSSE. CVSS Base Score 4.0 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N). (legend) [Advisory] |
| CVE-2014-6458 | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE 6u81, Java SE 7u67 and Java SE 8u20. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets. CVSS Base Score 6.9 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:C/I:C/A:C). (legend) [Advisory] |
| CVE-2014-6466 | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE 6u81, Java SE 7u67 and Java SE 8u20. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. Note: Applies to client deployment of Java on Internet Explorer only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets. CVSS Base Score 6.9 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:C/I:C/A:C). (legend) [Advisory] |
| CVE-2014-6468 | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Hotspot). The supported version that is affected is Java SE 8u20. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. Note: Applies to client and server deployment of Java. This vulnerability requires local access to the victim environment in order to plant the affected jar file. Once the affected jar file was planted, this vulnerability can be triggered through sandboxed Java Web Start applications, sandboxed Java applets, and launching the affected application locally. It can also be triggered by supplying data to APIs in the specified component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS Base Score 6.9 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:C/I:C/A:C). (legend) [Vendor Information] |
| CVE-2014-6476 | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE 7u67 and Java SE 8u20. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Java SE accessible data. Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets. CVSS Base Score 5.0 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2014-6485 | Vulnerability in the Java SE, JavaFX component of Oracle Java SE (subcomponent: JavaFX). Supported versions that are affected are Java SE 8u20 and JavaFX 2.2.65. Difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets. CVSS Base Score 9.3 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C). (legend) [Advisory] |
| CVE-2014-6492 | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE 6u81, Java SE 7u67 and Java SE 8u20. Very difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. Note: Applies to client deployment of Java on Firefox only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets. CVSS Base Score 7.6 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:H/Au:N/C:C/I:C/A:C). (legend) [Advisory] |
| CVE-2014-6493 | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE 6u81, Java SE 7u67 and Java SE 8u20. Very difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets. CVSS Base Score 7.6 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:H/Au:N/C:C/I:C/A:C). (legend) [Advisory] |
| CVE-2014-6502 | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE 5.0u71, Java SE 6u81, Java SE 7u67, Java SE 8u20 and Java SE Embedded 7u60. Very difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Java SE, Java SE Embedded accessible data. Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets. CVSS Base Score 2.6 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:H/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2014-6503 | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE 6u81, Java SE 7u67 and Java SE 8u20. Difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets. CVSS Base Score 9.3 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C). (legend) [Advisory] |
| CVE-2014-6504 | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE 5.0u71, Java SE 6u81, Java SE 7u67 and Java SE Embedded 7u60. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets. CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2014-6506 | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE 5.0u71, Java SE 6u81, Java SE 7u67, Java SE 8u20 and Java SE Embedded 7u60. Difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Java SE, Java SE Embedded accessible data as well as read access to a subset of Java SE, Java SE Embedded accessible data and ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets. CVSS Base Score 6.8 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P). (legend) [Advisory] |
| CVE-2014-6511 | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE 5.0u71, Java SE 6u81, Java SE 7u67 and Java SE 8u20. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets. CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2014-6512 | Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE 5.0u71, Java SE 6u81, Java SE 7u67, Java SE 8u20, Java SE Embedded 7u60, JRockit R27.8.3 and JRockit R28.3.3. Difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Java SE, Java SE Embedded, JRockit accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2014-6513 | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE 6u81, Java SE 7u67, Java SE 8u20 and Java SE Embedded 7u60. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets. CVSS Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C). (legend) [Advisory] |
| CVE-2014-6515 | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE 6u81, Java SE 7u67 and Java SE 8u20. Easily exploitable vulnerability allows successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Java SE accessible data. Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets. CVSS Base Score 5.0 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2014-6517 | Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE 6u81, Java SE 7u67, Java SE 8u20, Java SE Embedded 7u60, JRockit R27.8.3 and JRockit R28.3.3. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded, JRockit accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2014-6519 | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE 7u67, Java SE 8u20 and Java SE Embedded 7u60. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Java SE, Java SE Embedded accessible data. Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets. CVSS Base Score 5.0 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2014-6527 | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE 7u67 and Java SE 8u20. Very difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Java SE accessible data. Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets. CVSS Base Score 2.6 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:H/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2014-6531 | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE 5.0u71, Java SE 6u81, Java SE 7u67, Java SE 8u20 and Java SE Embedded 7u60. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets. CVSS Base Score 4.3 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2014-6532 | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE 6u81, Java SE 7u67 and Java SE 8u20. Difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets. CVSS Base Score 9.3 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C). (legend) [Advisory] |
| CVE-2014-6558 | Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE 5.0u71, Java SE 6u81, Java SE 7u67, Java SE 8u20, Java SE Embedded 7u60, JRockit R27.8.3 and JRockit R28.3.3. Very difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Java SE, Java SE Embedded, JRockit accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS Base Score 2.6 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:H/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2014-6562 | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). The supported version that is affected is Java SE 8u20. Difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets. CVSS Base Score 9.3 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C). (legend) [Advisory] |
Text Form of Risk Matrix for Oracle Sun Systems Products Suite
This table provides the text form of the Risk Matrix for Oracle Sun Systems Products Suite.
| CVE Identifier | Description |
|---|---|
| CVE-2014-0224 | Vulnerability in the Fujitsu M10-1, Fujitsu M10-4, Fujitsu M10-4S servers component of Oracle Sun Systems Products Suite (subcomponent: XCP). The supported version that is affected is XCP prior to XCP2221. Difficult to exploit vulnerability allows successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Fujitsu M10-1, Fujitsu M10-4, Fujitsu M10-4S servers accessible data as well as read access to a subset of Fujitsu M10-1, Fujitsu M10-4, Fujitsu M10-4S servers accessible data and ability to cause a partial denial of service (partial DOS) of Fujitsu M10-1, Fujitsu M10-4, Fujitsu M10-4S servers. CVSS Base Score 6.8 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P). (legend) [Advisory] |
| CVE-2014-4275 | Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: SMB server kernel module). The supported version that is affected is 11. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS). CVSS Base Score 4.9 (Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:C). (legend) [Advisory] |
| CVE-2014-4276 | Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Common Internet File System(CIFS)). The supported version that is affected is 11. Easily exploitable vulnerability allows successful unauthenticated network attacks via CIFS. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Solaris accessible data as well as read access to a subset of Solaris accessible data and ability to cause a partial denial of service (partial DOS) of Solaris. CVSS Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P). (legend) [Advisory] |
| CVE-2014-4277 | Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Automated Install Engine). The supported version that is affected is 11. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Solaris accessible data. CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2014-4280 | Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: IPS transfer module). The supported version that is affected is 11. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Solaris accessible data as well as read access to a subset of Solaris accessible data and ability to cause a partial denial of service (partial DOS) of Solaris. CVSS Base Score 4.6 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:P/I:P/A:P). (legend) [Advisory] |
| CVE-2014-4282 | Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel/X86). The supported version that is affected is 11. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. CVSS Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:C/I:C/A:C). (legend) [Advisory] |
| CVE-2014-4283 | Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Automated Install Engine). The supported version that is affected is 11. Difficult to exploit vulnerability allows successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability can result in unauthorized read access to a subset of Solaris accessible data. CVSS Base Score 4.3 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2014-4284 | Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: IPS transfer module). The supported version that is affected is 11. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Solaris accessible data as well as read access to a subset of Solaris accessible data and ability to cause a partial denial of service (partial DOS) of Solaris. CVSS Base Score 4.4 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:P/I:P/A:P). (legend) [Advisory] |
| CVE-2014-6470 | Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Archive Utility). The supported version that is affected is 11. Easily exploitable vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized Operating System takeover including arbitrary code execution. CVSS Base Score 6.8 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:S/C:C/I:C/A:C). (legend) [Advisory] |
| CVE-2014-6473 | Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Zone Framework). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. Note: Applies only when Solaris is running on SPARC platform. CVSS Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:C/I:C/A:C). (legend) [Advisory] |
| CVE-2014-6490 | Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: SMB server user component). The supported version that is affected is 11. Easily exploitable vulnerability allows successful unauthenticated network attacks via SMB. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Solaris. CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2014-6497 | Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS). CVSS Base Score 4.9 (Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:C). (legend) [Advisory] |
| CVE-2014-6501 | Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: SSH). The supported version that is affected is 11. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized read access to a subset of Solaris accessible data. CVSS Base Score 2.1 (Confidentiality impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2014-6508 | Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: iSCSI Data Mover(IDM)). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows successful unauthenticated network attacks via TCP/IP. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS). CVSS Base Score 7.8 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:C). (legend) [Advisory] |
| CVE-2014-6529 | Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Hermon HCA PCIe driver). The supported version that is affected is 11. Very difficult to exploit vulnerability allows successful unauthenticated network attacks via None, but can only be launched from an adjacent network. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. CVSS Base Score 6.8 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:A/AC:H/Au:N/C:C/I:C/A:C). (legend) [Advisory] |
Text Form of Risk Matrix for Oracle Virtualization
This table provides the text form of the Risk Matrix for Oracle Virtualization.
| CVE Identifier | Description |
|---|---|
| CVE-2014-2472 | Vulnerability in the Oracle Secure Global Desktop component of Oracle Virtualization (subcomponent: SGD Proxy Server (ttaauxserv)). Supported versions that are affected are 5.0 and 5.1. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Secure Global Desktop. CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2014-2473 | Vulnerability in the Oracle Secure Global Desktop component of Oracle Virtualization (subcomponent: SGD Proxy Server (ttaauxserv) and SGD SSL Daemon (ttassl)). Supported versions that are affected are 5.0 and 5.1. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Secure Global Desktop. CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2014-2474 | Vulnerability in the Oracle Secure Global Desktop component of Oracle Virtualization (subcomponent: SGD Proxy Server (ttaauxserv)). Supported versions that are affected are 5.0 and 5.1. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Secure Global Desktop. CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2014-2475 | Vulnerability in the Oracle Secure Global Desktop component of Oracle Virtualization (subcomponent: SGD Proxy Server (ttaauxserv)). Supported versions that are affected are 4.63, 4.71, 5.0 and 5.1. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Secure Global Desktop. CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2014-2476 | Vulnerability in the Oracle Secure Global Desktop component of Oracle Virtualization (subcomponent: SGD Proxy Server (ttaauxserv)). Supported versions that are affected are 5.0 and 5.1. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Secure Global Desktop. CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2014-6459 | Vulnerability in the Oracle Secure Global Desktop component of Oracle Virtualization (subcomponent: SGD Proxy Server (ttaauxserv)). Supported versions that are affected are 5.0 and 5.1. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Secure Global Desktop. CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2014-6540 | Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Graphics driver (WDDM) for Windows guests). Supported versions that are affected are VirtualBox prior to 4.1.34, 4.2.26 and 4.3.14. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox. CVSS Base Score 1.9 (Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:N/I:N/A:P). (legend) [Advisory] |
Text Form of Risk Matrix for Oracle MySQL
This table provides the text form of the Risk Matrix for Oracle MySQL.
| CVE Identifier | Description |
|---|---|
| CVE-2012-5615 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: SERVER:PRIVILEGES AUTHENTICATION PLUGIN API). Supported versions that are affected are 5.5.38 and earlier and 5.6.19 and earlier. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2014-0224 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: SERVER:SSL:OpenSSL). Supported versions that are affected are 5.6.19 and earlier. Difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some MySQL Server accessible data as well as read access to a subset of MySQL Server accessible data and ability to cause a partial denial of service (partial DOS) of MySQL Server. Note: This fix also addresses CVE-2010-5298,CVE-2014-0195,CVE-2014-0198,CVE-2014-0221,CVE-2014-3470. CVSS Base Score 6.8 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P). (legend) [Advisory] |
| CVE-2014-4274 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: SERVER:MyISAM). Supported versions that are affected are 5.5.38 and earlier and 5.6.19 and earlier. Difficult to exploit vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized takeover of MySQL Server possibly including arbitrary code execution within the MySQL Server. CVSS Base Score 4.1 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:S/C:P/I:P/A:P). (legend) [Advisory] |
| CVE-2014-4287 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: SERVER:CHARACTER SETS). Supported versions that are affected are 5.5.38 and earlier and 5.6.19 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2014-6463 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: SERVER:REPLICATION ROW FORMAT BINARY LOG DML). Supported versions that are affected are 5.5.38 and earlier and 5.6.19 and earlier. Easily exploitable vulnerability allows successful network attacks via multiple protocols, requiring multiple authentications. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 3.3 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:M/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2014-6464 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: SERVER:INNODB DML FOREIGN KEYS). Supported versions that are affected are 5.5.39 and earlier and 5.6.20 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2014-6469 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: SERVER:OPTIMIZER). Supported versions that are affected are 5.5.39 and eariler and 5.6.20 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS). CVSS Base Score 6.8 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:C). (legend) [Advisory] |
| CVE-2014-6474 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: SERVER:MEMCACHED). Supported versions that are affected are 5.6.19 and earlier. Difficult to exploit vulnerability allows successful authenticated network attacks via Memcached. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 3.5 (Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2014-6478 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: SERVER:SSL:yaSSL). Supported versions that are affected are 5.5.38 and earlier and 5.6.19 and earlier. Difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some MySQL Server accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2014-6484 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: SERVER:DML). Supported versions that are affected are 5.5.38 and earlier and 5.6.19 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2014-6489 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: SERVER:SP). Supported versions that are affected are 5.6.19 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as update, insert or delete access to some MySQL Server accessible data. CVSS Base Score 5.5 (Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:P/A:P). (legend) [Advisory] |
| CVE-2014-6491 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: SERVER:SSL:yaSSL). Supported versions that are affected are 5.5.39 and earlier and 5.6.20 and earlier. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized takeover of MySQL Server possibly including arbitrary code execution within the MySQL Server. CVSS Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P). (legend) [Advisory] |
| CVE-2014-6494 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: CLIENT:SSL:yaSSL). Supported versions that are affected are 5.5.39 and earlier and 5.6.20 and earlier. Difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 4.3 (Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2014-6495 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: SERVER:SSL:yaSSL). Supported versions that are affected are 5.5.38 and earlier and 5.6.19 and earlier. Difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS Base Score 4.3 (Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2014-6496 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: CLIENT:SSL:yaSSL). Supported versions that are affected are 5.5.39 and earlier and 5.6.20 and earlier. Difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 4.3 (Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2014-6500 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: SERVER:SSL:yaSSL). Supported versions that are affected are 5.5.39 and earlier and 5.6.20 and earlier. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized takeover of MySQL Server possibly including arbitrary code execution within the MySQL Server. CVSS Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P). (legend) [Advisory] |
| CVE-2014-6505 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: SERVER:MEMORY STORAGE ENGINE). Supported versions that are affected are 5.5.38 and earlier and 5.6.19 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2014-6507 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: SERVER:DML). Supported versions that are affected are 5.5.39 and eariler and 5.6.20 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS) as well as update, insert or delete access to all MySQL Server accessible data and read access to all MySQL Server accessible data. CVSS Base Score 8.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:C). (legend) [Advisory] |
| CVE-2014-6520 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: SERVER:DDL). Supported versions that are affected are 5.5.38 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2014-6530 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: CLIENT:MYSQLDUMP). Supported versions that are affected are 5.5.38 and earlier and 5.6.19 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized takeover of MySQL Server possibly including arbitrary code execution within the MySQL Server. CVSS Base Score 6.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:P). (legend) [Advisory] |
| CVE-2014-6551 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: CLIENT:MYSQLADMIN). Supported versions that are affected are 5.5.38 and earlier and 5.6.19 and earlier. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS Base Score 2.1 (Confidentiality impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2014-6555 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: SERVER:DML). Supported versions that are affected are 5.5.39 and earlier and 5.6.20 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized takeover of MySQL Server possibly including arbitrary code execution within the MySQL Server. CVSS Base Score 6.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:P). (legend) [Advisory] |
| CVE-2014-6559 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: C API SSL CERTIFICATE HANDLING). Supported versions that are affected are 5.5.39 and earlier and 5.6.20 and earlier. Difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized read access to all MySQL Server accessible data. CVSS Base Score 4.3 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2014-6564 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: SERVER:INNODB FULLTEXT SEARCH DML). Supported versions that are affected are 5.6.19 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory] |