Text Form of Oracle Critical Patch Update - January 2012 Risk Matrices
This document provides the text form of the CPUJan2012 Advisory Risk Matrices. Please note that the CVE numbers in this document correspond to the same CVE numbers in the CPUJan2012 Advisory
This page contains the following text format Risk Matrices:
- Oracle Database Server
- Oracle Fusion Middleware
- Oracle E-Business Suite
- Oracle Supply Chain Products Suite
- Oracle PeopleSoft Products
- Oracle JD Edwards Products
- Oracle Sun Products Suite
- Oracle Virtualization
- Oracle MySQL
Text Form of Risk Matrix for Oracle Database Server
This table provides the text form of the Risk Matrix for Oracle Database Server.
| CVE Identifier | Description |
|---|---|
| CVE-2012-0072 | Vulnerability in the Listener component of Oracle Database Server. Supported versions that are affected are 10.1.0.5, 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7 and 11.2.0.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via Oracle Net. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Listener. CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2012-0082 | Vulnerability in the Core RDBMS component of Oracle Database Server. This vulnerability requires Create session privileges for a successful attack. Supported versions that are affected are 10.1.0.5, 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2 and 11.2.0.3. Easily exploitable vulnerability allows successful authenticated network attacks via Oracle Net. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Core RDBMS as well as update, insert or delete access to some Core RDBMS accessible data. Note: The fix for this vulnerability has a significant non-security component. It is recommended that customers review MOS document 1376995.1 to determine the urgency and best plan of action for applying the fix for this vulnerability. CVSS Base Score 5.5 (Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:P/A:P). (legend) [Advisory] |
Text Form of Risk Matrix for Oracle Fusion Middleware
This table provides the text form of the Risk Matrix for Oracle Fusion Middleware.
| CVE Identifier | Description |
|---|---|
| CVE-2011-3531 | Vulnerability in the Oracle Web Services Manager component of Oracle Fusion Middleware (subcomponent: Web Services Security). Supported versions that are affected are 11.1.1.3, 11.1.1.4 and 11.1.1.5. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Web Services Manager. CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2011-3566 | Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Container). Supported versions that are affected are 9.2.4, 10.0.2, 10.3.3, 10.3.4 and 10.3.5. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2011-3568 | Vulnerability in the Oracle Web Services Manager component of Oracle Fusion Middleware (subcomponent: Web Services Security). Supported versions that are affected are 11.1.1.3, 11.1.1.4 and 11.1.1.5. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Web Services Manager accessible data as well as read access to a subset of Oracle Web Services Manager accessible data. CVSS Base Score 5.5 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:N). (legend) [Advisory] |
| CVE-2011-3569 | Vulnerability in the Oracle Web Services Manager component of Oracle Fusion Middleware (subcomponent: Web Services Security). Supported versions that are affected are 11.1.1.3, 11.1.1.4 and 11.1.1.5. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Web Services Manager accessible data. CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2011-4516 | Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: JPEG 2000 Filter). Supported versions that are affected are 8.3.5 and 8.3.7. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Outside In Technology accessible data as well as read access to a subset of Oracle Outside In Technology accessible data and ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). It does not have any particular associated protocol. If the hosting software passes data received over the network to Outside In Technology code the CVSS score would increase to 6.8. CVSS Base Score 4.4 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:P/I:P/A:P). (legend) [Advisory] |
| CVE-2011-4517 | Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: JPEG 2000 Filter). Supported versions that are affected are 8.3.5 and 8.3.7. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Outside In Technology accessible data as well as read access to a subset of Oracle Outside In Technology accessible data and ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). It does not have any particular associated protocol. If the hosting software passes data received over the network to Outside In Technology code the CVSS score would increase to 6.8. CVSS Base Score 4.4 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:P/I:P/A:P). (legend) [Advisory] |
| CVE-2012-0077 | Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS-Console). Supported versions that are affected are 9.2.4, 10.0.2, 10.3.3, 10.3.4 and 10.3.5. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle WebLogic Server accessible data. CVSS Base Score 3.5 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2012-0083 | Vulnerability in the Oracle WebCenter Content component of Oracle Fusion Middleware (subcomponent: Search). Supported versions that are affected are 7.5.2, 10.1.3.5.1, 11.1.1.3, 11.1.1.4 and 11.1.1.5. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Oracle WebCenter Content accessible data as well as read access to all Oracle WebCenter Content accessible data. CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). (legend) [Advisory] |
| CVE-2012-0084 | Vulnerability in the Oracle WebCenter Content component of Oracle Fusion Middleware (subcomponent: Content Server). Supported versions that are affected are 7.5.2, 10.1.3.5.1, 11.1.1.3, 11.1.1.4 and 11.1.1.5. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle WebCenter Content accessible data. CVSS Base Score 3.5 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2012-0085 | Vulnerability in the Oracle WebCenter Content component of Oracle Fusion Middleware (subcomponent: Content Server). Supported versions that are affected are 7.5.2 and 10.1.3.5.1. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle WebCenter Content accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2012-0110 | Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Image Export SDK). Supported versions that are affected are 8.3.5 and 8.3.7. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Outside In Technology accessible data as well as read access to a subset of Oracle Outside In Technology accessible data and ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). It does not have any particular associated protocol. If the hosting software passes data received over the network to Outside In Technology code the CVSS score would increase to 6.8. CVSS Base Score 4.4 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:P/I:P/A:P). (legend) [Advisory] |
Text Form of Risk Matrix for Oracle E-Business Suite
This table provides the text form of the Risk Matrix for Oracle E-Business Suite.
| CVE Identifier | Description |
|---|---|
| CVE-2011-2271 | Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Attachments / File Upload). The supported version that is affected is 11.5.10.2. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Application Object Library accessible data. CVSS Base Score 3.5 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2012-0073 | Vulnerability in the Oracle Forms component of Oracle E-Business Suite (subcomponent: Oracle Forms). The supported version that is affected is 11.5.10.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Forms accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2012-0078 | Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: REST Services (Menu, LOV)). Supported versions that are affected are 12.1.2 and 12.1.3. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Application Object Library accessible data. CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory] |
Text Form of Risk Matrix for Oracle Supply Chain Products Suite
This table provides the text form of the Risk Matrix for Oracle Supply Chain Products Suite.
| CVE Identifier | Description |
|---|---|
| CVE-2011-3192 | Vulnerability in the Oracle Transportation Management component of Oracle Supply Chain Products Suite (subcomponent: Security). Supported versions that are affected are 5.5.06, 6.0, 6.1 and 6.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Transportation Management. Note: This fix addresses the security issue CVE-2011-3192, a denial of service vulnerability in Apache HTTPD, which is applicable to Oracle Transportation Management (OTM) products utilizing Apache 2.0 or 2.2. The National Vulnerability Database has reported a CVSS Base Score for this vulnerability of 7.8 indicating a complete Operating System denial of service (DOS); however a complete Operating System denial of service is not possible on any platform supported by Oracle, and as a result, Oracle has given the vulnerability a CVSS Base Score of 5.0 indicating a complete denial of service of the Oracle Transportation Management but not the Operating System. Other fixes for CVE-2011-3192 were distributed earlier in a Security Alert in September 2011. CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory] |
Text Form of Risk Matrix for Oracle PeopleSoft Products
This table provides the text form of the Risk Matrix for Oracle PeopleSoft Products.
| CVE Identifier | Description |
|---|---|
| CVE-2012-0074 | Vulnerability in the PeopleSoft Enterprise CRM component of Oracle PeopleSoft Products (subcomponent: Sales). The supported version that is affected is 8.9. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft Enterprise CRM accessible data. CVSS Base Score 4.0 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2012-0076 | Vulnerability in the PeopleSoft Enterprise HCM component of Oracle PeopleSoft Products (subcomponent: ePerformance). Supported versions that are affected are 9.0 and 9.1. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise HCM accessible data. CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2012-0080 | Vulnerability in the PeopleSoft Enterprise HCM component of Oracle PeopleSoft Products (subcomponent: Talent Acquisition Management). The supported version that is affected is 9.1. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise HCM accessible data. CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2012-0088 | Vulnerability in the PeopleSoft Enterprise HCM component of Oracle PeopleSoft Products (subcomponent: Benefits Administration). Supported versions that are affected are 8.9, 9.0 and 9.1. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise HCM accessible data. CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2012-0089 | Vulnerability in the PeopleSoft Enterprise HCM component of Oracle PeopleSoft Products (subcomponent: ePerformance). The supported version that is affected is 9.1. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise HCM accessible data. CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2012-0091 | Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Upgrade Change Assistance). The supported version that is affected is 8.52.05. Very difficult to exploit vulnerability allows successful network attacks via HTTP, requiring multiple authentications, but can only be launched from an adjacent network. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all PeopleSoft Enterprise PeopleTools accessible data and ability to cause a hang or frequently repeatable crash (complete DOS) of PeopleSoft Enterprise PeopleTools. CVSS Base Score 2.7 (Integrity and Availability impacts). CVSS V2 Vector: (AV:A/AC:H/Au:M/C:N/I:P/A:P). (legend) [Advisory] |
Text Form of Risk Matrix for Oracle JD Edwards Products
This table provides the text form of the Risk Matrix for Oracle JD Edwards Products.
| CVE Identifier | Description |
|---|---|
| CVE-2011-2317 | Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Enterprise Infrastucture SEC (JDNET)). The supported version that is affected is 8.98. Easily exploitable vulnerability allows successful authenticated network attacks via JDENET. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some JD Edwards EnterpriseOne Tools accessible data. CVSS Base Score 4.0 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2011-2321 | Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Enterprise Infrastructure SEC (JDNET)). The supported version that is affected is 8.98. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data. CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2011-2324 | Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Enterprise Infrastructure SEC (JDENET)). The supported version that is affected is 8.98. Easily exploitable vulnerability allows successful unauthenticated network attacks via JDENET. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of JD Edwards EnterpriseOne Tools. CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2011-2325 | Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Enterprise Infrastructure SEC (JDENET)). The supported version that is affected is 8.98. Easily exploitable vulnerability allows successful authenticated network attacks via JDENET. Successful attack of this vulnerability can result in unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data. CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2011-2326 | Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Enterprise Infrastructure SEC (JDENET)). The supported version that is affected is 8.98. Easily exploitable vulnerability allows successful authenticated network attacks via JDENET. Successful attack of this vulnerability can result in unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data. CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2011-3509 | Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Enterprise Infrastructure SEC (JDENET)). The supported version that is affected is 8.98. Easily exploitable vulnerability allows successful authenticated network attacks via JDENET. Successful attack of this vulnerability can result in unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data. CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2011-3514 | Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Enterprise Infrastructure SEC (JDENET)). The supported version that is affected is 8.98. Easily exploitable vulnerability allows successful authenticated network attacks via JDENET. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some JD Edwards EnterpriseOne Tools accessible data. CVSS Base Score 4.0 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2011-3524 | Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Enterprise Infrastructure SEC (JDENET)). The supported version that is affected is 8.98. Easily exploitable vulnerability allows successful authenticated network attacks via JDENET. Successful attack of this vulnerability can result in unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data. CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory] |
Text Form of Risk Matrix for Oracle Sun Products Suite
This table provides the text form of the Risk Matrix for Oracle Sun Products Suite.
| CVE Identifier | Description |
|---|---|
| CVE-2011-3564 | Vulnerability in the GlassFish Enterprise Server component of Oracle Sun Products Suite (subcomponent: Administration). The supported version that is affected is GlassFish Enterprise Server 2.1.1. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized read access to a subset of GlassFish Enterprise Server accessible data. CVSS Base Score 2.1 (Confidentiality impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2011-3565 | Vulnerability in the Oracle Communications Unified component of Oracle Sun Products Suite (subcomponent: Calendar Server). The supported version that is affected is 7.0. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Communications Unified accessible data as well as read access to a subset of Oracle Communications Unified accessible data and ability to cause a partial denial of service (partial DOS) of Oracle Communications Unified. CVSS Base Score 4.6 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:P/I:P/A:P). (legend) [Advisory] |
| CVE-2011-3570 | Vulnerability in the Oracle Communications Unified component of Oracle Sun Products Suite (subcomponent: Calendar Server). The supported version that is affected is 7.0. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Communications Unified accessible data. CVSS Base Score 2.1 (Confidentiality impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2011-3573 | Vulnerability in the Oracle Communications Unified component of Oracle Sun Products Suite (subcomponent: Calendar Server). The supported version that is affected is 7.0. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Unified. CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2011-3574 | Vulnerability in the Oracle Communications Unified component of Oracle Sun Products Suite (subcomponent: Calendar Server). The supported version that is affected is 7.0. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Communications Unified accessible data as well as read access to a subset of Oracle Communications Unified accessible data. CVSS Base Score 3.3 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:P/I:P/A:N). (legend) [Advisory] |
| CVE-2011-5035 | Vulnerability in the GlassFish Enterprise Server component of Oracle Sun Products Suite (subcomponent: Web Container). Supported versions that are affected are Communications Server 2.0, GlassFish Enterprise Server 2.1.1, 3.0.1, 3.1.1, Sun Java System Application Server 8.1 and 8.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of GlassFish Enterprise Server. CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2012-0079 | Vulnerability in the Oracle OpenSSO component of Oracle Sun Products Suite (subcomponent: Administration). Supported versions that are affected are 7.1 and 8.0. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTPS. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle OpenSSO accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2012-0081 | Vulnerability in the GlassFish Enterprise Server component of Oracle Sun Products Suite (subcomponent: Administration). The supported version that is affected is GlassFish Enterprise Server 3.1.1. Very difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized takeover of GlassFish Enterprise Server possibly including arbitrary code execution within the GlassFish Enterprise Server. CVSS Base Score 3.7 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:H/Au:N/C:P/I:P/A:P). (legend) [Advisory] |
| CVE-2012-0094 | Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: TCP/IP). Supported versions that are affected are 9, 10 and 11 Express. Easily exploitable vulnerability allows successful unauthenticated network attacks via TCP/IP. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS). CVSS Base Score 7.8 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:C). (legend) [Advisory] |
| CVE-2012-0096 | Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Network). Supported versions that are affected are 8, 9, 10 and 11 Express. Easily exploitable vulnerability allows successful unauthenticated network attacks via RPC. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Solaris. CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2012-0097 | Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: ksh93 Shell). The supported version that is affected is 11 Express. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized read access to a subset of Solaris accessible data. CVSS Base Score 2.1 (Confidentiality impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2012-0098 | Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Kernel). Supported versions that are affected are 8, 9, 10 and 11 Express. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Solaris. CVSS Base Score 1.9 (Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2012-0099 | Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: sshd). Supported versions that are affected are 9, 10 and 11 Express. Very difficult to exploit vulnerability allows successful unauthenticated network attacks via SSH. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Solaris. CVSS Base Score 2.6 (Availability impacts). CVSS V2 Vector: (AV:N/AC:H/Au:N/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2012-0100 | Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Kerberos). Supported versions that are affected are 9, 10 and 11 Express. Easily exploitable vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized Operating System takeover including arbitrary code execution. CVSS Base Score 6.8 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:S/C:C/I:C/A:C). (legend) [Advisory] |
| CVE-2012-0103 | Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Kernel). The supported version that is affected is 11 Express. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS). CVSS Base Score 4.9 (Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:C). (legend) [Advisory] |
| CVE-2012-0104 | Vulnerability in the GlassFish Enterprise Server component of Oracle Sun Products Suite (subcomponent: Web Container). Supported versions that are affected are GlassFish Enterprise Server 3.0.1 and 3.1.1. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of GlassFish Enterprise Server. CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2012-0109 | Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: TCP/IP). Supported versions that are affected are 8, 9, 10 and 11 Express. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized read access to a subset of Solaris accessible data and ability to cause a partial denial of service (partial DOS) of Solaris. CVSS Base Score 3.6 (Confidentiality and Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:P/I:N/A:P). (legend) [Advisory] |
Text Form of Risk Matrix for Oracle Virtualization
This table provides the text form of the Risk Matrix for Oracle Virtualization.
| CVE Identifier | Description |
|---|---|
| CVE-2011-3571 | Vulnerability in the Virtual Desktop Infrastructure (VDI) component of Oracle Virtualization (subcomponent: Session). The supported version that is affected is 3.2. Very difficult to exploit vulnerability allows successful authenticated network attacks via None. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Virtual Desktop Infrastructure (VDI) accessible data as well as read access to a subset of Virtual Desktop Infrastructure (VDI) accessible data. CVSS Base Score 3.6 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:H/Au:S/C:P/I:P/A:N). (legend) [Advisory] |
| CVE-2012-0105 | Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Windows Guest Additions). The supported version that is affected is 4.1. Very difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle VM VirtualBox accessible data as well as read access to a subset of Oracle VM VirtualBox accessible data and ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox. CVSS Base Score 3.7 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:H/Au:N/C:P/I:P/A:P). (legend) [Advisory] |
| CVE-2012-0111 | Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Shared Folders). The supported version that is affected is 4.1. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle VM VirtualBox accessible data as well as read access to a subset of Oracle VM VirtualBox accessible data. CVSS Base Score 3.6 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:P/I:P/A:N). (legend) [Advisory] |
Text Form of Risk Matrix for Oracle MySQL
This table provides the text form of the Risk Matrix for Oracle MySQL.
| CVE Identifier | Description |
|---|---|
| CVE-2011-2262 | Vulnerability in the MySQL Server component of Oracle MySQL. Supported versions that are affected are 5.1.x and 5.5.x. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2012-0075 | Vulnerability in the MySQL Server component of Oracle MySQL. Supported versions that are affected are 5.0.x, 5.1.x and 5.5.x. Very difficult to exploit vulnerability allows successful network attacks via multiple protocols, requiring multiple authentications. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some MySQL Server accessible data. CVSS Base Score 1.7 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:H/Au:M/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2012-0087 | Vulnerability in the MySQL Server component of Oracle MySQL. Supported versions that are affected are 5.0.x and 5.1.x. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2012-0101 | Vulnerability in the MySQL Server component of Oracle MySQL. Supported versions that are affected are 5.0.x and 5.1.x. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2012-0102 | Vulnerability in the MySQL Server component of Oracle MySQL. Supported versions that are affected are 5.0.x and 5.1.x. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2012-0112 | Vulnerability in the MySQL Server component of Oracle MySQL. Supported versions that are affected are 5.1.x and 5.5.x. Difficult to exploit vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 3.5 (Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2012-0113 | Vulnerability in the MySQL Server component of Oracle MySQL. Supported versions that are affected are 5.1.x and 5.5.x. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server and read access to a subset of MySQL Server accessible data. CVSS Base Score 5.5 (Confidentiality and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:P). (legend) [Advisory] |
| CVE-2012-0114 | Vulnerability in the MySQL Server component of Oracle MySQL. Supported versions that are affected are 5.0.x, 5.1.x and 5.5.x. Difficult to exploit vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized read access to all MySQL Server accessible data as well as update, insert or delete access to some MySQL Server accessible data. CVSS Base Score 3.0 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:L/AC:M/Au:S/C:P/I:P/A:N). (legend) [Advisory] |
| CVE-2012-0115 | Vulnerability in the MySQL Server component of Oracle MySQL. Supported versions that are affected are 5.1.x and 5.5.x. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2012-0116 | Vulnerability in the MySQL Server component of Oracle MySQL. Supported versions that are affected are 5.1.x and 5.5.x. Difficult to exploit vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized read access to all MySQL Server accessible data as well as update, insert or delete access to some MySQL Server accessible data. CVSS Base Score 4.9 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:P/I:P/A:N). (legend) [Advisory] |
| CVE-2012-0117 | Vulnerability in the MySQL Server component of Oracle MySQL. The supported version that is affected is 5.5.x. Difficult to exploit vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 3.5 (Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2012-0118 | Vulnerability in the MySQL Server component of Oracle MySQL. Supported versions that are affected are 5.1.x and 5.5.x. Difficult to exploit vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server and read access to a subset of MySQL Server accessible data. CVSS Base Score 4.9 (Confidentiality and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:P/I:N/A:P). (legend) [Advisory] |
| CVE-2012-0119 | Vulnerability in the MySQL Server component of Oracle MySQL. Supported versions that are affected are 5.1.x and 5.5.x. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2012-0120 | Vulnerability in the MySQL Server component of Oracle MySQL. Supported versions that are affected are 5.1.x and 5.5.x. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2012-0484 | Vulnerability in the MySQL Server component of Oracle MySQL. Supported versions that are affected are 5.0.x, 5.1.x and 5.5.x. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2012-0485 | Vulnerability in the MySQL Server component of Oracle MySQL. Supported versions that are affected are 5.1.x and 5.5.x. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2012-0486 | Vulnerability in the MySQL Server component of Oracle MySQL. The supported version that is affected is 5.5.x. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2012-0487 | Vulnerability in the MySQL Server component of Oracle MySQL. The supported version that is affected is 5.5.x. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2012-0488 | Vulnerability in the MySQL Server component of Oracle MySQL. The supported version that is affected is 5.5.x. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2012-0489 | Vulnerability in the MySQL Server component of Oracle MySQL. The supported version that is affected is 5.5.x. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2012-0490 | Vulnerability in the MySQL Server component of Oracle MySQL. Supported versions that are affected are 5.0.x, 5.1.x and 5.5.x. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2012-0491 | Vulnerability in the MySQL Server component of Oracle MySQL. The supported version that is affected is 5.5.x. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2012-0492 | Vulnerability in the MySQL Server component of Oracle MySQL. Supported versions that are affected are 5.1.x and 5.5.x. Very difficult to exploit vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 2.1 (Availability impacts). CVSS V2 Vector: (AV:N/AC:H/Au:S/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2012-0493 | Vulnerability in the MySQL Server component of Oracle MySQL. The supported version that is affected is 5.5.x. Very difficult to exploit vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 2.1 (Availability impacts). CVSS V2 Vector: (AV:N/AC:H/Au:S/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2012-0494 | Vulnerability in the MySQL Server component of Oracle MySQL. The supported version that is affected is 5.5.x. Easily exploitable vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 1.7 (Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2012-0495 | Vulnerability in the MySQL Server component of Oracle MySQL. The supported version that is affected is 5.5.x. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2012-0496 | Vulnerability in the MySQL Server component of Oracle MySQL. The supported version that is affected is 5.5.x. Difficult to exploit vulnerability allows successful network attacks via multiple protocols, requiring multiple authentications. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some MySQL Server accessible data as well as read access to a subset of MySQL Server accessible data. CVSS Base Score 4.3 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:M/C:P/I:P/A:N). (legend) [Advisory] |